Next-Level System Security: Smarter Access Control for Organizations

Cutting-Edge Framework for Enhancing System Security

Researchers at the University of Electro-Communications have developed a groundbreaking framework for improving system security by analyzing business process logs. This framework focuses on ensuring that role-based access control (RBAC) rules-critical to managing who can access specific system resources-are correctly implemented. Noncompliance with these rules, whether due to error or malicious activity, can result in unauthorized access and pose significant risks to organizations.

Challenges in Ensuring Compliance with RBAC Policies

RBAC is a widely used access control model that relies on predefined roles assigned to users. However, as business processes become more complex, ensuring compliance with RBAC policies becomes more challenging. Existing methods often require extensive manual auditing or lack the tools to model and analyze complex scenarios. The new framework addresses these issues by integrating Role-Based Access Control Domain-Specific Language (RBAC DSL) and Object Constraint Language (OCL) invariant patterns to automate policy validation.

Automating Policy Validation Through Log Analysis

The process begins by transforming business process logs into structured models. These models are then analyzed to identify potential violations of access control rules. For example, the framework can detect if two tasks requiring different roles are being improperly performed by the same user. To help organizations understand and resolve these issues, the framework provides visualizations of the detected violations, significantly reducing the manual effort required for security audits.

Testing and Application in Real-World Scenarios

The research team successfully tested the framework on both real and simulated datasets, including the BPI Challenge 2017 dataset. In one case, it detected violations such as tasks requiring different roles being performed by the same person. Its flexibility and scalability make it adaptable to different industries, from e-commerce to finance. This approach not only identifies compliance gaps, but also helps organizations maintain robust security standards.

Innovations in Process Mining and Future Outlook

A key innovation of the framework is the integration of process mining techniques with security policy validation, providing a dynamic, automated approach that reduces human error and adapts to diverse systems. Future research aims to extend the framework to support other access control models, such as attribute-based access control (ABAC) and category-based access control (CBAC). The team is also exploring the use of large language models, such as GPT-4, to analyze sequential data in event logs.

Pairing Research and Practical Implementation

By automating compliance checks, this framework not only enhances security, but also reduces operational risk and supports regulatory compliance. The researchers aim to work with industry partners to refine and implement the framework in real-world systems, bridging academic research and practical application to set new standards for access control compliance.

Expert Contact
Yuichi Sei
University of Electro-Communications
Email ID: seiuny@uec.ac.jp

Original Publication
Duc-Hieu Nguyen (Main) — The University of Electro-Communications, PhD student, Yuichi Sei — The University of Electro-Communications, Professor, Yasuyuki Tahara — The University of Electro-Communications, Associate Professor, Akihiko Ohsuga — The University of Electro-Communications, Professor
Journal: International Journal of Software Engineering and Knowledge Engineering
Article Title: Toward a Pattern-Based Comprehensive Framework Using Process Mining for RBAC Conformance Checks
Article Publication Date: 6-Jan-2025
DOI: 10.1142/S0218194025500019 

Media Contact
Kazuaki Oya
The University of Electro-Communications
Phone Number (Office): 42-443-5874
Email ID: oya@office.uec.ac.jp

Source: EurekAlert!