Browser unable to execute script; please use the site map to navigate the site.

Modelling, Specifying and Implementing Workflow Security in Cyberspace

Gudes, Olivier, and van de Riet


(Citation)Citation information

E. Gudes, M. S. Olivier, and R. P. van de Riet. “Modelling, Specifying and Implementing Workflow Security in Cyberspace”. In: Journal of Computer Security 7.4 (1999), pp. 287–315


Workflow Management (WFM) Systems automate traditional processes where information flows between individuals. WFM systems have two major implications for security. Firstly, since the description of a workflow process explicitly states when which function is to be performed by whom, security specifications may be automatically derived from such descriptions. Secondly, the derived security specifications have to be enforced.

The paper considers the issues that need to be addressed by a secure workflow system. In particular it addresses the requirement that security for workflow systems need to be specified at the workflow level, and not at the level of the underlying components, such as the database or networks. One reason why it is necessary to consider security at this level is the dynamic nature of workflow systems, with access restrictions depending on the state of the workflow process. In addition, workflow systems may handle many instances of a given workflow specification and needs to be able to protect the instances according to the requirements posed by each.

The intention of this paper is to provide an orderly framework for these concepts and to discuss a more generalized implementation architecture which can be based on existing technologies of the Web and Object-oriented systems. The framework is based on three levels: Modelling, Specification and Implementation; each level refines the concepts of the level above it.

Modelling is illustrated by using a notion of Alter-Egos and a workflow modelling tool known as COLOR-X. How these and related concepts may be formally specified are considered in the second part of the paper. The specification is based on the formal language Z. The implementation section considers protocols, standards and architectures that may be used to realize such a secure workflow system. Since the implementation does not use any specific system but only very general components, it can be realized on various platforms.

(Full text; password required)Full text

A pre- or postprint of the publication is available at
Note that a username and password are required to download the full text. (Why?) Please e-mail me and I will send you a username and password.

(Authoritative version on publisher's site)Definitive version

The definitive version of the paper is available from the publisher.
DOI: 10.3233/JCS-1999-7403

(BibTeX record)BibTeX reference

author={Ehud Gudes and Martin S Olivier and van de Riet, Reind P},
title={Modelling, Specifying and Implementing Workflow Security in Cyberspace},
journal={Journal of Computer Security},
number={4}, pages={287--315},
year={1999} )