skip to main content
10.1145/2245276.2232051acmconferencesArticle/Chapter ViewAbstractPublication PagessacConference Proceedingsconference-collections
research-article

On the exploitation of process mining for security audits: the conformance checking case

Published:26 March 2012Publication History

ABSTRACT

Process mining stands for a set of techniques to analyze business process models and logs. However, the extent to which it can be used for security auditing has not been investigated. Focusing on conformance checking and its support in ProM, this paper reports on a case-study in the financial sector applying this technology for the auditing of relevant security requirements. Although the vast majority of requirements could be verified, we notice a large manual effort to carry out the analysis. Moreover, we identify a class of security requirements that demands process discovery for analysis, and elaborate on ways in which process mining could be extended to better suit security analyses.

References

  1. R. Accorsi and C. Wonnemann. Strong non-leak guarantees for workflow models. In Symp. on Applied Computing, pages 308--314. ACM, 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. R. Accorsi, C. Wonnemann, and S. Dochow. SWAT: A security workflow toolkit for reliably secure process-aware information systems. In Conf. on Availability, Reliability and Security, pages 692--697. IEEE, 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. R. Accorsi, C. Wonnemann, and T. Stocker. Towards forensic data flow analysis of business process logs. In Conf. on Incident Management and Forensics. IEEE, 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. Association of Certified Fraud Examiners. Report to the nations on occupational fraud and abuse. http://www.acfe.com/uploadedFiles/ACFE_ Website/Content/documents/rttn-2010.pdf, 2010.Google ScholarGoogle Scholar
  5. V. Atluri and J. Warner. Security for workflow systems. In Handbook of Database Security, pages 213--230. Springer, 2008.Google ScholarGoogle ScholarCross RefCross Ref
  6. A. Baumgrass, T. Baier, J. Mendling, and M. Strembeck. Conformance checking of RBAC policies in process-aware information systems. In BPM'11 Workshops (to appear).Google ScholarGoogle Scholar
  7. R. Botha and J. Eloff. Separation of duties for access control enforcement in workflow environments. IBM Systems J., 40(3): 666--682, 2001. Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. D. Brewer and M. Nash. The Chinese-wall security policy. In IEEE Symp. on Security and Privacy, pages 206--214, 1989.Google ScholarGoogle ScholarCross RefCross Ref
  9. A. Carlin and F. Gallegos. IT audit: A critical business process. IEEE Computer, 40(7): 87--89, 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. M. R. Clarkson and F. B. Schneider. Hyperproperties. J. of Computer Security, 18(6): 1157--1210, 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. G. Herrmann and G. Pernul. Viewing business-processes security from different perspectives. Int'l J. of Electronic Commerce, 3(3): 89--103, 1999. Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. M. Jans, B. Depaire, and K. Vanhoof. Does process mining add to internal auditing?. In BMMDS/EMMSAD '11, pages 31--45, 2011.Google ScholarGoogle Scholar
  13. M. Jans, N. Lybaert, K. Vanhoof, and J. van der Werf. A framework for internal fraud risk reduction at it integrating business processes. In Int'l J. of Digital Accounting Research, volume 9, pages 1--29, 2009.Google ScholarGoogle Scholar
  14. N. Lohmann, E. Verbeek, and R. Dijkman. Petri net transformations for business processes - A survey. In Trans. on Petri Nets and Other Models of Concurrency, volume 5460 of LNCS, pages 46--63. Springer, 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. M. Montali. Specification and Verification of Declarative Open Interaction Models, volume 56 of LNBIP. Springer, 2010.Google ScholarGoogle Scholar
  16. A. Pretschner, M. Hilty, and D. Basin. Distributed usage control. Comm. of the ACM, 49(9): 39--44, 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. A. Rozinat and W. M. P. van der Aalst. Conformance checking of processes based on monitoring real behavior. Inf. Systems J., 33(1): 64--95, 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. P. Runeson and M. Höst. Guidelines for conducting and reporting case study research in software engineering. Empirical Soft. Eng., 14(2): 131--164, 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. R. Sandhu and P. Samarati. Access control: Principles and practice. IEEE Comm. Mag., 32(9): 40--48, 1994. Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. A. Sayana. Using CAATs to support is audit. Inf. Systems Control J., 1, 2003.Google ScholarGoogle Scholar
  21. W. van der Aalst. Process Mining. Springer, 2011.Google ScholarGoogle Scholar
  22. W. van der Aalst, K. van Hee, J. van der Werf, and M. Verdonk. Auditing 2.0: Using process mining to support tomorrow's auditor. IEEE Computer, 43(3): 90--93, 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. W. van der Aalst, T. Weijters, and L. Maruster. Workflow mining: Discovering process models from event logs. IEEE Trans. Knowl. Data Eng., 16(9): 1128--1142, 2004. Google ScholarGoogle ScholarDigital LibraryDigital Library
  24. W. M. P. van der Aalst, H. T. de Beer, and B. F. van Dongen. Process mining and verification of properties: An approach based on temporal logic. In OTM Conferences, volume 3760 of LNCS, pages 130--147. Springer, 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. B. van Dongen, A. de Medeiros, H. Verbeek, A. Weijters, and W. van der Aalst. The ProM framework: A new era in process mining tool support. In Conf. on Applications and Theory of Petri Nets, volume 3536 of LNCS, pages 444--454. Springer, 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  26. B. van Dongen and W. van der Aalst. A meta model for process mining data. In Workshop on Enterprise Modelling and Ontologies for Interoperability, volume 16, 2005.Google ScholarGoogle Scholar
  27. D. Wasserrab, D. Lohner, and G. Snelting. On PDG-based noninterference and its modular proof. In Workshop on Programming Languages and Analysis for Security, pages 31--44. ACM, 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. On the exploitation of process mining for security audits: the conformance checking case

          Recommendations

          Comments

          Login options

          Check if you have access through your login credentials or your institution to get full access on this article.

          Sign in
          • Published in

            cover image ACM Conferences
            SAC '12: Proceedings of the 27th Annual ACM Symposium on Applied Computing
            March 2012
            2179 pages
            ISBN:9781450308571
            DOI:10.1145/2245276
            • Conference Chairs:
            • Sascha Ossowski,
            • Paola Lecca

            Copyright © 2012 ACM

            Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

            Publisher

            Association for Computing Machinery

            New York, NY, United States

            Publication History

            • Published: 26 March 2012

            Permissions

            Request permissions about this article.

            Request Permissions

            Check for updates

            Qualifiers

            • research-article

            Acceptance Rates

            SAC '12 Paper Acceptance Rate270of1,056submissions,26%Overall Acceptance Rate1,650of6,669submissions,25%

            Upcoming Conference

            SAC '24

          PDF Format

          View or Download as a PDF file.

          PDF

          eReader

          View online with eReader.

          eReader