Projects per year
Abstract
A workflow specification defines a set of steps and the order in which these steps must be executed. Security requirements may impose constraints on which groups of users are permitted to perform subsets of these steps. A workflow specification is said to be satisfiable if there exists an assignment of users to workflow steps that satisfies all the constraints. An algorithm for determining whether such an assignment exists is important, both as a static analysis tool for workflow specifications and for the construction of runtime reference monitors for workflow management systems. Finding such an assignment is a hard problem in general, but work by Wang and Li [2010] using the theory of parameterized complexity suggests that efficient algorithms exist under reasonable assumptions about workflow specifications. In this article, we improve the complexity bounds for the workflow satisfiability problem. We also generalize and extend the types of constraints that may be defined in a workflow specification and prove that the satisfiability problem remains fixedparameter tractable for such constraints. Finally, we consider preprocessing for the problem and prove that in an important special case, in polynomial time, we can reduce the given input into an equivalent one where the number of users is at most the number of steps. We also show that no such reduction exists for two natural extensions of this case, which bounds the number of users by a polynomial in the number of steps, provided a widely accepted complexitytheoretical assumption holds.
Original language  English 

Article number  4 
Journal  ACM Transactions on Information and System Security 
Volume  16 
Issue number  1 
DOIs  
Publication status  Published  Jun 2013 
Projects
 1 Finished

Parameterized Algorithmics for the Analysis and Verification of Constrained Workflow Systems
Gutin, G., Cohen, D. & Crampton, J.
Eng & Phys Sci Res Council EPSRC
1/02/13 → 1/05/16
Project: Research