Abstract
Event logs often record the execution of business process instances. Detecting traces in the event logs that do not comply with access control policies, such as role-based access control (RBAC) policies, is essential to ensuring system security. Moreover, process mining has been extensively utilized for security analysis in recent years. However, pattern-based approaches for designing and analyzing RBAC policies in the context of business processes through process mining are notably absent. In this paper, we present a systematic framework for checking the conformance of RBAC implemented in the event logs of business processes with the RBAC policies specified in domain knowledge. To facilitate the representation of the RBAC policies derived from the domain knowledge, we employ an RBAC domain-specific language (DSL) combined with our RBAC-driven object constraint language (OCL) invariant patterns built from the various types of RBAC constraints. The implemented RBAC in an event log is represented as snapshots within our framework. Then, we validate the snapshots with the RBAC policies to be able to detect RBAC conformance issues. The proposed framework is experimented with and evaluated on two business process logs, one simulated log and one real-world event log named "BPI Challenge 2017".
Author supplied keywords
Cite
CITATION STYLE
Nguyen, D. H., Sei, Y., Tahara, Y., & Ohsuga, A. (2025). Toward a Pattern-Based Comprehensive Framework Using Process Mining for RBAC Conformance Checks. International Journal of Software Engineering and Knowledge Engineering, 35(2), 157–194. https://doi.org/10.1142/S0218194025500019
Register to see more suggestions
Mendeley helps you to discover research relevant for your work.