TU Darmstadt / ULB / TUbiblio

Process Compliance Checking using Taint Flow Analysis

Seeliger, Alexander and Nolle, Timo and Schmidt, Benedikt and Mühlhäuser, Max (2016):
Process Compliance Checking using Taint Flow Analysis.
In: Proceedings of the 37th International Conference on Information Systems (ICIS), AIS, Dublin, Ireland, 37, [Conference or Workshop Item]

Abstract

Due to the growing complexity of processes, regulations, policies and guidelines (e.g., Sarbanes-Oxley-Act) computer-assisted business process analysis - known as process mining - is becoming more and more relevant for organisations. One discipline of process mining is backward compliance checking, which aims to detect non-compliant process variants based on historic data. Most existing approaches compare the "as-is" view with desired process models. However, most organisations do not maintain such models, making such approaches less attractive. This paper proposes a process flow analysis which uses graph-reachability to check whether the actual "as-is" process graph violates compliance constraints. Our approach is inspired by the taint flow algorithm which is used in code analysis to identify security vulnerabilities in software applications. We conducted a case study evaluating the compliance of event logs and performed a benchmark to show that our approach outperforms the LTL checker and the PetriNet pattern approach in ProM.

Item Type: Conference or Workshop Item
Erschienen: 2016
Creators: Seeliger, Alexander and Nolle, Timo and Schmidt, Benedikt and Mühlhäuser, Max
Title: Process Compliance Checking using Taint Flow Analysis
Language: English
Abstract:

Due to the growing complexity of processes, regulations, policies and guidelines (e.g., Sarbanes-Oxley-Act) computer-assisted business process analysis - known as process mining - is becoming more and more relevant for organisations. One discipline of process mining is backward compliance checking, which aims to detect non-compliant process variants based on historic data. Most existing approaches compare the "as-is" view with desired process models. However, most organisations do not maintain such models, making such approaches less attractive. This paper proposes a process flow analysis which uses graph-reachability to check whether the actual "as-is" process graph violates compliance constraints. Our approach is inspired by the taint flow algorithm which is used in code analysis to identify security vulnerabilities in software applications. We conducted a case study evaluating the compliance of event logs and performed a benchmark to show that our approach outperforms the LTL checker and the PetriNet pattern approach in ProM.

Title of Book: Proceedings of the 37th International Conference on Information Systems (ICIS)
Volume: 37
Publisher: AIS
Divisions: 20 Department of Computer Science
20 Department of Computer Science > Telecooperation
LOEWE
LOEWE > LOEWE-Schwerpunkte
LOEWE > LOEWE-Schwerpunkte > NiCER – Networked infrastructureless Cooperation for Emergency Response
Event Location: Dublin, Ireland
Date Deposited: 31 Dec 2016 12:59
Identification Number: TUD-CS-2016-1455
Related URLs:
Export:

Optionen (nur für Redakteure)

View Item View Item