Conformance Checking of RBAC Policies in Process-Aware Information Systems
نویسندگان
چکیده
A process-aware information system (PAIS) is a software system that supports the definition, execution, and analysis of business processes. The execution of process instances is typically recorded in so called event logs. In this paper, we present an approach to automatically generate LTL (Linear Temporal Logic) statements from process-related RBAC (Role-based Access Control) models. These LTL statements are used to check if process executions that are recorded via event logs conform to the access control policies defined via a corresponding RBAC model. To demonstrate our approach, we implemented a RBAC-to-LTL component, and used the ProM tool to test the resulting LTL statements with event logs created from process simulations in CPN tools.
منابع مشابه
Model-driven specification and enforcement of RBAC break-glass policies for process-aware information systems
Context: In many organizational environments critical tasks exist which – in exceptional cases such as an emergency – must be performed by a subject although he/she is usually not authorized to perform these tasks. Break-glass policies have been introduced as a sophisticated exception handling mechanism to resolve such situations. They enable certain subjects to break or override the standard a...
متن کاملConsistency Checks for Duties in Extended UML2 Activity Models
Process-aware information systems support the execution of business processes. In this context, organizations require the precise specification of security policies that govern the behavior of subjects in the systems. Obligation policies specify duties to be fulfilled by certain subjects. In organizational contexts, duties are often associated with a certain task in a business process. In this ...
متن کاملEnforcing RBAC Policies over Data Stored on Untrusted Server (Extended Version)
One of the security issues in data outsourcing is the enforcement of the data owner’s access control policies. This includes some challenges. The first challenge is preserving confidentiality of data and policies. One of the existing solutions is encrypting data before outsourcing which brings new challenges; namely, the number of keys required to access authorized resources, efficient policy u...
متن کاملDecomposing Alignment-Based Conformance Checking of Data-Aware Process Models
Process mining techniques relate observed behavior to modeled behavior, e.g., the automatic discovery of a Petri net based on an event log. Process mining is not limited to process discovery and also includes conformance checking. Conformance checking techniques are used for evaluating the quality of discovered process models and to diagnose deviations from some normative model (e.g., to check ...
متن کاملDecomposing Conformance Checking on Petri net With Data
Process mining techniques relate observed behavior to modeled behavior, e.g., the automatic discovery of a Petri net based on an event log. Process mining is not limited to process discovery and also includes conformance checking. Conformance checking techniques are used for evaluating the quality of discovered process models and to diagnose deviations from some normative model (e.g., to check ...
متن کامل