A Multivariate Approach for Checking Resiliency in Access Control

TL;DR

This paper analyzes the computational complexity of the Resiliency Checking Problem in access control, considering various parameters and providing a comprehensive classification of its complexity status.

Contribution

It offers a complete parameterized complexity classification of RCP for all parameter combinations, including the restricted case where no users are removed.

Findings

Most cases are classified as FPT, XP, W[2]-hard, para-NP-hard, or para-coNP-hard.

The paper resolves the complexity status for all parameter combinations except one.

It provides insights into the tractability of resiliency checks in access control policies.

Abstract

In recent years, several combinatorial problems were introduced in the area of access control. Typically, such problems deal with an authorization policy, seen as a relation $UR \subseteq U \times R$, where $(u, r) \in UR$ means that user $u$ is authorized to access resource $r$. Li, Tripunitara and Wang (2009) introduced the Resiliency Checking Problem (RCP), in which we are given an authorization policy, a subset of resources $P \subseteq R$, as well as integers $s \ge 0$, $d \ge 1$ and $t \geq 1$. It asks whether upon removal of any set of at most $s$ users, there still exist $d$ pairwise disjoint sets of at most $t$ users such that each set has collectively access to all resources in $P$. This problem possesses several parameters which appear to take small values in practice. We thus analyze the parameterized complexity of RCP with respect to these parameters, by considering all possible combinations of $|P|, s, d, t$. In all but one case, we are able to settle whether the problem is in FPT, XP, W[2]-hard, para-NP-hard or para-coNP-hard. We also consider the restricted case where $s=0$ for which we determine the complexity for all possible combinations of the parameters.