Optimal Employee Recruitment in Organizations under Attribute-Based Access Control

For any successful business endeavor, recruitment of a required number of appropriately qualified employees in proper positions is a key requirement. For effective utilization of human resources, reorganization of such workforce assignment is also a task of utmost importance. This includes situations when the under-performing employees have to be substituted with fresh applicants. Generally, the number of candidates applying for a position is large, and hence, the task of identifying an optimal subset becomes critical. Moreover, a human resource manager would also like to make use of the opportunity of retirement of employees to improve manpower utilization. However, the constraints enforced by the security policies prohibit any arbitrary assignment of tasks to employees. Further, the new employees should have the capabilities required to handle the assigned tasks. In this article, we formalize this problem as the Optimal Recruitment Problem (ORP), wherein the goal is to select the minimum number of fresh employees from a set of candidates to fill the vacant positions created by the outgoing employees, while ensuring satisfiability of the specified security conditions. The model used for specification of authorization policies and constraints is Attribute-Based Access Control (ABAC), since it is considered to be the de facto next-generation framework for handling organizational security policies. We show that the ORP problem is NP-hard and propose a greedy heuristic for solving it. Extensive experimental evaluation shows both the effectiveness and efficiency of the proposed solution.