Conformance Checking of RBAC Policies in Process-Aware Information Systems

Baumgrass, Anne; Baier, Thomas; Mendling, Jan; Strembeck, Mark

doi:10.1007/978-3-642-28115-0_41

Cited by 12 publications

(6 citation statements)

References 15 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…1) In the Conformance checking category, the three main development areas can be identified: different approaches to conformance checking, proposing new frameworks and algorithms and visualization. An approach to check if the data recorded in the event logs of a process aware information systems (PAIS) conforms to the corresponding process-related Role-based access control (RBAC) model is presented [20]. The process-related RBAC models are automatically transformed to corresponding Linear Temporal Logic (LTL) rules which are used to check the event logs for violations of the policies that are defined via the RBAC model [20].…”

Section: Research Resultsmentioning

confidence: 99%

“…An approach to check if the data recorded in the event logs of a process aware information systems (PAIS) conforms to the corresponding process-related Role-based access control (RBAC) model is presented [20]. The process-related RBAC models are automatically transformed to corresponding Linear Temporal Logic (LTL) rules which are used to check the event logs for violations of the policies that are defined via the RBAC model [20]. The results of this conformance check can serve as basis for security and domain experts to detect violations [20].…”

Section: Research Resultsmentioning

confidence: 99%

“…The process-related RBAC models are automatically transformed to corresponding Linear Temporal Logic (LTL) rules which are used to check the event logs for violations of the policies that are defined via the RBAC model [20]. The results of this conformance check can serve as basis for security and domain experts to detect violations [20]. In future work, authors plan to integrate presented work into related approaches for analysing the control flow [20].…”

Section: Research Resultsmentioning

confidence: 99%

See 2 more Smart Citations

Systematic review on process mining and security

Kelemen¹

2018

ocg

View full text Add to dashboard Cite

Security is an important issue that every organisation should address. One approach to secure systems could be the use of process mining techniques. Process mining is an emerging discipline which can extract knowledge from event logs that are available in information systems. In the security context, process mining is used to analyse security trails to detect anomalies in process execution. While some of the data mining projects are already implemented in banking, insurance and telecom sector the interesting question is: What is happening in public sector? This paper investigates the research on process mining techniques in security domain and tries to discover the examples of its implementation especially in public sector. The systematic review has been conducted in order to give an overview of state-of-the-art process mining techniques used in security context, to classify the main areas of development, algorithms, tools and to identify possible future research course.

show abstract

Section: Research Resultsmentioning

confidence: 99%

Section: Research Resultsmentioning

confidence: 99%

Section: Research Resultsmentioning

confidence: 99%

See 1 more Smart Citation

Systematic review on process mining and security

Kelemen¹

2018

ocg

View full text Add to dashboard Cite

show abstract

“…A possible strategy for certain application scenarios would be to define break-the-glass (BTG) rules (see, e.g., [48] , [49] , [50] ) which allow to temporarily access the protected resources with fallback security settings, in order to provide for continuous operation. An outage of the Logging service is less severe, because it is strictly only required to perform a posteriori conformance checks of global constraints that may affect all (or at least multiple) process instances (see, e.g., [51] ). Instance-specific constraints are local to a certain process instance and can be enforced by means of instance-specific log data stored in WS-BPEL variables (see Section 5 ).…”

Section: Evaluation and Discussionmentioning

confidence: 99%

Enforcement of entailment constraints in distributed service-based business processes

Hummer

Gaubatz

Strembeck

et al. 2013

Information and Software Technology

Self Cite

View full text Add to dashboard Cite

ContextA distributed business process is executed in a distributed computing environment. The service-oriented architecture (SOA) paradigm is a popular option for the integration of software services and execution of distributed business processes. Entailment constraints, such as mutual exclusion and binding constraints, are important means to control process execution. Mutually exclusive tasks result from the division of powerful rights and responsibilities to prevent fraud and abuse. In contrast, binding constraints define that a subject who performed one task must also perform the corresponding bound task(s).ObjectiveWe aim to provide a model-driven approach for the specification and enforcement of task-based entailment constraints in distributed service-based business processes.MethodBased on a generic metamodel, we define a domain-specific language (DSL) that maps the different modeling-level artifacts to the implementation-level. The DSL integrates elements from role-based access control (RBAC) with the tasks that are performed in a business process. Process definitions are annotated using the DSL, and our software platform uses automated model transformations to produce executable WS-BPEL specifications which enforce the entailment constraints. We evaluate the impact of constraint enforcement on runtime performance for five selected service-based processes from existing literature.ResultsOur evaluation demonstrates that the approach correctly enforces task-based entailment constraints at runtime. The performance experiments illustrate that the runtime enforcement operates with an overhead that scales well up to the order of several ten thousand logged invocations. Using our DSL annotations, the user-defined process definition remains declarative and clean of security enforcement code.ConclusionOur approach decouples the concerns of (non-technical) domain experts from technical details of entailment constraint enforcement. The developed framework integrates seamlessly with WS-BPEL and the Web services technology stack. Our prototype implementation shows the feasibility of the approach, and the evaluation points to future work and further performance optimizations.

show abstract

“…The result is a distinction of process log entries into correct and incorrect entries. For example, in [1] we present an approach to auto- matically generate LTL statements from process-related RBAC (Role-based Access Control) models. These LTL statements are used to check if process executions that are recorded via event logs conform to the access control policies defined via a corresponding RBAC model.…”

Section: Checking Of Security Properties Form Event Logsmentioning

confidence: 99%

Security and Privacy in Business Processes: A Posteriori Analysis Techniques

Strembeck

Rinderle-Ma

2013

It - Information Technology

Self Cite

View full text Add to dashboard Cite

In this paper, we motivate the need to perform a posteriori analyzes for process-related security properties. In particular, we first discuss the relation of security engineering and a-posteriori techniques. Subsequently, we give an overview of different a-posteriori techniques for analyzing organizational structures and access control policies. Finally, we provide a discussion on application scenarios for different a-posteriori techniques.

show abstract

Conformance Checking of RBAC Policies in Process-Aware Information Systems

Cited by 12 publications

References 15 publications

Systematic review on process mining and security

Systematic review on process mining and security

Enforcement of entailment constraints in distributed service-based business processes

Security and Privacy in Business Processes: A Posteriori Analysis Techniques

Contact Info

Product

Resources

About