The Bi-Objective Workflow Satisfiability Problem and Workflow Resiliency

TL;DR

This paper introduces the Bi-Objective Workflow Satisfiability Problem (BOWSP) to optimize workflow security policies, providing algorithms for Pareto front computation and analyzing workflow resiliency under user-independent constraints.

Contribution

It formulates BOWSP for workflow security optimization, develops fixed-parameter tractable and MIP algorithms, and studies workflow resiliency with new models and complexity results.

Findings

FPT algorithm efficiently computes Pareto fronts for BOWSP.

MIP algorithm is significantly slower than FPT on synthetic data.

Workflow resiliency problems are fixed-parameter tractable under user-independent constraints.

Abstract

A computerized workflow management system may enforce a security policy, specified in terms of authorized actions and constraints, thereby restricting which users can perform particular steps in a workflow. The existence of a security policy may mean it is impossible to find a valid plan (an assignment of steps to authorized users such that all constraints are satisfied). Work in the literature focuses on the workflow satisfiability problem, a \emph{decision} problem that outputs a valid plan if the instance is satisfiable (and a negative result otherwise). In this paper, we introduce the \textsc{Bi-Objective Workflow Satisfiability Problem} (\BOWSP), which enables us to solve \emph{optimization} problems related to workflows and security policies. In particular, we are able to compute a "least bad" plan when some components of the security policy may be violated. In general, \BOWSP is intractable from both the classical and parameterized complexity point of view. We prove there exists an fixed-parameter tractable (FPT) algorithm to compute a Pareto front for \BOWSP if we restrict our attention to user-independent constraints. We also present a second algorithm to compute a Pareto front which uses mixed integer programming (MIP). We compare the performance of both our algorithms on synthetic instances, and show that the FPT algorithm outperforms the MIP-based one by several orders of magnitude on most of the instances. Finally, we study the important question of workflow resiliency and prove new results establishing that known decision problems are fixed-parameter tractable when restricted to user-independent constraints. We then propose a new way of modeling the availability of users and demonstrate that many questions related to resiliency in the context of this new model may be reduced to instances of \BOWSP.