Dynamic Access Control to Semantics-Aware Streamed Process Logs
Tóm tắt
Business process logs are composed of event records generated, collected and analyzed at different locations, asynchronously and under the responsibility of different authorities. Their analysis is often delegated to auditors who have a mandate for monitoring processes and computing metrics but do not always have the rights to access the individual events used to compute them. A major challenge of this scenario is reconciling the requirements of privacy and access control with the need to continuously monitor and assess the business process. In this paper, we present a model, a language and a software toolkit for controlling access to process data where logs are made available as streams of RDF triples referring to some company-specific business ontology. Our approach is based on the novel idea of dynamic enforcement: we incrementally build dynamic filters for each process instance, based on the applicable access control policy and on the current prefix of the event stream. The implementation and performance validation of our solution is also presented.
Tài liệu tham khảo
Shtub A, Karni R (2010) Business process improvement. In: ERP. Springer US, pp 217–254. https://doi.org/10.1007/978-0-387-74526-8_13
van der Aalst W, Adriansyah A, de Medeiros AKA, Arcieri F, Baier T, Blickle T, Bose JC, van den Brand P, Brandtjen R, Buijs J, Burattin A, Carmona J, Castellanos M, Claes J, Cook J, Costantini N, Curbera F, Damiani E, de Leoni M, Delias P, van Dongen BF, Dumas M, Dustdar S, Fahland D, Ferreira DR, Gaaloul W, van Geffen F, Goel S, Günther C, Guzzo A, Harmon P, ter Hofstede A, Hoogland J, Ingvaldsen JE, Kato K, Kuhn R, Kumar A, La Rosa M, Maggi F, Malerba D, Mans RS, Manuel A, McCreesh M, Mello P, Mendling J, Montali M, Motahari-Nezhad HR, zur Muehlen M, Munoz-Gama J, Pontieri L, Ribeiro J, Rozinat A, Seguel Pérez H, Seguel Pérez R, Sepúlveda M, Sinur J, Soffer P, Song M, Sperduti A, Stilo G, Stoel C, Swenson K, Talamo M, Tan W, Turner C, Vanthienen J, Varvaressos G, Verbeek E, Verdonk M, Vigo R, Wang J, Weber B, Weidlich M, Weijters T, Wen L, Westergaard M, Wynn M (2012) Process mining manifesto. In: Daniel F, Barkaoui K, Dustdar S (eds) Business process management workshops. Springer, Berlin, pp 169–194
Alles M, Brennan G, Kogan A, Vasarhelyi MA. Continuous monitoring of business process controls: a pilot implementation of a continuous auditing system at siemens, ch. 10, pp 219–246. https://www.emeraldinsight.com/doi/abs/10.1108/978-1-78743-413-420181010
Barbon S, Junior, Tavares GM, da Costa VGT, Ceravolo P, Damiani E (2018) A framework for human-in-the-loop monitoring of concept-drift detection in event log stream. In: Companion proceedings of the web conference 2018, ser. WWW ’18. International World Wide Web Conferences Steering Committee, Republic and Canton of Geneva, Switzerland, pp 319–326. https://doi.org/10.1145/3184558.3186343
Sandhu R, Samarati P (1994) Access control: principle and practice. IEEE Commun. Mag. 32(9):40–48
Gunther CW, van der Aalst WMP (2006) A generic import framework for process event logs. In: Business process management workshops, workshop on business process intelligence (BPI 2006), volume 4103 of lecture notes in computer science, Tech. Rep
Aalst Wvd, Damiani E (2015) Processes meet big data: connecting data science with process science. IEEE Trans Serv Comput 8(6):810–819
Ceravolo P, Azzini A, Angelini M, Catarci T, Cudré-Mauroux P, Damiani E, Mazak A, Van Keulen M, Jarrar M, Santucci G, Sattler K-U, Scannapieco M, Wimmer M, Wrembel R, Zaraket F (2018) Big data semantics. J Data Semant 7(2):65–85. https://doi.org/10.1007/s13740-018-0086-2
eXtensible Access Control Markup Language (XACML) version 2.0, OASIS access control TC, Tech. Rep., Feb 2005. http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-core-spec-os.pdf
Hayes P,McBride B (2004) Resource description framework (RDF), W3C, recommendation. http://www.w3.org/TR/rdf-mt/
Thomas O, Fellmann M (2007) Semantic EPC: enhancing process modeling using ontology languages. In: Hepp M, Hinkelmann K, Karagiannis D, Klein R, Stojanovic N (eds) SBPM, ser. CEUR workshop proceedings, vol 251. CEUR-WS.org
Ferraiolo D, Kuhn R (1995) Role-based access control (RBAC): features and motivations. http://csrc.nist.gov/rbac/
Chowdhury O, Chen H, Niu J, Li N, Bertino E (2012) On XACML’s adequacy to specify and to enforce HIPAA, In: Proceedings of the 3rd USENIX conference on health security and privacy, ser. HealthSec’12. USENIX Association, Berkeley, CA, USA, pp 11–11. http://dl.acm.org/citation.cfm?id=2372366.2372381
Banisar D, Davies SG (1999) Global trends in privacy protection: an international survey of privacy, data protection, and surveillance laws and developments. John Marshall J Comput Inf Law XVIII. http://ssrn.com/abstract=2138799
Al-Ali H, Damiani E, Al-Qutayri M, Abu-Matar M, Mizouni R (2016) Translating BPMN to business rules. In: International symposium on data-driven process discovery and analysis. Springer, pp 22–36
Ceravolo P, Damiani E, Torabi M, Barbon S (2017) Toward a new generation of log pre-processing methods for process mining. In: Carmona J, Engels G, Kumar A (eds) Business process management forum. Springer, Cham, pp 55–70
Verbeek H, Buijs JC, Van Dongen BF, Van Der Aalst WM (2010) Xes, xesame, and prom 6. In: Forum at the conference on advanced information systems engineering (CAiSE). Springer, pp 60–75
Li G, de Murillas EGL, de Carvalho RM, van der Aalst WM (2018) Extracting object-centric event logs to support process mining on databases. In: International conference on advanced information systems engineering. Springer, pp 182–199
Schönig S, Rogge-Solti A, Cabanillas C, Jablonski S, Mendling J (2016) Efficient and customisable declarative process mining with SQL. In: International conference on advanced information systems engineering. Springer, pp 290–305
Leida M, Majeed B, Colombo M, Chu A (2013) A lightweight RDF data model for business process analysis, vol. 162. In: Cudre-Mauroux P, Ceravolo P, Gašević D (eds) Data-driven process discovery and analysis, vol 162. Lecture notes in business information processing. Springer, Berlin, pp 1–23. https://doi.org/10.1007/978-3-642-40919-6_1
Vogelgesang T, Appelrath H-J (2015) A relational data warehouse for multidimensional process mining. In: International symposium on data-driven process discovery and analysis. Springer, pp 155–184
Berberi L, Eder J, Koncilia C (2018) A process warehouse model capturing process variants. Enterp Model Inf Syst Archit 13:77–85
van der Aalst WMP (2013) Process cubes: slicing, dicing, rolling up and drilling down event data for process mining. In: Song M, Wynn M, Liu J (eds) Asia Pacific business process management, vol 159. Lecture notes in business information processing. Springer, Berlin, pp 1–22. https://doi.org/10.1007/978-3-319-02922-1_1
Ceravolo P, Azzini A, Damiani E, Lazoi M, Marra M, Corallo A (2016) Translating process mining results into intelligible business information. In: Proceedings of the 11th international knowledge management in organizations conference on the changing face of knowledge management impacting society. ACM, p 14
Ceravolo P, Zavatarelli F (2015) Knowledge acquisition in process intelligence. In: 2015 international conference on information and communication technology research (ICTRC). IEEE, pp 218–221
Calvanese D, Montali M, Syamsiyah A, van der Aalst WMP (2016) Ontology-driven extraction of event logs from relational databases. In: Reichert M, Reijers HA (eds) Business process management workshops. Springer, Cham, pp 140–153
Ardagna CA, Ceravolo P, Damiani E (2016) Big data analytics as-a-service: issues and challenges. In: 2016 IEEE international conference on big data (big data), pp 3638–3644
Smirnov S, Reijers HA, Weske M (2011) A semantic approach for business process model abstraction. In: Mouratidis H, Rolland C (eds) Advanced information systems engineering. Springer, Berlin, pp 497–511
Azzini A, Ceravolo P (2013) Consistent process mining over big data triple stores. In: 2013 IEEE international congress on big data (BigData Congress). IEEE, pp 54–61
Nykänen O, Rivero-Rodriguez A, Pileggi P, Ranta PA, Kailanto M, Koro J (2015) Associating event logs with ontologies for semantic process mining and analysis. In: Proceedings of the 19th international academic mindtrek conference, ser. AcademicMindTrek ’15. ACM, New York, NY, USA, pp 138–143. https://doi.org/10.1145/2818187.2818273
de Medeiros AKA, van der Aalst W, Pedrinaci C (2008) Semantic process mining tools: core building blocks. In: 16th European conference on information systems. http://oro.open.ac.uk/23397/
Okoye K, Tawil ARH, Naeem U, Lamine E (2015) Semantic process mining towards discovery and enhancement of learning model analysis, In: 2015 IEEE 17th international conference on high performance computing and communications, 2015 IEEE 7th international symposium on cyberspace safety and security, and 2015 IEEE 12th international conference on embedded software and systems, pp 363–370
Cairns AH, Ondo JA, Gueni B, Fhima M, Schwarcfeld M, Joubert C, Khelifa N (2014) Using semantic lifting for improving educational Please provide accessed date for reference Marr (2017).and analysis. In: Proceedings of the 4th international symposium on data-driven process discovery and analysis (SIMPDA 2014). http://ceur-ws.org/Vol-1293/paper11.pdf. Accessed May 2019
Kingsley O, Tawil ARH, Naeem U, Islam S, Lamine E (2016) Using semantic-based approach to manage perspectives of process mining: application on improving learning process domain data. In: 2016 IEEE international conference on big data (big data), pp 3529–3538
Azzini A, Braghin C, Damiani E, Zavatarelli F (2013) Using semantic lifting for improving process mining: a data loss prevention system case study, pp 62–73
Brickley D, Guha R, McBride B (2004) RDF vocabulary description language 1.0: RDF schema, W3C, recommendation. http://www.w3.org/TR/rdf-schema/
Simmhan YL, Plale B, Gannon D (2005) A survey of data provenance in e-science. SIGMOD Rec 34(3):31–36. https://doi.org/10.1145/1084805.1084812
Baier T, Mendling J (2013) Bridging abstraction layers in process mining by automated matching of events and activities. In: Daniel F, Wang J, Weber B (eds) Business process management. Springer, Berlin, pp 17–32
Al-Ali H, Damiani E, Al-Qutayri M, Abu-Matar M, Mizouni R (2018) Translating BPMN to business rules. In: Ceravolo P, Guetl C, Rinderle-Ma S (eds) Data-driven process discovery and analysis. Springer, Cham, pp 22–36
De Nicola A, Di Mascio T, Lezoche M, Tagliano F (2008) Semantic lifting of business process models. In: 2008 12th enterprise distributed object computing conference workshops. IEEE, pp 120–126
Mannhardt F, De Leoni M, Reijers HA, Van Der Aalst WM, Toussaint PJ (2016) From low-level events to activities—a pattern-based approach. In: International conference on business process management. Springer, pp 125–141
Baier T, Di Ciccio C, Mendling J, Weske M (2015) Matching of events and activities-an approach using declarative modeling constraints. In: International conference on enterprise, business-process and information systems modeling. Springer, pp 119–134
Leida M, Chu A (2013 ) Distributed SPARQL query answering over RDF data streams. In: IEEE international congress on big data (bigdata congress), pp 369–378
Prud’hommeaux E, Seaborne A (2008) SPARQL query language for RDF, W3C, recommendation. http://www.w3.org/TR/rdf-sparql-query/
Beheshti S-M-R, Benatallah B, Motahari-Nezhad H, Sakr S (2011) A query language for analyzing business processes execution. In: Rinderle-Ma S, Toumani F, Wolf K (eds) Business process management, vol 6896. Lecture notes in computer science. Springer, Berlin, pp 281–297. https://doi.org/10.1007/978-3-642-23059-2_22
Sandhu RS, Coyne EJ, Feinstein HL, Youman CE (1996) Role-based access control models. Computer 29(2):38–47. https://doi.org/10.1109/2.485845
Herrmann G, Pernul G (1999) Viewing business-process security from different perspectives. Int J Electron Commerce 3(3):89–103
Koshutanski H, Massacci F (2003) An access control framework for business processes for web services. In: Proceedings of the 2003 ACM workshop on XML security, ser. XMLSEC ’03. ACM, New York, NY, pp 15–24. https://doi.org/10.1145/968559.968562
Russell N, Aalst W, Hofstede A, Edmond D (2005) Workflow resource patterns: identification, representation and tool support. In: Pastor O, Falcão e Cunha J (eds) Advanced information systems engineering, vol 3520. Lecture notes in computer science. Springer, Berlin, pp 216–232. https://doi.org/10.1007/11431855_16
Wainer J, Kumar A, Barthelmess P (2007) DW-RBAC: a formal security model of delegation and revocation in workflow systems. Inf Syst 32(3):365–384. https://doi.org/10.1016/j.is.2005.11.008
Weber B, Reichert M, Wild W, Rinderle-Ma S (2005) Balancing flexibility and security in adaptive process management systems. In: Proceedings of the 2005 confederated international conference on the move to meaningful internet systems—volume part I, ser. OTM’05. Springer, Berlin, pp 59–76. https://doi.org/10.1007/11575771_7
Rinderle-Ma S, Reichert M (2008) Managing the life cycle of access rules in CEOSIS. In: Proceedings of the 2008 12th international IEEE enterprise distributed object computing conference, ser. EDOC ’08. IEEE Computer Society, Washington, DC, USA, pp 257–266. https://doi.org/10.1109/EDOC.2008.16
Lehmann A, Fahland D (2012) Information flow security for business process models—just one click away. In: Lohmann N, Moser S (eds) BPM (Demos), ser. CEUR workshop proceedings, vol 940. CEUR-WS.org, pp 34–39. http://dblp.uni-trier.de/db/conf/bpm/bpmd2012.html#LehmannF12
Etcheverry L, Vaisman AA (2012) Views over RDF Datasets: a state-of-the-art and open challenges. CoRR arXiv:1211.0224
Bassil S, Reichert M, Bobrik R (2009) Access control for monitoring system-spanning business processes in Proviado. In: EMISA, pp 125–139
Reichert M, Bassil S, Bobrik R, Bauer T (2010) The Proviado access control model for business process monitoring components. Enterp Model Inf Syst Archit Int J 5(3):64–88
Ringelstein C, Staab S (2011) Papel: Provenance-aware policy definition and execution. IEEE Internet Comput 15(1):49–58
Polyvyanyy A, Smirnov S, Weske M (2009) The triconnected abstraction of process models. In: Proceedings of the 7th international conference on business process management, ser. BPM ’09. Springer, Berlin, pp 229–244. https://doi.org/10.1007/978-3-642-03848-8_16
Greco G, Guzzo A, Pontieri L (2005) Mining hierarchies of models: from abstract views to concrete specifications. In: Proceedings of the 3rd international conference on business process management, ser. BPM’05. Springer, Berlin, pp 32–47. https://doi.org/10.1007/11538394_3
Javanmardi S, Amini M, Jalili R. An access control model for protecting semantic web resources
Dean M, Schreiber G, Bechhofer S, van Harmelen F, Hendler J, Horrocks I, McGuinness DL, Patel-Schneider PF, Stein LA (2004) Owl web ontology language reference, W3C, recommendation. http://www.w3.org/Submission/SWRL/
Damiani E, De S, Vimercati C, Fugazza C, Samarati P (2004) Extending policy languages to the semantic web. In: Proceedings of the international conference on web engineering, pp 330–343
Finin T, Joshi A, Kagal L, Niu J, Sandhu R, Winsborough W, Thuraisingham B (2008) ROWLBAC: representing role based access control in OWL. In: Proceedings of the 13th ACM symposium on Access control models and technologies, ser. SACMAT ’08. ACM, New York, NY, USA, pp 73–82. https://doi.org/10.1145/1377836.1377849
Chen W, Stuckenschmidt H (2009) A model-driven approach to enable access control for ontologies. In: Wirtschaftsinformatik (1), pp 663–672
Le W, Duan S, Kementsietsidis A, Li F, Wang M (2011) Rewriting queries on SPARQL views, In: Proceedings of the 20th international conference on World wide web, ser. WWW ’11. ACM, New York, NY, USA, pp 655–664. https://doi.org/10.1145/1963405.1963497
Aravind Yalamanchi SD, Banerjee Jayanta (2010) Access control for graph data, US Patent US20 100 268 722 A1, 10 21. http://www.patentlens.net/patentlens/patent/US_7062320/
van Dongen B (2012) BPI challenge 2012. 10.4121/uuid:3926db30-f712-4394-aebc-75976070e91f
Pérez J, Arenas M, Gutierrez C (2009) Semantics and complexity of SPARQL. ACM Trans Database Syst 34(3):16:1–16:45. https://doi.org/10.1145/1567274.1567278
Wang X, Yang T, Chen J, He L, Du X (2015) Rdf partitioning for scalable SPARQL query processing. Front Compu Sci 9(6):919–933. https://doi.org/10.1007/s11704-015-4104-3
Sheth A, Henson C, Sahoo S (2008) Semantic sensor web. IEEE Internet Comput 12(4):78–83