Online and offline conformance checking of inter-organizational business processes with incomplete process logs

Ensuring the compliance of inter-organizational business processes with security, privacy and workflow requirements poses significant challenges. For compliance checking a specification of the process model which contains important requirements like causal dependencies among actions must be compared to the available data from the process execution. Complete execution data may only become available by combining distributed event logs which are maintained and stored independently by the participants. Frequently the information in combined event logs is found to be of limited reliability and quality: the overall maturity of some event logs may be low, the temporal structure of events may be unclear/imprecise (e.g. when logs of different organizations are combined), confidentiality constraints may prevent certain activities from being logged and logs may be partially corrupted. We propose an approach using abstraction techniques based on over-approximation and under-approximation for checking the compliance of incomplete process logs with a given process specification. Such methods are widely used in Model Checking to model unmanageable information about the states of a system (state explosion). Here these techniques are applied to model unavailable information, in particular incomplete event descriptions. We show under what conditions deviations from a specification can be confirmed as anomalies and when a process can be certified as correct even in the presence of incomplete event descriptions. The methods described here can be adopted for post mortem investigation, for the prevention and detection of security anomalies and for assessing the maturity level of event logs.