Choreography of ebXML business collaborations

The ebXML framework consists of eight loosely coupled specifications for conducting e-Business. The choreography of ebXML business processes is defined by instances of the business process specification schema (BPSS). The BPSS is defined as an XML schema. It specifies elements describing the inter-organizational business processes, called business collaborations, but does not concentrate on intra-organizational business processes. Most of the underlying semantics were derived from the meta model of the UN/CEFACT Modeling Methodology (UMM). In this paper we describe the characteristics of ebXML business collaborations. We demonstrate how these concepts are captured by UMM and BPSS. These concepts must be supported by any proposed alternative business process interchange format in order to bridge between ebXML and other approaches, or even to replace BPSS.     

Conceptual framework for business processes compositional verification

Context

To guarantee the success of Business Process Modelling (BPM) it is necessary to check whether the activities and tasks described by Business Processes (BPs) are sound and well coordinated.

Objective

This article describes and validates a Formal Compositional Verification Approach (FCVA) that uses a Model-Checking (MC) technique to specify and verify BPs.

Method

This is performed using the Communicating Sequential Processes +Time (CSP+T) process calculus, which adds new constructions to timed Business Process Model and Notation (BPMN) modelling entities for non- functional requirement specification.

Results

Using our proposal we are able to specify the BP Task Model (BPTM) associated with BPs by formalising the timed BPMN notational elements. The proposal also allows us to apply MC to BPTM verification. A real-life example of verifying a BPTM in the field of Customer Relationship Management (CRM) is discussed as a practical application of FCVA.

Conclusion

This approach facilitates the verification of complex BPs from independently verified local processes, and establishes a feasible way to use process calculi to verify BPs using state-of-the-art MC tools.     

Automating correctness verification of artifact-centric business process models

ContextThe artifact-centric methodology has emerged as a new paradigm to support business process management over the last few years. This way, business processes are described from the point of view of the artifacts that are manipulated during the process.ObjectiveOne of the research challenges in this area is the verification of the correctness of this kind of business process models where the model is formed of various artifacts that interact among them.MethodIn this paper, we propose a fully automated approach for verifying correctness of artifact-centric business process models, taking into account that the state (lifecycle) and the values of each artifact (numerical data described by pre and postconditions) influence in the values and the state of the others. The lifecycles of the artifacts and the numerical data managed are modeled by using the Constraint Programming paradigm, an Artificial Intelligence technique.ResultsTwo correctness notions for artifact-centric business process models are distinguished (reachability and weak termination), and novel verification algorithms are developed to check them. The algorithms are complete: neither false positives nor false negatives are generated. Moreover, the algorithms offer precise diagnosis of the detected errors, indicating the execution causing the error where the lifecycle gets stuck.ConclusionTo the best of our knowledge, this paper presents the first verification approach for artifact-centric business process models that integrates pre and postconditions, which define the behavior of the services, and numerical data verification when the model is formed of more than one artifact. The approach can detect errors not detectable with other approaches.     

Improving the official specification of Java bytecode verification

Bytecode verification is the main mechanism to ensure type safety in the Java Virtual Machine. Inadequacies in its official specification may lead to incorrect implementations where security can be broken and/or certain legal programs are rejected. This paper provides a comprehensive analysis of the specification, along with concrete suggestions for improvement. Copyright © 2003 John Wiley & Sons, Ltd.     

Towards the automatic and optimal selection of risk treatments for business processes using a constraint programming approach

ContextThe use of Business Process Management Systems (BPMS) has emerged in the IT arena for the automation of business processes. In the majority of cases, the issue of security is overlooked by default in these systems, and hence the potential cost and consequences of the materialization of threats could produce catastrophic loss for organizations. Therefore, the early selection of security controls that mitigate risks is a real and important necessity. Nevertheless, there exists an enormous range of IT security controls and their configuration is a human, manual, time-consuming and error-prone task. Furthermore, configurations are carried out separately from the organization perspective and involve many security stakeholders. This separation makes difficult to ensure the effectiveness of the configuration with regard to organizational requirements.ObjectiveIn this paper, we strive to provide security stakeholders with automated tools for the optimal selection of IT security configurations in accordance with a range of business process scenarios and organizational multi-criteria.MethodAn approach based on feature model analysis and constraint programming techniques is presented, which enable the automated analysis and selection of optimal security configurations.ResultsA catalogue of feature models is determined by analyzing typical IT security controls for BPMSs for the enforcement of the standard goals of security: integrity, confidentiality, availability, authorization, and authentication. These feature models have been implemented through constraint programs, and Constraint Programming techniques based on optimized and non-optimized searches are used to automate the selection and generation of configurations. In order to compare the results of the determination of configuration a comparative analysis is given.ConclusionIn this paper, we present innovative tools based on feature models, Constraint Programming and multi-objective techniques that enable the agile, adaptable and automatic selection and generation of security configurations in accordance with the needs of the organization.     

安全数据库顶层规范中SQL操作的形式化分析与验证

介绍了安全数据库形式化顸层规范,定义了顶层规范中SQL操作的描述,在此基础上给出简单SQL操作的定义,并对其进行分析验证,最后将一般SQL操作的分析验证转换为多个简单SQL操作的分析验证.验证过程表明,该方法既对SQL操作作了完整清晰的描述,又简化了证明.     

An OWL-based semantic business process monitoring framework

Process monitoring phase is one of the service-oriented business process (SOBP) lifecycle phases. Traditional process monitoring approaches have been only achieved at the syntactic level of the process monitoring contexts, which causes the communication problems such as ambiguous understandings and divergent interpretations. To solve the problems, the process monitoring should be achieved at the semantic level as well as at the syntax level of the process monitoring context. In order to support semantic monitoring operations, an ontology-based monitoring framework for the SOBP execution is suggested in this paper. The suggested framework combines a BPEL4WS process model with the semantic monitoring context which is expressed with OWL.     

Property specification,process verification,and reporting – A case study with vehicle-commissioning processes

Testing in the automotive industry is supposed to guarantee that vehicles are shipped without any flaw. Respective processes are complex, due to the variety of components and electronic devices in modern vehicles. To achieve error-free processes, their formal analysis is required. Specifying and maintaining properties the processes must satisfy in a user-friendly way is a core requirement on any verification system. We have observed that there are few property templates that testing processes must adhere to, and we describe these templates. They depend on the context of the processes, e.g., the components of the vehicle or testing stations. We have developed a framework that instantiates the templates of properties at verification time and then verifies the process against these instances. To allow an automatic verification we develop a transformation of the commissioning process to a Petri net. Using a novel approach, we are able to report the found violations to the user in a user-friendly way. Our empirical evaluation with the industrial partner has shown that our framework does detect property violations in processes. From expert interviews we conclude that our framework is user-friendly and well suited to operate in a real production environment.     

On the verification of UML/OCL class diagrams using constraint programming

Assessment of the correctness of software models is a key issue to ensure the quality of the final application. To this end, this paper presents an automatic method for the verification of UML class diagrams extended with OCL constraints. Our method checks compliance of the diagram with respect to several correctness properties including weak and strong satisfiability or absence of constraint redundancies among others. The method works by translating the UML/OCL model into a Constraint Satisfaction Problem (CSP) that is evaluated using state-of-the-art constraint solvers to determine the correctness of the initial model. Our approach is particularly relevant to current MDA and MDD methods where software models are the primary artifacts of the development process and the basis for the (semi-)automatic code-generation of the final application.     

A practical data-flow verification scheme for business processes

Data in business processes becomes more and more important. Current standard languages for process modeling like BPMN 2.0 which include the data flow reflect this. Ensuring the correctness of the data flow in processes is challenging. Model checking, i.e., verifying properties of process models, is a well-known technique to this end. An important part of model checking is the construction of the state space of the model. However, state-space explosion typically is in the way of an effective verification. We study how to overcome this problem in our context by means of reduction. More specifically, we propose a reduction on the level of the process model. To our knowledge, this is new for the data-flow analysis of processes. The core of our approach are so-called regions of the process model that are relevant for the verification of properties describing the data flow. Non-relevant regions are candidates for reduction of the process model, yielding a smaller state space. Our evaluation shows that our approach works well on industrial process models.     

Secure business process model specification through a UML 2.0 activity diagram profile

Business processes have become important resources, both for an enterprise's performance and to enable it to maintain its competitiveness. The languages used for business process representation have, in recent years, been improved and new notations have appeared. However, despite the wide acceptance of the importance of business process security, to date the business analyst perspective in relation to security has hardly been dealt with. Moreover, security requirements cannot be represented in modern business process modeling notations.In this paper, we present an extension of UML 2.0 activity diagrams which will allow security requirements to be specified in business processes. Our proposal, denominated as BPSec (Business Process Security), is Model Driven Architecture compliant since it is possible to obtain a set of UML artifacts (Platform Independent Model-PIM) used in software development from a Secure Business Process model specification (Computation Independent Model-CIM). We also present the application of our approach to an example based on a typical health care institution, in which our M-BPSec method is employed as a framework for the use of our UML extension.     

Detecting artifact anomalies in business process specifications with a formal model

Many business process analysis models have been proposed, however there are few discussions for artifact usages in workflow specifications. A well-structured business process with sufficient resources might fail or yield unexpected results dynamically due to inaccurate artifact specification, e.g. an inconsistency between artifact and control flow, or contradictions between artifact operations. This paper, based on our previous work, presents a model for describing the input/output of a workflow process and analyzes the artifact usages upon the model. This work identifies and formulates thirteen cases of artifact usage anomalies affecting process execution and categorizes the cases into three types. Moreover, the methods for detecting these anomalies with time complexities O(n²), less than O(n³) in previous methods, are presented. Besides, the paper uses an example to demonstrate the processing of them.     

基于Z规格的UML模型形式化转换及验证

统一建模语言(UML)所建立的模型的正确性无法通过其本身进行形式化验证,为解决这个问题,根据UML模型的静态性质和动态模块行为两个方面提出结合形式化规格说明语言的模型形式化方案,以此为基础提出将UML目标模型转化为Z规格说明的形式化方法,并用Z-EVES工具形式化检测Z规格描述的正确性.通过实例分析验证了该方法的可行性.     

Analysis and improvement of business process models using spreadsheets

Software in general is thoroughly analyzed before it is released to its users. Business processes often are not – at least not as thoroughly as it could be – before they are released to their users, e.g., employees or software agents. This paper ascribes this practice to the lack of suitable instruments for business process analysts, who design the processes, and aims to provide them with the necessary instruments to allow them to also analyze their processes. We use the spreadsheet paradigm to represent business process analysis tasks, such as writing metrics and assertions, running performance analysis and verification tasks, and reporting on the outcomes, and implement a spreadsheet-based tool for business process analysis. The results of two independent user studies demonstrate the viability of the approach.     

Semantic specification using two-level grammars: Blocks, procedures and parameters

Formal specifications are presented for the complete syntax and semantics of an ALGOL-like language fragment, using a recently introduced definitional technique employing two-level grammars (W-grammars). The fragment contains several important features whose dynamic semantics have not previously been treated by means of this technique: block structure, (recursive) procedures, and parameters passed by value, by reference, and by name. The degree of conciseness, clarity, etc., of the specifications is comparable to that obtainable with other approaches to formal seamantics, and it is concluded that two-level grammars must currently be regarded as a competitive approach for progress in language specification.     

The impact of process standardization on business process outsourcing success

What is the impact of business process standardization on business process outsourcing (BPO) success? This paper argues that there is a direct impact of process standardization on BPO success, due to production cost economies, and also an indirect effect via improved contractual and relational governance resulting from better monitoring opportunities and facilitated communication and coordination. This threefold impact of standardization on BPO success is empirically confirmed using data from 335 BPO ventures in 215 German banks.     

Conformance checking and diagnosis for declarative business process models in data-aware scenarios

A business process (BP) consists of a set of activities which are performed in coordination in an organizational and technical environment and which jointly realize a business goal. In such context, BP management (BPM) can be seen as supporting BPs using methods, techniques, and software in order to design, enact, control, and analyze operational processes involving humans, organizations, applications, and other sources of information. Since the accurate management of BPs is receiving increasing attention, conformance checking, i.e., verifying whether the observed behavior matches a modelled behavior, is becoming more and more critical. Moreover, declarative languages are more frequently used to provide an increased flexibility. However, whereas there exist solid conformance checking techniques for imperative models, little work has been conducted for declarative models. Furthermore, only control-flow perspective is usually considered although other perspectives (e.g., data) are crucial. In addition, most approaches exclusively check the conformance without providing any related diagnostics. To enhance the accurate management of flexible BPs, this work presents a constraint-based approach for conformance checking over declarative BP models (including both control-flow and data perspectives). In addition, two constraint-based proposals for providing related diagnosis are detailed. To demonstrate both the effectiveness and the efficiency of the proposed approaches, the analysis of different performance measures related to a wide diversified set of test models of varying complexity has been performed.