However, flexible systems pose challenges in terms of security. For this reason, often, expected behaviors are modelled using processes that describe the expected flow of operations and the extent to which deviations can be acceptable. At the same time, systems implementing these processes leave traces of the executions, thus enabling forensics investigations.
During the course we will investigate how process mining techniques can help to study the execution of processes as these are recorded. Textual description of some security processes will be presented together with some event logs referring to corresponding executions.