Extensibility of Enterprise Modelling Languages

Die Arbeit adressiert insgesamt drei Forschungsschwerpunkte. Der erste Schwerpunkt setzt sich mit zu entwickelnden BPMN-Erweiterungen auseinander und stellt deren methodische Implikationen im Rahmen der bestehenden Sprachstandards dar. Dies umfasst zum einen ganz konkrete Spracherweiterungen wie z. B. BPMN4CP, eine BPMN-Erweiterung zur multi-perspektivischen Modellierung von klinischen Behandlungspfaden. Zum anderen betrifft dieser Teil auch modellierungsmethodische Konsequenzen, um parallel sowohl die zugrunde liegende Sprache (d. h. das BPMN-Metamodell) als auch die Methode zur Erweiterungsentwicklung zu verbessern und somit den festgestellten Unzulänglichkeiten zu begegnen. Der zweite Schwerpunkt adressiert die Untersuchung von sprachunabhängigen Fragen der Erweiterbarkeit, welche sich entweder während der Bearbeitung des ersten Teils ergeben haben oder aus dessen Ergebnissen induktiv geschlossen wurden. Der Forschungsschwerpunkt fokussiert dabei insbesondere eine Konsolidierung bestehender Terminologien, die Beschreibung generisch anwendbarer Erweiterungsmechanismen sowie die nutzerorientierte Analyse eines potentiellen Erweiterungsbedarfs. Dieser Teil bereitet somit die Entwicklung einer generischen Erweiterungsmethode grundlegend vor. Hierzu zählt auch die fundamentale Auseinandersetzung mit Unternehmensmodellierungssprachen generell, da nur eine ganzheitliche, widerspruchsfreie und integrierte Sprachdefinition Erweiterungen überhaupt ermöglichen und gelingen lassen kann. Dies betrifft beispielsweise die Spezifikation der intendierten Semantik einer Sprache

A Framework for Model-Driven Scientific Workflow Engineering

So-called scientific workflows are one important means in the context of data-intensive science for reliable and efficient scientific data processing in distributed computing infrastructures such as Grids. Scientific Workflow Management Systems (SWfMS) help scientists model and run scientific workflows, whereas a domain-specific layer for workflow modeling by a scientist and a technical layer for automated workflow execution can be distinguished. Initially, many SWfMS were developed from scratch using custom workflow technologies languages without application of already existing and established business workflow technologies. Among the reasons were different life cycles for scientific and business workflows as well as incompatible interfaces and communication protocols of the respective execution infrastructures. Meanwhile, several business IT infrastructures have evolved to serviceoriented architectures (SOAs), for which many Web service standards and technologies have been developed. The Web Services Business Process Execution Language (BPEL), for example, is a well-accepted standard for the implementation and execution of business workflows in SOAs. The SOA architecture pattern has been adopted in scientific IT infrastructures by so-called Service Grids based on existing standards and technologies. Due to this development, BPEL is also suitable for the execution of scientific workflows at the technical layer, which has been elaborated on in many publications and projects. However, BPEL is a workflow language for IT experts and is originally not suited for scientific workflow modeling by a scientist at the domain-specific layer. A domain-specific abstraction of BPEL is therefore required that can be specifically tailored for scientific workflow modeling as well as a corresponding mapping to the technical layer. These challenges of the domain-specific abstraction and the mapping are addressed in this thesis with the help of the Business Process Model and Notation (BPMN) standard and technologies from Model-Driven Software Development (MDSD). Therefore, the MoDFlow approach for Model-Driven Scientific WorkFlow Engineering is presented to map domain-specific scientific workflow models via a BPMN-based intermediate layer to an executable workflow model. The intermediate layer is specified by MoDFlow.BPMN, which is a BPMN metamodel subset with custom extensions for the scientific domain. MoDFlow.BPMN2BPEL defines three consecutive transformation steps to map MoDFlow.BPMN to BPEL for workflow execution. Furthermore, different methods to utilize and extend MoDFlow.BPMN and MoDFlow.BPMN2BPEL are described in the MoDFlow approach, in which the definition of so-called domain-specific languages (DSLs) for the modeling of scientific workflows at the domain-specific layer is focused. The MoDFlow framework is an implementation of the MoDFlow approach, which is based on the Eclipse Modeling Framework (EMF). The MoDFlow framework is evaluated in three application scenarios, in which different utilization and extension mechanisms are examined. The first two application scenarios investigate the technical feasibility of the approach and support scientific workflows with parameter sweeps that are executed on a Grid infrastructure. The third application scenario has been conducted in collaboration with the PubFlow project, which aims to create an infrastructure to model and execute data publication workflows. Based on the Xtext framework, a textual DSL and a corresponding language infrastructure is defined for this purpose that supports developers in creating data publication workflows. This scenario aims to illustrate the practicability of the MoDFlow framework. PubFlow currently plans to implement an additional graphical DSL based on the BPMN notation and a corresponding workflow editor for scientists

Extending a Business Process Modeling Language for Domain-Specific Adaptation in Healthcare

It is often required to provide a modeling language that enables the representation of domain-specific problems and concepts. Domain-specific modeling approaches can be applied for that. However, these approaches usually suffer from low dissemination, missing tool support and high design costs. Thus, it might be more reasonable to adapt and extend common standard modeling languages. This research article presents an extension of the common process modeling language BPMN for modeling clinical pathways in the healthcare sector. The extension is designed methodically by application of the extension design method of Stroppi et al. (2011), which was extended regarding to a deeper domain analysis. The domain analysis considers the design of a domain ontology, requirements analysis as well as an equivalence check between domain concept and BPMN concepts. Finally, the evolved extension is compared with the CPmod modeling language of Burwitz et al. (2013) in order to discuss strengths and limitations

Possibilistic Information Flow Control for Workflow Management Systems

In workflows and business processes, there are often security requirements on both the data, i.e. confidentiality and integrity, and the process, e.g. separation of duty. Graphical notations exist for specifying both workflows and associated security requirements. We present an approach for formally verifying that a workflow satisfies such security requirements. For this purpose, we define the semantics of a workflow as a state-event system and formalise security properties in a trace-based way, i.e. on an abstract level without depending on details of enforcement mechanisms such as Role-Based Access Control (RBAC). This formal model then allows us to build upon well-known verification techniques for information flow control. We describe how a compositional verification methodology for possibilistic information flow can be adapted to verify that a specification of a distributed workflow management system satisfies security requirements on both data and processes.Comment: In Proceedings GraMSec 2014, arXiv:1404.163

Ontology-based patterns for the integration of business processes and enterprise application architectures

Increasingly, enterprises are using Service-Oriented Architecture (SOA) as an approach to Enterprise Application Integration (EAI). SOA has the potential to bridge the gap between business and technology and to improve the reuse of existing applications and the interoperability with new ones. In addition to service architecture descriptions, architecture abstractions like patterns and styles capture design knowledge and allow the reuse of successfully applied designs, thus improving the quality of software. Knowledge gained from integration projects can be captured to build a repository of semantically enriched, experience-based solutions. Business patterns identify the interaction and structure between users, business processes, and data. Specific integration and composition patterns at a more technical level address enterprise application integration and capture reliable architecture solutions. We use an ontology-based approach to capture architecture and process patterns. Ontology techniques for pattern definition, extension and composition are developed and their applicability in business process-driven application integration is demonstrated

An Extension of Business Process Model and Notation for Security Risk Management

Kaasaegsed infosüsteemide arendamise metoodikad hõlmavad erinevaid tehnilisi äriprotsesside modelleerimise meetmeid. Äriprotsesside modelleerimiseks kasutatav keel (BPMN) on tänapäeval muutunud üheks standartseks meetmeks, mis edukalt rakendatakse infosüsteemide loomisel ning edasi arendamisel selleks, et ettevõtete äriprotsesse kirjeldada ja modelleerida.Vaatamata sellele, et BPMN on hea töörist, mille abil on võimalik ettevõtte äriprotsesse mõistma ja esitama, see ei võimalda äriprotsesside modelleerimisel adresseerida süsteemi turvalisuse aspekte. Autor leiab, et see on BPMN nõrk külg, selle pärast, et turvalise infosüsteemi arendamiseks on oluline nii äriprotsesse kui ka süsteemi turvalisust vaadeldada tervikuna. Käesolevas magistritöös autor töötab välja BPMN 2.0 keele jaoks uusi elemente, mis edaspidi peavad võimaldama adresseerima turvalisuse temaatika süsteemi modelleerimisel. Autori pakutud lahendus põhineb BPMN modelleerimiskeele seostamisel turvalisuse riski juhendamise metoodikaga (ISSRM). Antud magistritöös rakendatakse struktureeritud lähenemine BPMN peamiste aspektide analüüsimisel ja turvalisuse riskide juhtimiseks uute elementide väljatöötamisel, selleks ühildades BPMN ning ISSRM-i kontsepte. Magistritöös on demonstreeritud väljatöötatud lisaelementide kasutus, selgitatud kuidas antud elementidega laiendatud BPMN võimaldab väljendada ettevõtte varasid (assets), nendega seotuid riske (risks) ja riskide käsitlust (risk treatment). See on analüüsitud internetkaupluse varade konfidentsiaalsuse, terviklikkuse ja kättesaadavuse näitel. Autor on veendunud, et BPMN laienemine turvalisuse kontseptide osas ja antud töö raames tehtud konkreetsed ettepanekud aitavad infosüsteemide analüütikutele mõistma kuidas süsteemi turvalisust arendada nii, et läbi äriprotsessi tuvastatud olulisemate ettevõtte varade turvalisus oleks infosüsteemis käsitletud ning tagatud. Autori poolt antud käsitlus on vaadeldud ka laiemas mõttes, nimelt, BPMN keelele pakutud laienemisega avaneb perspektiiv äriprotsesside ja turvalisuse mudeleite koosvõimele ning BPMN-i teiste modelleerimise metoodikatega, nagu ISSRM või Secure Tropos, integreerimisele.Modern Information System (IS) development supports different techniques for business process modelling. Recently Business Process Model and Notation (BPMN) has become a standard that allows modelers to visualize organizational business processes. However, despite the fact that BPMN is a good approach to introduce and understand business processes, there is no opportunity to address security concerns while analysing the business needs. This is a problem, since both business processes and security concerns should be understood in parallel to support a development of the secure systems. In current thesis we introduce the extensions for BPMN 2.0 regarding security aspects. The following proposal is based on alignment of the modelling notation with IS security risk management (ISSRM).We apply a structured approach to understand major aspects of BPMN and propose extensions for security risk management based on the BPMN alignment to the ISSRM concepts. We demonstrate the use of extensions, illustrating how the extended BPMN could express assets, risks and risk treatment on few running examples related to the Internet store assets’ confidentiality, integrity and availability. We believe that our proposal would allow system analysts to understand how to develop security requirements to secure important assets defined through business processes. We also attempt to observe the following approach in the broader sense and we open a possibility for the business and security model interoperability and the model transformation between BPMN and another modelling approach also aligned to ISSRM, Secure Tropos