Assessing the compliance of a product with an eco-label: from standards to constraints

The new awareness of the consumers regarding environmental issues should allow companies to gain a competitive advantage by obtaining eco-labels which certify the low impact of a product on the environment. Getting such label requires to analyse a product according to rules expressed in natural language which may be difficult to interpret but also to apply when the product is complex. In order to address this problem, we suggest a method aiming at providing support to the user when checking the compliance of a product with an eco-label. The method is applied on an illustrative example of the literature

Fourth NASA Langley Formal Methods Workshop

This publication consists of papers presented at NASA Langley Research Center's fourth workshop on the application of formal methods to the design and verification of life-critical systems. Topic considered include: Proving properties of accident; modeling and validating SAFER in VDM-SL; requirement analysis of real-time control systems using PVS; a tabular language for system design; automated deductive verification of parallel systems. Also included is a fundamental hardware design in PVS

Unified System on Chip RESTAPI Service (USOCRS)

Abstract. This thesis investigates the development of a Unified System on Chip RESTAPI Service (USOCRS) to enhance the efficiency and effectiveness of SOC verification reporting. The research aims to overcome the challenges associated with the transfer, utilization, and interpretation of SoC verification reports by creating a unified platform that integrates various tools and technologies. The research methodology used in this study follows a design science approach. A thorough literature review was conducted to explore existing approaches and technologies related to SOC verification reporting, automation, data visualization, and API development. The review revealed gaps in the current state of the field, providing a basis for further investigation. Using the insights gained from the literature review, a system design and implementation plan were developed. This plan makes use of cutting-edge technologies such as FASTAPI, SQL and NoSQL databases, Azure Active Directory for authentication, and Cloud services. The Verification Toolbox was employed to validate SoC reports based on the organization’s standards. The system went through manual testing, and user satisfaction was evaluated to ensure its functionality and usability. The results of this study demonstrate the successful design and implementation of the USOCRS, offering SOC engineers a unified and secure platform for uploading, validating, storing, and retrieving verification reports. The USOCRS facilitates seamless communication between users and the API, granting easy access to vital information including successes, failures, and test coverage derived from submitted SoC verification reports. By automating and standardizing the SOC verification reporting process, the USOCRS eliminates manual and repetitive tasks usually done by developers, thereby enhancing productivity, and establishing a robust and reliable framework for report storage and retrieval. Through the integration of diverse tools and technologies, the USOCRS presents a comprehensive solution that adheres to the required specifications of the SOC schema used within the organization. Furthermore, the USOCRS significantly improves the efficiency and effectiveness of SOC verification reporting. It facilitates the submission process, reduces latency through optimized data storage, and enables meaningful extraction and analysis of report data

A Design Theory for Secure Semantic E-Business Processes (SSEBP)

This dissertation develops and evaluates a Design theory. We follow the design science approach (Hevener, et al., 2004) to answer the following research question: "How can we formulate a design theory to guide the analysis and design of Secure Semantic eBusiness processes (SSeBP)?" Goals of SSeBP design theory include (i) unambiguously represent information and knowledge resources involved in eBusiness processes to solve semantic conflicts and integrate heterogeneous information systems; (ii) analyze and model business processes that include access control mechanisms to prevent unauthorized access to resources; and (iii) facilitate the coordination of eBusiness process activities-resources by modeling their dependencies. Business processes modeling techniques such as Business Process Modeling Notation (BPMN) (BPMI, 2004) and UML Activity Diagrams (OMG, 2003) lack theoretical foundations and are difficult to verify for correctness and completeness (Soffer and Wand, 2007). Current literature on secure information systems design methods are theoretically underdeveloped and consider security as a non-functional requirement and as an afterthought (Siponen et al. 2006, Mouratidis et al., 2005). SSeBP design theory is one of the first attempts at providing theoretically grounded guidance to design richer secure eBusiness processes for secure and coordinated seamless knowledge exchange among business partners in a value chain. SSeBP design theory allows for the inclusion of non-repudiation mechanisms into the analysis and design of eBusiness processes which lays the foundations for auditing and compliance with regulations such as Sarbanes-Oxley. SSeBP design theory is evaluated through a rigorous multi-method evaluation approach including descriptive, observational, and experimental evaluation. First, SSeBP design theory is validated by modeling business processes of an industry standard named Collaborative Planning, Forecasting, and Replenishment (CPFR) approach. Our model enhances CPFR by incorporating security requirements in the process model, which is critically lacking in the current CPFR technical guidelines. Secondly, we model the demand forecasting and capacity planning business processes for two large organizations to evaluate the efficacy and utility of SSeBP design theory to capture the realistic requirements and complex nuances of real inter-organizational business processes. Finally, we empirically evaluate SSeBP, against enhanced Use Cases (Siponen et al., 2006) and UML activity diagrams, for informational equivalence (Larkin and Simon, 1987) and its utility in generating situational awareness (Endsley, 1995) of the security and coordination requirements of a business process. Specific contributions of this dissertation are to develop a design theory (SSeBP) that presents a novel and holistic approach that contributes to the IS knowledge base by filling an existing research gap in the area of design of information systems to support secure and coordinated business processes. The proposed design theory provides practitioners with the meta-design and the design process, including the system components and principles to guide the analysis and design of secure eBusiness processes that are secure and coordinated

Artifact-centric business process models in UML : specification and reasoning

Business processes are directly involved in the achievement of an organization's goals, and for this reason they should be performed in the best possible way. Modeling business processes can help to achieve this as, for instance, models can facilitate the communication between the people involved in the process, they provide a basis for process improvement and they can help perform process management. Processes can be modeled from many different perspectives. Traditional process modeling has followed the process-centric (or activity-centric) perspective, where the focus is on the sequencing of activities (i.e. the control flow), largely ignoring or underspecifying the data required by these tasks. In contrast, the artifact-centric (or data-centric) approach to process modeling focuses on defining the data required by the tasks and the details of the tasks themselves in terms of the changes they make to the data. The BALSA framework defines four dimensions which should be represented in any artifact-centric business process model: business artifacts, lifecycle, services (i.e. tasks) and associations. Using different types of models to represent these dimensions will result in distinct representations, whose differing characteristics (e.g. the degree of formality or understandability) will make them more appropriate for one purpose or another. Considering this, in the first part of this thesis we propose a framework, BAUML, for modeling business processes following an artifact-centric perspective. This framework is based on using a combination of UML and OCL models, and its goal is to have a final representation of the process which is both understandable and formal, to avoid ambiguities and errors. However, once a process model has been defined, it is important to ensure its quality. This will avoid the propagation of errors to the process's implementation. Although there are many different quality criteria, we focus on the semantic correctness of the model, answering questions such as "does it represent reality correctly?" or "are there any errors and contradictions in it?". Therefore, the second part of this thesis is concerned with finding a way to determine the semantic correctness of our BAUML models. We are interested in considering the BAUML model as a whole, including the meaning of the tasks. To do so, we first translate our models into a well-known framework, a DCDS (Data-centric Dynamic System) to which then modelchecking techniques can be applied. However, DCDSs have been defined theoretically and there is no tool that implements them. For this reason, we also created a prototype tool, AuRUS-BAUML, which is able to translate our BAUML models into logic and to reason on their semantic correctness using an existing tool, SVTe. The integration between AuRUS-BAUML and SVTe is transparent to the user. Logically, the thesis also presents the logic translation which is performed by the tool.Els processos de negoci estan directament relacionats amb els objectius de negoci, i per tant és important que aquests processos es duguin a terme de la millor manera possible. Optar per modelar-los pot ajudar a aconseguir-ho, ja que els models proporcionen nombrosos avantatges. Per exemple: faciliten la comunicació entre les parts involucrades en el procés, proporcionen una base a partir del qual millorar-lo, i poden ajudar a gestionar-lo. Els processos es poden modelar des de diferents perspectives. El modelat tradicional de processos s'ha basat molt en la perspectiva anomenada "process-centric" (centrada en processos) o "activity-centric" (centrada en activitats), que posa l'èmfasi en la seqüència d'activitats o tasques que s'han d'executar, ignorant en gran mesura les dades necessàries per dur a terme aquestes tasques. Per altra banda, la perspectiva "artifact-centric" (centrada en artefactes) o "data-centric" es basa en definir les dades que necessiten les tasques i els detalls de les tasques en si, representant els canvis que aquestes fan a les dades. El framework BALSA defineix quatre dimensions que haurien de representar-se en qualsevol model artifact-centric: els artefactes de negoci (business artifacts), els cicles de vida (lifecycles), els serveis (services) i les associacions (associations). Utilitzant diferents tipus de models per representar aquestes dimensions porta a obtenir diverses representacions amb característiques diferents. Aquesta varietat de característiques farà que els models resultants siguin més apropiats per un propòsit o per un altre. Considerant això, en la primera part d'aquesta tesi proposem un framework, BAUML, per modelar processos de negoci seguint una perspectiva artifact-centric. El framework es basa en utilitzar una combinació de models UML i OCL, i el seu objectiu és obtenir una representació final del procés que sigui a la vegada comprensible i formal, per tal d'evitar ambigüitats i errors. Un cop definit el procés, és important assegurar-ne la qualitat. Això evitarà la propagació d'errors a la implementació final del procés. Malgrat que hi ha molts criteris de qualitat diferents, ens centrarem en la correctesa semàntica del model, per respondre a preguntes com ara "representa la realitat correctament?" o "conté errors o contradiccions?". En conseqüència, la segona part d'aquesta tesi se centra en buscar una manera per determinar la correctesa semàntica d'un model BAUML. Ens interessa considerar el model com un tot, incloent el significat de les tasques (és a dir, el detall del que fan). Per aconseguir-ho, primer traduïm les tasques a un framework reconegut, DCDSs (Data-centric Dynamic Systems). Un cop obtingut, s'hi poden aplicar tècniques de model-checking per determinar si compleix certes propietats. Malauradament, els DCDSs s'han definit a nivell teòric i no hi ha cap eina que els implementi. Per aquest motiu, hem creat un prototip d'eina, AuRUS-BAUML, que és capaç de traduir els nostres models BAUML a lògica i aplicar-hi tècniques de raonament per determinar-ne la correctesa semàntica. Per la part de raonament, l'AuRUS-BAUML fa servir una eina existent, l'SVTe. La integració entre l'AuRUS-BAUML i l'SVTe és transparent de cara a l'usuari. Lògicament, la tesi també presenta la traducció a lògica que porta a terme l'eina.Postprint (published version

Artifact-centric business process models in UML : specification and reasoning

Business processes are directly involved in the achievement of an organization's goals, and for this reason they should be performed in the best possible way. Modeling business processes can help to achieve this as, for instance, models can facilitate the communication between the people involved in the process, they provide a basis for process improvement and they can help perform process management. Processes can be modeled from many different perspectives. Traditional process modeling has followed the process-centric (or activity-centric) perspective, where the focus is on the sequencing of activities (i.e. the control flow), largely ignoring or underspecifying the data required by these tasks. In contrast, the artifact-centric (or data-centric) approach to process modeling focuses on defining the data required by the tasks and the details of the tasks themselves in terms of the changes they make to the data. The BALSA framework defines four dimensions which should be represented in any artifact-centric business process model: business artifacts, lifecycle, services (i.e. tasks) and associations. Using different types of models to represent these dimensions will result in distinct representations, whose differing characteristics (e.g. the degree of formality or understandability) will make them more appropriate for one purpose or another. Considering this, in the first part of this thesis we propose a framework, BAUML, for modeling business processes following an artifact-centric perspective. This framework is based on using a combination of UML and OCL models, and its goal is to have a final representation of the process which is both understandable and formal, to avoid ambiguities and errors. However, once a process model has been defined, it is important to ensure its quality. This will avoid the propagation of errors to the process's implementation. Although there are many different quality criteria, we focus on the semantic correctness of the model, answering questions such as "does it represent reality correctly?" or "are there any errors and contradictions in it?". Therefore, the second part of this thesis is concerned with finding a way to determine the semantic correctness of our BAUML models. We are interested in considering the BAUML model as a whole, including the meaning of the tasks. To do so, we first translate our models into a well-known framework, a DCDS (Data-centric Dynamic System) to which then modelchecking techniques can be applied. However, DCDSs have been defined theoretically and there is no tool that implements them. For this reason, we also created a prototype tool, AuRUS-BAUML, which is able to translate our BAUML models into logic and to reason on their semantic correctness using an existing tool, SVTe. The integration between AuRUS-BAUML and SVTe is transparent to the user. Logically, the thesis also presents the logic translation which is performed by the tool.Els processos de negoci estan directament relacionats amb els objectius de negoci, i per tant és important que aquests processos es duguin a terme de la millor manera possible. Optar per modelar-los pot ajudar a aconseguir-ho, ja que els models proporcionen nombrosos avantatges. Per exemple: faciliten la comunicació entre les parts involucrades en el procés, proporcionen una base a partir del qual millorar-lo, i poden ajudar a gestionar-lo. Els processos es poden modelar des de diferents perspectives. El modelat tradicional de processos s'ha basat molt en la perspectiva anomenada "process-centric" (centrada en processos) o "activity-centric" (centrada en activitats), que posa l'èmfasi en la seqüència d'activitats o tasques que s'han d'executar, ignorant en gran mesura les dades necessàries per dur a terme aquestes tasques. Per altra banda, la perspectiva "artifact-centric" (centrada en artefactes) o "data-centric" es basa en definir les dades que necessiten les tasques i els detalls de les tasques en si, representant els canvis que aquestes fan a les dades. El framework BALSA defineix quatre dimensions que haurien de representar-se en qualsevol model artifact-centric: els artefactes de negoci (business artifacts), els cicles de vida (lifecycles), els serveis (services) i les associacions (associations). Utilitzant diferents tipus de models per representar aquestes dimensions porta a obtenir diverses representacions amb característiques diferents. Aquesta varietat de característiques farà que els models resultants siguin més apropiats per un propòsit o per un altre. Considerant això, en la primera part d'aquesta tesi proposem un framework, BAUML, per modelar processos de negoci seguint una perspectiva artifact-centric. El framework es basa en utilitzar una combinació de models UML i OCL, i el seu objectiu és obtenir una representació final del procés que sigui a la vegada comprensible i formal, per tal d'evitar ambigüitats i errors. Un cop definit el procés, és important assegurar-ne la qualitat. Això evitarà la propagació d'errors a la implementació final del procés. Malgrat que hi ha molts criteris de qualitat diferents, ens centrarem en la correctesa semàntica del model, per respondre a preguntes com ara "representa la realitat correctament?" o "conté errors o contradiccions?". En conseqüència, la segona part d'aquesta tesi se centra en buscar una manera per determinar la correctesa semàntica d'un model BAUML. Ens interessa considerar el model com un tot, incloent el significat de les tasques (és a dir, el detall del que fan). Per aconseguir-ho, primer traduïm les tasques a un framework reconegut, DCDSs (Data-centric Dynamic Systems). Un cop obtingut, s'hi poden aplicar tècniques de model-checking per determinar si compleix certes propietats. Malauradament, els DCDSs s'han definit a nivell teòric i no hi ha cap eina que els implementi. Per aquest motiu, hem creat un prototip d'eina, AuRUS-BAUML, que és capaç de traduir els nostres models BAUML a lògica i aplicar-hi tècniques de raonament per determinar-ne la correctesa semàntica. Per la part de raonament, l'AuRUS-BAUML fa servir una eina existent, l'SVTe. La integració entre l'AuRUS-BAUML i l'SVTe és transparent de cara a l'usuari. Lògicament, la tesi també presenta la traducció a lògica que porta a terme l'eina

Automatically Documenting Software Artifacts

Software artifacts, such as database schema and unit test cases, constantly change during evolution and maintenance of software systems. Co-evolution of code and DB schemas in Database-Centric Applications (DCAs) often leads to two types of challenging scenarios for developers, where (i) changes to the DB schema need to be incorporated in the source code, and (ii) maintenance of a DCAs code requires understanding of how the features are implemented by relying on DB operations and corresponding schema constraints. On the other hand, the number of unit test cases often grows as new functionality is introduced into the system, and maintaining these unit tests is important to reduce the introduction of regression bugs due to outdated unit tests. Therefore, one critical artifact that developers need to be able to maintain during evolution and maintenance of software systems is up-to-date and complete documentation. In order to understand developer practices regarding documenting and maintaining these software artifacts, we designed two empirical studies both composed of (i) an online survey of contributors of open source projects and (ii) a mining-based analysis of method comments in these projects. We observed that documenting methods with database accesses and unit test cases is not a common practice. Further, motivated by the findings of the studies, we proposed three novel approaches: (i) DBScribe is an approach for automatically documenting database usages and schema constraints, (ii) UnitTestScribe is an approach for automatically documenting test cases, and (iii) TeStereo tags stereotypes for unit tests and generates html reports to improve the comprehension and browsing of unit tests in a large test suite. We evaluated our tools in the case studies with industrial developers and graduate students. In general, developers indicated that descriptions generated by the tools are complete, concise, and easy to read. The reports are useful for source code comprehension tasks as well as other tasks, such as code smell detection and source code navigation