Authorized workflow schemas: deciding realizability through $$\mathsf{LTL }(\mathsf{F })$$ model checking

Abstract

Many business processes are modeled as workflows, which often need to comply with business rules, legal requirements, and authorization policies. Workflow satisfiability is the problem of determining whether there exists a workflow instance that realizes the workflow specification while simultaneously complying with such constraints. This problem has already been studied by the computer security community, with the development of algorithms and the study of their worst-case complexity. These solutions are often tailored to a particular workflow model and are, therefore, of little or no use in analyzing different models; their worst-case complexities are likely to be an unreliable judge of their feasibility; and they lack support for other forms of analysis such as the determination of the smallest number of users required to satisfy a workflow specification. We propose model checking of an NP-complete fragment $$\mathsf{LTL }(\mathsf{F })$$ of propositional linear-time temporal logic as an alternative solution. We report encodings in LTL(F) that can compute a set of solutions (thus deciding satisfiability), compute minimal user bases and a safe bound on the resiliency of satisfiability under the removal of users. These theoretical contributions are validated through detailed experiments whose results attest to the viability of our proposed approach.