Abstract
Organisations have expectations of how their systems should work, called modelled behaviour. However, in reality this is not usually the case. Considering flaws in modelling systems and misbehaviour from the human side result in what is called actual behaviour. Organisations typically enforce restrictions on the modelled behaviour. Therefore, checking these restrictions while assuming a system is working as expected, may provide inaccurate results or undetected violations. By relating actual and modelled behaviour, checking unleashes the maximum potential of gaining accurate and precise results.This thesis focuses on the analysis of security, particularly role-based access control (RBAC), using process mining, which allows linking the actual and modelled behaviour by following an interactive methodology to design this research. Thus, the methods used in this research are designed to answer the research questions, which aim to understand the current state of the art, find limitations, uncover challenges, and identify opportunities for improvement.
My thesis consists of four main parts. First, I conduct a systematic literature review in Chapter 3 to better understand the research landscape. Then, in Chapter 4, I provide an exploratory case study to seek new insights for the research, while in Chapter 5, I introduce a new multi-perspective approach to improve the conformance checking of RBAC.
| Date of Award | 1 Dec 2023 |
|---|---|
| Original language | English |
| Awarding Institution |
|
| Supervisor | Luca Viganò (Supervisor) & Jose Such (Supervisor) |