research-article

On the exploitation of process mining for security audits: the conformance checking case

Authors:

Rafael Accorsi,

Thomas StockerAuthors Info & Claims

SAC '12: Proceedings of the 27th Annual ACM Symposium on Applied Computing

Pages 1709 - 1716

https://doi.org/10.1145/2245276.2232051

Published: 26 March 2012 Publication History

Abstract

Process mining stands for a set of techniques to analyze business process models and logs. However, the extent to which it can be used for security auditing has not been investigated. Focusing on conformance checking and its support in ProM, this paper reports on a case-study in the financial sector applying this technology for the auditing of relevant security requirements. Although the vast majority of requirements could be verified, we notice a large manual effort to carry out the analysis. Moreover, we identify a class of security requirements that demands process discovery for analysis, and elaborate on ways in which process mining could be extended to better suit security analyses.

References

[1]

R. Accorsi and C. Wonnemann. Strong non-leak guarantees for workflow models. In Symp. on Applied Computing, pages 308--314. ACM, 2011.

Digital Library

[2]

R. Accorsi, C. Wonnemann, and S. Dochow. SWAT: A security workflow toolkit for reliably secure process-aware information systems. In Conf. on Availability, Reliability and Security, pages 692--697. IEEE, 2011.

Digital Library

[3]

R. Accorsi, C. Wonnemann, and T. Stocker. Towards forensic data flow analysis of business process logs. In Conf. on Incident Management and Forensics. IEEE, 2011.

Digital Library

[4]

Association of Certified Fraud Examiners. Report to the nations on occupational fraud and abuse. http://www.acfe.com/uploadedFiles/ACFE_ Website/Content/documents/rttn-2010.pdf, 2010.

[5]

V. Atluri and J. Warner. Security for workflow systems. In Handbook of Database Security, pages 213--230. Springer, 2008.

[6]

A. Baumgrass, T. Baier, J. Mendling, and M. Strembeck. Conformance checking of RBAC policies in process-aware information systems. In BPM'11 Workshops (to appear).

[7]

R. Botha and J. Eloff. Separation of duties for access control enforcement in workflow environments. IBM Systems J., 40(3): 666--682, 2001.

Digital Library

[8]

D. Brewer and M. Nash. The Chinese-wall security policy. In IEEE Symp. on Security and Privacy, pages 206--214, 1989.

[9]

A. Carlin and F. Gallegos. IT audit: A critical business process. IEEE Computer, 40(7): 87--89, 2007.

Digital Library

[10]

M. R. Clarkson and F. B. Schneider. Hyperproperties. J. of Computer Security, 18(6): 1157--1210, 2010.

Digital Library

[11]

G. Herrmann and G. Pernul. Viewing business-processes security from different perspectives. Int'l J. of Electronic Commerce, 3(3): 89--103, 1999.

Digital Library

[12]

M. Jans, B. Depaire, and K. Vanhoof. Does process mining add to internal auditing?. In BMMDS/EMMSAD '11, pages 31--45, 2011.

[13]

M. Jans, N. Lybaert, K. Vanhoof, and J. van der Werf. A framework for internal fraud risk reduction at it integrating business processes. In Int'l J. of Digital Accounting Research, volume 9, pages 1--29, 2009.

[14]

N. Lohmann, E. Verbeek, and R. Dijkman. Petri net transformations for business processes - A survey. In Trans. on Petri Nets and Other Models of Concurrency, volume 5460 of LNCS, pages 46--63. Springer, 2009.

Digital Library

[15]

M. Montali. Specification and Verification of Declarative Open Interaction Models, volume 56 of LNBIP. Springer, 2010.

[16]

A. Pretschner, M. Hilty, and D. Basin. Distributed usage control. Comm. of the ACM, 49(9): 39--44, 2006.

Digital Library

[17]

A. Rozinat and W. M. P. van der Aalst. Conformance checking of processes based on monitoring real behavior. Inf. Systems J., 33(1): 64--95, 2008.

Digital Library

[18]

P. Runeson and M. Höst. Guidelines for conducting and reporting case study research in software engineering. Empirical Soft. Eng., 14(2): 131--164, 2009.

Digital Library

[19]

R. Sandhu and P. Samarati. Access control: Principles and practice. IEEE Comm. Mag., 32(9): 40--48, 1994.

Digital Library

[20]

A. Sayana. Using CAATs to support is audit. Inf. Systems Control J., 1, 2003.

[21]

W. van der Aalst. Process Mining. Springer, 2011.

[22]

W. van der Aalst, K. van Hee, J. van der Werf, and M. Verdonk. Auditing 2.0: Using process mining to support tomorrow's auditor. IEEE Computer, 43(3): 90--93, 2010.

Digital Library

[23]

W. van der Aalst, T. Weijters, and L. Maruster. Workflow mining: Discovering process models from event logs. IEEE Trans. Knowl. Data Eng., 16(9): 1128--1142, 2004.

Digital Library

[24]

W. M. P. van der Aalst, H. T. de Beer, and B. F. van Dongen. Process mining and verification of properties: An approach based on temporal logic. In OTM Conferences, volume 3760 of LNCS, pages 130--147. Springer, 2005.

Digital Library

[25]

B. van Dongen, A. de Medeiros, H. Verbeek, A. Weijters, and W. van der Aalst. The ProM framework: A new era in process mining tool support. In Conf. on Applications and Theory of Petri Nets, volume 3536 of LNCS, pages 444--454. Springer, 2005.

Digital Library

[26]

B. van Dongen and W. van der Aalst. A meta model for process mining data. In Workshop on Enterprise Modelling and Ontologies for Interoperability, volume 16, 2005.

[27]

D. Wasserrab, D. Lohner, and G. Snelting. On PDG-based noninterference and its modular proof. In Workshop on Programming Languages and Analysis for Security, pages 31--44. ACM, 2009.

Digital Library

Cited By

Nogueira AZenha-Rela M(2024)Process mining software engineering practicesInformation and Software Technology10.1016/j.infsof.2023.107392168:COnline publication date: 1-Apr-2024
https://dl.acm.org/doi/10.1016/j.infsof.2023.107392
Klessascheck FKnoche TPufahl L(2024)Reviewing Conformance Checking Uses for Run-Time Regulatory ComplianceEnterprise, Business-Process and Information Systems Modeling10.1007/978-3-031-61007-3_9(100-113)Online publication date: 31-May-2024
https://doi.org/10.1007/978-3-031-61007-3_9
Imran MHamid SIsmail M(2023)Advancing Process Audits With Process Mining: A Systematic Review of Trends, Challenges, and OpportunitiesIEEE Access10.1109/ACCESS.2023.329211711(68340-68357)Online publication date: 2023
https://doi.org/10.1109/ACCESS.2023.3292117
Show More Cited By

Index Terms

On the exploitation of process mining for security audits: the conformance checking case

Recommendations

Process Mining: Overview and Opportunities

Over the last decade, process mining emerged as a new research field that focuses on the analysis of processes using event data. Classical data mining techniques such as classification, clustering, regression, association rule learning, and sequence/...
On the exploitation of process mining for security audits: the process discovery case
SAC '13: Proceedings of the 28th Annual ACM Symposium on Applied Computing

This paper reports on the potential of process mining as a basis for security audits of business process and corresponding business process management systems. In particular, it focuses on process discovery as a means to reconstruct process-related ...
Challenges in IT Security Processes and Solution Approaches with Process Mining
Security and Trust Management
Abstract
Process mining is a rapidly developing field of data science currently focusing on business processes. The approach involves many techniques that may contribute to cyber security analysis as well. In particular, the measurement of deviations from ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

SAC '12: Proceedings of the 27th Annual ACM Symposium on Applied Computing

March 2012

2179 pages

ISBN:9781450308571

DOI:10.1145/2245276

Conference Chairs:
Sascha Ossowski
University Rey Juan Carlos, Spain
,
Paola Lecca
The Microsoft Research - University of Trento COSBI, Italy

Copyright © 2012 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGAPP: ACM Special Interest Group on Applied Computing

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 26 March 2012

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

SAC 2012

Sponsor:

SIGAPP

SAC 2012: ACM Symposium on Applied Computing

March 26 - 30, 2012

Trento, Italy

Acceptance Rates

SAC '12 Paper Acceptance Rate 270 of 1,056 submissions, 26%;

Overall Acceptance Rate 1,650 of 6,669 submissions, 25%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

55
Total Citations
View Citations
908
Total Downloads

Downloads (Last 12 months)66
Downloads (Last 6 weeks)6

Reflects downloads up to 12 Sep 2024

Other Metrics

View Author Metrics

Citations

Cited By

Nogueira AZenha-Rela M(2024)Process mining software engineering practicesInformation and Software Technology10.1016/j.infsof.2023.107392168:COnline publication date: 1-Apr-2024
https://dl.acm.org/doi/10.1016/j.infsof.2023.107392
Klessascheck FKnoche TPufahl L(2024)Reviewing Conformance Checking Uses for Run-Time Regulatory ComplianceEnterprise, Business-Process and Information Systems Modeling10.1007/978-3-031-61007-3_9(100-113)Online publication date: 31-May-2024
https://doi.org/10.1007/978-3-031-61007-3_9
Imran MHamid SIsmail M(2023)Advancing Process Audits With Process Mining: A Systematic Review of Trends, Challenges, and OpportunitiesIEEE Access10.1109/ACCESS.2023.329211711(68340-68357)Online publication date: 2023
https://doi.org/10.1109/ACCESS.2023.3292117
Acitelli GAngelini MBonomi SMaggi FMarrella APalma A(2022)Context-Aware Trace Alignment with Automated Planning2022 4th International Conference on Process Mining (ICPM)10.1109/ICPM57379.2022.9980649(104-111)Online publication date: 23-Oct-2022
https://doi.org/10.1109/ICPM57379.2022.9980649
van Cruchten RWeigand H(2022)Towards Event Log Management for Process Mining - Vision and Research ChallengesResearch Challenges in Information Science10.1007/978-3-031-05760-1_12(197-213)Online publication date: 14-May-2022
https://doi.org/10.1007/978-3-031-05760-1_12
Bodendorf FWytopil BFranke J(2021)Business Analytics in Strategic Purchasing: Identifying and Evaluating Similarities in Supplier DocumentsApplied Artificial Intelligence10.1080/08839514.2021.193642335:12(857-875)Online publication date: 19-Jul-2021
https://doi.org/10.1080/08839514.2021.1936423
Zerbino PStefanini AAloini D(2021)Process Science in Action: A Literature Review on Process Mining in Business ManagementTechnological Forecasting and Social Change10.1016/j.techfore.2021.121021172(121021)Online publication date: Nov-2021
https://doi.org/10.1016/j.techfore.2021.121021
Pika Ater Hofstede APerrons RGrossmann GStumptner MCooley J(2021)Using Big Data to Improve Safety PerformanceBig Data Research10.1016/j.bdr.2021.10021025:COnline publication date: 15-Jul-2021
https://dl.acm.org/doi/10.1016/j.bdr.2021.100210
Alrahili R(2021)Towards Employing Process Mining for Role Based Access Control Analysis: A Systematic Literature ReviewProceedings of the Future Technologies Conference (FTC) 2021, Volume 110.1007/978-3-030-89906-6_58(904-927)Online publication date: 24-Oct-2021
https://doi.org/10.1007/978-3-030-89906-6_58
van der Aa HLeopold HReijers H(2020)Efficient Process Conformance Checking on the Basis of Uncertain Event-to-Activity MappingsIEEE Transactions on Knowledge and Data Engineering10.1109/TKDE.2019.289755732:5(927-940)Online publication date: 1-May-2020
https://doi.org/10.1109/TKDE.2019.2897557
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents