{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,6,22]],"date-time":"2024-06-22T00:11:17Z","timestamp":1719015077087},"reference-count":88,"publisher":"Elsevier BV","issue":"4","license":[{"start":{"date-parts":[[2013,5,1]],"date-time":"2013-05-01T00:00:00Z","timestamp":1367366400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/2.zoppoz.workers.dev:443\/https\/www.elsevier.com\/tdm\/userlicense\/1.0\/"}],"content-domain":{"domain":["elsevier.com","sciencedirect.com"],"crossmark-restriction":true},"short-container-title":["Information Security Technical Report"],"published-print":{"date-parts":[[2013,5]]},"DOI":"10.1016\/j.istr.2013.03.003","type":"journal-article","created":{"date-parts":[[2013,4,22]],"date-time":"2013-04-22T15:50:33Z","timestamp":1366645833000},"page":"148-172","update-policy":"https:\/\/2.zoppoz.workers.dev:443\/http\/dx.doi.org\/10.1016\/elsevier_cm_policy","source":"Crossref","is-referenced-by-count":11,"title":["Bridging the gap between role mining and role engineering via migration guides"],"prefix":"10.1016","volume":"17","author":[{"given":"Anne","family":"Baumgrass","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Mark","family":"Strembeck","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"78","reference":[{"issue":"4","key":"10.1016\/j.istr.2013.03.003_bib1","doi-asserted-by":"crossref","DOI":"10.1145\/382912.382913","article-title":"Role-based authorization constraints specification","volume":"3","author":"Ahn","year":"2000","journal-title":"ACM Transactions on Information and System Security (TISSEC)"},{"issue":"3","key":"10.1016\/j.istr.2013.03.003_bib2","doi-asserted-by":"crossref","DOI":"10.1108\/17440080910983556","article-title":"A survey on model versioning approaches","volume":"5","author":"Altmanninger","year":"2009","journal-title":"International Journal of Web Information Systems"},{"key":"10.1016\/j.istr.2013.03.003_bib3","doi-asserted-by":"crossref","unstructured":"Backes M, Karjoth G, Bagga W, Schunter M. Efficient comparison of enterprise privacy policies. In: Proc. of the 2004 ACM Symposium on applied computing (SAC); 2004.","DOI":"10.1145\/967900.967983"},{"key":"10.1016\/j.istr.2013.03.003_bib4","doi-asserted-by":"crossref","unstructured":"Baumgrass A. Deriving current-state RBAC models from event logs. In: International workshop on security aspects of process-aware information systems (SAPAIS). Proc. of the 6th International conference on availability, reliability and security (ARES), IEEE Computer Society; 2011.","DOI":"10.1109\/ARES.2011.104"},{"key":"10.1016\/j.istr.2013.03.003_bib5","doi-asserted-by":"crossref","unstructured":"Baumgrass A, Schefer-Wenzl S, Strembeck M. Deriving process-related RBAC models from process execution histories. In: IEEE International workshop on security aspects of process and services engineering (SAPSE). In: Proc. of the 35th Annual IEEE International computer software and applications conference (COMPSAC); 2012.","DOI":"10.1109\/COMPSACW.2012.80"},{"key":"10.1016\/j.istr.2013.03.003_bib6","doi-asserted-by":"crossref","unstructured":"Baumgrass A, Strembeck M. An approach to bridge the gap between role mining and role engineering via migration guides. In: Proc. of the 7th International conference on availability, reliability and security (ARES), IEEE Computer Security; 2012.","DOI":"10.1109\/ARES.2012.77"},{"key":"10.1016\/j.istr.2013.03.003_bib7","doi-asserted-by":"crossref","unstructured":"Baumgrass A, Strembeck M, Rinderle-Ma S. Deriving role engineering artifacts from business processes and scenario models. In: Proc. of the 16th ACM Symposium on access control models and technologies (SACMAT); 2011.","DOI":"10.1145\/1998441.1998445"},{"issue":"3","key":"10.1016\/j.istr.2013.03.003_bib8","doi-asserted-by":"crossref","DOI":"10.2307\/248684","article-title":"The case research strategy in studies of information systems","volume":"11","author":"Benbasat","year":"1987","journal-title":"MIS Quarterly"},{"issue":"1","key":"10.1016\/j.istr.2013.03.003_bib9","doi-asserted-by":"crossref","DOI":"10.1145\/300830.300837","article-title":"The specification and enforcement of authorization constraints in workflow management systems","volume":"2","author":"Bertino","year":"1999","journal-title":"ACM Transactions on Information and System Security (TISSEC)"},{"issue":"4","key":"10.1016\/j.istr.2013.03.003_bib10","doi-asserted-by":"crossref","DOI":"10.1287\/isre.1080.0181","article-title":"An empirical investigation of end-user query development: the effects of improved model expressiveness vs. complexity","volume":"20","author":"Bowen","year":"2009","journal-title":"Information Systems Research"},{"issue":"2","key":"10.1016\/j.istr.2013.03.003_bib11","article-title":"Model differences in the eclipse modelling framework, UPGRADE","volume":"IX","author":"Brun","year":"2008","journal-title":"The European Journal for the Informatics Professional"},{"issue":"3","key":"10.1016\/j.istr.2013.03.003_bib12","doi-asserted-by":"crossref","DOI":"10.1111\/j.1365-2575.1996.tb00015.x","article-title":"Case study research: a multi-faceted research approach for IS","volume":"6","author":"Cavaye","year":"2008","journal-title":"Information Systems Journal"},{"key":"10.1016\/j.istr.2013.03.003_bib13","unstructured":"Chen Y, Douglis F, Huang H, Vo K. TopBlend: an efficient implementation of HtmlDiff in Java. In: Proc. of the World conference on the WWW and Internet (Web-Net); 2000."},{"issue":"9","key":"10.1016\/j.istr.2013.03.003_bib14","doi-asserted-by":"crossref","DOI":"10.5381\/jot.2007.6.9.a9","article-title":"A metamodel independent approach to difference representation","volume":"6","author":"Cicchetti","year":"2007","journal-title":"Journal of Object Technology"},{"key":"10.1016\/j.istr.2013.03.003_bib15","unstructured":"Cob\u00e9na G, Abiteboul S, Marian A. Detecting changes in XML documents. In: Proc. of the 18th International conference on data engineering (ICDE), IEEE Computer Society; 2002."},{"key":"10.1016\/j.istr.2013.03.003_bib16","series-title":"Role engineering for enterprise security management","author":"Coyne","year":"2008"},{"key":"10.1016\/j.istr.2013.03.003_bib17","unstructured":"de Medeiros A, G\u00fcnther CW. Process mining: using CPN tools to create test logs for mining algorithms. In: Proc. of the 6th Workshop and tutorial on practical use of coloured petri nets and the CPN tools; 2005."},{"issue":"2","key":"10.1016\/j.istr.2013.03.003_bib18","article-title":"Eclipse: a platform for integrating development tools","volume":"43","author":"des Rivi\u00e9res","year":"2004","journal-title":"IBM Systems Journal"},{"key":"10.1016\/j.istr.2013.03.003_bib19","series-title":"Process-aware information systems","author":"Dumas","year":"2005"},{"issue":"4","key":"10.1016\/j.istr.2013.03.003_bib20","doi-asserted-by":"crossref","DOI":"10.5465\/amr.1989.4308385","article-title":"Building theories from case study research","volume":"14","author":"Eisenhardt","year":"1989","journal-title":"The Academy of Management Review"},{"key":"10.1016\/j.istr.2013.03.003_bib21","series-title":"Role-based access control","author":"Ferraiolo","year":"2007"},{"key":"10.1016\/j.istr.2013.03.003_bib22","doi-asserted-by":"crossref","unstructured":"Fisler K, Krishnamurthi S, Meyerovich LA, Tschantz MC. Verification and change-impact analysis of access-control policies. In: Proc. of the 27th International conference on software engineering (ICSE), ACM; 2005.","DOI":"10.1145\/1062455.1062502"},{"key":"10.1016\/j.istr.2013.03.003_bib23","doi-asserted-by":"crossref","unstructured":"Frank M, Buhmann JM, Basin D. On the definition of role mining. In: Proc. of the 15th ACM Symposium on access control models and technologies (SACMAT); 2010.","DOI":"10.1145\/1809842.1809851"},{"key":"10.1016\/j.istr.2013.03.003_bib24","unstructured":"Fuchs L, Meier S. The role mining process model. In: Proc. of the 6th International conference on availability, reliability and security (ARES), IEEE Computer Security; 2011."},{"key":"10.1016\/j.istr.2013.03.003_bib25","unstructured":"Fuchs L, M\u00fcller. Automating periodic role-checks: a tool-based approach. In: Proc. Business Services: Konzepte, Technologien, Anwendungen. 9. Internationale Tagung Wirtschaftsinformatik; 2009."},{"key":"10.1016\/j.istr.2013.03.003_bib26","unstructured":"Fuchs L, Preis A. BusiROLE: a model for integrating business roles into identity management. In: Proc. of the 5th International conference on trust, privacy, and security in digital business (TrustBus); 2008."},{"key":"10.1016\/j.istr.2013.03.003_bib27","series-title":"The economic impact of role-based access control","author":"Gallaher","year":"2002"},{"key":"10.1016\/j.istr.2013.03.003_bib28","doi-asserted-by":"crossref","unstructured":"Giblin C, Graf M, Karjoth G, Wespi A, Molloy I, Lobo J, et\u00a0al. Towards an integrated approach to role engineering. In: Proc. of the 3rd ACM Workshop on assurable and usable security configuration (SafeConfig); 2010.","DOI":"10.1145\/1866898.1866908"},{"key":"10.1016\/j.istr.2013.03.003_bib29","series-title":"Using EMF","author":"Griffin","year":"2002"},{"issue":"1","key":"10.1016\/j.istr.2013.03.003_bib30","doi-asserted-by":"crossref","DOI":"10.2307\/25148625","article-title":"Design science in information systems research","volume":"28","author":"Hevner","year":"2004","journal-title":"MIS Quarterly"},{"key":"10.1016\/j.istr.2013.03.003_bib31","unstructured":"Hu J, Zhang Y, Li R. Towards automatic update of access control policy. In: Proc. of the 24th International conference on large installation system administration (LISA), USENIX Association; 2010."},{"key":"10.1016\/j.istr.2013.03.003_bib32","doi-asserted-by":"crossref","unstructured":"Hu J, Zhang Y, Li R, Lu Z. Role updating for assignments. In: Proc. of the 15th ACM Symposium on access control models and technologies (SACMAT); 2010.","DOI":"10.1145\/1809842.1809859"},{"key":"10.1016\/j.istr.2013.03.003_bib33","doi-asserted-by":"crossref","unstructured":"Irwin K, Yu T, Winsborough W. Enforcing security properties in task-based systems. In: Proc. of the 13th ACM Symposium on access control models and technologies (SACMAT); 2008.","DOI":"10.1145\/1377836.1377843"},{"key":"10.1016\/j.istr.2013.03.003_bib34","article-title":"Coloured petri nets and CPN tools for modelling and validation of concurrent systems","volume":"9","author":"Jensen","year":"2007","journal-title":"International Journal on Software Tools for Technology Transfer (STTT)"},{"key":"10.1016\/j.istr.2013.03.003_bib35","doi-asserted-by":"crossref","unstructured":"Kim M, Notkin D. Discovering and representing systematic code changes. In: Proc. of the 31st ACM\/IEEE International conference on software engineering, vol. 2 (ICSE); 2009.","DOI":"10.1109\/ICSE.2009.5070531"},{"issue":"4","key":"10.1016\/j.istr.2013.03.003_bib36","doi-asserted-by":"crossref","DOI":"10.1109\/52.391832","article-title":"Case studies for method and tool evaluation","volume":"12","author":"Kitchenham","year":"1995","journal-title":"IEEE Software"},{"key":"10.1016\/j.istr.2013.03.003_bib37","doi-asserted-by":"crossref","unstructured":"Koch M, Mancini LV, Parisi-Presicce F. On the specification and evolution of access control policies. In: Proc. of the 6th ACM Symposium on access control models and technologies (SACMAT); 2001.","DOI":"10.1145\/373256.373280"},{"key":"10.1016\/j.istr.2013.03.003_bib38","doi-asserted-by":"crossref","unstructured":"Kolovos D. Establishing correspondences between models with the Epsilon comparison language. In: Model driven architecture-foundations and applications (ECMDA-FA), Lecture notes in computer science (LNCS), vol. 5562, Springer-Verlag; 2009.","DOI":"10.1007\/978-3-642-02674-4_11"},{"key":"10.1016\/j.istr.2013.03.003_bib39","series-title":"ICSE workshop on comparison and versioning of software models","article-title":"Different models for model matching: an analysis of approaches to support model differencing","author":"Kolovos","year":"2009"},{"key":"10.1016\/j.istr.2013.03.003_bib40","doi-asserted-by":"crossref","unstructured":"Kolovski V, Hendler J, Parsia B. Analyzing web access control policies. In: Proc. of the 16th International conference on world wide web (WWW), ACM; 2007.","DOI":"10.1145\/1242572.1242664"},{"key":"10.1016\/j.istr.2013.03.003_bib41","doi-asserted-by":"crossref","unstructured":"Kuhlmann M, Shohat D, Schimpf G. Role mining \u2013 revealing business roles for security administration using data mining technology. In: Proc. of the 7th ACM Symposium on access control models and technologies (SACMAT); 2003.","DOI":"10.1145\/775433.775435"},{"key":"10.1016\/j.istr.2013.03.003_bib42","unstructured":"Kunz S, Evdokimov S, Fabian B, Stieger B, Strembeck M. Role-based access control for information federations in the industrial service sector. In: Proc. of the 18th European conference on information systems (ECIS); 2010."},{"key":"10.1016\/j.istr.2013.03.003_bib43","doi-asserted-by":"crossref","DOI":"10.1007\/s10207-010-0106-1","article-title":"EXAM: a comprehensive environment for the analysis of access control policies","volume":"9","author":"Lin","year":"2010","journal-title":"International Journal of Information Security"},{"key":"10.1016\/j.istr.2013.03.003_bib44","doi-asserted-by":"crossref","unstructured":"Lin D, Rao P, Bertino E, Lobo J. An approach to evaluate policy similarity. In: Proc. of the 12th ACM Symposium on access control models and technologies (SACMAT); 2007.","DOI":"10.1145\/1266840.1266842"},{"issue":"1","key":"10.1016\/j.istr.2013.03.003_bib46","doi-asserted-by":"crossref","DOI":"10.1145\/1330295.1330299","article-title":"XACML policy integration algorithms","volume":"11","author":"Mazzoleni","year":"2008","journal-title":"ACM Transactions on Information and System Security (TISSEC)"},{"key":"10.1016\/j.istr.2013.03.003_bib47","unstructured":"Mendling J, Strembeck M, Stermsek G, Neumann G. An approach to Extract RBAC models from BPEL4WS processes. In: Proc. of the 13th IEEE International Workshops on enabling technologies: infrastructures for collaborative enterprises (WETICE); 2004."},{"issue":"5","key":"10.1016\/j.istr.2013.03.003_bib48","doi-asserted-by":"crossref","DOI":"10.1109\/TSE.2002.1000449","article-title":"A state-of-the-art survey on software merging","volume":"28","author":"Mens","year":"2002","journal-title":"IEEE Transactions on Software Engineering"},{"issue":"11","key":"10.1016\/j.istr.2013.03.003_bib49","doi-asserted-by":"crossref","DOI":"10.1145\/219717.219748","article-title":"WordNet: a lexical database for English","volume":"38","author":"Miller","year":"1995","journal-title":"Communications of the ACM"},{"key":"10.1016\/j.istr.2013.03.003_bib50","series-title":"MOF 2.0\/XMI Mapping specification, version 2.1.1","year":"2007"},{"issue":"6","key":"10.1016\/j.istr.2013.03.003_bib51","doi-asserted-by":"crossref","DOI":"10.1109\/TSE.2009.67","article-title":"The \u201cphysics\u201d of notations: toward a scientific basis for constructing visual notations in software engineering","volume":"35","author":"Moody","year":"2009","journal-title":"IEEE Transactions on Software Engineering"},{"issue":"1","key":"10.1016\/j.istr.2013.03.003_bib52","doi-asserted-by":"crossref","DOI":"10.1016\/j.infoandorg.2006.11.001","article-title":"The qualitative interview in IS research: examining the craft","volume":"17","author":"Myers","year":"2007","journal-title":"Information and Organization"},{"key":"10.1016\/j.istr.2013.03.003_bib53","series-title":"Economic analysis of role-based access control","author":"O'Connor","year":"2010"},{"issue":"6","key":"10.1016\/j.istr.2013.03.003_bib54","doi-asserted-by":"crossref","DOI":"10.1016\/S0306-4379(02)00029-7","article-title":"Task-role-based access control model","volume":"28","author":"Oh","year":"2003","journal-title":"Information Systems"},{"key":"10.1016\/j.istr.2013.03.003_bib55","doi-asserted-by":"crossref","unstructured":"Ohst D, Welle M, Kelter U. Differences between versions of UML diagrams. In: Proc. of the 9th European Software Engineering and the 11th ACM SIGSOFT International symposium on foundations of software engineering (ESEC\/FSE); 2003.","DOI":"10.1145\/940071.940102"},{"key":"10.1016\/j.istr.2013.03.003_bib56","series-title":"Business process modeling notation (BPMN)","author":"OMG","year":"2010"},{"key":"10.1016\/j.istr.2013.03.003_bib57","doi-asserted-by":"crossref","DOI":"10.1007\/s007780100057","article-title":"A survey of approaches to automatic schema matching","volume":"10","author":"Rahm","year":"2001","journal-title":"The VLDB Journal"},{"issue":"3","key":"10.1016\/j.istr.2013.03.003_bib58","doi-asserted-by":"crossref","DOI":"10.1109\/TSMCA.2010.2087017","article-title":"A study into the factors that influence the understandability of business process models","volume":"41","author":"Reijers","year":"2011","journal-title":"IEEE Transactions on Systems, Man, and Cybernetics \u2013 Part A"},{"key":"10.1016\/j.istr.2013.03.003_bib59","doi-asserted-by":"crossref","unstructured":"Rembert AJ, Ellis CS. An initial approach to mining multiple perspectives of a business process. In: Proc. of the 5th Richard Tapia celebration of diversity in computing conference (TAPIA); 2009.","DOI":"10.1145\/1565799.1565808"},{"issue":"2","key":"10.1016\/j.istr.2013.03.003_bib60","doi-asserted-by":"crossref","DOI":"10.1007\/s10664-008-9102-8","article-title":"Guidelines for conducting and reporting case study research in software engineering","volume":"14","author":"Runeson","year":"2009","journal-title":"Empirical Software Engineering"},{"issue":"2","key":"10.1016\/j.istr.2013.03.003_bib61","doi-asserted-by":"crossref","DOI":"10.1109\/2.485845","article-title":"Role-based access control models","volume":"29","author":"Sandhu","year":"1996","journal-title":"IEEE Computer"},{"key":"10.1016\/j.istr.2013.03.003_bib62","doi-asserted-by":"crossref","unstructured":"Schefer S, Strembeck M, Mendling J, Baumgrass A. Detecting and resolving conflicts of mutual-exclusion and binding constraints in a business process context. In: Proc. of the 19th International conference on cooperative information systems (CoopIS), Lecture notes in computer science (LNCS), vol. 7044, Springer-Verlag; 2011.","DOI":"10.1007\/978-3-642-25109-2_22"},{"key":"10.1016\/j.istr.2013.03.003_bib63","doi-asserted-by":"crossref","unstructured":"Schipper A, Fuhrmann H, Hanxleden R.V. Visual comparison of graphical models. In: Proc. of the 14th IEEE International conference on engineering of complex computer systems (ICECCS), IEEE Computer Society; 2009.","DOI":"10.1109\/ICECCS.2009.15"},{"key":"10.1016\/j.istr.2013.03.003_bib64","doi-asserted-by":"crossref","unstructured":"Schlegelmilch J, Steffens U. Role mining with ORCA. In: Proc. of the 10th ACM Symposium on access control models and technologies (SACMAT); 2005.","DOI":"10.1145\/1063979.1064008"},{"key":"10.1016\/j.istr.2013.03.003_bib65","series-title":"Anhang 6 Habilitationsrichtlinien des Senats","author":"Senat der Wirtschaftsuniversit\u00e4t Wien","year":"2012"},{"issue":"3","key":"10.1016\/j.istr.2013.03.003_bib66","doi-asserted-by":"crossref","DOI":"10.1080\/00031305.1957.10501091","article-title":"Nonparametric statistics","volume":"11","author":"Siegel","year":"1957","journal-title":"The American Statistician"},{"issue":"1","key":"10.1016\/j.istr.2013.03.003_bib67","doi-asserted-by":"crossref","DOI":"10.1016\/j.dss.2008.07.002","article-title":"Towards comprehensive support for organizational mining","volume":"46","author":"Song","year":"2008","journal-title":"Decision Support Systems"},{"key":"10.1016\/j.istr.2013.03.003_bib68","series-title":"EMF: eclipse modeling framework","author":"Steinberg","year":"2008"},{"issue":"2684","key":"10.1016\/j.istr.2013.03.003_bib69","doi-asserted-by":"crossref","DOI":"10.1126\/science.103.2684.677","article-title":"On the theory of scales of measurement","volume":"103","author":"Stevens","year":"1946","journal-title":"Science"},{"key":"10.1016\/j.istr.2013.03.003_bib70","unstructured":"Strembeck M. A role engineering tool for role-based access control. In: Proc. of the 3rd Symposium on requirements engineering for information security (SREIS); 2005."},{"issue":"1","key":"10.1016\/j.istr.2013.03.003_bib71","doi-asserted-by":"crossref","DOI":"10.1109\/MSP.2010.46","article-title":"Scenario-driven role engineering","volume":"8","author":"Strembeck","year":"2010","journal-title":"IEEE Security & Privacy"},{"key":"10.1016\/j.istr.2013.03.003_bib72","doi-asserted-by":"crossref","unstructured":"Strembeck M, Mendling J. Generic algorithms for consistency checking of mutual-exclusion and binding constraints in a business process context. In: Proc. of the 18th International conference on cooperative information systems (CoopIS), Lecture notes in computer science (LNCS), vol. 6426, Springer-Verlag; 2010.","DOI":"10.1007\/978-3-642-16934-2_16"},{"issue":"5","key":"10.1016\/j.istr.2013.03.003_bib73","doi-asserted-by":"crossref","DOI":"10.1016\/j.infsof.2010.11.015","article-title":"Modeling process-related RBAC models with extended UML activity models","volume":"53","author":"Strembeck","year":"2011","journal-title":"Information and Software Technology"},{"issue":"2","key":"10.1016\/j.istr.2013.03.003_bib74","doi-asserted-by":"crossref","DOI":"10.1207\/s15516709cog1202_4","article-title":"Cognitive load during problem solving: effects on learning","volume":"12","author":"Sweller","year":"1988","journal-title":"Cognitive Science: A Multidisciplinary Journal"},{"key":"10.1016\/j.istr.2013.03.003_bib75","unstructured":"Tan K, Crampton J, Gunter CA. The consistency of task-based authorization constraints in workflow systems. In: Proc. of the 17th IEEE Workshop on computer security foundations (CSFW); 2004."},{"key":"10.1016\/j.istr.2013.03.003_bib76","doi-asserted-by":"crossref","unstructured":"Vaidya J, Atluri V, Guo Q, Adam N. Migrating to optimal RBAC with minimal perturbation. In: Proc. of the 13th ACM Symposium on access control models and technologies (SACMAT); 2008.","DOI":"10.1145\/1377836.1377839"},{"issue":"3","key":"10.1016\/j.istr.2013.03.003_bib77","doi-asserted-by":"crossref","DOI":"10.1109\/TDSC.2008.61","article-title":"Role engineering via prioritized subset enumeration","volume":"7","author":"Vaidya","year":"2010","journal-title":"IEEE Transactions on Dependable and Secure Computing"},{"key":"10.1016\/j.istr.2013.03.003_bib78","doi-asserted-by":"crossref","unstructured":"van den Brand M, Hofkamp A, Verhoeff T, Proti\u0107 Z. Assessing the quality of model-comparison tools: a method and a benchmark data set. In: Proc. of the 2nd International workshop on model comparison in practice (IWMCP); 2011.","DOI":"10.1145\/2000410.2000412"},{"key":"10.1016\/j.istr.2013.03.003_bib79","doi-asserted-by":"crossref","unstructured":"van den Brand M, Proti\u0107 Z, Verhoeff T. Fine-grained metamodel-assisted model comparison. In: Proc. of the 1st International workshop on model comparison in practice (IWMCP), ACM; 2010.","DOI":"10.1145\/1826147.1826152"},{"issue":"6","key":"10.1016\/j.istr.2013.03.003_bib80","doi-asserted-by":"crossref","DOI":"10.1007\/s10606-005-9005-9","article-title":"Discovering social networks from event logs","volume":"14","author":"van der Aalst","year":"2005","journal-title":"Computer Supported Cooperative Work (CSCW)"},{"issue":"4","key":"10.1016\/j.istr.2013.03.003_bib81","doi-asserted-by":"crossref","DOI":"10.1142\/S0218843003000814","article-title":"W-RBAC \u2013 a workflow security model incorporating controlled overriding of constraints","volume":"12","author":"Wainer","year":"2003","journal-title":"International Journal of Cooperative Information Systems (IJCIS)"},{"key":"10.1016\/j.istr.2013.03.003_bib82","unstructured":"Wang Y, DeWitt DJ, Cai J-Y. X-diff: an effective change detection algorithm for XML documents. In: Proc. of the 19th International conference on data engineering (ICDE), IEEE Computer Society; 2003."},{"key":"10.1016\/j.istr.2013.03.003_bib83","doi-asserted-by":"crossref","unstructured":"Warner J, Atluri V. Inter-instance authorization constraints for secure workflow management. In: Proc. of the 11th ACM symposium on access control models and technologies (SACMAT); 2006.","DOI":"10.1145\/1133058.1133085"},{"key":"10.1016\/j.istr.2013.03.003_bib84","doi-asserted-by":"crossref","unstructured":"Wenzel S. Scalable visualization of model differences. In: Proc. of the 2008 International workshop on comparison and versioning of software models (CVSM), ACM; 2008.","DOI":"10.1145\/1370152.1370163"},{"key":"10.1016\/j.istr.2013.03.003_bib85","doi-asserted-by":"crossref","unstructured":"Williams JR, Kolovos DS, Polack FAC, Paige RF. Requirements for a model comparison language. In: Proc. of the 2nd International workshop on model comparison in practice (IWMCP), ACM; 2011.","DOI":"10.1145\/2000410.2000415"},{"key":"10.1016\/j.istr.2013.03.003_bib86","unstructured":"Wolter C, Schaad A. Modeling of task-based authorization constraints in BPMN. In: Proc. of the 5th International conference on business process management (BPM), Lecture notes in computer science (LNCS), vol. 4714, Springer-Verlag; 2007."},{"key":"10.1016\/j.istr.2013.03.003_bib87","doi-asserted-by":"crossref","unstructured":"Xing Z, Stroulia E. UMLDiff: an algorithm for object-oriented design differencing. In: Proc. of the 20th IEEE\/ACM International conference on automated software engineering (ASE); 2005.","DOI":"10.1145\/1101908.1101919"},{"key":"10.1016\/j.istr.2013.03.003_bib88","doi-asserted-by":"crossref","unstructured":"Zhang D, Ramamohanarao K, Ebringer T. Role engineering using graph optimisation. In: Proc. of the 12th ACM symposium on access control models and technologies (SACMAT); 2007.","DOI":"10.1145\/1266840.1266862"},{"key":"10.1016\/j.istr.2013.03.003_bib89","doi-asserted-by":"crossref","unstructured":"Zhang D, Ramamohanarao K, Ebringer T, Yann T. Permission set mining: discovering practical and useful roles. In: Proc. of the 2008 annual computer security applications conference (ACSAC), IEEE Computer Society; 2008.","DOI":"10.1109\/ACSAC.2008.21"}],"container-title":["Information Security Technical Report"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/2.zoppoz.workers.dev:443\/https\/api.elsevier.com\/content\/article\/PII:S1363412713000198?httpAccept=text\/xml","content-type":"text\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/2.zoppoz.workers.dev:443\/https\/api.elsevier.com\/content\/article\/PII:S1363412713000198?httpAccept=text\/plain","content-type":"text\/plain","content-version":"vor","intended-application":"text-mining"}],"deposited":{"date-parts":[[2024,5,9]],"date-time":"2024-05-09T10:50:36Z","timestamp":1715251836000},"score":1,"resource":{"primary":{"URL":"https:\/\/2.zoppoz.workers.dev:443\/https\/linkinghub.elsevier.com\/retrieve\/pii\/S1363412713000198"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2013,5]]},"references-count":88,"journal-issue":{"issue":"4","published-print":{"date-parts":[[2013,5]]}},"alternative-id":["S1363412713000198"],"URL":"https:\/\/2.zoppoz.workers.dev:443\/https\/doi.org\/10.1016\/j.istr.2013.03.003","relation":{},"ISSN":["1363-4127"],"issn-type":[{"value":"1363-4127","type":"print"}],"subject":[],"published":{"date-parts":[[2013,5]]},"assertion":[{"value":"Elsevier","name":"publisher","label":"This article is maintained by"},{"value":"Bridging the gap between role mining and role engineering via migration guides","name":"articletitle","label":"Article Title"},{"value":"Information Security Technical Report","name":"journaltitle","label":"Journal Title"},{"value":"https:\/\/2.zoppoz.workers.dev:443\/https\/doi.org\/10.1016\/j.istr.2013.03.003","name":"articlelink","label":"CrossRef DOI link to publisher maintained version"},{"value":"article","name":"content_type","label":"Content Type"},{"value":"Copyright \u00a9 2013 Elsevier Ltd. All rights reserved.","name":"copyright","label":"Copyright"}]}}