ABSTRACT
Process mining stands for a set of techniques to analyze business process models and logs. However, the extent to which it can be used for security auditing has not been investigated. Focusing on conformance checking and its support in ProM, this paper reports on a case-study in the financial sector applying this technology for the auditing of relevant security requirements. Although the vast majority of requirements could be verified, we notice a large manual effort to carry out the analysis. Moreover, we identify a class of security requirements that demands process discovery for analysis, and elaborate on ways in which process mining could be extended to better suit security analyses.
- R. Accorsi and C. Wonnemann. Strong non-leak guarantees for workflow models. In Symp. on Applied Computing, pages 308--314. ACM, 2011. Google ScholarDigital Library
- R. Accorsi, C. Wonnemann, and S. Dochow. SWAT: A security workflow toolkit for reliably secure process-aware information systems. In Conf. on Availability, Reliability and Security, pages 692--697. IEEE, 2011. Google ScholarDigital Library
- R. Accorsi, C. Wonnemann, and T. Stocker. Towards forensic data flow analysis of business process logs. In Conf. on Incident Management and Forensics. IEEE, 2011. Google ScholarDigital Library
- Association of Certified Fraud Examiners. Report to the nations on occupational fraud and abuse. http://www.acfe.com/uploadedFiles/ACFE_ Website/Content/documents/rttn-2010.pdf, 2010.Google Scholar
- V. Atluri and J. Warner. Security for workflow systems. In Handbook of Database Security, pages 213--230. Springer, 2008.Google ScholarCross Ref
- A. Baumgrass, T. Baier, J. Mendling, and M. Strembeck. Conformance checking of RBAC policies in process-aware information systems. In BPM'11 Workshops (to appear).Google Scholar
- R. Botha and J. Eloff. Separation of duties for access control enforcement in workflow environments. IBM Systems J., 40(3): 666--682, 2001. Google ScholarDigital Library
- D. Brewer and M. Nash. The Chinese-wall security policy. In IEEE Symp. on Security and Privacy, pages 206--214, 1989.Google ScholarCross Ref
- A. Carlin and F. Gallegos. IT audit: A critical business process. IEEE Computer, 40(7): 87--89, 2007. Google ScholarDigital Library
- M. R. Clarkson and F. B. Schneider. Hyperproperties. J. of Computer Security, 18(6): 1157--1210, 2010. Google ScholarDigital Library
- G. Herrmann and G. Pernul. Viewing business-processes security from different perspectives. Int'l J. of Electronic Commerce, 3(3): 89--103, 1999. Google ScholarDigital Library
- M. Jans, B. Depaire, and K. Vanhoof. Does process mining add to internal auditing?. In BMMDS/EMMSAD '11, pages 31--45, 2011.Google Scholar
- M. Jans, N. Lybaert, K. Vanhoof, and J. van der Werf. A framework for internal fraud risk reduction at it integrating business processes. In Int'l J. of Digital Accounting Research, volume 9, pages 1--29, 2009.Google Scholar
- N. Lohmann, E. Verbeek, and R. Dijkman. Petri net transformations for business processes - A survey. In Trans. on Petri Nets and Other Models of Concurrency, volume 5460 of LNCS, pages 46--63. Springer, 2009. Google ScholarDigital Library
- M. Montali. Specification and Verification of Declarative Open Interaction Models, volume 56 of LNBIP. Springer, 2010.Google Scholar
- A. Pretschner, M. Hilty, and D. Basin. Distributed usage control. Comm. of the ACM, 49(9): 39--44, 2006. Google ScholarDigital Library
- A. Rozinat and W. M. P. van der Aalst. Conformance checking of processes based on monitoring real behavior. Inf. Systems J., 33(1): 64--95, 2008. Google ScholarDigital Library
- P. Runeson and M. Höst. Guidelines for conducting and reporting case study research in software engineering. Empirical Soft. Eng., 14(2): 131--164, 2009. Google ScholarDigital Library
- R. Sandhu and P. Samarati. Access control: Principles and practice. IEEE Comm. Mag., 32(9): 40--48, 1994. Google ScholarDigital Library
- A. Sayana. Using CAATs to support is audit. Inf. Systems Control J., 1, 2003.Google Scholar
- W. van der Aalst. Process Mining. Springer, 2011.Google Scholar
- W. van der Aalst, K. van Hee, J. van der Werf, and M. Verdonk. Auditing 2.0: Using process mining to support tomorrow's auditor. IEEE Computer, 43(3): 90--93, 2010. Google ScholarDigital Library
- W. van der Aalst, T. Weijters, and L. Maruster. Workflow mining: Discovering process models from event logs. IEEE Trans. Knowl. Data Eng., 16(9): 1128--1142, 2004. Google ScholarDigital Library
- W. M. P. van der Aalst, H. T. de Beer, and B. F. van Dongen. Process mining and verification of properties: An approach based on temporal logic. In OTM Conferences, volume 3760 of LNCS, pages 130--147. Springer, 2005. Google ScholarDigital Library
- B. van Dongen, A. de Medeiros, H. Verbeek, A. Weijters, and W. van der Aalst. The ProM framework: A new era in process mining tool support. In Conf. on Applications and Theory of Petri Nets, volume 3536 of LNCS, pages 444--454. Springer, 2005. Google ScholarDigital Library
- B. van Dongen and W. van der Aalst. A meta model for process mining data. In Workshop on Enterprise Modelling and Ontologies for Interoperability, volume 16, 2005.Google Scholar
- D. Wasserrab, D. Lohner, and G. Snelting. On PDG-based noninterference and its modular proof. In Workshop on Programming Languages and Analysis for Security, pages 31--44. ACM, 2009. Google ScholarDigital Library
Index Terms
On the exploitation of process mining for security audits: the conformance checking case
Recommendations
Process Mining: Overview and Opportunities
Over the last decade, process mining emerged as a new research field that focuses on the analysis of processes using event data. Classical data mining techniques such as classification, clustering, regression, association rule learning, and sequence/...
On the exploitation of process mining for security audits: the process discovery case
SAC '13: Proceedings of the 28th Annual ACM Symposium on Applied ComputingThis paper reports on the potential of process mining as a basis for security audits of business process and corresponding business process management systems. In particular, it focuses on process discovery as a means to reconstruct process-related ...
Challenges in IT Security Processes and Solution Approaches with Process Mining
Security and Trust ManagementAbstractProcess mining is a rapidly developing field of data science currently focusing on business processes. The approach involves many techniques that may contribute to cyber security analysis as well. In particular, the measurement of deviations from ...
Comments