On the exploitation of process mining for security audits: the conformance checking case

Process mining stands for a set of techniques to analyze business process models and logs. However, the extent to which it can be used for security auditing has not been investigated. Focusing on conformance checking and its support in ProM, this paper reports on a case-study in the financial sector applying this technology for the auditing of relevant security requirements. Although the vast majority of requirements could be verified, we notice a large manual effort to carry out the analysis. Moreover, we identify a class of security requirements that demands process discovery for analysis, and elaborate on ways in which process mining could be extended to better suit security analyses.

[1]  Anna Carlin,et al.  IT Audit: A Critical Business Process , 2007, Computer.

[2]  Koen Vanhoof,et al.  Does Process Mining Add to Internal Auditing? An Experience Report , 2011, BMMDS/EMMSAD.

[3]  Per Runeson,et al.  Guidelines for conducting and reporting case study research in software engineering , 2009, Empirical Software Engineering.

[4]  Günther Pernul,et al.  Viewing Business-Process Security from Different Perspectives , 1999, Int. J. Electron. Commer..

[5]  Rafael Accorsi,et al.  Towards Forensic Data Flow Analysis of Business Process Logs , 2011, 2011 Sixth International Conference on IT Security Incident Management and IT Forensics.

[6]  Wil M. P. van der Aalst,et al.  Workflow mining: discovering process models from event logs , 2004, IEEE Transactions on Knowledge and Data Engineering.

[7]  Marco Montali,et al.  Specification and Verification of Declarative Open Interaction Models - A Logic-Based Approach , 2010, Lecture Notes in Business Information Processing.

[8]  Rafael Accorsi,et al.  SWAT: A Security Workflow Analysis Toolkit for Reliably Secure Process-aware Information Systems , 2011, 2011 Sixth International Conference on Availability, Reliability and Security.

[9]  K. Vanhoof,et al.  A Framework for Internal Fraud Risk Reduction at IT Integrating Business Processes, The IFR² Framework , 2009 .

[10]  Valtteri Niemi,et al.  Distributed Usage Control , 2011, ANT/MobiWIS.

[11]  Boudewijn F. van Dongen,et al.  The ProM Framework: A New Era in Process Mining Tool Support , 2005, ICATPN.

[12]  Michael R. Clarkson,et al.  Hyperproperties , 2008, 2008 21st IEEE Computer Security Foundations Symposium.

[13]  Jan H. P. Eloff,et al.  Separation of duties for access control enforcement in workflow environments , 2001, IBM Syst. J..

[14]  Remco M. Dijkman,et al.  Petri Net Transformations for Business Processes - A Survey , 2009, Trans. Petri Nets Other Model. Concurr..

[15]  Boudewijn F. van Dongen,et al.  Process Mining and Verification of Properties: An Approach Based on Temporal Logic , 2005, OTM Conferences.

[16]  Vijayalakshmi Atluri,et al.  Security for Workflow Systems , 2001, Inf. Secur. Tech. Rep..

[17]  Boudewijn F. van Dongen,et al.  A Meta Model for Process Mining Data , 2005, EMOI-INTEROP.

[18]  R. Sandhu,et al.  Access control: principles and practice , 1994, IEEE Commun. Mag..

[19]  P. Samarati,et al.  Access control: principle and practice , 1994, IEEE Communications Magazine.

[20]  Gregor Snelting,et al.  On PDG-based noninterference and its modular proof , 2009, PLAS '09.

[21]  Mark Strembeck,et al.  Conformance Checking of RBAC Policies in Process-Aware Information Systems , 2011, Business Process Management Workshops.

[22]  RunesonPer,et al.  Guidelines for conducting and reporting case study research in software engineering , 2009 .

[23]  Wil M. P. van der Aalst,et al.  Conformance checking of processes based on monitoring real behavior , 2008, Inf. Syst..

[24]  Rafael Accorsi,et al.  Strong non-leak guarantees for workflow models , 2011, SAC.

[25]  W. Marsden I and J , 2012 .

[26]  Michael J. Nash,et al.  The Chinese Wall security policy , 1989, Proceedings. 1989 IEEE Symposium on Security and Privacy.

[27]  Kees M. van Hee,et al.  Auditing 2.0: Using Process Mining to Support Tomorrow's Auditor , 2010, Computer.

[28]  Wil M. P. van der Aalst Process mining , 2012, CACM.