57 research outputs found

    On Negotiation as Concurrency Primitive

    Full text link
    We introduce negotiations, a model of concurrency close to Petri nets, with multiparty negotiation as primitive. We study the problems of soundness of negotiations and of, given a negotiation with possibly many steps, computing a summary, i.e., an equivalent one-step negotiation. We provide a complete set of reduction rules for sound, acyclic, weakly deterministic negotiations and show that, for deterministic negotiations, the rules compute the summary in polynomial time

    Verification of soundness and other properties of business processes

    Get PDF
    In this thesis we focus on improving current modeling and verification techniques for complex business processes. The objective of the thesis is to consider several aspects of real-life business processes and give specific solutions to cope with their complexity. In particular, we address verification of a proper termination property for workflows, called generalized soundness. We give a new decision procedure for generalized soundness that improves the original decision procedure. The new decision procedure reports on the decidability status of generalized soundness and returns a counterexample in case the workflow net is not generalized sound. We report on experimental results obtained with the prototype implementation we made and describe how to verify large workflows compositionally, using reduction rules. Next, we concentrate on modeling and verification of adaptive workflows — workflows that are able to change their structure at runtime, for instance when some exceptional events occur. In order to model the exception handling properly and allow structural changes of the system in a modular way, we introduce a new class of nets, called adaptive workflow nets. Adaptive workflow nets are a special type of Nets in Nets and they allow for creation, deletion and transformation of net tokens at runtime and for two types of synchronizations: synchronization on proper termination and synchronization on exception. We define some behavioral properties of adaptive workflow nets: soundness and circumspectness and employ an abstraction to reduce the verification of these properties to the verification of behavioral properties of a finite state abstraction. Further, we study how formal methods can help in understanding and designing business processes. We investigate this for the extended event-driven process chains (eEPCs), a popular industrial business process language used in the ARIS Toolset. Several semantics have been proposed for EPCs. However, most of them concentrated solely on the control flow. We argue that other aspects of business processes must also be taken into account in order to analyze eEPCs and propose a semantics that takes data and time information from eEPCs into account. Moreover, we provide a translation of eEPCs to Timed Colored Petri nets in order to facilitate verification of eEPCs. Finally, we discuss modeling issues for business processes whose behavior may depend on the previous behavior of the process, history which is recorded by workflow management systems as a log. To increase the precision of models with respect to modeling choices depending on the process history, we introduce history-dependent guards. The obtained business processes are called historydependent processes.We introduce a logic, called LogLogics for the specification of guards based on a log of a current running process and give an evaluation algorithm for such guards. Moreover, we show how these guards can be used in practice and define LogLogics patterns for properties that occur most commonly in practice

    Process mining and verification

    Get PDF

    Vérification efficace de systèmes à compteurs à l'aide de relaxations

    Get PDF
    Abstract : Counter systems are popular models used to reason about systems in various fields such as the analysis of concurrent or distributed programs and the discovery and verification of business processes. We study well-established problems on various classes of counter systems. This thesis focusses on three particular systems, namely Petri nets, which are a type of model for discrete systems with concurrent and sequential events, workflow nets, which form a subclass of Petri nets that is suited for modelling and reasoning about business processes, and continuous one-counter automata, a novel model that combines continuous semantics with one-counter automata. For Petri nets, we focus on reachability and coverability properties. We utilize directed search algorithms, using relaxations of Petri nets as heuristics, to obtain novel semi-decision algorithms for reachability and coverability, and positively evaluate a prototype implementation. For workflow nets, we focus on the problem of soundness, a well-established correctness notion for such nets. We precisely characterize the previously widely-open complexity of three variants of soundness. Based on our insights, we develop techniques to verify soundness in practice, based on reachability relaxation of Petri nets. Lastly, we introduce the novel model of continuous one-counter automata. This model is a natural variant of one-counter automata, which allows reasoning in a hybrid manner combining continuous and discrete elements. We characterize the exact complexity of the reachability problem in several variants of the model.Les systèmes à compteurs sont des modèles utilisés afin de raisonner sur les systèmes de divers domaines tels l’analyse de programmes concurrents ou distribués, et la découverte et la vérification de systèmes d’affaires. Nous étudions des problèmes bien établis de différentes classes de systèmes à compteurs. Cette thèse se penche sur trois systèmes particuliers : les réseaux de Petri, qui sont un type de modèle pour les systèmes discrets à événements concurrents et séquentiels ; les « réseaux de processus », qui forment une sous-classe des réseaux de Petri adaptée à la modélisation et au raisonnement des processus d’affaires ; les automates continus à un compteur, un nouveau modèle qui combine une sémantique continue à celles des automates à un compteur. Pour les réseaux de Petri, nous nous concentrons sur les propriétés d’accessibilité et de couverture. Nous utilisons des algorithmes de parcours de graphes, avec des relaxations de réseaux de Petri comme heuristiques, afin d’obtenir de nouveaux algorithmes de semi-décision pour l’accessibilité et la couverture, et nous évaluons positivement un prototype. Pour les «réseaux de processus», nous nous concentrons sur le problème de validité, une notion de correction bien établie pour ces réseaux. Nous caractérisions précisément la complexité calculatoire jusqu’ici largement ouverte de trois variantes du problème de validité. En nous basant sur nos résultats, nous développons des techniques pour vérifier la validité en pratique, à l’aide de relaxations d’accessibilité dans les réseaux de Petri. Enfin, nous introduisons le nouveau modèle d’automates continus à un compteur. Ce modèle est une variante naturelle des automates à un compteur, qui permet de raisonner de manière hybride en combinant des éléments continus et discrets. Nous caractérisons la complexité exacte du problème d’accessibilité dans plusieurs variantes du modèle

    Security Analysis of System Behaviour - From "Security by Design" to "Security at Runtime" -

    Get PDF
    The Internet today provides the environment for novel applications and processes which may evolve way beyond pre-planned scope and purpose. Security analysis is growing in complexity with the increase in functionality, connectivity, and dynamics of current electronic business processes. Technical processes within critical infrastructures also have to cope with these developments. To tackle the complexity of the security analysis, the application of models is becoming standard practice. However, model-based support for security analysis is not only needed in pre-operational phases but also during process execution, in order to provide situational security awareness at runtime. This cumulative thesis provides three major contributions to modelling methodology. Firstly, this thesis provides an approach for model-based analysis and verification of security and safety properties in order to support fault prevention and fault removal in system design or redesign. Furthermore, some construction principles for the design of well-behaved scalable systems are given. The second topic is the analysis of the exposition of vulnerabilities in the software components of networked systems to exploitation by internal or external threats. This kind of fault forecasting allows the security assessment of alternative system configurations and security policies. Validation and deployment of security policies that minimise the attack surface can now improve fault tolerance and mitigate the impact of successful attacks. Thirdly, the approach is extended to runtime applicability. An observing system monitors an event stream from the observed system with the aim to detect faults - deviations from the specified behaviour or security compliance violations - at runtime. Furthermore, knowledge about the expected behaviour given by an operational model is used to predict faults in the near future. Building on this, a holistic security management strategy is proposed. The architecture of the observing system is described and the applicability of model-based security analysis at runtime is demonstrated utilising processes from several industrial scenarios. The results of this cumulative thesis are provided by 19 selected peer-reviewed papers

    (I) A Declarative Framework for ERP Systems(II) Reactors: A Data-Driven Programming Model for Distributed Applications

    Get PDF
    To those who can be swayed by argument and those who know they do not have all the answers This dissertation is a collection of six adapted research papers pertaining to two areas of research. (I) A Declarative Framework for ERP Systems: • POETS: Process-Oriented Event-driven Transaction Systems. The paper describes an ontological analysis of a small segment of the enterprise domain, namely the general ledger and accounts receivable. The result is an event-based approach to designing ERP systems and an abstract-level sketch of the architecture. • Compositional Specification of Commercial Contracts. The paper de-scribes the design, multiple semantics, and use of a domain-specific lan-guage (DSL) for modeling commercial contracts. • SMAWL: A SMAll Workflow Language Based on CCS. The paper show

    Artifact-centric business process models in UML : specification and reasoning

    Get PDF
    Business processes are directly involved in the achievement of an organization's goals, and for this reason they should be performed in the best possible way. Modeling business processes can help to achieve this as, for instance, models can facilitate the communication between the people involved in the process, they provide a basis for process improvement and they can help perform process management. Processes can be modeled from many different perspectives. Traditional process modeling has followed the process-centric (or activity-centric) perspective, where the focus is on the sequencing of activities (i.e. the control flow), largely ignoring or underspecifying the data required by these tasks. In contrast, the artifact-centric (or data-centric) approach to process modeling focuses on defining the data required by the tasks and the details of the tasks themselves in terms of the changes they make to the data. The BALSA framework defines four dimensions which should be represented in any artifact-centric business process model: business artifacts, lifecycle, services (i.e. tasks) and associations. Using different types of models to represent these dimensions will result in distinct representations, whose differing characteristics (e.g. the degree of formality or understandability) will make them more appropriate for one purpose or another. Considering this, in the first part of this thesis we propose a framework, BAUML, for modeling business processes following an artifact-centric perspective. This framework is based on using a combination of UML and OCL models, and its goal is to have a final representation of the process which is both understandable and formal, to avoid ambiguities and errors. However, once a process model has been defined, it is important to ensure its quality. This will avoid the propagation of errors to the process's implementation. Although there are many different quality criteria, we focus on the semantic correctness of the model, answering questions such as "does it represent reality correctly?" or "are there any errors and contradictions in it?". Therefore, the second part of this thesis is concerned with finding a way to determine the semantic correctness of our BAUML models. We are interested in considering the BAUML model as a whole, including the meaning of the tasks. To do so, we first translate our models into a well-known framework, a DCDS (Data-centric Dynamic System) to which then modelchecking techniques can be applied. However, DCDSs have been defined theoretically and there is no tool that implements them. For this reason, we also created a prototype tool, AuRUS-BAUML, which is able to translate our BAUML models into logic and to reason on their semantic correctness using an existing tool, SVTe. The integration between AuRUS-BAUML and SVTe is transparent to the user. Logically, the thesis also presents the logic translation which is performed by the tool.Els processos de negoci estan directament relacionats amb els objectius de negoci, i per tant és important que aquests processos es duguin a terme de la millor manera possible. Optar per modelar-los pot ajudar a aconseguir-ho, ja que els models proporcionen nombrosos avantatges. Per exemple: faciliten la comunicació entre les parts involucrades en el procés, proporcionen una base a partir del qual millorar-lo, i poden ajudar a gestionar-lo. Els processos es poden modelar des de diferents perspectives. El modelat tradicional de processos s'ha basat molt en la perspectiva anomenada "process-centric" (centrada en processos) o "activity-centric" (centrada en activitats), que posa l'èmfasi en la seqüència d'activitats o tasques que s'han d'executar, ignorant en gran mesura les dades necessàries per dur a terme aquestes tasques. Per altra banda, la perspectiva "artifact-centric" (centrada en artefactes) o "data-centric" es basa en definir les dades que necessiten les tasques i els detalls de les tasques en si, representant els canvis que aquestes fan a les dades. El framework BALSA defineix quatre dimensions que haurien de representar-se en qualsevol model artifact-centric: els artefactes de negoci (business artifacts), els cicles de vida (lifecycles), els serveis (services) i les associacions (associations). Utilitzant diferents tipus de models per representar aquestes dimensions porta a obtenir diverses representacions amb característiques diferents. Aquesta varietat de característiques farà que els models resultants siguin més apropiats per un propòsit o per un altre. Considerant això, en la primera part d'aquesta tesi proposem un framework, BAUML, per modelar processos de negoci seguint una perspectiva artifact-centric. El framework es basa en utilitzar una combinació de models UML i OCL, i el seu objectiu és obtenir una representació final del procés que sigui a la vegada comprensible i formal, per tal d'evitar ambigüitats i errors. Un cop definit el procés, és important assegurar-ne la qualitat. Això evitarà la propagació d'errors a la implementació final del procés. Malgrat que hi ha molts criteris de qualitat diferents, ens centrarem en la correctesa semàntica del model, per respondre a preguntes com ara "representa la realitat correctament?" o "conté errors o contradiccions?". En conseqüència, la segona part d'aquesta tesi se centra en buscar una manera per determinar la correctesa semàntica d'un model BAUML. Ens interessa considerar el model com un tot, incloent el significat de les tasques (és a dir, el detall del que fan). Per aconseguir-ho, primer traduïm les tasques a un framework reconegut, DCDSs (Data-centric Dynamic Systems). Un cop obtingut, s'hi poden aplicar tècniques de model-checking per determinar si compleix certes propietats. Malauradament, els DCDSs s'han definit a nivell teòric i no hi ha cap eina que els implementi. Per aquest motiu, hem creat un prototip d'eina, AuRUS-BAUML, que és capaç de traduir els nostres models BAUML a lògica i aplicar-hi tècniques de raonament per determinar-ne la correctesa semàntica. Per la part de raonament, l'AuRUS-BAUML fa servir una eina existent, l'SVTe. La integració entre l'AuRUS-BAUML i l'SVTe és transparent de cara a l'usuari. Lògicament, la tesi també presenta la traducció a lògica que porta a terme l'eina

    Computer Aided Verification

    Get PDF
    This open access two-volume set LNCS 13371 and 13372 constitutes the refereed proceedings of the 34rd International Conference on Computer Aided Verification, CAV 2022, which was held in Haifa, Israel, in August 2022. The 40 full papers presented together with 9 tool papers and 2 case studies were carefully reviewed and selected from 209 submissions. The papers were organized in the following topical sections: Part I: Invited papers; formal methods for probabilistic programs; formal methods for neural networks; software Verification and model checking; hyperproperties and security; formal methods for hardware, cyber-physical, and hybrid systems. Part II: Probabilistic techniques; automata and logic; deductive verification and decision procedures; machine learning; synthesis and concurrency. This is an open access book
    • …
    corecore