**On the Parameterized Complexity and Kernelization of the Workflow Satisfiability Problem.** / Crampton, Jason; Gutin, Gregory; Yeo, Anders.

Research output: Contribution to journal › Article

Published

**On the Parameterized Complexity and Kernelization of the Workflow Satisfiability Problem.** / Crampton, Jason; Gutin, Gregory; Yeo, Anders.

Research output: Contribution to journal › Article

Crampton, J, Gutin, G & Yeo, A 2013, 'On the Parameterized Complexity and Kernelization of the Workflow Satisfiability Problem' *ACM Transactions on Information and System Security*, vol. 16, no. 1, 4. https://doi.org/10.1145/2487222.2487226

Crampton, J., Gutin, G., & Yeo, A. (2013). On the Parameterized Complexity and Kernelization of the Workflow Satisfiability Problem. *ACM Transactions on Information and System Security*, *16*(1), [4]. https://doi.org/10.1145/2487222.2487226

Crampton J, Gutin G, Yeo A. On the Parameterized Complexity and Kernelization of the Workflow Satisfiability Problem. ACM Transactions on Information and System Security. 2013 Jun;16(1). 4. https://doi.org/10.1145/2487222.2487226

@article{6d17eead5312486f8dedca6e8635acf1,

title = "On the Parameterized Complexity and Kernelization of the Workflow Satisfiability Problem",

abstract = "A workflow specification defines a set of steps and the order in which these steps must be executed. Security requirements may impose constraints on which groups of users are permitted to perform subsets of these steps. A workflow specification is said to be satisfiable if there exists an assignment of users to workflow steps that satisfies all the constraints. An algorithm for determining whether such an assignment exists is important, both as a static analysis tool for workflow specifications and for the construction of runtime reference monitors for workflow management systems. Finding such an assignment is a hard problem in general, but work by Wang and Li [2010] using the theory of parameterized complexity suggests that efficient algorithms exist under reasonable assumptions about workflow specifications. In this article, we improve the complexity bounds for the workflow satisfiability problem. We also generalize and extend the types of constraints that may be defined in a workflow specification and prove that the satisfiability problem remains fixed-parameter tractable for such constraints. Finally, we consider preprocessing for the problem and prove that in an important special case, in polynomial time, we can reduce the given input into an equivalent one where the number of users is at most the number of steps. We also show that no such reduction exists for two natural extensions of this case, which bounds the number of users by a polynomial in the number of steps, provided a widely accepted complexity-theoretical assumption holds.",

author = "Jason Crampton and Gregory Gutin and Anders Yeo",

year = "2013",

month = "6",

doi = "10.1145/2487222.2487226",

language = "English",

volume = "16",

journal = "ACM Transactions on Information and System Security",

issn = "1094-9224",

publisher = "Association for Computing Machinery (ACM)",

number = "1",

}

TY - JOUR

T1 - On the Parameterized Complexity and Kernelization of the Workflow Satisfiability Problem

AU - Crampton, Jason

AU - Gutin, Gregory

AU - Yeo, Anders

PY - 2013/6

Y1 - 2013/6

N2 - A workflow specification defines a set of steps and the order in which these steps must be executed. Security requirements may impose constraints on which groups of users are permitted to perform subsets of these steps. A workflow specification is said to be satisfiable if there exists an assignment of users to workflow steps that satisfies all the constraints. An algorithm for determining whether such an assignment exists is important, both as a static analysis tool for workflow specifications and for the construction of runtime reference monitors for workflow management systems. Finding such an assignment is a hard problem in general, but work by Wang and Li [2010] using the theory of parameterized complexity suggests that efficient algorithms exist under reasonable assumptions about workflow specifications. In this article, we improve the complexity bounds for the workflow satisfiability problem. We also generalize and extend the types of constraints that may be defined in a workflow specification and prove that the satisfiability problem remains fixed-parameter tractable for such constraints. Finally, we consider preprocessing for the problem and prove that in an important special case, in polynomial time, we can reduce the given input into an equivalent one where the number of users is at most the number of steps. We also show that no such reduction exists for two natural extensions of this case, which bounds the number of users by a polynomial in the number of steps, provided a widely accepted complexity-theoretical assumption holds.

AB - A workflow specification defines a set of steps and the order in which these steps must be executed. Security requirements may impose constraints on which groups of users are permitted to perform subsets of these steps. A workflow specification is said to be satisfiable if there exists an assignment of users to workflow steps that satisfies all the constraints. An algorithm for determining whether such an assignment exists is important, both as a static analysis tool for workflow specifications and for the construction of runtime reference monitors for workflow management systems. Finding such an assignment is a hard problem in general, but work by Wang and Li [2010] using the theory of parameterized complexity suggests that efficient algorithms exist under reasonable assumptions about workflow specifications. In this article, we improve the complexity bounds for the workflow satisfiability problem. We also generalize and extend the types of constraints that may be defined in a workflow specification and prove that the satisfiability problem remains fixed-parameter tractable for such constraints. Finally, we consider preprocessing for the problem and prove that in an important special case, in polynomial time, we can reduce the given input into an equivalent one where the number of users is at most the number of steps. We also show that no such reduction exists for two natural extensions of this case, which bounds the number of users by a polynomial in the number of steps, provided a widely accepted complexity-theoretical assumption holds.

U2 - 10.1145/2487222.2487226

DO - 10.1145/2487222.2487226

M3 - Article

VL - 16

JO - ACM Transactions on Information and System Security

JF - ACM Transactions on Information and System Security

SN - 1094-9224

IS - 1

M1 - 4

ER -