Enforcing mandatory and discretionary security in workflow management systems

Vijayalakshmi Atluri, Wei Kuang Huang

Research output: Contribution to journalArticle

15 Scopus citations


Workflow management systems (WFMS) support the modeling, security and coordinated execution of processes within an organization. The two contributions to the area of WFMS are the color timed Petri net (CTPN) and the workflow authorization model (WAM). CTPN is capable of modeling the attributes of both multilevel and discretionary security. It is used to represent various types of task dependencies and shows how the task dependencies violating security can be automatically detected and prevented by building a secure Petri net (SPN) from CTPN. WAM is capable of specifying authorizations in such a way that subjects gain access to required objects only during the execution of the task, synchronizing the authorization flow with the workflow.

Original languageEnglish (US)
Pages (from-to)303-339
Number of pages37
JournalJournal of Computer Security
Issue number4
StatePublished - Jan 1 1997


All Science Journal Classification (ASJC) codes

  • Software
  • Safety, Risk, Reliability and Quality
  • Hardware and Architecture
  • Computer Networks and Communications

Cite this