Next-Level System Security: Smarter Access Control for Organizations
The proposed methodology for formalizing and conformance testing RBAC policies. Image Credit: Dr. Yuichi Sei
Cutting-Edge Framework for Enhancing System Security
Researchers at the University of Electro-Communications have developed a groundbreaking framework for improving system security by analyzing business process logs. This framework focuses on ensuring that role-based access control (RBAC) rules-critical to managing who can access specific system resources-are correctly implemented. Noncompliance with these rules, whether due to error or malicious activity, can result in unauthorized access and pose significant risks to organizations.
Challenges in Ensuring Compliance with RBAC Policies
RBAC is a widely used access control model that relies on predefined roles assigned to users. However, as business processes become more complex, ensuring compliance with RBAC policies becomes more challenging. Existing methods often require extensive manual auditing or lack the tools to model and analyze complex scenarios. The new framework addresses these issues by integrating Role-Based Access Control Domain-Specific Language (RBAC DSL) and Object Constraint Language (OCL) invariant patterns to automate policy validation.
Automating Policy Validation Through Log Analysis
The process begins by transforming business process logs into structured models. These models are then analyzed to identify potential violations of access control rules. For example, the framework can detect if two tasks requiring different roles are being improperly performed by the same user. To help organizations understand and resolve these issues, the framework provides visualizations of the detected violations, significantly reducing the manual effort required for security audits.
Testing and Application in Real-World Scenarios
The research team successfully tested the framework on both real and simulated datasets, including the BPI Challenge 2017 dataset. In one case, it detected violations such as tasks requiring different roles being performed by the same person. Its flexibility and scalability make it adaptable to different industries, from e-commerce to finance. This approach not only identifies compliance gaps, but also helps organizations maintain robust security standards.
Innovations in Process Mining and Future Outlook
A key innovation of the framework is the integration of process mining techniques with security policy validation, providing a dynamic, automated approach that reduces human error and adapts to diverse systems. Future research aims to extend the framework to support other access control models, such as attribute-based access control (ABAC) and category-based access control (CBAC). The team is also exploring the use of large language models, such as GPT-4, to analyze sequential data in event logs.
Pairing Research and Practical Implementation
By automating compliance checks, this framework not only enhances security, but also reduces operational risk and supports regulatory compliance. The researchers aim to work with industry partners to refine and implement the framework in real-world systems, bridging academic research and practical application to set new standards for access control compliance.
Expert Contact
Yuichi Sei
University of Electro-Communications
Email ID: seiuny@uec.ac.jp
Original Publication
Duc-Hieu Nguyen (Main) — The University of Electro-Communications, PhD student, Yuichi Sei — The University of Electro-Communications, Professor, Yasuyuki Tahara — The University of Electro-Communications, Associate Professor, Akihiko Ohsuga — The University of Electro-Communications, Professor
Journal: International Journal of Software Engineering and Knowledge Engineering
Article Title: Toward a Pattern-Based Comprehensive Framework Using Process Mining for RBAC Conformance Checks
Article Publication Date: 6-Jan-2025
DOI: 10.1142/S0218194025500019
Media Contact
Kazuaki Oya
The University of Electro-Communications
Phone Number (Office): 42-443-5874
Email ID: oya@office.uec.ac.jp
Source: EurekAlert!
Media Contact
All latest news from the category: Information Technology
Here you can find a summary of innovations in the fields of information and data processing and up-to-date developments on IT equipment and hardware.
This area covers topics such as IT services, IT architectures, IT management and telecommunications.
Newest articles
Thermodynamics-Inspired Laser Beam Shaping Sparks a Ray of Hope
Inspired by ideas from thermodynamics, researchers at the University of Rostock and the University of Southern California have developed a new method to efficiently shape and combine high-energy laser beams….
A Breath of Fresh Air: Advanced Quantum Calculations Enable COF-999 CO₂ Adsorption
Quantum chemical calculations at HU enable the development of new porous materials that are characterized by a high absorption capacity for CO2 Climate experts agree: To overcome the climate crisis,…
Why Global Droughts Tied to Climate Change Have Left Us Feeling Under the Weather
A study led by the Swiss Federal Institute for Forest, Snow and Landscape Research WSL shows that there has been a worrying increase in the number of long droughts over…