On the Workflow Satisfiability Problem with Class-independent Constraints

Authors Jason Crampton, Andrei Gagarin, Gregory Gutin, Mark Jones



PDF
Thumbnail PDF

File

LIPIcs.IPEC.2015.66.pdf
  • Filesize: 470 kB
  • 12 pages

Document Identifiers

Author Details

Jason Crampton
Andrei Gagarin
Gregory Gutin
Mark Jones

Cite As Get BibTex

Jason Crampton, Andrei Gagarin, Gregory Gutin, and Mark Jones. On the Workflow Satisfiability Problem with Class-independent Constraints. In 10th International Symposium on Parameterized and Exact Computation (IPEC 2015). Leibniz International Proceedings in Informatics (LIPIcs), Volume 43, pp. 66-77, Schloss Dagstuhl – Leibniz-Zentrum für Informatik (2015) https://doi.org/10.4230/LIPIcs.IPEC.2015.66

Abstract

A workflow specification defines sets of steps and users. An authorization policy determines for each user a subset of steps the user is allowed to perform. Other security requirements, such as separation-of-duty, impose constraints on which subsets of users may perform certain subsets of steps. The workflow satisfiability problem (WSP) is the problem of determining whether there exists an assignment of users to workflow steps that satisfies all such authorizations and constraints. An algorithm for solving WSP is important, both as a static analysis tool for workflow specifications, and for the construction of run-time reference monitors for workflow management systems. Given the computational difficulty of WSP, it is important, particularly for the second application, that such algorithms are as efficient as possible.

We introduce class-independent constraints, enabling us to model scenarios where the set of users is partitioned into groups, and the identities of the user groups are irrelevant to the satisfaction of the constraint. We prove that solving WSP is fixed-parameter tractable (FPT) for this class of constraints and develop an FPT algorithm that is useful in practice. We compare the performance of the FPT algorithm with that of SAT4J (a pseudo-Boolean SAT solver) in computational experiments, which show that our algorithm significantly outperforms SAT4J for many instances of WSP. User-independent constraints, a large class of constraints including many practical ones, are a special case of class-independent constraints for which WSP was proved to be FPT (Cohen et al., J. Artif. Intel. Res. 2014). Thus our results considerably extend our knowledge of the fixed-parameter tractability of WSP.

Subject Classification

Keywords
  • Workflow Satisfiability Problem; Constraint Satisfaction Problem; fixed-parameter tractability; user-independent constraints

Metrics

  • Access Statistics
  • Total Accesses (updated on a weekly basis)
    0
    PDF Downloads

References

  1. American National Standards Institute. ANSI INCITS 359-2004 for Role Based Access Control, 2004. Google Scholar
  2. D. A. Basin, S. J. Burri, and G. Karjoth. Obstruction-free authorization enforcement: Aligning security and business objectives. J. Comput. Security, 22(5):661-698, 2014. Google Scholar
  3. D. F. C. Brewer and M. J. Nash. The Chinese Wall security policy. In IEEE Symposium on Security and Privacy, pages 206-214. IEEE Computer Society, 1989. Google Scholar
  4. D. Cohen, J. Crampton, A. Gagarin, G. Gutin, and M. Jones. Engineering algorithms for workflow satisfiability problem with user-independent constraints. In J. Chen, J.E. Hopcroft, and J. Wang, editors, Frontiers in Algorithmics, FAW 2014, volume 8497 of Lecture Notes in Computer Science, pages 48-59. Springer, 2014. Google Scholar
  5. D. Cohen, J. Crampton, A. Gagarin, G. Gutin, and M. Jones. Iterative plan construction for the workflow satisfiability problem. J. Artif. Intel. Res., 51:555-577, 2014. Google Scholar
  6. D. Cohen, J. Crampton, A. Gagarin, G. Gutin, and M. Jones. Algorithms for the workflow satisfiability problem engineered for counting constraints. J. Comb. Optim., to appear, 2015. (DOI: 10.1007/s10878-015-9877-7). Google Scholar
  7. J. Crampton. A reference monitor for workflow systems with constrained task execution. In E. Ferrari and G.-J. Ahn, editors, SACMAT, pages 38-47. ACM, 2005. Google Scholar
  8. J. Crampton, A. V. Gagarin, G. Gutin, and M. Jones. On the workflow satisfiability problem with class-independent constraints. CoRR, abs/1504.03561, 2015. Google Scholar
  9. J. Crampton, G. Gutin, and A. Yeo. On the parameterized complexity and kernelization of the workflow satisfiability problem. ACM Trans. Inf. Syst. Secur., 16(1):4, 2013. Google Scholar
  10. A. Gagarin, J. Crampton, G. Gutin, and M. Jones. Implementation of the pattern-backtracking FPT algorithm and experimental data set for the WSP with class-independent constraints. http://dx.doi.org/10.6084/m9.figshare.1502692, Aug 2015.
  11. D. Karapetyan, A. Gagarin, and G. Gutin. Pattern backtracking algorithm for the workflow satisfiability problem. In Frontiers in Algorithmics 2015, volume 9130 of Lect. Notes Comput. Sci., pages 138-149. Springer, 2015. Google Scholar
  12. D. Le Berre and A. Parrain. The SAT4J library, release 2.2. J. Satisf. Bool. Model. Comput., 7:59-64, 2010. Google Scholar
  13. W. Myrvold and W. Kocay. Errors in graph embedding algorithms. J. Comput. Syst. Sci., 77(2):430-438, 2011. Google Scholar
  14. Q. Wang and N. Li. Satisfiability and resiliency in workflow authorization systems. ACM Trans. Inf. Syst. Secur., 13(4):40, 2010. Google Scholar
Questions / Remarks / Feedback
X

Feedback for Dagstuhl Publishing


Thanks for your feedback!

Feedback submitted

Could not send message

Please try again later or send an E-mail