« back to the overview
|
Title: |
On the Exploitation of Process Mining for Security Audits: The Conformance Checking Case |
Publication type: |
Conference papers |
Authors: |
Accorsi R, Stocker T
|
Year of publication: |
2012 |
Publisher: |
ACM |
Journal: |
Proceedings of the 27th Annual ACM Symposium on Applied Computing |
Conference: |
ACM Symposium on Applied Computing, SAC 2012, Riva, Trento, Italy |
Pages: |
1709 - 1716 |
Abstract: |
Process mining stands for a set of techniques to analyze business process models and logs. However, the extent to which it can be used for security auditing has not been investigated. Focusing on conformance checking and its support in ProM, this paper reports on a case-study in the financial sector applying this technology for the auditing of relevant security requirements. Although the vast majority of requirements could be verified, we notice a large manual effort to carry out the analysis. Moreover, we identify a class of security requirements that demands process discovery for analysis, and elaborate on ways in which process mining could be extended to better suit security analyses. |
URL/DOI: |
http://doi.acm.org/10.1145/2245276.2232051
|
PDF: |
http://files.telematik.un[...]ublications/sac12.pdf
|