Polynomial Kernels and User Reductions for the Workflow Satisfiability Problem

  • Gregory Gutin
  • Stefan Kratsch
  • Magnus WahlströmEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8894)


The workflow satisfiability problem (WSP) is a problem of practical interest that arises whenever tasks need to be performed by authorized users, subject to constraints defined by business rules. We are required to decide whether there exists a plan – an assignment of tasks to authorized users – such that all constraints are satisfied.

The WSP is, in fact, the conservative Constraint Satisfaction Problem (i.e., for each variable, here called task, we have a unary authorization constraint) and is, thus, NP-complete. It was observed by Wang and Li (2010) that the number \(k\) of tasks is often quite small and so can be used as a parameter, and several subsequent works have studied the parameterized complexity of WSP regarding parameter \(k\).

We take a more detailed look at the kernelization complexity of WSP(\(\varGamma \)) when \(\varGamma \) denotes a finite or infinite set of allowed constraints. Our main result is a dichotomy for the case that all constraints in \(\varGamma \) are regular: (1) We are able to reduce the number \(n\) of users to \(n'\le k\). This entails a kernelization to size poly\((k)\) for finite \(\varGamma \), and, under mild technical conditions, to size poly\((k+m)\) for infinite \(\varGamma \), where \(m\) denotes the number of constraints. (2) Already WSP(\(R\)) for some \(R\in \varGamma \) allows no polynomial kernelization in \(k+m\) unless the polynomial hierarchy collapses.


  1. 1.
    American National Standards Institute. ANSI INCITS 359–2004 for role based access control (2004)Google Scholar
  2. 2.
    Bertino, E., Bonatti, P.A., Ferrari, E.: TRBAC: a temporal role-based access control model. ACM Trans. Inf. Syst. Secur. 4(3), 191–233 (2001)CrossRefGoogle Scholar
  3. 3.
    Bertino, E., Ferrari, E., Atluri, V.: The specification and enforcement of authorization constraints in workflow management systems. ACM Trans. Inf. Syst. Secur. 2(1), 65–104 (1999)CrossRefGoogle Scholar
  4. 4.
    Betzler, N., Bredereck, R., Niedermeier, R.: Partial kernelization for rank aggregation: theory and experiments. In: Raman, V., Saurabh, S. (eds.) IPEC 2010. LNCS, vol. 6478, pp. 26–37. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  5. 5.
    Cohen, D., Crampton, J., Gagarin, A., Gutin, G., Jones, M.: Iterative plan construction for the workflow satisfiability problem. CoRR, abs/1306.3649v2 (2013)
  6. 6.
    Cohen, D., Crampton, J., Gagarin, A., Gutin, G., Jones, M.: Engineering algorithms for workflow satisfiability problem with user-independent constraints. In: Chen, J., Hopcroft, J.E., Wang, J. (eds.) FAW 2014. LNCS, vol. 8497, pp. 48–59. Springer, Heidelberg (2014)CrossRefGoogle Scholar
  7. 7.
    Crampton, J.: A reference monitor for workflow systems with constrained task execution. In: SACMAT, pp. 38-47. ACM (2005)Google Scholar
  8. 8.
    Crampton, J., Crowston, R., Gutin, G., Jones, M., Ramanujan, M.S.: Fixed-parameter tractability of workflow satisfiability in the presence of seniority constraints. In: Fellows, M., Tan, X., Zhu, B. (eds.) FAW-AAIM 2013. LNCS, vol. 7924, pp. 198–209. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  9. 9.
    Crampton, J., Gutin, G., Yeo, A.: On the parameterized complexity and kernelization of the workflow satisfiability problem. ACM Trans. Inf. Syst. Secur. 16(1), 4 (2013)CrossRefGoogle Scholar
  10. 10.
    Dell, H., van Melkebeek, D.: Satisfiability allows no nontrivial sparsification unless the polynomial-time hierarchy collapses. In: Schulman, L.J. (ed.) STOC, pp. 251-260. ACM (2010)Google Scholar
  11. 11.
    Dom, M., Lokshtanov, D., Saurabh, S.: Incompressibility through colors and IDs. In: Albers, S., Marchetti-Spaccamela, A., Matias, Y., Nikoletseas, S., Thomas, W. (eds.) ICALP 2009, Part I. LNCS, vol. 5555, pp. 378–389. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  12. 12.
    Downey, R.G., Fellows, M.R.: Fundamentals of Parameterized Complexity. Texts in Computer Science. Springer, (2013)Google Scholar
  13. 13.
    Hermelin, D., Kratsch, S., Sołtys, K., Wahlström, M., Wu, X.: A completeness theory for polynomial (Turing) kernelization. In: Gutin, G., Szeider, S. (eds.) IPEC 2013. LNCS, vol. 8246, pp. 202–215. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  14. 14.
    Joshi, J., Bertino, E., Latif, U., Ghafoor, A.: A generalized temporal role-based access control model. IEEE Trans. Knowl. Data Eng. 17(1), 4–23 (2005)CrossRefGoogle Scholar
  15. 15.
    Lokshtanov, D., Misra, N., Saurabh, S.: Kernelization – preprocessing with a guarantee. In: Bodlaender, H.L., Downey, R., Fomin, F.V., Marx, D. (eds.) Fellows Festschrift 2012. LNCS, vol. 7370, pp. 129–161. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  16. 16.
    Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-based access control models. IEEE Comput. 29(2), 38–47 (1996)CrossRefGoogle Scholar
  17. 17.
    Wang, Q., Li, N.: Satisfiability and resiliency in workflow authorization systems. ACM Trans. Inf. Syst. Secur. 13(4), 40 (2010)CrossRefGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Gregory Gutin
    • 1
  • Stefan Kratsch
    • 2
  • Magnus Wahlström
    • 1
    Email author
  1. 1.Royal HollowayUniversity of LondonLondonUK
  2. 2.TU BerlinBerlinGermany

Personalised recommendations