Deriving Current State RBAC Models from Event Logs

Process-aware information systems are used to execute business processes to reach the operational goals of an organization. In this context, access control policies are defined to govern the choice in behavior of such systems. In a role engineering process these access control policies can be define...

Full description

Saved in:
Bibliographic Details
Main Author: Baumgrass, A.
Format: Conference Proceeding
Language:English
Subjects:
Access control
Business
Credit cards
Data mining
Information systems
Process control
Process-aware Information Systems
RBAC
Role Engineering
XML
Online Access:Request full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Process-aware information systems are used to execute business processes to reach the operational goals of an organization. In this context, access control policies are defined to govern the choice in behavior of such systems. In a role engineering process these access control policies can be defined and customized. This paper introduces a new automated approach to derive current state access control policies from event logs extracted from process-aware information systems. For this purpose, the two standard formats for event logs called MXML and XES are used. It is demonstrated how this derivation can ease certain steps in the scenario-driven role engineering process, that are otherwise time-consuming and can get tedious if conducted manually.
DOI:10.1109/ARES.2011.104