计算机科学与探索 ›› 2018, Vol. 12 ›› Issue (12): 2021-2032.DOI: 10.3778/j.issn.1673-9418.1710074

• 理论与算法 • 上一篇    下一篇

工作流可满足决策(≠)的完备独立树分解回溯法

翟治年,卢亚辉,余法红,高慧敏   

  1. 1. 浙江科技学院 信息与电子工程学院,杭州 310023
    2. 深圳大学 计算机与软件学院,广东 深圳 518060
    3. 嘉兴学院 数理与信息工程学院,浙江 嘉兴 314001
    4. 嘉兴学院 机电工程学院,浙江 嘉兴 314001
  • 出版日期:2018-12-01 发布日期:2018-12-07

Backtracking Tree-Decomposition Method with Complete Independence for Workflow Satisfiability Decision (≠)

ZHAI Zhinian, LU Yahui, YU Fahong, GAO Huimin   

  1. 1. School of Information and Electronic Engineering, Zhejiang University of Science and Technology, Hangzhou 310023, China
    2. School of Computer and Software, Shenzhen University, Shenzhen, Guangdong 518060, China
    3. College of Mathematics Physics and Information Engineering, Jiaxing University, Jiaxing, Zhejiang 314001, China
    4. College of Mechanical and Electrical Engineering, Jiaxing University, Jiaxing, Zhejiang 314001, China
  • Online:2018-12-01 Published:2018-12-07

PDF

摘要:

互斥约束工作流可满足决策是关系到安全业务可行性的重要问题,而其现有算法的理论和实测性能,或时间和空间代价严重失衡。根据其低约束密度特征,利用Jegou的树分解回溯方法来解决上述问题。因该方法仅根据约束不相关性得出子问题独立性,不能保证部分解之间的兼容性,从变量不相交和约束不相关两个角度建立了完备的子问题独立性及其部分解缓存原理,设计了相应的算法,并通过交错归纳的方法证明其正确性。分析表明,该算法时间复杂度为[O*(|S|3×dW+1)],一定条件下低于目前最优的[O*(2|S|(|X|+|U|2))]时间,其中[S]、[d]、[W]分别为步骤集、步骤授权列表的最大规模、树分解宽度。实验表明,该算法在低密度约束下,时间性能显著超过现有理论或实际性能最优的算法,且未付出很大空间代价。

关键词: 工作流, 访问控制, 资源分配, 约束满足

Abstract:

Exclusion constrained workflow satisfiability decision is an important problem that is concerned with the feasibility of secure business. Its representative algorithms so far are seriously out-of-balance between the theoretical and practical performance, or time and space cost. According to its low density of constraints, Jegou??s backtracking tree decomposition method is used to address the above issue. However, its concept of sub-problem independence is deduced only from the property of constraint irrelevance and has no guarantee to the compatibility between partial solutions. A complete sub-problem independence with a caching principle for partial solutions is set up from the view of both variable non-intersection and constraint irrelevance. A corresponding algorithm is designed and its correctness is proven via a method of alternating induction. Its time complexity is [O*(|S|3×dW+1)] which is conditionally lower than the most optimal time [O*(2|S|(|X|+|U|2))] so far, where S, d, W are the set of steps, the maximum scale of authorization lists for steps and the tree-decomposition width. Experiments show that, under the condition of low constraint density, the algorithm has remarkable time efficiency than the algorithms with the best theoretical or practical performance, while no quite much space cost is paid.

Key words: workflow, access control, resource allocation, constraint satisfaction

京ICP备13024263号-1
Copyright © 《计算机科学与探索》编辑部
技术支持:北京玛格泰克科技发展有限公司
总访问量
今日访问
在线人数