Conformance checking is a crucial challenge for modern inter-organizational business processes when critical security, privacy and workflow constraints must be satisfied to ensure the reliability of multi-party business procedures. Many of these constraints can be expressed in terms of causal dependencies, and verifying such dependencies can be fundamental to determine the correctness of transactions. But often the information required to check causal dependencies is incomplete, coarse or imprecise due to several reasons, like low maturity of event logs, corrupted data, local timestamping and privacy requirements of each organization. In previous work we presented a solution to address these issues based on abstraction, over-approximation and under-approximation of the causal dependencies, to model unavailable data and maintain the ability to prove correctness or to find anomalies in inter-organizational transactions. In that paper we made some assumptions about the structure of business processes which are reasonable for security sensitive business processes but cannot be applied in all circumstances. In this paper we relax the assumptions made in that previous work and we discuss how this affects the applicability of the theorems. We find that while some notions need to be redefined, in most cases the same techniques, especially the ones based on underapproximation, remain applicable to investigate the correctness of business processes and to find anomalies for post-mortem investigation or online operational support.

D'Iddio, A., Schunck, C., Arcieri, F., Talamo, M. (2017). Extending abstraction-refinement methods for compliance checking of inter-organizational business processes with incomplete information. In Proceedings - International Carnahan Conference on Security Technology (pp.1-7). Institute of Electrical and Electronics Engineers Inc. [10.1109/CCST.2016.7815703].

Extending abstraction-refinement methods for compliance checking of inter-organizational business processes with incomplete information

SCHUNCK, CHRISTIAN;ARCIERI, FRANCO;TALAMO, MAURIZIO
2017-01-01

Abstract

Conformance checking is a crucial challenge for modern inter-organizational business processes when critical security, privacy and workflow constraints must be satisfied to ensure the reliability of multi-party business procedures. Many of these constraints can be expressed in terms of causal dependencies, and verifying such dependencies can be fundamental to determine the correctness of transactions. But often the information required to check causal dependencies is incomplete, coarse or imprecise due to several reasons, like low maturity of event logs, corrupted data, local timestamping and privacy requirements of each organization. In previous work we presented a solution to address these issues based on abstraction, over-approximation and under-approximation of the causal dependencies, to model unavailable data and maintain the ability to prove correctness or to find anomalies in inter-organizational transactions. In that paper we made some assumptions about the structure of business processes which are reasonable for security sensitive business processes but cannot be applied in all circumstances. In this paper we relax the assumptions made in that previous work and we discuss how this affects the applicability of the theorems. We find that while some notions need to be redefined, in most cases the same techniques, especially the ones based on underapproximation, remain applicable to investigate the correctness of business processes and to find anomalies for post-mortem investigation or online operational support.
50th Annual IEEE International Carnahan Conference on Security Technology, ICCST 2016
Rosen Plaza Hotel, usa
2016
ADACEL
Rilevanza internazionale
2017
Settore INF/01 - INFORMATICA
English
Electrical and Electronic Engineering; Law
Intervento a convegno
D'Iddio, A., Schunck, C., Arcieri, F., Talamo, M. (2017). Extending abstraction-refinement methods for compliance checking of inter-organizational business processes with incomplete information. In Proceedings - International Carnahan Conference on Security Technology (pp.1-7). Institute of Electrical and Electronics Engineers Inc. [10.1109/CCST.2016.7815703].
D'Iddio, A; Schunck, C; Arcieri, F; Talamo, M
File in questo prodotto:
Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/2108/189967
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 2
  • ???jsp.display-item.citation.isi??? 0
social impact