Role-Based Access Control Models
Computer
The specification and enforcement of authorization constraints in workflow management systems
ACM Transactions on Information and System Security (TISSEC) - Special issue on role-based access control
The uses of role hierarchies in access control
RBAC '99 Proceedings of the fourth ACM workshop on Role-based access control
TRBAC: A temporal role-based access control model
ACM Transactions on Information and System Security (TISSEC)
Which problems have strongly exponential complexity?
Journal of Computer and System Sciences
Distributed and Parallel Databases
Separation of Duty in Role-based Environments
CSFW '97 Proceedings of the 10th IEEE workshop on Computer Security Foundations
Tight Bounds for Testing Bipartiteness in General Graphs
SIAM Journal on Computing
A Generalized Temporal Role-Based Access Control Model
IEEE Transactions on Knowledge and Data Engineering
Minimal unsatisfiable formulas with bounded clause-variable difference are fixed-parameter tractable
Journal of Computer and System Sciences
A reference monitor for workflow systems with constrained task execution
Proceedings of the tenth ACM symposium on Access control models and technologies
Parameterized Complexity Theory (Texts in Theoretical Computer Science. An EATCS Series)
Parameterized Complexity Theory (Texts in Theoretical Computer Science. An EATCS Series)
On mutually exclusive roles and separation-of-duty
ACM Transactions on Information and System Security (TISSEC)
ProActive Access Control for Business Process-Driven Environments
ACSAC '08 Proceedings of the 2008 Annual Computer Security Applications Conference
Incompressibility through Colors and IDs
ICALP '09 Proceedings of the 36th International Colloquium on Automata, Languages and Programming: Part I
TrustBus '09 Proceedings of the 6th International Conference on Trust, Privacy and Security in Digital Business
On problems without polynomial kernels
Journal of Computer and System Sciences
Set Partitioning via Inclusion-Exclusion
SIAM Journal on Computing
Satisfiability and Resiliency in Workflow Authorization Systems
ACM Transactions on Information and System Security (TISSEC)
Kernel bounds for disjoint cycles and disjoint paths
Theoretical Computer Science
Obstruction-Free Authorization Enforcement: Aligning Security with Business Objectives
CSF '11 Proceedings of the 2011 IEEE 24th Computer Security Foundations Symposium
Parameterized complexity of maxsat above average
LATIN'12 Proceedings of the 10th Latin American international conference on Theoretical Informatics
Constraint satisfaction problems: convexity makes all different constraints tractable
IJCAI'11 Proceedings of the Twenty-Second international joint conference on Artificial Intelligence - Volume Volume One
Optimal workflow-aware authorizations
Proceedings of the 17th ACM symposium on Access Control Models and Technologies
On the parameterized complexity of the workflow satisfiability problem
Proceedings of the 2012 ACM conference on Computer and communications security
Constraint expressions and workflow satisfiability
Proceedings of the 18th ACM symposium on Access control models and technologies
Parameterized Complexity
Hi-index | 0.00 |
A workflow specification defines a set of steps and the order in which these steps must be executed. Security requirements may impose constraints on which groups of users are permitted to perform subsets of these steps. A workflow specification is said to be satisfiable if there exists an assignment of users to workflow steps that satisfies all the constraints. An algorithm for determining whether such an assignment exists is important, both as a static analysis tool for workflow specifications and for the construction of runtime reference monitors for workflow management systems. Finding such an assignment is a hard problem in general, but work by Wang and Li [2010] using the theory of parameterized complexity suggests that efficient algorithms exist under reasonable assumptions about workflow specifications. In this article, we improve the complexity bounds for the workflow satisfiability problem. We also generalize and extend the types of constraints that may be defined in a workflow specification and prove that the satisfiability problem remains fixed-parameter tractable for such constraints. Finally, we consider preprocessing for the problem and prove that in an important special case, in polynomial time, we can reduce the given input into an equivalent one where the number of users is at most the number of steps. We also show that no such reduction exists for two natural extensions of this case, which bounds the number of users by a polynomial in the number of steps, provided a widely accepted complexity-theoretical assumption holds.