Constraint Expressions and Workflow Satisfiability
Jason Crampton, Gregory Gutin
TL;DR
This paper introduces new methods based on constraint expressions to determine workflow satisfiability, addressing security and business rule constraints in workflow systems with versatile algorithms and complexity analysis.
Contribution
It develops novel algorithms and complexity results for workflow satisfiability using the concept of constraint expressions, enhancing static analysis and runtime monitoring.
Findings
New algorithms for workflow satisfiability
Complexity analysis of related problems
Versatile methods applicable to various constraints
Abstract
A workflow specification defines a set of steps and the order in which those steps must be executed. Security requirements and business rules may impose constraints on which users are permitted to perform those steps. A workflow specification is said to be satisfiable if there exists an assignment of authorized users to workflow steps that satisfies all the constraints. An algorithm for determining whether such an assignment exists is important, both as a static analysis tool for workflow specifications, and for the construction of run-time reference monitors for workflow management systems. We develop new methods for determining workflow satisfiability based on the concept of constraint expressions, which were introduced recently by Khan and Fong. These methods are surprising versatile, enabling us to develop algorithms for, and determine the complexity of, a number of different…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsBusiness Process Modeling and Analysis · Access Control and Trust · Security and Verification in Computing