Authorization Enforcement in Workflows: Maintaining Realizability Via Automated Reasoning

We investigate automated reasoning techniques as a means of supporting authorization enforcement functions of security-aware workflow management systems. The aim of such support is that one may statically or dynamically guarantee the realizability of a workflow instance given the security constraints of the underlying workflow specification. We develop two such automated reasoning methods and experimentally evaluate their suitability for giving such support. One method uses a propositional encoding of realizability implemented through binary decision diagrams, another method uses a linear-time temporal logic encoding implemented via bounded model checking. We chose these particular methods and implementations since they render representations that, at least in principle, capture many potential solutions so that dynamic guarantees of realizability can be made through efficient queries on these representations. Preliminary experimental results identify issues of scalability and of balancing flexibility in task allocation with complexity of computing such allocations.