Results in Workflow Resiliency: Complexity, New Formulation, and ASP Encoding

First proposed by Wang and Li in 2007, workflow resiliency is a policy analysis for ensuring that, even when an adversarial environment removes a subset of workers from service, a workflow can still be instantiated to satisfy all the security constraints. Wang and Li proposed three notions of workflow resiliency: static, decremental, and dynamic resiliency. While decremental and dynamic resiliency are both PSPACE-complete, Wang and Li did not provide a matching lower and upper bound for the complexity of static resiliency. The present work begins with proving that static resiliency is $\Pi_2^p$-complete, thereby bridging a long-standing complexity gap in the literature. In addition, a fourth notion of workflow resiliency, one-shot resiliency, is proposed and shown to remain in the third level of the polynomial hierarchy. This shows that sophisticated notions of workflow resiliency need not be PSPACE-complete. Lastly, we demonstrate how to reduce static and one-shot resiliency to Answer Set Programming (ASP), a modern constraint-solving technology that can be used for solving reasoning tasks in the lower levels of the polynomial hierarchy. In summary, this work demonstrates the value of focusing on notions of workflow resiliency that reside in the lower levels of the polynomial hierarchy