6,941 research outputs found
Refactoring Process Models in Large Process Repositories.
With the increasing adoption of process-aware information systems (PAIS), large process model repositories have emerged. Over time respective models have to be re-aligned to the real-world business processes through customization or adaptation. This bears the risk that model redundancies are introduced and complexity is increased. If no continuous investment is made in keeping models simple, changes are becoming increasingly costly and error-prone. Though refactoring techniques are widely used in software engineering to address related problems, this does not yet constitute state-of-the art in business process management. Process designers either have to refactor process models by hand or cannot apply respective techniques at all. This paper proposes a set of behaviour-preserving techniques for refactoring large process repositories. This enables process designers to eectively deal with model complexity by making process models better understandable and easier to maintain
Interestingness of traces in declarative process mining: The janus LTLPf Approach
Declarative process mining is the set of techniques aimed at extracting behavioural constraints from event logs. These constraints are inherently of a reactive nature, in that their activation restricts the occurrence of other activities. In this way, they are prone to the principle of ex falso quod libet: they can be satisfied even when not activated. As a consequence, constraints can be mined that are hardly interesting to users or even potentially misleading. In this paper, we build on the observation that users typically read and write temporal constraints as if-statements with an explicit indication of the activation condition. Our approach is called Janus, because it permits the specification and verification of reactive constraints that, upon activation, look forward into the future and backwards into the past of a trace. Reactive constraints are expressed using Linear-time Temporal Logic with Past on Finite Traces (LTLp f). To mine them out of event logs, we devise a time bi-directional valuation technique based on triplets of automata operating in an on-line fashion. Our solution proves efficient, being at most quadratic w.r.t. trace length, and effective in recognising interestingness of discovered constraints
Extracting Role-Based Access Control Models from Business Process Event Logs
Keeruliste äriprotsesside ja järjest suurenevate andmemahtude juures on väljakutsuvaks
ülesandeks analüüsida ja parandada ettevõtte äriprotsessi andmeturvalisust. Infosüsteemid,
mis toetavad äriprotsessi mudeli (abstraktne esitus äriprotsessist) rakendamist, registreerivad
äriprotsessi tegevusi sündmustena eraldi logisse. Salvestatud sündmuste logid on aluseks
äriprotsessiga seotud andmete kaevamiseks. Need andmed on vajalikud äriprotsessi
analüüsimiseks ja parendamiseks, kuid neid andmeid võib kasutada ka turvaanalüüsiks.
Turvaanalüüsi üheks eesmärgiks on ka kontrollida, kas nende andmete hulgas turvalisusega
seotud informatsioon on kooskõlas praeguste turvanõuetega. Lisaks, äriprotsessi logide peal
saab rakendada äriprotsessikaeve (uurimisvaldkond, mis ühendab andmekaeve ja
äriprotsesside modelleerimise) tehnikaid, et luua äriprotsessi mudeleid. Lisaks äriprotsessi
mudelitele on võimalik tuletada ka teisi mudeleid, näiteks turvamudeleid, mida saab hiljem
kasutada turvameetmete tagamiseks infosüsteemis. Käesoleva töö eesmärgiks on esitada üks
võimalik meetod, kuidas luua rollipõhist ligipääsukontrolli esitatavaid turvamudeleid (Role-
Based Access Control models) XES-formaadis sündmuste logidest, mis on salvestatud
äriprotsessi toetava infosüsteemi poolt. Lisatähelepanu on suunatud kaitstavate infovarade
väljaselgitamiseks sündmuste logide põhjal. Need infovarad on näiteks dokumendid,
dokumendiväljad, või muud andmed, mida töödeldakse äriprotsessi tegevuste jooksul. Lisaks,
me hindame antud meetodi rakendatavust reaalse äriprotsessi sündmuste logi peal. Ühe
võimaliku meetodina me kontrollime sündmuste logi andmete ja seoste vastavust juurdepääsu
õigustega olemasoleva rollipõhise juurdepääsu kontrolli turvamudelis. Lõppkokkuvõttes võib
sündmuste logidest tuletatud rollipõhist ligipääsu kontrolli mudelit võtta aluseks
turvaanalüüsiks või rakendada mõnes süsteemis juurdepääsumehhanismina.Today, as business processes are getting more complex and the volumes of stored data about
business process executions are increasing in size, collecting information for the analysis and
for the improvement of the business process security1, is becoming a complex task.
Information systems that support business processes record business process executions into
event logs which capture the behavior of system usage in terms of events. Business process
event logs can be used for analysing and improving the business process, but also for
analysing the information security. One of the main goals of security analysis is to check the
compliance with existing security requirements. Also event logs can be the basis for business
process mining, or shortly process mining. Utilizing bottom-up process mining on event logs,
we can extract business process-related information for security analysis. Process mining is
not just only for discovering business process models, but also other models, such as security
models. For this purpose, we present a possible approach to extract RBAC models
(semi-)automatically from event logs in XES format. The focus is also on determining the
protected business assets, such as document or other artifact data that is exchanged and
accessed during business process activities. In addition, we evaluate the applicability of this
approach with conformance checking where we check the compliance of a real-life event log
with respect to the LTL constraints translated from RBAC model. Eventually, the purpose of
the extracted RBAC models is that they provide a basis for security analysis and they can be
adapted by other applications in order to implement access control mechanism
Conformance Checking Based on Multi-Perspective Declarative Process Models
Process mining is a family of techniques that aim at analyzing business
process execution data recorded in event logs. Conformance checking is a branch
of this discipline embracing approaches for verifying whether the behavior of a
process, as recorded in a log, is in line with some expected behaviors provided
in the form of a process model. The majority of these approaches require the
input process model to be procedural (e.g., a Petri net). However, in turbulent
environments, characterized by high variability, the process behavior is less
stable and predictable. In these environments, procedural process models are
less suitable to describe a business process. Declarative specifications,
working in an open world assumption, allow the modeler to express several
possible execution paths as a compact set of constraints. Any process execution
that does not contradict these constraints is allowed. One of the open
challenges in the context of conformance checking with declarative models is
the capability of supporting multi-perspective specifications. In this paper,
we close this gap by providing a framework for conformance checking based on
MP-Declare, a multi-perspective version of the declarative process modeling
language Declare. The approach has been implemented in the process mining tool
ProM and has been experimented in three real life case studies
An Outcome-Based Approach for Ensuring Regulatory Compliance of Business Processes
In service industries, such as healthcare, catering, tourism, etc., there exist regulations that require organisations’ service comply with the regulations. More and more regulations in the service sector are, or are aimed to be, outcome-focused regulations. An outcome prescribed in the regulation is what users should experience or achieve when the regulated business processes are compliant. Service providers need to proactively ensure that the outcomes specified in the regulations have been achieved prior to conducting the relevant part of the business or prior to inspectors discovering noncompliance. Current approaches check system requirements or business processes, not outcomes, against regulations and thus this still leaves uncertain as to whether what the users actually experience are really achieved. In this thesis, we propose an approach for assessing the compliance of process outcomes and improve the noncompliance. The approach is designed through the U.K’s. CQC regulations in the care home environment
Process Discovery on Deviant Traces and Other Stranger Things
As the need to understand and formalise business processes into a model has grown over the last years, the process discovery research field has gained more and more importance, developing two different classes of approaches to model representation: procedural and declarative. Orthogonally to this classification, the vast majority of works envisage the discovery task as a one-class supervised learning process guided by the traces that are recorded into an input log.
In this work instead, we focus on declarative processes and embrace the less-popular view of process discovery as a binary supervised learning task, where the input log reports both examples of the normal system execution, and traces representing a “stranger” behaviour according to the domain semantics. We therefore deepen how the valuable information brought by both these two sets can be extracted and formalised into a model that is “optimal” according to user-defined goals. Our approach, namely NegDis, is evaluated w.r.t. other relevant works in this field, and shows promising results regarding both the performance and the quality of the obtained solution
- …