Conformance Checking of RBAC Policies in Process-Aware Information Systems

  • Anne Baumgrass
  • Thomas Baier
  • Jan Mendling
  • Mark Strembeck
Part of the Lecture Notes in Business Information Processing book series (LNBIP, volume 100)


A process-aware information system (PAIS) is a software system that supports the definition, execution, and analysis of business processes. The execution of process instances is typically recorded in so called event logs. In this paper, we present an approach to automatically generate LTL (Linear Temporal Logic) statements from process-related RBAC (Role-based Access Control) models. These LTL statements are used to check if process executions that are recorded via event logs conform to the access control policies defined via a corresponding RBAC model. To demonstrate our approach, we implemented a RBAC-to-LTL component, and used the ProM tool to test the resulting LTL statements with event logs created from process simulations in CPN tools.


Process-Aware Information Systems Conformance Checking LTL Security Role-Based Access Control 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    van der Aalst, W.M.P., Weijters, A.J.M.M.: Process mining: a research agenda. Computers in Industry 53 (April 2004)Google Scholar
  2. 2.
    van der Aalst, W.M.P., de Beer, H., van Dongen, B.: Process Mining and Verification of Properties: An Approach based on Temporal Logic. In: Meersman, R., Tari, Z. (eds.) OTM 2005, Part I. LNCS, vol. 3760, pp. 130–147. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  3. 3.
    Ahmed, T., Tripathi, A.R.: Static verification of security requirements in role based CSCW systems. In: Proceedings of the 8th ACM Symposium on Access Control Models and Technologies (SACMAT) (2003)Google Scholar
  4. 4.
    de Beer, H.: The LTL Checker Plugins: A Reference Manual. Eindhoven University of Technology, Eindhoven (2004)Google Scholar
  5. 5.
    de Medeiros, A., Günther, C.W.: Process Mining: Using CPN Tools to Create Test Logs for Mining Algorithms. In: Proceedings of the Sixth Workshop and Tutorial on Practical Use of Coloured Petri Nets and the CPN Tools, pp. 177–190 (2005)Google Scholar
  6. 6.
    Dumas, M., van der Aalst, W.M.P., ter Hofstede, A.: Process-Aware Information Systems. John Wiley & Sons, Inc. (2005)Google Scholar
  7. 7.
    El Kharbili, M., Alves de Medeiros, A., Stein, S., van der Aalst, W.: Business Process Compliance Checking: Current State and Future Challenges. In: MobIS, pp. 107–113 (2008)Google Scholar
  8. 8.
    Ferraiolo, D., Kuhn, D., Chandramouli, R.: Role-Based Access Control, 2nd edn. Artech House (2007)Google Scholar
  9. 9.
    Hansen, F., Oleshchuk, V.: Conformance Checking of RBAC Policy and its Implementation. In: Deng, R.H., Bao, F., Pang, H., Zhou, J. (eds.) ISPEC 2005. LNCS, vol. 3439, pp. 144–155. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  10. 10.
    Pnueli, A.: The Temporal Logic of Programs. In: Foundations of Computer Science, pp. 46–57 (1977)Google Scholar
  11. 11.
    Rozinat, A., van der Aalst, W.M.P.: Conformance Testing: Measuring the Fit and Appropriateness of Event Logs and Process Models. In: Bussler, C.J., Haller, A. (eds.) BPM 2005. LNCS, vol. 3812, pp. 163–176. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  12. 12.
    Rozinat, A., van der Aalst, W.: Conformance checking of processes based on monitoring real behavior. Information Systems 33(1), 64–95 (2008)CrossRefGoogle Scholar
  13. 13.
    Sandhu, R., Coyne, E., Feinstein, H., Youman, C.: Role-Based Access Control Models. IEEE Computer 29(2) (February 1996)Google Scholar
  14. 14.
    Sandhu, R., Samarati, P.: Access Control: Principles and Practice. IEEE Communications 32(9) (September 1994)Google Scholar
  15. 15.
    Strembeck, M.: Scenario-Driven Role Engineering. IEEE Security & Privacy 8(1) (January/February 2010)Google Scholar
  16. 16.
    Strembeck, M., Mendling, J.: Modeling process-related RBAC models with extended UML activity models. Information and Software Technology 53(5), 456–483 (2011)CrossRefGoogle Scholar
  17. 17.
    van der Aalst, W., de Medeiros, A.: Process Mining and Security: Detecting Anomalous Process Executions and Checking Process Conformance. Electronic Notes in Theoretical Computer Science 121, 3–21 (2005)CrossRefzbMATHGoogle Scholar
  18. 18.
    van der Aalst, W., van Dongen, B.F., Günther, C.W., Rozinat, A., Verbeek, H.M.W., Weijters, A.J.M.M.: ProM: The Process Mining Toolkit. In: Proceedings of the BPM 2009 Demonstration Track, vol. 489. (September 2009)Google Scholar
  19. 19.
    van der Aalst, W., van Dongen, B., Herbst, J., Maruster, L., Schimm, G., Weijters, A.J.M.M.: Workflow mining: A survey of issues and approaches. Data & Knowledge Engineering 47(2) (2003)Google Scholar
  20. 20.
    van Dongen, B., van der Aalst, W.: A Meta Model for Process Mining Data. In: Proceedings of the Open Interop Workshop on Enterprise Modelling and Ontologies for Interoperability (2005)Google Scholar
  21. 21.
    Verbeek, H.M.W., Buijs, J., van Dongen, B., van der Aalst, W.: ProM 6: The Process Mining Toolkit. In: Proceedings of BPM 2010 Demonstration Track, vol. 615, pp. 34–39. (September 2010)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Anne Baumgrass
    • 1
  • Thomas Baier
    • 2
  • Jan Mendling
    • 2
  • Mark Strembeck
    • 1
  1. 1.Institute of Information Systems and New MediaVienna University of Economics and Business (WU Vienna)ViennaAustria
  2. 2.Institute of Information SystemsHumboldt-Universität zu BerlinGermany

Personalised recommendations