Generic business process modelling framework for quantitative evaluation

PhD ThesisBusiness processes are the backbone of organisations used to automate and increase the efficiency and effectiveness of their services and prod- ucts. The rapid growth of the Internet and other Web based technologies has sparked competition between organisations in attempting to provide a faster, cheaper and smarter environment for customers. In response to these requirements, organisations are examining how their business processes may be evaluated so as to improve business performance. This thesis proposes a generic framework to expand the applicability of various quantitative evaluation to a large class of business processes. The framework introduces a novel engineering methodology that defines a modelling formalism to represent business processes that can be solved for a set of performance and optimisation algorithms. The methodology allows various types of algorithms used in model-based business pro- cess improvement and optimisation to be plugged in a single modelling formalism. As a part of the framework, a generic modelling formalism (MWF-wR) is developed to represent business processes so as to allow quantitative evaluation and to select the parameters for the associated performance evaluation and optimisation. The generic framework is designed and implemented by developing soft- ware support tools using Java as object oriented programming language combining three main modules: (i) a business process specification mod- ule to define the components of the business process model, (ii) a stochas- tic Petri net module to map the business process model to a stochastic Petri net, and (iii) an algorithms module to solve the models for various performance optimisation objectives. Furthermore, a literature survey of different aspects of business processes including modelling and analy- sis techniques provides an overview of the current state of research and highlights gaps in business process modelling and performance analy- sis. Finally, experiments are introduced to investigate the validity of the presented approach

Evaluating Resilience of Cyber-Physical-Social Systems

Nowadays, protecting the network is not the only security concern. Still, in cyber security, websites and servers are becoming more popular as targets due to the ease with which they can be accessed when compared to communication networks. Another threat in cyber physical social systems with human interactions is that they can be attacked and manipulated not only by technical hacking through networks, but also by manipulating people and stealing users’ credentials. Therefore, systems should be evaluated beyond cy- ber security, which means measuring their resilience as a piece of evidence that a system works properly under cyber-attacks or incidents. In that way, cyber resilience is increas- ingly discussed and described as the capacity of a system to maintain state awareness for detecting cyber-attacks. All the tasks for making a system resilient should proactively maintain a safe level of operational normalcy through rapid system reconfiguration to detect attacks that would impact system performance. In this work, we broadly studied a new paradigm of cyber physical social systems and defined a uniform definition of it. To overcome the complexity of evaluating cyber resilience, especially in these inhomo- geneous systems, we proposed a framework including applying Attack Tree refinements and Hierarchical Timed Coloured Petri Nets to model intruder and defender behaviors and evaluate the impact of each action on the behavior and performance of the system.Hoje em dia, proteger a rede não é a única preocupação de segurança. Ainda assim, na segurança cibernética, sites e servidores estão se tornando mais populares como alvos devido à facilidade com que podem ser acessados quando comparados às redes de comu- nicação. Outra ameaça em sistemas sociais ciberfisicos com interações humanas é que eles podem ser atacados e manipulados não apenas por hackers técnicos através de redes, mas também pela manipulação de pessoas e roubo de credenciais de utilizadores. Portanto, os sistemas devem ser avaliados para além da segurança cibernética, o que significa medir sua resiliência como uma evidência de que um sistema funciona adequadamente sob ataques ou incidentes cibernéticos. Dessa forma, a resiliência cibernética é cada vez mais discutida e descrita como a capacidade de um sistema manter a consciência do estado para detectar ataques cibernéticos. Todas as tarefas para tornar um sistema resiliente devem manter proativamente um nível seguro de normalidade operacional por meio da reconfi- guração rápida do sistema para detectar ataques que afetariam o desempenho do sistema. Neste trabalho, um novo paradigma de sistemas sociais ciberfisicos é amplamente estu- dado e uma definição uniforme é proposta. Para superar a complexidade de avaliar a resiliência cibernética, especialmente nesses sistemas não homogéneos, é proposta uma estrutura que inclui a aplicação de refinamentos de Árvores de Ataque e Redes de Petri Coloridas Temporizadas Hierárquicas para modelar comportamentos de invasores e de- fensores e avaliar o impacto de cada ação no comportamento e desempenho do sistema

Customizable service-oriented Petri net controllers

In industrial automation, service-orientation is a relatively new and ascending concept and thus, concrete integrated methodologies are missing to accomplish the required development tasks. A suitable approach is to use the powerful set of features that Petri nets formalism provides for such dynamic systems. This paper presents a token game template that is part of the open methodology for the development of customized Petri nets controllers, targeting the engineering of service-oriented industrial automation. This template is based on a state machine specification for the life-cycle of transitions that leaves several options open for extending it with features depending on the application. The practical use and implementation should bring, among others, featured-full and integrated modeling, analysis and control capabilities, which is required by service-oriented ecosystems. This core structure was used and validated in the development of control applications for an industrial automation system.The authors would like to thank the European Commission and the partners of the EU IST FP6 project “Service-Oriented Cross-layer infrastructure for Distributed smart Embedded devices” (SOCRADES), the EU FP6 “Network of Excellence for Innovative Production Machines and Systems” (I*PROMS), and the European ICT FP7 project “Cooperating Objects Network of Excellence” (CONET) for their support

Engineering framework for service-oriented automation systems

Tese de doutoramento. Engenharia Informática. Universidade do Porto. Faculdade de Engenharia. 201

Integration of the Cimosa and high-level coloured Petri net modelling techniques with application in the postal process using hierarchical dispatching rules

Enterprise processes, i.e. business and manufacturing, rely on enterprise modelling and simulation tools to assess the quality of their structure and performance in an unobtrusive and cost-effective way. Each of these processes is a collaboration of inseparable elements such as resources, information, operations, and organization. In order to provide a more complete assessment of enterprise processes, a simulation approach that allows communication and interaction among these elements needs to be provided. The simulation approach requires an analysis of the performance of each element and its influence on other elements in an object-oriented way. It also needs to have the capability to represent the structures and dynamics of the elements mentioned, and to present the performance assessment comprehensively. This will ensure a more holistic simulation modelling task. These simulation requirements have motivated the investigation of the novel integration of two popular enterprise process modelling methods: Cimosa and high-level coloured Petri net. The Cimosa framework is used to formalize the enterprise modelling procedure in the aspects of representing process elements, structure, behaviours, and relationships. The high-level coloured Petri nets method provides the mechanism to simulate the dynamics of objects and their characteristics, and also to enable communication among the objects. The approach is applied on a postal process model, which involves elements from manufacturing processes, i.e. machine processing (sorting), inventory (storage), product flow, and resource planning. Simulation studies based on the hierarchical dispatching rules show that the integrated approach is able to present vital information regarding the communication method, resource management, and the effect of interactions among these manufacturing process elements, which are not provided by the current modelling system in the postal company. The current paper has presented a novel mechanism, i.e. Cimosa—HCTSPN modelling approach, to extract information on process elements and their interactions. It has also presented the novel hierarchical dispatching rules and contributed to the extension of information that can be represented for a postal process

Reo + mCRL2: A Framework for Model-Checking Dataflow in Service Compositions

The paradigm of service-oriented computing revolutionized the field of software engineering. According to this paradigm, new systems are composed of existing stand-alone services to support complex cross-organizational business processes. Correct communication of these services is not possible without a proper coordination mechanism. The Reo coordination language is a channel-based modeling language that introduces various types of channels and their composition rules. By composing Reo channels, one can specify Reo connectors that realize arbitrary complex behavioral protocols. Several formalisms have been introduced to give semantics to Reo. In their most basic form, they reflect service synchronization and dataflow constraints imposed by connectors. To ensure that the composed system behaves as intended, we need a wide range of automated verification tools to assist service composition designers. In this paper, we present our framework for the verification of Reo using the mCRL2 toolset. We unify our previous work on mapping various semantic models for Reo, namely, constraint automata, timed constraint automata, coloring semantics and the newly developed action constraint automata, to the process algebraic specification language of mCRL2, address the correctness of this mapping, discuss tool support, and present a detailed example that illustrates the use of Reo empowered with mCRL2 for the analysis of dataflow in service-based process models