8,179 research outputs found
A System for Deduction-based Formal Verification of Workflow-oriented Software Models
The work concerns formal verification of workflow-oriented software models
using deductive approach. The formal correctness of a model's behaviour is
considered. Manually building logical specifications, which are considered as a
set of temporal logic formulas, seems to be the significant obstacle for an
inexperienced user when applying the deductive approach. A system, and its
architecture, for the deduction-based verification of workflow-oriented models
is proposed. The process of inference is based on the semantic tableaux method
which has some advantages when compared to traditional deduction strategies.
The algorithm for an automatic generation of logical specifications is
proposed. The generation procedure is based on the predefined workflow patterns
for BPMN, which is a standard and dominant notation for the modeling of
business processes. The main idea for the approach is to consider patterns,
defined in terms of temporal logic,as a kind of (logical) primitives which
enable the transformation of models to temporal logic formulas constituting a
logical specification. Automation of the generation process is crucial for
bridging the gap between intuitiveness of the deductive reasoning and the
difficulty of its practical application in the case when logical specifications
are built manually. This approach has gone some way towards supporting,
hopefully enhancing our understanding of, the deduction-based formal
verification of workflow-oriented models.Comment: International Journal of Applied Mathematics and Computer Scienc
An LTL Semantics of Business Workflows with Recovery
We describe a business workflow case study with abnormal behavior management
(i.e. recovery) and demonstrate how temporal logics and model checking can
provide a methodology to iteratively revise the design and obtain a correct-by
construction system. To do so we define a formal semantics by giving a
compilation of generic workflow patterns into LTL and we use the bound model
checker Zot to prove specific properties and requirements validity. The working
assumption is that such a lightweight approach would easily fit into processes
that are already in place without the need for a radical change of procedures,
tools and people's attitudes. The complexity of formalisms and invasiveness of
methods have been demonstrated to be one of the major drawback and obstacle for
deployment of formal engineering techniques into mundane projects
Recommended from our members
Computerization of workflows, guidelines and care pathways: a review of implementation challenges for process-oriented health information systems
There is a need to integrate the various theoretical frameworks and formalisms for modeling clinical guidelines, workflows, and pathways, in order to move beyond providing support for individual clinical decisions and toward the provision of process-oriented, patient-centered, health information systems (HIS). In this review, we analyze the challenges in developing process-oriented HIS that formally model guidelines, workflows, and care pathways. A qualitative meta-synthesis was performed on studies published in English between 1995 and 2010 that addressed the modeling process and reported the exposition of a new methodology, model, system implementation, or system architecture. Thematic analysis, principal component analysis (PCA) and data visualisation techniques were used to identify and cluster the underlying implementation ‘challenge’ themes. One hundred and eight relevant studies were selected for review. Twenty-five underlying ‘challenge’ themes were identified. These were clustered into 10 distinct groups, from which a conceptual model of the implementation process was developed. We found that the development of systems supporting individual clinical decisions is evolving toward the implementation of adaptable care pathways on the semantic web, incorporating formal, clinical, and organizational ontologies, and the use of workflow management systems. These architectures now need to be implemented and evaluated on a wider scale within clinical settings
A Declarative Framework for Specifying and Enforcing Purpose-aware Policies
Purpose is crucial for privacy protection as it makes users confident that
their personal data are processed as intended. Available proposals for the
specification and enforcement of purpose-aware policies are unsatisfactory for
their ambiguous semantics of purposes and/or lack of support to the run-time
enforcement of policies.
In this paper, we propose a declarative framework based on a first-order
temporal logic that allows us to give a precise semantics to purpose-aware
policies and to reuse algorithms for the design of a run-time monitor enforcing
purpose-aware policies. We also show the complexity of the generation and use
of the monitor which, to the best of our knowledge, is the first such a result
in literature on purpose-aware policies.Comment: Extended version of the paper accepted at the 11th International
Workshop on Security and Trust Management (STM 2015
The Need for Compliance Verification in Collaborative Business Processes
Compliance constrains processes to adhere to rules, standards, laws
and regulations. Non-compliance subjects enterprises to litigation and financial
fines. Collaborative business processes cross organizational and regional
borders implying that internal and cross regional regulations must be complied
with. To protect customs’ data, European enterprises must comply with the EU
data privacy regulation (general data protection regulation - GDPR) and each
member state’s data protection laws. An example of non-compliance with
GDPR is Facebook, it is accused for breaching subscriber trust. Compliance
verification is thus essential to deploy and implement collaborative business
process systems. It ensures that processes are checked for conformance to
compliance requirements throughout their life cycle. In this paper we take a
proactive approach aiming to discuss the need for design time preventative
compliance verification as opposed to after effect runtime detective approach.
We use a real-world case to show how compliance needs to be analyzed and
show the benefits of applying compliance check at the process design stag
Verifying the Interplay of Authorization Policies and Workflow in Service-Oriented Architectures (Full version)
A widespread design approach in distributed applications based on the
service-oriented paradigm, such as web-services, consists of clearly separating
the enforcement of authorization policies and the workflow of the applications,
so that the interplay between the policy level and the workflow level is
abstracted away. While such an approach is attractive because it is quite
simple and permits one to reason about crucial properties of the policies under
consideration, it does not provide the right level of abstraction to specify
and reason about the way the workflow may interfere with the policies, and vice
versa. For example, the creation of a certificate as a side effect of a
workflow operation may enable a policy rule to fire and grant access to a
certain resource; without executing the operation, the policy rule should
remain inactive. Similarly, policy queries may be used as guards for workflow
transitions.
In this paper, we present a two-level formal verification framework to
overcome these problems and formally reason about the interplay of
authorization policies and workflow in service-oriented architectures. This
allows us to define and investigate some verification problems for SO
applications and give sufficient conditions for their decidability.Comment: 16 pages, 4 figures, full version of paper at Symposium on Secure
Computing (SecureCom09
The Need for Compliance Verification in Collaborative Business Processes
Compliance constrains processes to adhere to rules, standards, laws
and regulations. Non-compliance subjects enterprises to litigation and financial
fines. Collaborative business processes cross organizational and regional
borders implying that internal and cross regional regulations must be complied
with. To protect customs’ data, European enterprises must comply with the EU
data privacy regulation (general data protection regulation - GDPR) and each
member state’s data protection laws. An example of non-compliance with
GDPR is Facebook, it is accused for breaching subscriber trust. Compliance
verification is thus essential to deploy and implement collaborative business
process systems. It ensures that processes are checked for conformance to
compliance requirements throughout their life cycle. In this paper we take a
proactive approach aiming to discuss the need for design time preventative
compliance verification as opposed to after effect runtime detective approach.
We use a real-world case to show how compliance needs to be analyzed and
show the benefits of applying compliance check at the process design stag
- …