Empolying process mining for RBAC analysis

    Student thesis: Doctoral ThesisDoctor of Philosophy


    Organisations have expectations of how their systems should work, called modelled behaviour. However, in reality this is not usually the case. Considering flaws in modelling systems and misbehaviour from the human side result in what is called actual behaviour. Organisations typically enforce restrictions on the modelled behaviour. Therefore, checking these restrictions while assuming a system is working as expected, may provide inaccurate results or undetected violations. By relating actual and modelled behaviour, checking unleashes the maximum potential of gaining accurate and precise results.

    This thesis focuses on the analysis of security, particularly role-based access control (RBAC), using process mining, which allows linking the actual and modelled behaviour by following an interactive methodology to design this research. Thus, the methods used in this research are designed to answer the research questions, which aim to understand the current state of the art, find limitations, uncover challenges, and identify opportunities for improvement.

    My thesis consists of four main parts. First, I conduct a systematic literature review in Chapter 3 to better understand the research landscape. Then, in Chapter 4, I provide an exploratory case study to seek new insights for the research, while in Chapter 5, I introduce a new multi-perspective approach to improve the conformance checking of RBAC.
    Date of Award1 Dec 2023
    Original languageEnglish
    Awarding Institution
    • King's College London
    SupervisorLuca Viganò (Supervisor) & Jose Such (Supervisor)

    Cite this