Conformance Checking of RBAC Policies in
Process-Aware Information Systems

Anne Baumgraß; Thomas Baier; Jan Mendling; Mark Strembeck

Conformance Checking of RBAC Policies in Process-Aware Information Systems

Anne Baumgraß, Thomas Baier, Jan Mendling, Mark Strembeck

Publikation: Beitrag in Buch/Konferenzband › Beitrag in Konferenzband

Abstract

A process-aware information system (PAIS) is a software system that supports the definition, execution, and analysis of business processes. The execution of process instances is typically recorded in so called event logs. In this paper, we present an approach to automatically generate LTL (Linear Temporal Logic) statements from process-related RBAC (Role-based Access Control) models. These LTL statements are used to check if process executions that are recorded via event logs conform to the access control policies defined via a corresponding RBAC model. To demonstrate our approach, we implemented a RBAC-to-LTL component, and used the ProM tool to test the resulting LTL statements with event logs created from process simulations in CPN tools.

Originalsprache	Englisch
Titel des Sammelwerks	BPM 2011 Workshops, Part II, LNBIP 100
Herausgeber*innen	Farouk Toumani, Karsten Wolf, Stefanie Rinderle-Ma
Erscheinungsort	Clermont-Ferrand, France
Verlag	Springer Verlag
Seiten	435 - 446
Publikationsstatus	Veröffentlicht - 1 Dez. 2011

Verfügbarkeit prüfen

Katalog der Universitätsbibliothek

Dieses zitieren

@inproceedings{2e57073c0a8646db8431ce0e16cc3730,

title = "Conformance Checking of RBAC Policies in Process-Aware Information Systems",

abstract = "A process-aware information system (PAIS) is a software system that supports the definition, execution, and analysis of business processes. The execution of process instances is typically recorded in so called event logs. In this paper, we present an approach to automatically generate LTL (Linear Temporal Logic) statements from process-related RBAC (Role-based Access Control) models. These LTL statements are used to check if process executions that are recorded via event logs conform to the access control policies defined via a corresponding RBAC model. To demonstrate our approach, we implemented a RBAC-to-LTL component, and used the ProM tool to test the resulting LTL statements with event logs created from process simulations in CPN tools.",

author = "Anne Baumgra{\ss} and Thomas Baier and Jan Mendling and Mark Strembeck",

year = "2011",

month = dec,

day = "1",

language = "English",

pages = "435 -- 446",

editor = "{Farouk Toumani, Karsten Wolf, Stefanie Rinderle-Ma}",

booktitle = "BPM 2011 Workshops, Part II, LNBIP 100",

publisher = "Springer Verlag",

address = "Germany",

}

TY - GEN

T1 - Conformance Checking of RBAC Policies in Process-Aware Information Systems

AU - Baumgraß, Anne

AU - Baier, Thomas

AU - Mendling, Jan

AU - Strembeck, Mark

PY - 2011/12/1

Y1 - 2011/12/1

N2 - A process-aware information system (PAIS) is a software system that supports the definition, execution, and analysis of business processes. The execution of process instances is typically recorded in so called event logs. In this paper, we present an approach to automatically generate LTL (Linear Temporal Logic) statements from process-related RBAC (Role-based Access Control) models. These LTL statements are used to check if process executions that are recorded via event logs conform to the access control policies defined via a corresponding RBAC model. To demonstrate our approach, we implemented a RBAC-to-LTL component, and used the ProM tool to test the resulting LTL statements with event logs created from process simulations in CPN tools.

AB - A process-aware information system (PAIS) is a software system that supports the definition, execution, and analysis of business processes. The execution of process instances is typically recorded in so called event logs. In this paper, we present an approach to automatically generate LTL (Linear Temporal Logic) statements from process-related RBAC (Role-based Access Control) models. These LTL statements are used to check if process executions that are recorded via event logs conform to the access control policies defined via a corresponding RBAC model. To demonstrate our approach, we implemented a RBAC-to-LTL component, and used the ProM tool to test the resulting LTL statements with event logs created from process simulations in CPN tools.

M3 - Contribution to conference proceedings

SP - 435

EP - 446

BT - BPM 2011 Workshops, Part II, LNBIP 100

A2 - Farouk Toumani, Karsten Wolf, Stefanie Rinderle-Ma, null

PB - Springer Verlag

CY - Clermont-Ferrand, France

ER -