Abstract: The User Authorization Query (UAQ) Problem is key in systems offering permission level user-system interaction, where the system automatically determines the roles that need to be activated in order to enable the requested permissions. Finding a solution to the problem amounts to determining an optimum set of roles to activate in a given session in order to obtain some permissions while satisfying a collection of authorization constraints, most notably Dynamic Mutually-Exclusive Roles (DMER) constraints. Even if the UAQ Problem is NP-hard,  a number of techniques to solve the UAQ problem have been put forward along with encouraging experimental results based on different sets of synthetic benchmarks.  We propose a methodology for designing parametric benchmarks for the UAQ problem and introduce and make publicly available a novel suite of parametric benchmarks that allows for the systematic assessment of UAQ solvers over a number of relevant dimensions. By running three prominent UAQ solvers against our benchmarks we provide a comprehensive and comparative analysis of unprecedented breadth from which it can be concluded that currently available benchmarks are not adequate to the task and that the reduction to PMaxSAT is currently the most effective approach to tackling the UAQ problem.

If it gets accepted, we will acknowledge SPARTA.

Note: Since ASIACCS employs a double-blind reviewing process, the version we submitted has been appropriately anonymized. 

For this reason, please keep the attached version of this paper and this message as strictly confidential.

Best Regards,

Alessandro