Security Group TU/e

Privacy and security of electronic data, which are increasingly generated and used in our society (e.g., electronic health records, financial data, demographics and administrative data used in eGoverment), are becoming a serious and urgent issue nowadays. Data protection legislation in the EU imposes very stringent requirements on the collection, processing and disclosure of personal data as well as empowers users to control the access and usage of their data. Traditional access control mechanisms, when correctly deployed, can provide theoretical guarantees that unauthorized accesses are prevented. These mechanisms are too inflexible to be used in dynamic environments like hospitals, where exceptions and unpredictable circumstances often arise. Thus, alongside access control mechanisms, organizations may employ mechanisms like the Break-The-Glass (BTG) procedure that allows users to bypass preventive enforcement mechanisms. This flexibility, however, introduces a weak-point in the system that can be misused by users. To this end, user behavior should be recorded in logs and analyzed to detect possible data misuses.

Current security mechanisms neglect the existence of business processes and do not take advantage of the opportunity to analyze the event logs and business processes to support the IT system in analyzing user behavior. The Security group mainly focus on extending and developing techniques that exploit process-related data for auditing user behavior. Our main contributions include:

History-based conformance checking: There may exist a number of explanations why a process execution is not conforming. In these works, we discuss how probable explanations for non-conformity between a process execution and a process model can be constructed and how they can be ranked with respect to their criticality.

Discovering frequent anomalous patterns: Classic conformance checking techniques derive low-level deviations occurred in every single process execution. However, an analysts may have more interest in knowing diagnostics at a higher-level of granularity. In this work, we focus on providing the analyst with a “deviations dashboard”, reporting analytics and interesting trends regarding the occurred deviations. More precisely, we extract anomalous frequent patterns representing recurrent deviations from historical logging data. These patterns describe portion of process executions involving recurrent deviant behaviors which tend to occur together, thus providing the analyst with valuable insights about deviations in past process execution.

Linking data and process perspectives for deviation analysis: Analyzing user behavior from process or data perspectives independently, may not be sufficient to expose illegitimate data accesses. Thus, infringements may remain undetected or diagnosed incorrectly. In this work, we analyze user behavior with respect to both data and process perspectives.

1. Mahdi Alizadeh, Massimiliano de Leoni, Nicola Zannone: Constructing Probable Explanations of Nonconformity: A Data-Aware and History-Based Approach. SSCI 2015: 1358-1365
2. Mahdi Alizadeh, Massimiliano de Leoni, Nicola Zannone: History-Based Construction of Alignments for Conformance Checking: Formalization and Implementation. SIMPDA (Revised Selected Papers) 2014: 58-78
3. Mahdi Alizadeh and Nicola Zannone. Risk-based analysis of business process executions. In Proceedings of ACM Conference on Data and Application Security and Privacy, pages 130–132. ACM, 2016.
4. Laura Genga, Domenico Potena, Orazio Martino, Mahdi Alizadeh, Claudia Diamantini, Nicola Zannone: Subgraph Mining for Anomalous Pattern Discovery in Event Logs. NFMCP@PKDD/ECML 2016: 181-197
5. Laura Genga, Mahdi Alizadeh, Domenico Potena, Claudia Diamantini, Nicola Zannone: APD tool: Mining Anomalous Patterns from Event Logs. BPM (Demos) 2017
6. Arya Adriansyah, Boudewijn F. van Dongen, Nicola Zannone: Privacy Analysis of User Behavior Using Alignments. it - Information Technology 55(6): 255-260 (2013)
7. Arya Adriansyah, Boudewijn F. van Dongen, Nicola Zannone: Controlling Break-the-Glass through Alignment. SocialCom 2013: 606-611
8. Sebastian Banescu, Milan Petkovic, Nicola Zannone: Measuring Privacy Compliance Using Fitness Metrics. BPM 2012: 114-119