Ensuring the compliance of inter-organizational business processes with security, privacy and workflow requirements poses significant challenges. For compliance checking a specification of the process model which contains important requirements like causal dependencies among actions must be compared to the available data from the process execution. Complete execution data may only become available by combining distributed event logs which are maintained and stored independently by the participants. Frequently the information in combined event logs is found to be of limited reliability and quality: the overall maturity of some event logs may be low, the temporal structure of events may be unclear/imprecise (e.g. when logs of different organizations are combined), confidentiality constraints may prevent certain activities from being logged and logs may be partially corrupted. We propose an approach using abstraction techniques based on over-approximation and under-approximation for checking the compliance of incomplete process logs with a given process specification. Such methods are widely used in Model Checking to model unmanageable information about the states of a system (state explosion). Here these techniques are applied to model unavailable information, in particular incomplete event descriptions. We show under what conditions deviations from a specification can be confirmed as anomalies and when a process can be certified as correct even in the presence of incomplete event descriptions. The methods described here can be adopted for post mortem investigation, for the prevention and detection of security anomalies and for assessing the maturity level of event logs.
D'Iddio, A., Schunck, C., Arcieri, F., Talamo, M. (2016). Online and offline conformance checking of inter-organizational business processes with incomplete process logs. In 2016 IEEE International Carnahan Conference on Security Technology (ICCST) (pp.1-8). Institute of Electrical and Electronics Engineers Inc. [10.1109/CCST.2016.7815702].
Online and offline conformance checking of inter-organizational business processes with incomplete process logs
SCHUNCK, CHRISTIAN;ARCIERI, FRANCO;TALAMO, MAURIZIO
2016-01-01
Abstract
Ensuring the compliance of inter-organizational business processes with security, privacy and workflow requirements poses significant challenges. For compliance checking a specification of the process model which contains important requirements like causal dependencies among actions must be compared to the available data from the process execution. Complete execution data may only become available by combining distributed event logs which are maintained and stored independently by the participants. Frequently the information in combined event logs is found to be of limited reliability and quality: the overall maturity of some event logs may be low, the temporal structure of events may be unclear/imprecise (e.g. when logs of different organizations are combined), confidentiality constraints may prevent certain activities from being logged and logs may be partially corrupted. We propose an approach using abstraction techniques based on over-approximation and under-approximation for checking the compliance of incomplete process logs with a given process specification. Such methods are widely used in Model Checking to model unmanageable information about the states of a system (state explosion). Here these techniques are applied to model unavailable information, in particular incomplete event descriptions. We show under what conditions deviations from a specification can be confirmed as anomalies and when a process can be certified as correct even in the presence of incomplete event descriptions. The methods described here can be adopted for post mortem investigation, for the prevention and detection of security anomalies and for assessing the maturity level of event logs.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.