Toward a Pattern-Based Comprehensive Framework Using Process Mining for RBAC Conformance Checks

作     者：Nguyen, Duc-Hieu Sei, Yuichi Tahara, Yasuyuki Ohsuga, Akihiko 

作者机构：Univ Electrocommun Dept Informat Tokyo 1828585 Japan 

出 版 物：《INTERNATIONAL JOURNAL OF SOFTWARE ENGINEERING AND KNOWLEDGE ENGINEERING》 (Int. J. Software Engineer. Knowledge Engineer.)

年 卷 期：2025年第35卷第2期

页      面：157-194页

核心收录：

学科分类：0808[工学-电气工程] 08[工学] 0835[工学-软件工程] 0812[工学-计算机科学与技术（可授工学、理学学位）] 

基　　金：JSPS KAKENHI [JP22K12157  JP23K28377  JP24H00714] 

主　　题：Business processes role-based access control policies process mining role-based access control domain-specific language object constraint language pattern-based approach 

摘      要：Event logs often record the execution of business process instances. Detecting traces in the event logs that do not comply with access control policies, such as role-based access control (RBAC) policies, is essential to ensuring system security. Moreover, process mining has been extensively utilized for security analysis in recent years. However, pattern-based approaches for designing and analyzing RBAC policies in the context of business processes through process mining are notably absent. In this paper, we present a systematic framework for checking the conformance of RBAC implemented in the event logs of business processes with the RBAC policies specified in domain knowledge. To facilitate the representation of the RBAC policies derived from the domain knowledge, we employ an RBAC domain-specific language (DSL) combined with our RBAC-driven object constraint language (OCL) invariant patterns built from the various types of RBAC constraints. The implemented RBAC in an event log is represented as snapshots within our framework. Then, we validate the snapshots with the RBAC policies to be able to detect RBAC conformance issues. The proposed framework is experimented with and evaluated on two business process logs, one simulated log and one real-world event log named BPI Challenge 2017.