Separation of duties for access control enforcement in workflow environments
IBM Systems Journal - End-to-end security
Workflow Mining: Discovering Process Models from Event Logs
IEEE Transactions on Knowledge and Data Engineering
Communications of the ACM - Privacy and security in highly dynamic systems
Viewing business-process security from different perspectives
International Journal of Electronic Commerce - Special issue: Developing the business components of the digital economy
Conformance checking of processes based on monitoring real behavior
Information Systems
Guidelines for conducting and reporting case study research in software engineering
Empirical Software Engineering
Petri Net Transformations for Business Processes --- A Survey
Transactions on Petri Nets and Other Models of Concurrency II
On PDG-based noninterference and its modular proof
Proceedings of the ACM SIGPLAN Fourth Workshop on Programming Languages and Analysis for Security
Journal of Computer Security - 7th International Workshop on Issues in the Theory of Security (WITS'07)
Strong non-leak guarantees for workflow models
Proceedings of the 2011 ACM Symposium on Applied Computing
Towards Forensic Data Flow Analysis of Business Process Logs
IMF '11 Proceedings of the 2011 Sixth International Conference on IT Security Incident Management and IT Forensics
SWAT: A Security Workflow Analysis Toolkit for Reliably Secure Process-aware Information Systems
ARES '11 Proceedings of the 2011 Sixth International Conference on Availability, Reliability and Security
Process mining and verification of properties: an approach based on temporal logic
OTM'05 Proceedings of the 2005 Confederated international conference on On the Move to Meaningful Internet Systems - Volume >Part I
The prom framework: a new era in process mining tool support
ICATPN'05 Proceedings of the 26th international conference on Applications and Theory of Petri Nets
Access control: principle and practice
IEEE Communications Magazine
Context-Aware compliance checking
BPM'12 Proceedings of the 10th international conference on Business Process Management
On the exploitation of process mining for security audits: the process discovery case
Proceedings of the 28th Annual ACM Symposium on Applied Computing
Proceedings of the 2013 workshop on New security paradigms workshop
Information and Software Technology
Hi-index | 0.00 |
Process mining stands for a set of techniques to analyze business process models and logs. However, the extent to which it can be used for security auditing has not been investigated. Focusing on conformance checking and its support in ProM, this paper reports on a case-study in the financial sector applying this technology for the auditing of relevant security requirements. Although the vast majority of requirements could be verified, we notice a large manual effort to carry out the analysis. Moreover, we identify a class of security requirements that demands process discovery for analysis, and elaborate on ways in which process mining could be extended to better suit security analyses.