Conformance checking is a crucial challenge for modern inter-organizational business processes when critical security, privacy and workflow constraints must be satisfied to ensure the reliability of multi-party business procedures. Many of these constraints can be expressed in terms of causal dependencies, and verifying such dependencies can be fundamental to determine the correctness of transactions. But often the information required to check causal dependencies is incomplete, coarse or imprecise due to several reasons, like low maturity of event logs, corrupted data, local timestamping and privacy requirements of each organization. In previous work we presented a solution to address these issues based on abstraction, over-approximation and under-approximation of the causal dependencies, to model unavailable data and maintain the ability to prove correctness or to find anomalies in inter-organizational transactions. In that paper we made some assumptions about the structure of business processes which are reasonable for security sensitive business processes but cannot be applied in all circumstances. In this paper we relax the assumptions made in that previous work and we discuss how this affects the applicability of the theorems. We find that while some notions need to be redefined, in most cases the same techniques, especially the ones based on underapproximation, remain applicable to investigate the correctness of business processes and to find anomalies for post-mortem investigation or online operational support.
D'Iddio, A., Schunck, C., Arcieri, F., Talamo, M. (2017). Extending abstraction-refinement methods for compliance checking of inter-organizational business processes with incomplete information. In Proceedings - International Carnahan Conference on Security Technology (pp.1-7). Institute of Electrical and Electronics Engineers Inc. [10.1109/CCST.2016.7815703].
Extending abstraction-refinement methods for compliance checking of inter-organizational business processes with incomplete information
SCHUNCK, CHRISTIAN;ARCIERI, FRANCO;TALAMO, MAURIZIO
2017-01-01
Abstract
Conformance checking is a crucial challenge for modern inter-organizational business processes when critical security, privacy and workflow constraints must be satisfied to ensure the reliability of multi-party business procedures. Many of these constraints can be expressed in terms of causal dependencies, and verifying such dependencies can be fundamental to determine the correctness of transactions. But often the information required to check causal dependencies is incomplete, coarse or imprecise due to several reasons, like low maturity of event logs, corrupted data, local timestamping and privacy requirements of each organization. In previous work we presented a solution to address these issues based on abstraction, over-approximation and under-approximation of the causal dependencies, to model unavailable data and maintain the ability to prove correctness or to find anomalies in inter-organizational transactions. In that paper we made some assumptions about the structure of business processes which are reasonable for security sensitive business processes but cannot be applied in all circumstances. In this paper we relax the assumptions made in that previous work and we discuss how this affects the applicability of the theorems. We find that while some notions need to be redefined, in most cases the same techniques, especially the ones based on underapproximation, remain applicable to investigate the correctness of business processes and to find anomalies for post-mortem investigation or online operational support.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
