Dynamic Access Control to Semantics-Aware Streamed Process Logs

Business process logs are composed of event records generated, collected and analyzed at different locations, asynchronously and under the responsibility of different authorities. Their analysis is often delegated to auditors who have a mandate for monitoring processes and computing metrics but do not always have the rights to access the individual events used to compute them. A major challenge of this scenario is reconciling the requirements of privacy and access control with the need to continuously monitor and assess the business process. In this paper, we present a model, a language and a software toolkit for controlling access to process data where logs are made available as streams of RDF triples referring to some company-specific business ontology. Our approach is based on the novel idea of dynamic enforcement: we incrementally build dynamic filters for each process instance, based on the applicable access control policy and on the current prefix of the event stream. The implementation and performance validation of our solution is also presented.

[1]  Andrej Chu,et al.  A Lightweight RDF Data Model for Business Process Analysis , 2012 .

[2]  Andrej Chu,et al.  Distributed SPARQL Query Answering over RDF Data Streams , 2013, 2013 IEEE International Congress on Big Data.

[3]  Ernesto Damiani,et al.  Processes Meet Big Data: Connecting Data Science with Process Science , 2015, IEEE Transactions on Services Computing.

[4]  David Banisar,et al.  Global Trends in Privacy Protection: An International Survey of Privacy, Data Protection, and Surveillance Laws and Developments , 2012 .

[5]  Ernesto Damiani,et al.  Translating Process Mining Results into Intelligible Business Information , 2016, KMO.

[6]  Steffen Staab,et al.  Papel: Provenance-Aware Policy Definition and Execution , 2011, IEEE Internet Computing.

[7]  Stefanie Rinderle-Ma,et al.  Balancing Flexibility and Security in Adaptive Process Management Systems , 2005, OTM Conferences.

[8]  Wil M. P. van der Aalst,et al.  Extracting Object-Centric Event Logs to Support Process Mining on Databases , 2018, CAiSE Forum.

[9]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[10]  Paolo Ceravolo,et al.  Data-Driven Process Discovery and Analysis , 2015, Lecture Notes in Business Information Processing.

[11]  Marco Angelini,et al.  Big Data Semantics , 2018, Journal on Data Semantics.

[12]  Manfred Reichert,et al.  Access Control for Monitoring System-Spanning Business Processes in Proviado , 2007, EMISA.

[13]  Ernesto Damiani,et al.  A Framework for Human-in-the-loop Monitoring of Concept-drift Detection in Event Log Stream , 2018, WWW.

[14]  Stefanie Rinderle-Ma,et al.  Managing the Life Cycle of Access Rules in CEOSIS , 2008, 2008 12th International IEEE Enterprise Distributed Object Computing Conference.

[15]  Günther Pernul,et al.  Viewing Business-Process Security from Different Perspectives , 1999, Int. J. Electron. Commer..

[16]  Feifei Li,et al.  Rewriting queries on SPARQL views , 2011, WWW.

[17]  D. Richard Kuhn,et al.  Role-Based Access Control ( RBAC ) : Features and Motivations , 2014 .

[18]  Manfred Reichert,et al.  The Proviado Access Control Model for Business Process Monitoring Components , 2010, Enterp. Model. Inf. Syst. Archit. Int. J. Concept. Model..

[19]  Andreas Matheus,et al.  How to Declare Access Control Policies for XML Structured Information Objects using OASIS' eXtensible Access Control Markup Language (XACML) , 2005, Proceedings of the 38th Annual Hawaii International Conference on System Sciences.

[20]  Heiner Stuckenschmidt,et al.  A Model-driven Approach to enable Access Control for Ontologies , 2009, Wirtschaftsinformatik.

[21]  David R. Kuhn,et al.  Role-Based Access Control (RBAC): Features and Motivations | NIST , 1995 .

[22]  Miklos A. Vasarhelyi,et al.  Continuous monitoring of business process controls: A pilot implementation of a continuous auditing system at Siemens , 2006, Int. J. Account. Inf. Syst..

[23]  Alejandro Rivero Rodriguez,et al.  Associating event logs with ontologies for semantic process mining and analysis , 2015, MindTrek.

[24]  Amit P. Sheth,et al.  Semantic Sensor Web , 2008, IEEE Internet Computing.

[25]  Bhavani M. Thuraisingham,et al.  ROWLBAC: representing role based access control in OWL , 2008, SACMAT '08.

[26]  Usman Naeem,et al.  Using semantic-based approach to manage perspectives of process mining: Application on improving learning process domain data , 2016, 2016 IEEE International Conference on Big Data (Big Data).

[27]  Fabio Massacci,et al.  An access control framework for business processes for web services , 2003, XMLSEC '03.

[28]  Dan Brickley,et al.  Rdf vocabulary description language 1.0 : Rdf schema , 2004 .

[29]  Boudewijn F. van Dongen,et al.  XES, XESame, and ProM 6 , 2010, CAiSE Forum.

[30]  Akhil Kumar,et al.  DW-RBAC: A formal security model of delegation and revocation in workflow systems , 2007, Inf. Syst..

[31]  Wil M. P. van der Aalst,et al.  Process Cubes: Slicing, Dicing, Rolling Up and Drilling Down Event Data for Process Mining , 2013, AP-BPM.

[32]  Luigi Pontieri,et al.  Mining Hierarchies of Models: From Abstract Views to Concrete Specifications , 2005, Business Process Management.

[33]  Sherif Sakr,et al.  A Query Language for Analyzing Business Processes Execution , 2011, BPM.

[34]  Hans-Jürgen Appelrath,et al.  A Relational Data Warehouse for Multidimensional Process Mining , 2015, SIMPDA.

[35]  Mathias Weske,et al.  Matching of Events and Activities - An Approach Using Declarative Modeling Constraints , 2015, BMMDS/EMMSAD.

[36]  Mathias Weske,et al.  A Semantic Approach for Business Process Model Abstraction , 2011, CAiSE.

[37]  Ian Horrocks,et al.  OWL Web Ontology Language Reference-W3C Recommen-dation , 2004 .

[38]  Dirk Fahland,et al.  Information Flow Security for Business Process Models - just one click away , 2012, BPM.

[39]  Wil M. P. van der Aalst,et al.  Workflow Resource Patterns: Identification, Representation and Tool Support , 2005, CAiSE.

[40]  Yogesh L. Simmhan,et al.  A survey of data provenance in e-science , 2005, SGMD.

[41]  Oliver Thomas,et al.  Semantic EPC: Enhancing Process Modeling Using Ontology Languages , 2007, SBPM.

[42]  Mathias Weske,et al.  The Triconnected Abstraction of Process Models , 2009, BPM.

[43]  Diego Calvanese,et al.  Ontology-Driven Extraction of Event Logs from Relational Databases , 2015, Business Process Management Workshops.

[44]  Usman Naeem,et al.  Semantic Process Mining Towards Discovery and Enhancement of Learning Model Analysis , 2015, 2015 IEEE 17th International Conference on High Performance Computing and Communications, 2015 IEEE 7th International Symposium on Cyberspace Safety and Security, and 2015 IEEE 12th International Conference on Embedded Software and Systems.

[45]  Marcelo Arenas,et al.  Semantics and Complexity of SPARQL , 2006, International Semantic Web Conference.

[46]  Jan Mendling,et al.  Bridging Abstraction Layers in Process Mining by Automated Matching of Events and Activities , 2013, BPM.

[47]  Wil M. P. van der Aalst,et al.  A Generic Import Framework for Process Event Logs , 2006, Business Process Management Workshops.

[48]  Mahmoud Al-Qutayri,et al.  Translating BPMN to Business Rules , 2016, SIMPDA.

[49]  Ernesto Damiani,et al.  Using Semantic Lifting for improving Process Mining: a Data Loss Prevention System case study , 2013, SIMPDA.

[50]  Xiaoyong Du,et al.  RDF partitioning for scalable SPARQL query processing , 2015, Frontiers of Computer Science.

[51]  Hajo A. Reijers,et al.  From Low-Level Events to Activities - A Pattern-Based Approach , 2016, BPM.

[52]  P. Samarati,et al.  Access control: principle and practice , 1994, IEEE Communications Magazine.

[53]  Ernesto Damiani,et al.  Extending Policy Languages to the Semantic Web , 2004, ICWE.

[54]  Jan Mendling,et al.  Efficient and Customisable Declarative Process Mining with SQL , 2016, CAiSE.

[55]  Lorena Etcheverry,et al.  Views over RDF Datasets: A State-of-the-Art and Open Challenges , 2012, ArXiv.

[56]  Johann Eder,et al.  A Process Warehouse Model Capturing Process Variants , 2018, Enterp. Model. Inf. Syst. Archit. Int. J. Concept. Model..

[57]  Paolo Ceravolo,et al.  Knowledge acquisition in process intelligence , 2015, 2015 International Conference on Information and Communication Technology Research (ICTRC).

[58]  Ernesto Damiani,et al.  Big data analytics as-a-service: Issues and challenges , 2016, 2016 IEEE International Conference on Big Data (Big Data).

[59]  Ricardo Seguel,et al.  Process Mining Manifesto , 2011, Business Process Management Workshops.

[60]  Antonio De Nicola,et al.  Semantic Lifting of Business Process Models , 2008, 2008 12th Enterprise Distributed Object Computing Conference Workshops.

[61]  Ernesto Damiani,et al.  Toward a New Generation of Log Pre-processing Methods for Process Mining , 2017, BPM.

[62]  Wil M. P. van der Aalst,et al.  Semantic Process Mining Tools: Core Building Blocks , 2008, ECIS.

[63]  Paolo Ceravolo,et al.  Consistent Process Mining over Big Data Triple Stores , 2013, 2013 IEEE International Congress on Big Data.

[64]  Avraham Shtub,et al.  Business Process Improvement , 2020, Service Science.