On the Workflow Satisfiability Problem with Class-Independent Constraints

A workflow specification defines sets of steps and users. An authorization policy determines for each user a subset of steps the user is allowed to perform. Other security requirements, such as separation-of-duty, impose constraints on which subsets of users may perform certain subsets of steps. The \emph{workflow satisfiability problem} (WSP) is the problem of determining whether there exists an assignment of users to workflow steps that satisfies all such authorizations and constraints. An algorithm for solving WSP is important, both as a static analysis tool for workflow specifications, and for the construction of run-time reference monitors for workflow management systems. Given the computational difficulty of WSP, it is important, particularly for the second application, that such algorithms are as efficient as possible. We introduce class-independent constraints, enabling us to model scenarios where the set of users is partitioned into groups, and the identities of the user groups are irrelevant to the satisfaction of the constraint. We prove that solving WSP is fixed-parameter tractable (FPT) for this class of constraints and develop an FPT algorithm that is useful in practice. We compare the performance of the FPT algorithm with that of SAT4J (a pseudo-Boolean SAT solver) in computational experiments, which show that our algorithm significantly outperforms SAT4J for many instances of WSP. User-independent constraints, a large class of constraints including many practical ones, are a special case of class-independent constraints for which WSP was proved to be FPT (Cohen {\em et al.}, J. Artif. Intel. Res. 2014). Thus our results considerably extend our knowledge of the fixed-parameter tractability of WSP

On the workflow satisfiability problem with class-independent constraints

A workflow specification defines sets of steps and users. An authorization policy determines for each user a subset of steps the user is allowed to perform. Other security requirements, such as separation-of-duty, impose constraints on which subsets of users may perform certain subsets of steps. The workflow satisfiability problem (WSP) is the problem of determining whether there exists an assignment of users to workflow steps that satisfies all such authorizations and constraints. An algorithm for solving WSP is important, both as a static analysis tool for workflow specifications, and for the construction of run-time reference monitors for workflow management systems. Given the computational difficulty of WSP, it is important, particularly for the second application, that such algorithms are as efficient as possible. We introduce class-independent constraints, enabling us to model scenarios where the set of users is partitioned into groups, and the identities of the user groups are irrelevant to the satisfaction of the constraint. We prove that solving WSP is fixed-parameter tractable (FPT) for this class of constraints and develop an FPT algorithm that is useful in practice. We compare the performance of the FPT algorithm with that of SAT4J (a pseudo-Boolean SAT solver) in computational experiments, which show that our algorithm significantly outperforms SAT4J for many instances of WSP. User-independent constraints, a large class of constraints including many practical ones, are a special case of class-independent constraints for which WSP was proved to be FPT (Cohen et al., J. Artif. Intel. Res. 2014). Thus our results considerably extend our knowledge of the fixed-parameter tractability of WSP

On the Workflow Satisfiability Problem with Class-Independent Constraints for Hierarchical Organizations

A workflow specification defines a set of steps, a set of users, and an access control policy. The policy determines which steps a user is authorized to perform and imposes constraints on which sets of users can perform which sets of steps. The workflow satisfiability problem (WSP) is the problem of determining whether there exists an assignment of users to workflow steps that satisfies the policy. Given the computational hardness of WSP and its importance in the context of workflow management systems, it is important to develop algorithms that are as efficient as possible to solve WSP. In this article, we study the fixed-parameter tractability of WSP in the presence of class-independent constraints, which enable us to (1) model security requirements based on the groups to which users belong and (2) generalize the notion of a user-independent constraint. Class-independent constraints are defined in terms of equivalence relations over the set of users. We consider sets of nested equivalence relations because this enables us to model security requirements in hierarchical organizations. We prove that WSP is fixed-parameter tractable (FPT) for class-independent constraints defined over nested equivalence relations and develop an FPT algorithm to solve WSP instances incorporating such constraints. We perform experiments to evaluate the performance of our algorithm and compare it with that of SAT4J, an off-the-shelf pseudo-Boolean SAT solver. The results of these experiments demonstrate that our algorithm significantly outperforms SAT4J for many instances of WSP

The pattern-backtracking FPT algorithm and experimental data set for the WSP with class-independent constraints

<p>This folder contains an executable code of the pattern-backtracking FPT algorithm and an experimental data set used for the WSP with class-independent constraints in:<br>J. Crampton, A. Gagarin, G. Gutin, M. Jones, and M. Wahlstrom, “On the workflow satisfiability problem with class-independent constraints for hierarchical organizations,” 2015.</p> <p>The pattern-backtracking FPT algorithm is implemented in C++. The project is compiled using Eclipse Standard/SDK, Version: Kepler Service Release 1. The executable code is created on a MacBook Pro computer having a 2.6 GHz Intel Core i5 processor, 8 GB 1600 MHz DDR3 RAM 2 and running Mac OS X Version 10.9.5. This is an advanced and more efficient implementation of the pattern-backtracking FPT algorithm which returns a solution assignment in the case of solved satisfiable instances and explicitly checks correctness of the obtained solution assignment. Some memory and time control features are added as well.</p> <p>The random generator used to create the experimental data set is a development of the random generator described in:<br>D. Cohen, J. Crampton, A. Gagarin, G. Gutin, and M. Jones, “Algorithms for the workflow satisfiability problem engineered for counting constraints,” J. Combinatorial Optimization (2015), in press.<br>In particular, the random instance generator avoids generation of trivially unsatisfiable instances with respect to class-independent constraints. The current calendar time is used as a random seed value.</p> <p>Each instance of the original WSP is stored in a file with extension .wsp and named WSP_input_#S_#U_#C_a_b_c_d.wsp, where #S is the number of steps in the instance, #U is the number of users, #C is the number of equivalence classes of users, a is the number of user-independent not-equals (separation-of-duty) constraints, b is the number of user-independent at-most constraints, c is the number of class-independent equivalence constraints (requiring a pair of steps to be performed by users from the same equivalence class), and d is the number of class-independent non-equivalence constraints (requiring a pair of steps to be performed by users from different equivalence classes). The corresponding formulation of the instance in terms of the pseudo-Boolean satisfiability (PB SAT) problem is stored in a file with extension .opb and named WSP_input_#S_#U_#C_a_b_c_d_PBSAT.opb. A reader can install the PB SAT solver SAT4J and run it on these PB SAT formulation input files. The outputs of our runs of SAT4J on the PB SAT formulation are stored in files named WSP_input_#S_#U_#C_a_b_c_d_PBSAT_output.txt. The PB SAT solution converted back to the original WSP solution is stored in files named WSP_input_#S_#U_#C_a_b_c_d_PBSAT_output_WSPsoln.txt (clearly, only solved satisfiable PB SAT instances provide non-empty WSP solution files). The outcome decisions of the FPT algorithm (“satisfiable” or “unsatisfiable”), together with solution assignments (if applicable) and some basic information about its runs (numbers of patterns generated and considered in the search space, the running times) are stored in files named WSP_input_#S_#U_#C_a_b_c_d_FPTgen_soln.txt. This implementation of the FPT algorithm has check points for memory usage and elapsed running time. It stops the computational process when the running time of the FPT algorithm reaches one hour limit or the virtual memory consumption exceeds 64GB. Summary Excel tables for the computational experiments are included as well.</p> <p>The executable code of the FPT algorithm and the experimental data set are provided for non-commercial use only. When using this executable code or the data set, please cite the full-size paper above.</p> <p> </p