Minimum Incremental Pattern Backtracking for Resource-independent Workflow Satisfiability Problem

被引：0

作者：

Zhai Z.-N. ^{[1
]}

Lu Y.-H. ^{[2
]}

Liu G.-J. ^{[3
]}

Lei J.-S. ^{[1
]}

Xiang J. ^{[1
]}

Wu M.-W. ^{[1
]}

机构：

[1] School of Information and Electronic Engineering, Zhejiang University of Science and Technology, Hangzhou

[2] College of Computer Science and Software Engineering, Shenzhen University, Shenzhen

[3] Department of Computer Science and Technology, Tongji University, Shanghai

来源：

Ruan Jian Xue Bao/Journal of Software | 2023年 / 34卷 / 04期

关键词：

authorization; constraint; resource allocation; resource-independent; satisfaction; workflow;

D O I：

10.13328/j.cnki.jos.006682

中图分类号：

学科分类号：

摘要：

Workflow satisfiability problem is an elemental issue in the security planning of business process, and it is facing the performance challenge caused by high resource ratio (the number n of resources is significantly greater than the number k of steps). Under resource-independent constraints, its most efficient approach is incremental pattern backtracking (IPB) in the pattern space. To overcome the performance bottleneck of verifying whether a node is authentic, IPB computes the k-assignment (bipartite) graph of a pattern and its (left complete) matching in an incremental manner, which requires O(kn) and O(k2) time respectively. This study computes a full-assignment graph incrementally with only O(n) time by exploiting the atomic difference between a sub-pattern and its super one, and in particular its actual performance will increase rapidly with the size of a block in pattern. However, the size O(kn) of such a graph will result in the same incremental matching time. Further, this study introduces the concept of complete k core matching and shows that its existence is equivalent to a left complete matching and its incremental computation only costs O(k2) time. Therefore, this study proposes an algorithm of minimum incremental pattern backtracking (MIPB) that is superior to IPB in time complexity. Experiments are conducted on an extended public instance set with constraints of two global value-cardinality types and of the mutual exclusion, and with an authorization ratio of about 1/4. The results show that: when k varies at n/k=10 (n/k=100, respectively), MIPB achieves averagely more than 2 (5, respectively) times and at least 1.5 (2.9, respectively) times advantage of performance compared to IPB; when k=18 (k=36, respectively), and n/k belongs to 2~4096 (2~2048, respectively), MIPB achieves averagely more than 2.6 (3.6, respectively) times advantage. While compared to the champion solver OR-Tools CP-SAT in the 2018~2021 Minizinc Challenges, MIPB achieves at least more than 3 times advantage. © 2023 Chinese Academy of Sciences. All rights reserved.

引用

页码：1543 / 1569

页数：26

共 61 条

[1] Zhang ZJ, Zhang YM, Xu XS, Et al., Manufacturing service composition self-adaptive approach based on dynamic matching network, Ruan Jian Xue Bao/Journal of Software, 29, 11, pp. 3355-3373, (2018)
[2] Li ZW, Zhou MC., Modeling, Analysis and Deadlock Control of Automated Manufacturing Systems, (2009)
[3] Liu GJ., Complexity of the deadlock problem for Petri nets modelling resource allocation systems, Information Sciences, 363, 10, pp. 190-197, (2016)
[4] Wen YP, Liu JX, Dou WC, Et al., Privacy-aware multi-tenant access control for cloud workflow, Computer Integrated Manufactoring Systems, 25, 4, pp. 894-900, (2019)
[5] Wang J, Han Y., Cloud workflow scheduling method with data privacy protection, Computer Integrated Manufactoring Systems, 19, 8, pp. 1859-1867, (2013)
[6] Zhong RY, Xu X, Klotz E, Et al., Intelligent manufacturing in the context of industry 4.0: A review, Engineering, 3, 5, pp. 96-127, (2017)
[7] Bertino E, Ferrari E, Atluri V., The specification and enforcement of authorization constraints in workflow management systems, ACM Trans. on Information System Security, 2, 2, pp. 65-104, (1999)
[8] Crampton J, Khambhammettu H., Delegation and satisfiability in workflow systems, Proc. of the 13th ACM Symp. on Access Control Models and Technologies, pp. 31-40, (2008)
[9] Basin D, Burri JS, Karjoth G., Obstruction-Free authorization enforcement: Aligning security and business objectives, Journal of Compter Security, 22, 5, pp. 661-698, (2014)
[10] Zavatteri M, Vigano L., Last man standing: Static, decremental and dynamic resiliency via controller synthesis, Journal of Computer Security, 27, 3, pp. 343-373, (2019)

← 1 2 3 4 5 6 7 →