Conformance Checking of RBAC Policies in Process-Aware Information Systems

A process-aware information system (PAIS) is a software system that supports the definition, execution, and analysis of business processes. The execution of process instances is typically recorded in so called event logs. In this paper, we present an approach to automatically generate LTL (Linear Temporal Logic) statements from process-related RBAC (Role-based Access Control) models. These LTL statements are used to check if process executions that are recorded via event logs conform to the access control policies defined via a corresponding RBAC model. To demonstrate our approach, we implemented a RBAC-to-LTL component, and used the ProM tool to test the resulting LTL statements with event logs created from process simulations in CPN tools.

[1]  Boudewijn F. van Dongen,et al.  Workflow mining: A survey of issues and approaches , 2003, Data Knowl. Eng..

[2]  Boudewijn F. van Dongen,et al.  ProM 6: The Process Mining Toolkit , 2010, BPM.

[3]  Mark Strembeck Scenario-Driven Role Engineering , 2010, IEEE Security & Privacy.

[4]  Vladimir A. Oleshchuk,et al.  Conformance Checking of RBAC Policy and its Implementation , 2005, ISPEC.

[5]  H. Beer,et al.  The LTL Checker Plugins: A Reference Manual , 2004 .

[6]  Boudewijn F. van Dongen,et al.  Process Mining and Verification of Properties: An Approach Based on Temporal Logic , 2005, OTM Conferences.

[7]  M. Castellanos,et al.  Conformance testing : measuring the fit and appropriateness of event logs and process models , 2013 .

[8]  Guido Governatori,et al.  Compliance aware business process design , 2008 .

[9]  Wil M. P. van der Aalst,et al.  Process Mining and Security: Detecting Anomalous Process Executions and Checking Process Conformance , 2005, WISP@ICATPN.

[10]  Boudewijn F. van Dongen,et al.  A Meta Model for Process Mining Data , 2005, EMOI-INTEROP.

[11]  R. Sandhu,et al.  Access control: principles and practice , 1994, IEEE Commun. Mag..

[12]  Anand R. Tripathi,et al.  Static verification of security requirements in role based CSCW systems , 2003, SACMAT '03.

[13]  Zahir Tari,et al.  On the Move to Meaningful Internet Systems 2002: CoopIS, DOA, and ODBASE , 2002, Lecture Notes in Computer Science.

[14]  Vijayalakshmi Atluri,et al.  Role-based Access Control , 1992 .

[15]  Manfred Reichert,et al.  Process-Aware Information Systems , 2012 .

[16]  Wil M. P. van der Aalst,et al.  Conformance checking of processes based on monitoring real behavior , 2008, Inf. Syst..

[17]  Boudewijn F. van Dongen,et al.  ProM: The Process Mining Toolkit , 2009, BPM.

[18]  Fred Kröger,et al.  Temporal Logic of Programs , 1987, EATCS Monographs on Theoretical Computer Science.

[19]  P. Samarati,et al.  Access control: principle and practice , 1994, IEEE Communications Magazine.

[20]  Ramaswamy Chandramouli,et al.  Role-Based Access Control (2nd ed.) , 2007 .

[21]  Ramaswamy Chandramouli,et al.  Role-Based Access Control, Second Edition , 2007 .

[22]  Marwane El Kharbili,et al.  Business Process Compliance Checking: Current State and Future Challenges , 2008, MobIS.

[23]  Wil M. P. van der Aalst,et al.  Process mining: a research agenda , 2004, Comput. Ind..

[24]  Mark Strembeck,et al.  Modeling process-related RBAC models with extended UML activity models , 2011, Inf. Softw. Technol..

[25]  Cw Christian Günther,et al.  Process mining: Using CPN tools to create test logs for mining algorithms , 2005 .

[26]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.