19,487 research outputs found

    Contract specification for compliance checking of business interactions

    Get PDF
    PhD ThesisIn the business world, contracts are used to regulate business interactions between trading parties. When business transactions are conducted over an electronic channel, electronic forms of contracts are needed; and because of the additional capabilities of an electronic means, their function can be extended to include compliance checking for the interactions of the parties, and enforcement of contractual clauses when needed. A contract is assumed to be a document that stipulates a list of clauses stating rights, obligations and prohibitions, and their associated constraints, that business partners are expected to honour. Compliance checking is taken to mean checking if business operations executed by business partners match with their rights, obligations and prohibitions as stipulated in the contract. We intend enforcement as making sure that business operations match the rights, obligations, and prohibitions of the parties, possibly compensating for deviations from expected behaviour. In traditional business interactions, compliance checking and enforcement are carried out man- ually. With electronic business interactions, such tasks can ideally be automated. This requires a model for the process of checking contract compliance, and an electronic language for the speci ca- tion of the actual contract. The rst main contribution of this thesis is such a model. The EROP model (from Events, Rights, Obligations and Prohibitions), composed of an ontology and an architecture, observes the interactions between the business partners, forms an interpretation of their outcome from a neutral perspective and checks their contractual compliance by matching executed operations with their sets of rights, obligations, and prohibitions, and reacting accordingly to them. Implementations of the EROP ontology and of an experimental prototype of the architecture are also presented. The second main contribution of this thesis is the EROP language, designed to specify contractual compliance, and to regulate execution of business operations through the manipulation of the sets of rights, obligations and prohibitions of the business partners. The EROP language is rule-based and event-driven, and, in a similar fashion to contracts in natural language, contractual clauses are expressed as business rules, conditional statements associating events and conditions to lists of actions altering the rights, obligations and prohibitions of the participants. The practicality of the approach taken with the EROP language is evaluated presenting a larger, complete scenario and a number of smaller ones taken from comparable work. Notes on the translation of the EROP language to one on a lower level of abstraction that relies on the implementation of the EROP ontology are also presented. The Appendix presents a formal grammar for the language.UK EPSRC e-Science Pilot Project: "GOLD (Grid-based Information Models to Support the Rapid Innovation of High Value Added Chemicals)

    A toolkit for model checking of electronic contracts

    Get PDF
    PhD ThesisIn the business world, contracts are used to regulate business interactions between trading parties. In this context, an electronic contracting systems can be used to monitor business–to–business interactions to ensure that they comply with the rights (permissions), obligations and prohibitions stipulated in contract clauses. Such an electronic contracting system will require an executable version of the contract (e-contract) for compliance checking. It is important to be verify the correctness properties of an e- contract before deploying it for compliance checking. Model checkers are widely used for automatic verification of concurrent systems. However, such tools for e-contracts with means for expressing directly and intu- itively key concepts that appear recurrently in contracts, such as execu- tions of business operations, granting (cancellation, suspension, fulfilment, violation, etc.) of rights, obligations and prohibitions to role players are not yet available. This thesis rectifies the situation by developing a high-level e-contract verification toolkit using the Spin model checker. A formal Contractual Business-To-Business interaction (CB2B) model based on the concepts of contract compliance checking developed earlier at Newcastle university has been constructed. Further, Promela, the input language of the Spin model checker, has been extended in a manner that enables specification of contract clauses in terms of contract entities: role players, business operations, rights, obligations and prohibitions. A given contract can now be expressed using extended Promela as a set of declarations and a set of Event-Condition-Action rules. In addition, the designer can specify the correctness requirements to be verified in Linear-Temporal-Logic directly in terms of the contract entities. A notable feature is that the CB2B model automatically checks for contract independent properties: properties that must hold for all contracts. For example, at run time, a contract should not simultaneously grant a role player a right to perform an operation and also prohibit it. Thus, the toolkit hides much of the intricate details of dealing with Promela processes communicating through channels and enables a designer to build verifiable abstract models directly in terms of contract entities. The usefulness of the toolkit is demonstrated by trying out a number of contract examples used by researchers working on contract verification. The thesis also shows how the toolkit can be used for generating test cases for testing an implemented system

    CamFlow: Managed Data-sharing for Cloud Services

    Full text link
    A model of cloud services is emerging whereby a few trusted providers manage the underlying hardware and communications whereas many companies build on this infrastructure to offer higher level, cloud-hosted PaaS services and/or SaaS applications. From the start, strong isolation between cloud tenants was seen to be of paramount importance, provided first by virtual machines (VM) and later by containers, which share the operating system (OS) kernel. Increasingly it is the case that applications also require facilities to effect isolation and protection of data managed by those applications. They also require flexible data sharing with other applications, often across the traditional cloud-isolation boundaries; for example, when government provides many related services for its citizens on a common platform. Similar considerations apply to the end-users of applications. But in particular, the incorporation of cloud services within `Internet of Things' architectures is driving the requirements for both protection and cross-application data sharing. These concerns relate to the management of data. Traditional access control is application and principal/role specific, applied at policy enforcement points, after which there is no subsequent control over where data flows; a crucial issue once data has left its owner's control by cloud-hosted applications and within cloud-services. Information Flow Control (IFC), in addition, offers system-wide, end-to-end, flow control based on the properties of the data. We discuss the potential of cloud-deployed IFC for enforcing owners' dataflow policy with regard to protection and sharing, as well as safeguarding against malicious or buggy software. In addition, the audit log associated with IFC provides transparency, giving configurable system-wide visibility over data flows. [...]Comment: 14 pages, 8 figure

    Implementation of Smart Contracts Using Hybrid Architectures with On- and Off-Blockchain Components

    Full text link
    Recently, decentralised (on-blockchain) platforms have emerged to complement centralised (off-blockchain) platforms for the implementation of automated, digital (smart) contracts. However, neither alternative can individually satisfy the requirements of a large class of applications. On-blockchain platforms suffer from scalability, performance, transaction costs and other limitations. Off-blockchain platforms are afflicted by drawbacks due to their dependence on single trusted third parties. We argue that in several application areas, hybrid platforms composed from the integration of on- and off-blockchain platforms are more able to support smart contracts that deliver the desired quality of service (QoS). Hybrid architectures are largely unexplored. To help cover the gap, in this paper we discuss the implementation of smart contracts on hybrid architectures. As a proof of concept, we show how a smart contract can be split and executed partially on an off-blockchain contract compliance checker and partially on the Rinkeby Ethereum network. To test the solution, we expose it to sequences of contractual operations generated mechanically by a contract validator tool.Comment: 12 pages, 7 figure

    The interaction of lean and building information modeling in construction

    Get PDF
    Lean construction and Building Information Modeling are quite different initiatives, but both are having profound impacts on the construction industry. A rigorous analysis of the myriad specific interactions between them indicates that a synergy exists which, if properly understood in theoretical terms, can be exploited to improve construction processes beyond the degree to which it might be improved by application of either of these paradigms independently. Using a matrix that juxtaposes BIM functionalities with prescriptive lean construction principles, fifty-six interactions have been identified, all but four of which represent constructive interaction. Although evidence for the majority of these has been found, the matrix is not considered complete, but rather a framework for research to explore the degree of validity of the interactions. Construction executives, managers, designers and developers of IT systems for construction can also benefit from the framework as an aid to recognizing the potential synergies when planning their lean and BIM adoption strategies

    Towards an integrated perspective on fleet asset management: engineering and governance considerations

    Get PDF
    The traditional engineering perspective on asset management concentrates on the operational performance the assets. This perspective aims at managing assets through their life-cycle, from technical specification, to acquisition, operation including maintenance, and disposal. However, the engineering perspective often takes for granted organizational-level factors. For example, a focus on performance at the asset level may lead to ignore performance measures at the business unit level. The governance perspective on asset management usually concentrates on organizational factors, and measures performance in financial terms. In doing so, the governance perspective tends to ignore the engineering considerations required for optimal asset performance. These two perspectives often take each other for granted. However experience demonstrates that an exclusive focus on one or the other may lead to sub-optimal performance. For example, the two perspectives have different time frames: engineering considers the long term asset life-cycle whereas the organizational time frame is based on a yearly financial calendar. Asset fleets provide a relevant and important context to investigate the interaction between engineering and governance views on asset management as fleets have distributed system characteristics. In this project we investigate how engineering and governance perspectives can be reconciled and integrated to enable optimal asset and organizational performance in the context of asset fleets
    • 

    corecore