Konstantin Knorr

Dynamic access control through Petri net workflows

Access control is an important protection mechanism for information systems. An access control matrix grants subjects privileges to objects. Today, access control matrices are static they rarely change over time. This paper shows how to make access control matrices dynamic by means of workflows. Access rights are granted according to the state of the workflow. By this practice the risk of data misuse is decreased which is proven through an equation given in the paper. The concept of workflow is defined by Petri nets which offer a solid mathematical foundation and are well suited to represent discrete models such as workflows.

Security Requirements of E-Business Processes

This paper presents an open framework for the analysis of security requirements of business processes in electronic commerce. The most important dimensions of the framework are security objectives (confidentiality, integrity, availability, accountability), the phases of and the places/parties involved in the process. The approach is of open nature so that it can be adapted to the heterogeneous needs of different application scenarios. The discussion of business processes within a virtual shopping mall illustrates the capacity and potential of the framework

Analyzing Separation of Duties in Petri Net Workflows

With the rise of global networks like the Internet the importance of workflow systems is growing. However, security questions in such environments often only address secure communication. Another important topic that is often ignored is the separation of duties to prevent fraud within an organization. This paper introduces a model for separation of duties in workflows that have been specified with Petri nets. Rules will be given as facts of a logic program and expressed in propositional logic. The program allows for simulating and analyzing workflows and their security rules during build time.

Modeling and analyzing separation of duties in workflow environments

With the rise of global networks like the Internet the importance of workflow systems is growing. However, security questions in such environments often only address is secure communication. Another important topic that is often ignored is the separation of duties which is important part of a companys security policy to prevent fraud. This paper introduces a prototype that supports the graphical modeling and analysis of seperation of duties in workflow environments. Security officers can use this tool to design and analyze the security rules associated with workflow specifications.

Security of Electronic Business Applications - Structure and Quantification

The rapid growth of the commercial use of the Internet goes along with a rising need for security for both customer and merchant. As many parties and different systems are involved, security becomes a complicated issue. Therefore, the need for definition, structuring, and quantification of security arises. This paper proposes a structured approach to analyze security measures and to quantify the overall security of an electronic business application. The quantifier is calculated through a security matrix which breaks down the assessment of security into smaller parts. These parts correspond to the locations, security objectives, and implemented security mechanisms of the application. The security quantifier can be used to analyze, design the application, and to compare it with other applications.

Sicherheit von E-Business-Anwendungen — Struktur und Quantifizierung

The rapid growth of the commercial use of the Internet goes along with a rising need for security for both customer and merchant. As many parties and different sys tems are involved, security becomes a complicated issue. Therefore, the need for definition, structuring, and quantification of security arises. This paper proposes a structured approach to analyze security measures and to quantify the overall security of an electronic business application. The quantifier is calculated through a security matrix which breaks down the assessment of security into smaller parts. These parts correspond to the loca tions, security objectives, and implemented security mechanisms of the application. The security quantifier can be used to analyze and design the application, and to compare it with other applications.

Prozessmodellierung im Krankenhaus

An der Universitat Zurich wird im Rahmen des SPPl-Projekts MobiMed (Privacy and Efficiency of Mobile Medical Systems) der Einsatz von Kommunikations- und Informationssystemen im Krankenhaus untersucht. Dabei spielt die Modellierung und Analyse von klinischen Prozessen eine wichtige Rolle.

AWA — Eine Architektur eines agentenbasierten Workflow-Systems

Workflow-Systeme bieten die Moglichkeit Geschaftsprozesse zu automatisieren. Allerdings leiden heutige Systeme unter mangelnder Skalierbarkeit und unzureichender Flexibilitat. Seit kurzem wird versucht Agenten in Workflow-Umgebungen einzusetzen. Besonders Mobilitat und Autonomie sind dabei erfolgversprechende Eigenschaften von Agenten. Der vorliegende Artikel gibt zunachst eine Einfuhrung in die Workflow-und Agententechnologie und stellt dann eine neuartige Architektur eines agentenbasierten Workflow-Systems aufbauend auf vier Agententypen vor. Ein Beispiel eines Geschaftsprozesses illustriert die unterschiedlichen Agententypen.

WWW Workflows Based on Petri Nets

Workflow management is a topic with both academic and commercial interests. Estimates state that there are more than 250 workflow management systems (WfMSs) (Cichocki et al., 1998). Nowadays, many of these systems make use of the Internet. Most producers of commercial WfMSs do not publish the underlying workflow and execution model. The systems have a proprietary nature.