Crampton, Jason, Gagarin, Andrei  ORCID: https://orcid.org/0000-0001-9749-9706, Gutin, Gregory, Jones, Mark and Wahlstrom, Magnus
2016.
On the workflow satisfiability problem with class-independent constraints for hierarchical organizations.
ACM Transactions on Privacy and Security (TOPS)
19
(3)
, 8.
10.1145/2988239
|
Preview |
PDF
- Accepted Post-Print Version
Download (442kB) | Preview |
Abstract
A workflow specification defines a set of steps, a set of users, and an access control policy. The policy determines which steps a user is authorized to perform and imposes constraints on which sets of users can perform which sets of steps. The workflow satisfiability problem (WSP) is the problem of determining whether there exists an assignment of users to workflow steps that satisfies the policy. Given the computational hardness of WSP and its importance in the context of workflow management systems, it is important to develop algorithms that are as efficient as possible to solve WSP. In this article, we study the fixed-parameter tractability of WSP in the presence of class-independent constraints, which enable us to (1) model security requirements based on the groups to which users belong and (2) generalize the notion of a user-independent constraint. Class-independent constraints are defined in terms of equivalence relations over the set of users. We consider sets of nested equivalence relations because this enables us to model security requirements in hierarchical organizations. We prove that WSP is fixed-parameter tractable (FPT) for class-independent constraints defined over nested equivalence relations and develop an FPT algorithm to solve WSP instances incorporating such constraints. We perform experiments to evaluate the performance of our algorithm and compare it with that of SAT4J, an off-the-shelf pseudo-Boolean SAT solver. The results of these experiments demonstrate that our algorithm significantly outperforms SAT4J for many instances of WSP.
| Item Type: | Article |
|---|---|
| Date Type: | Publication |
| Status: | Published |
| Schools: | Mathematics |
| Subjects: | Q Science > QA Mathematics |
| Publisher: | Association for Computing Machinery |
| ISSN: | 1094-9224 |
| Funders: | EPSRC |
| Date of First Compliant Deposit: | 13 October 2016 |
| Date of Acceptance: | 13 August 2016 |
| Last Modified: | 08 Nov 2023 02:12 |
| URI: | https://orca.cardiff.ac.uk/id/eprint/95318 |
Citation Data
Cited 11 times in Scopus. View in Scopus. Powered By Scopus® Data
Actions (repository staff only)
 |
Edit Item |
Dimensions
Dimensions
Cardiff University Information Services