Refactoring Process Models in Large Process Repositories.

With the increasing adoption of process-aware information systems (PAIS), large process model repositories have emerged. Over time respective models have to be re-aligned to the real-world business processes through customization or adaptation. This bears the risk that model redundancies are introduced and complexity is increased. If no continuous investment is made in keeping models simple, changes are becoming increasingly costly and error-prone. Though refactoring techniques are widely used in software engineering to address related problems, this does not yet constitute state-of-the art in business process management. Process designers either have to refactor process models by hand or cannot apply respective techniques at all. This paper proposes a set of behaviour-preserving techniques for refactoring large process repositories. This enables process designers to eectively deal with model complexity by making process models better understandable and easier to maintain

Interestingness of traces in declarative process mining: The janus LTLPf Approach

Declarative process mining is the set of techniques aimed at extracting behavioural constraints from event logs. These constraints are inherently of a reactive nature, in that their activation restricts the occurrence of other activities. In this way, they are prone to the principle of ex falso quod libet: they can be satisfied even when not activated. As a consequence, constraints can be mined that are hardly interesting to users or even potentially misleading. In this paper, we build on the observation that users typically read and write temporal constraints as if-statements with an explicit indication of the activation condition. Our approach is called Janus, because it permits the specification and verification of reactive constraints that, upon activation, look forward into the future and backwards into the past of a trace. Reactive constraints are expressed using Linear-time Temporal Logic with Past on Finite Traces (LTLp f). To mine them out of event logs, we devise a time bi-directional valuation technique based on triplets of automata operating in an on-line fashion. Our solution proves efficient, being at most quadratic w.r.t. trace length, and effective in recognising interestingness of discovered constraints

Extracting Role-Based Access Control Models from Business Process Event Logs

Keeruliste äriprotsesside ja järjest suurenevate andmemahtude juures on väljakutsuvaks ülesandeks analüüsida ja parandada ettevõtte äriprotsessi andmeturvalisust. Infosüsteemid, mis toetavad äriprotsessi mudeli (abstraktne esitus äriprotsessist) rakendamist, registreerivad äriprotsessi tegevusi sündmustena eraldi logisse. Salvestatud sündmuste logid on aluseks äriprotsessiga seotud andmete kaevamiseks. Need andmed on vajalikud äriprotsessi analüüsimiseks ja parendamiseks, kuid neid andmeid võib kasutada ka turvaanalüüsiks. Turvaanalüüsi üheks eesmärgiks on ka kontrollida, kas nende andmete hulgas turvalisusega seotud informatsioon on kooskõlas praeguste turvanõuetega. Lisaks, äriprotsessi logide peal saab rakendada äriprotsessikaeve (uurimisvaldkond, mis ühendab andmekaeve ja äriprotsesside modelleerimise) tehnikaid, et luua äriprotsessi mudeleid. Lisaks äriprotsessi mudelitele on võimalik tuletada ka teisi mudeleid, näiteks turvamudeleid, mida saab hiljem kasutada turvameetmete tagamiseks infosüsteemis. Käesoleva töö eesmärgiks on esitada üks võimalik meetod, kuidas luua rollipõhist ligipääsukontrolli esitatavaid turvamudeleid (Role- Based Access Control models) XES-formaadis sündmuste logidest, mis on salvestatud äriprotsessi toetava infosüsteemi poolt. Lisatähelepanu on suunatud kaitstavate infovarade väljaselgitamiseks sündmuste logide põhjal. Need infovarad on näiteks dokumendid, dokumendiväljad, või muud andmed, mida töödeldakse äriprotsessi tegevuste jooksul. Lisaks, me hindame antud meetodi rakendatavust reaalse äriprotsessi sündmuste logi peal. Ühe võimaliku meetodina me kontrollime sündmuste logi andmete ja seoste vastavust juurdepääsu õigustega olemasoleva rollipõhise juurdepääsu kontrolli turvamudelis. Lõppkokkuvõttes võib sündmuste logidest tuletatud rollipõhist ligipääsu kontrolli mudelit võtta aluseks turvaanalüüsiks või rakendada mõnes süsteemis juurdepääsumehhanismina.Today, as business processes are getting more complex and the volumes of stored data about business process executions are increasing in size, collecting information for the analysis and for the improvement of the business process security1, is becoming a complex task. Information systems that support business processes record business process executions into event logs which capture the behavior of system usage in terms of events. Business process event logs can be used for analysing and improving the business process, but also for analysing the information security. One of the main goals of security analysis is to check the compliance with existing security requirements. Also event logs can be the basis for business process mining, or shortly process mining. Utilizing bottom-up process mining on event logs, we can extract business process-related information for security analysis. Process mining is not just only for discovering business process models, but also other models, such as security models. For this purpose, we present a possible approach to extract RBAC models (semi-)automatically from event logs in XES format. The focus is also on determining the protected business assets, such as document or other artifact data that is exchanged and accessed during business process activities. In addition, we evaluate the applicability of this approach with conformance checking where we check the compliance of a real-life event log with respect to the LTL constraints translated from RBAC model. Eventually, the purpose of the extracted RBAC models is that they provide a basis for security analysis and they can be adapted by other applications in order to implement access control mechanism

Conformance Checking Based on Multi-Perspective Declarative Process Models

Process mining is a family of techniques that aim at analyzing business process execution data recorded in event logs. Conformance checking is a branch of this discipline embracing approaches for verifying whether the behavior of a process, as recorded in a log, is in line with some expected behaviors provided in the form of a process model. The majority of these approaches require the input process model to be procedural (e.g., a Petri net). However, in turbulent environments, characterized by high variability, the process behavior is less stable and predictable. In these environments, procedural process models are less suitable to describe a business process. Declarative specifications, working in an open world assumption, allow the modeler to express several possible execution paths as a compact set of constraints. Any process execution that does not contradict these constraints is allowed. One of the open challenges in the context of conformance checking with declarative models is the capability of supporting multi-perspective specifications. In this paper, we close this gap by providing a framework for conformance checking based on MP-Declare, a multi-perspective version of the declarative process modeling language Declare. The approach has been implemented in the process mining tool ProM and has been experimented in three real life case studies

An Outcome-Based Approach for Ensuring Regulatory Compliance of Business Processes

In service industries, such as healthcare, catering, tourism, etc., there exist regulations that require organisations’ service comply with the regulations. More and more regulations in the service sector are, or are aimed to be, outcome-focused regulations. An outcome prescribed in the regulation is what users should experience or achieve when the regulated business processes are compliant. Service providers need to proactively ensure that the outcomes specified in the regulations have been achieved prior to conducting the relevant part of the business or prior to inspectors discovering noncompliance. Current approaches check system requirements or business processes, not outcomes, against regulations and thus this still leaves uncertain as to whether what the users actually experience are really achieved. In this thesis, we propose an approach for assessing the compliance of process outcomes and improve the noncompliance. The approach is designed through the U.K’s. CQC regulations in the care home environment

Process Discovery on Deviant Traces and Other Stranger Things

As the need to understand and formalise business processes into a model has grown over the last years, the process discovery research field has gained more and more importance, developing two different classes of approaches to model representation: procedural and declarative. Orthogonally to this classification, the vast majority of works envisage the discovery task as a one-class supervised learning process guided by the traces that are recorded into an input log. In this work instead, we focus on declarative processes and embrace the less-popular view of process discovery as a binary supervised learning task, where the input log reports both examples of the normal system execution, and traces representing a “stranger” behaviour according to the domain semantics. We therefore deepen how the valuable information brought by both these two sets can be extracted and formalised into a model that is “optimal” according to user-defined goals. Our approach, namely NegDis, is evaluated w.r.t. other relevant works in this field, and shows promising results regarding both the performance and the quality of the obtained solution