Toward a Pattern-Based Comprehensive Framework Using Process Mining for RBAC Conformance Checks

4Citations
Citations of this article
3Readers
Mendeley users who have this article in their library.
Get full text

Abstract

Event logs often record the execution of business process instances. Detecting traces in the event logs that do not comply with access control policies, such as role-based access control (RBAC) policies, is essential to ensuring system security. Moreover, process mining has been extensively utilized for security analysis in recent years. However, pattern-based approaches for designing and analyzing RBAC policies in the context of business processes through process mining are notably absent. In this paper, we present a systematic framework for checking the conformance of RBAC implemented in the event logs of business processes with the RBAC policies specified in domain knowledge. To facilitate the representation of the RBAC policies derived from the domain knowledge, we employ an RBAC domain-specific language (DSL) combined with our RBAC-driven object constraint language (OCL) invariant patterns built from the various types of RBAC constraints. The implemented RBAC in an event log is represented as snapshots within our framework. Then, we validate the snapshots with the RBAC policies to be able to detect RBAC conformance issues. The proposed framework is experimented with and evaluated on two business process logs, one simulated log and one real-world event log named "BPI Challenge 2017".

Cite

CITATION STYLE

APA

Nguyen, D. H., Sei, Y., Tahara, Y., & Ohsuga, A. (2025). Toward a Pattern-Based Comprehensive Framework Using Process Mining for RBAC Conformance Checks. International Journal of Software Engineering and Knowledge Engineering, 35(2), 157–194. https://doi.org/10.1142/S0218194025500019

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free