On the exploitation of process mining for security audits: The conformance checking case

Proceedings of the ACM Symposium on Applied Computing

Volumn , Issue , 2012, Pages 1709-1716

  Accorsi, Rafael ^a   Stocker, Thomas ^a  

^a UNIVERSITY OF FREIBURG   (Germany)

Author keywords

business process security audit; conformance checking; information flow analysis; process mining

Indexed keywords

BUSINESS PROCESS; BUSINESS PROCESS MODEL; CONFORMANCE CHECKING; FINANCIAL SECTORS; INFORMATION FLOW ANALYSIS; PROCESS DISCOVERY; PROCESS MINING; SECURITY ANALYSIS; SECURITY AUDIT; SECURITY REQUIREMENTS;

MANAGEMENT;

DATA MINING;

EID: 84863590198     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/2245276.2232051     Document Type: Conference Paper

References (27)

1. R. Accorsi and C. Wonnemann. Strong non-leak guarantees for workflow models. In Symp. on Applied Computing, pages 308-314. ACM, 2011.
2. R. Accorsi, C. Wonnemann, and S. Dochow. SWAT: A security workflow toolkit for reliably secure process-aware information systems. In Conf. on Availability, Reliability and Security, pages 692-697. IEEE, 2011.
3. R. Accorsi, C. Wonnemann, and T. Stocker. Towards forensic data flow analysis of business process logs. In Conf. on Incident Management and Forensics. IEEE, 2011.
4. Association of Certified Fraud Examiners. Report to the nations on occupational fraud and abuse. http://www.acfe.com/uploadedFiles/ACFE- Website/Content/documents/rttn-2010.pdf, 2010.
5. V. Atluri and J. Warner. Security for workflow systems. In Handbook of Database Security, pages 213-230. Springer, 2008.
6. A. Baumgrass, T. Baier, J. Mendling, and M. Strembeck. Conformance checking of RBAC policies in process-aware information systems. In BPM'11 Workshops (to appear).
7. R. Botha and J. Eloff. Separation of duties for access control enforcement in workflow environments. IBM Systems J., 40(3):666-682, 2001. (Pubitemid 32933424)
8. D. Brewer and M. Nash. The Chinese-wall security policy. In IEEE Symp. on Security and Privacy, pages 206-214, 1989.
9. A. Carlin and F. Gallegos. IT audit: A critical business process. IEEE Computer, 40(7):87-89, 2007.
10. M. R. Clarkson and F. B. Schneider. Hyperproperties. J. of Computer Security, 18(6):1157-1210, 2010.
11. G. Herrmann and G. Pernul. Viewing business-processes security from different perspectives. Int'l J. of Electronic Commerce, 3(3):89-103, 1999.
12. M. Jans, B. Depaire, and K. Vanhoof. Does process mining add to internal auditing?. In BMMDS/EMMSAD '11, pages 31-45, 2011.
13. M. Jans, N. Lybaert, K. Vanhoof, and J. van der Werf. A framework for internal fraud risk reduction at it integrating business processes. In Int'l J. of Digital Accounting Research, volume 9, pages 1-29, 2009.
14. N. Lohmann, E. Verbeek, and R. Dijkman. Petri net transformations for business processes - A survey. In Trans. on Petri Nets and Other Models of Concurrency, volume 5460 of LNCS, pages 46-63. Springer, 2009.
15. M. Montali. Specification and Verification of Declarative Open Interaction Models, volume 56 of LNBIP. Springer, 2010.
16. A. Pretschner, M. Hilty, and D. Basin. Distributed usage control. Comm. of the ACM, 49(9):39-44, 2006. (Pubitemid 44371759)
17. A. Rozinat and W. M. P. van der Aalst. Conformance checking of processes based on monitoring real behavior. Inf. Systems J., 33(1):64-95, 2008. (Pubitemid 350051578)
18. P. Runeson and M. Höst. Guidelines for conducting and reporting case study research in software engineering. Empirical Soft. Eng., 14(2):131-164, 2009.
19. R. Sandhu and P. Samarati. Access control: Principles and practice. IEEE Comm. Mag., 32(9):40-48, 1994.
20. A. Sayana. Using CAATs to support is audit. Inf. Systems Control J., 1, 2003.
21. W. van der Aalst. Process Mining. Springer, 2011.
22. W. van der Aalst, K. van Hee, J. van der Werf, and M. Verdonk. Auditing 2.0: Using process mining to support tomorrow's auditor. IEEE Computer, 43(3):90-93, 2010.
23. W. van der Aalst, T. Weijters, and L. Maruster. Workflow mining: Discovering process models from event logs. IEEE Trans. Knowl. Data Eng., 16(9):1128-1142, 2004.
24. W. M. P. van der Aalst, H. T. de Beer, and B. F. van Dongen. Process mining and verification of properties: An approach based on temporal logic. In OTM Conferences, volume 3760 of LNCS, pages 130-147. Springer, 2005.
25. B. van Dongen, A. de Medeiros, H. Verbeek, A. Weijters, and W. van der Aalst. The ProM framework: A new era in process mining tool support. In Conf. on Applications and Theory of Petri Nets, volume 3536 of LNCS, pages 444-454. Springer, 2005. (Pubitemid 41422025)
26. B. van Dongen and W. van der Aalst. A meta model for process mining data. In Workshop on Enterprise Modelling and Ontologies for Interoperability, volume 16, 2005.
27. D. Wasserrab, D. Lohner, and G. Snelting. On PDG-based noninterference and its modular proof. In Workshop on Programming Languages and Analysis for Security, pages 31-44. ACM, 2009.