Cardiff University | Prifysgol Caerdydd ORCA
Online Research @ Cardiff 
WelshClear Cookie - decide language by browser settings

On the workflow satisfiability problem with class-independent constraints for hierarchical organizations

Crampton, Jason, Gagarin, Andrei, Gutin, Gregory, Jones, Mark and Wahlstrom, Magnus 2016. On the workflow satisfiability problem with class-independent constraints for hierarchical organizations. ACM Transactions on Privacy and Security (TOPS) 19 (3) , 8. 10.1145/2988239

[img]
Preview
PDF - Accepted Post-Print Version
Download (442kB) | Preview

Abstract

A workflow specification defines a set of steps, a set of users, and an access control policy. The policy determines which steps a user is authorized to perform and imposes constraints on which sets of users can perform which sets of steps. The workflow satisfiability problem (WSP) is the problem of determining whether there exists an assignment of users to workflow steps that satisfies the policy. Given the computational hardness of WSP and its importance in the context of workflow management systems, it is important to develop algorithms that are as efficient as possible to solve WSP. In this article, we study the fixed-parameter tractability of WSP in the presence of class-independent constraints, which enable us to (1) model security requirements based on the groups to which users belong and (2) generalize the notion of a user-independent constraint. Class-independent constraints are defined in terms of equivalence relations over the set of users. We consider sets of nested equivalence relations because this enables us to model security requirements in hierarchical organizations. We prove that WSP is fixed-parameter tractable (FPT) for class-independent constraints defined over nested equivalence relations and develop an FPT algorithm to solve WSP instances incorporating such constraints. We perform experiments to evaluate the performance of our algorithm and compare it with that of SAT4J, an off-the-shelf pseudo-Boolean SAT solver. The results of these experiments demonstrate that our algorithm significantly outperforms SAT4J for many instances of WSP.

Item Type: Article
Date Type: Publication
Status: Published
Schools: Mathematics
Subjects: Q Science > QA Mathematics
Publisher: Association for Computing Machinery
ISSN: 1094-9224
Funders: EPSRC
Date of First Compliant Deposit: 13 October 2016
Date of Acceptance: 13 August 2016
Last Modified: 12 May 2019 08:33
URI: http://orca.cf.ac.uk/id/eprint/95318

Citation Data

Cited 4 times in Google Scholar. View in Google Scholar

Cited 5 times in Scopus. View in Scopus. Powered By Scopus® Data

Actions (repository staff only)

Edit Item Edit Item

Downloads

Downloads per month over past year

View more statistics