On the parameterized complexity of the workflow satisfiability problem

Jason Crampton; Gregory Gutin; Anders Yeo

doi:10.1145/2382196.2382287

On the parameterized complexity of the workflow satisfiability problem

Jason Crampton, Gregory Gutin, Anders Yeo

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

A workflow specification defines a set of steps and the order in which those steps must be executed. Security requirements may impose constraints on which groups of users are permitted to perform subsets of those steps. A workflow specification is said to be satisfiable if there exists an assignment of users to workflow steps that satisfies all the constraints. An algorithm for determining whether such an assignment exists is important, both as a static analysis tool for workflow specifications, and for the construction of run-time reference monitors for workflow management systems. Finding such an assignment is a hard problem in general, but work by Wang and Li in 2010 using the theory of parameterized complexity suggests that efficient algorithms exist under reasonable assumptions about workflow specifications. In this paper, we improve the complexity bounds for the workflow satisfiability problem. We also generalize and extend the types of constraints that may be defined in a workflow specification and prove that the satisfiability problem remains fixed-parameter tractable for such constraints.

Original language	English
Title of host publication	CCS '12 Proceedings of the 2012 ACM conference on Computer and communications security
Place of Publication	New York
Publisher	ACM
Pages	857-868
ISBN (Print)	978-1-4503-1651-4
DOIs	https://doi.org/10.1145/2382196.2382287
Publication status	Published - 2012

Access to Document

10.1145/2382196.2382287

http://dl.acm.org/citation.cfm?doid=2382196.2382287

Cite this

@inproceedings{0552597ea1e247abb7526112e9f6858f,

title = "On the parameterized complexity of the workflow satisfiability problem",

abstract = "A workflow specification defines a set of steps and the order in which those steps must be executed. Security requirements may impose constraints on which groups of users are permitted to perform subsets of those steps. A workflow specification is said to be satisfiable if there exists an assignment of users to workflow steps that satisfies all the constraints. An algorithm for determining whether such an assignment exists is important, both as a static analysis tool for workflow specifications, and for the construction of run-time reference monitors for workflow management systems. Finding such an assignment is a hard problem in general, but work by Wang and Li in 2010 using the theory of parameterized complexity suggests that efficient algorithms exist under reasonable assumptions about workflow specifications. In this paper, we improve the complexity bounds for the workflow satisfiability problem. We also generalize and extend the types of constraints that may be defined in a workflow specification and prove that the satisfiability problem remains fixed-parameter tractable for such constraints.",

author = "Jason Crampton and Gregory Gutin and Anders Yeo",

year = "2012",

doi = "10.1145/2382196.2382287",

language = "English",

isbn = "978-1-4503-1651-4",

pages = "857--868",

booktitle = "CCS '12 Proceedings of the 2012 ACM conference on Computer and communications security",

publisher = "ACM",

}

TY - GEN

T1 - On the parameterized complexity of the workflow satisfiability problem

AU - Crampton, Jason

AU - Gutin, Gregory

AU - Yeo, Anders

PY - 2012

Y1 - 2012

N2 - A workflow specification defines a set of steps and the order in which those steps must be executed. Security requirements may impose constraints on which groups of users are permitted to perform subsets of those steps. A workflow specification is said to be satisfiable if there exists an assignment of users to workflow steps that satisfies all the constraints. An algorithm for determining whether such an assignment exists is important, both as a static analysis tool for workflow specifications, and for the construction of run-time reference monitors for workflow management systems. Finding such an assignment is a hard problem in general, but work by Wang and Li in 2010 using the theory of parameterized complexity suggests that efficient algorithms exist under reasonable assumptions about workflow specifications. In this paper, we improve the complexity bounds for the workflow satisfiability problem. We also generalize and extend the types of constraints that may be defined in a workflow specification and prove that the satisfiability problem remains fixed-parameter tractable for such constraints.

AB - A workflow specification defines a set of steps and the order in which those steps must be executed. Security requirements may impose constraints on which groups of users are permitted to perform subsets of those steps. A workflow specification is said to be satisfiable if there exists an assignment of users to workflow steps that satisfies all the constraints. An algorithm for determining whether such an assignment exists is important, both as a static analysis tool for workflow specifications, and for the construction of run-time reference monitors for workflow management systems. Finding such an assignment is a hard problem in general, but work by Wang and Li in 2010 using the theory of parameterized complexity suggests that efficient algorithms exist under reasonable assumptions about workflow specifications. In this paper, we improve the complexity bounds for the workflow satisfiability problem. We also generalize and extend the types of constraints that may be defined in a workflow specification and prove that the satisfiability problem remains fixed-parameter tractable for such constraints.

U2 - 10.1145/2382196.2382287

DO - 10.1145/2382196.2382287

M3 - Conference contribution

SN - 978-1-4503-1651-4

SP - 857

EP - 868

BT - CCS '12 Proceedings of the 2012 ACM conference on Computer and communications security

PB - ACM

CY - New York

ER -