HELP IS ON THE WAY – PROVIDING USER SUPPORT FOR EPC MODELLING VIA A SYSTEMATIC PROCEDURE MODEL

Process models and consequently business process modelling languages get more and more complex. This is especially true for the event-driven process chain (EPC), since the absence of a clearly defined standard renders EPC modelling difficult. On top, modelling itself is no trivial task. To address this issue, several frameworks and guidelines have emerged to support process modelling. However, most of them remain at a generic level. Currently, there is no user support with respect to the actual modelling process that is specific to the EPC language. To address these needs, the paper applies a design-oriented research approach and proposes a systematic procedure model specifically tailored towards EPC mod-elling as current outcome of this research in progress. We argue that the procedure model facilitates the modelling process and thus has the potential to increase model quality

Methodology for Testing RFID Applications

Radio Frequency Identification (RFID) is a promising technology for process automation and beyond that capable of identifying objects without the need for a line-of-sight. However, the trend towards automatic identification of objects also increases the demand for high quality RFID applications. Therefore, research on testing RFID systems and methodical approaches for testing are needed. This thesis presents a novel methodology for the system level test of RFID applications. The approach called ITERA, allows for the automatic generation of tests, defines a semantic model of the RFID system and provides a test environment for RFID applications. The method introduced can be used to gradually transform use cases into a semi-formal test specification. Test cases are then systematically generated, in order to execute them in the test environment. It applies the principle of model based testing from a black-box perspective in combination with a virtual environment for automatic test execution. The presence of RFID tags in an area, monitored by an RFID reader, can be modelled by time-based sets using set-theory and discrete events. Furthermore, the proposed description and semantics can be used to specify RFID systems and their applications, which might also be used for other purposes than testing. The approach uses the Unified Modelling Language to model the characteristics of the system under test. Based on the ITERA meta model test execution paths are extracted directly from activity diagrams and RFID specific test cases are generated. The approach introduced in this thesis allows to reduce the efforts for RFID application testing by systematically generating test cases and the automatic test execution. In combination with meta model and by considering additional parameters, like unreliability factors, it not only satisfies functional testing aspects, but also increases the confidence in the robustness of the tested application. Mixed with the instantly available virtual readers, it has the potential to speed up the development process and decrease the costs - even during the early development phases. ITERA can be used for highly automated testing, reproducible tests and because of the instantly available readers, even before the real environment is deployed. Furthermore, the total control of the RFID environment enables to test applications which might be difficult to test manually. This thesis will explain the motivation and objectives of this new RFID application test methodology. Based on a RFID system analysis it proposes a practical solution on the identified issues. Further, it gives a literature review on testing fundamentals, model based test case generation, the typical components of a RFID system and RFID standards used in industry.Integrative Test-Methodology for RFID Applications (ITERA) - Project: Eurostars!5516 ITERA, FKZ 01QE1105

Enhancing Variability Modeling in Process-Aware Information Systems through Change Patterns

[EN] The increasing adoption of process-aware information systems (PAISs) together with the high variability in business processes has resulted in collections of process families. These families correspond to a business process model and its variants, which can comprise hundreds or thousands of different ways of realizing this process. Modeling and managing process variability in this context can be very challenging due to the size of these families. Motivated by this challenge, several approaches enabling process variability have been developed. However, with these approaches PAIS engineers usually are required to model and manage one by one all the elements of a process family and ensure its correctness by their own. This can be tedious and error-prone especially when a process family comprises hundreds or thousands of process variants. For example, variability may not be properly reflected since PAIS engineers need to be aware of each variation of each process variant. Thus, there is a need of methods that allow PAIS engineers to model process variability more explicitly, especially at a level of abstraction higher than the one provided by the existing process variability approaches. However, how process variability is represented in existing approaches becomes critical for these methods (e.g., what language constructs are used to model process variability). In this context, the use of modeling patterns (reusable solutions to a commonly occurring problem) is a promising way to address these issues. For example, patterns have been proved as an efficient solution to model individual business processes. The objective of this thesis is to enhance the modeling of variability in process families through change patterns. First, we conduct a systematic study to analyze existing process variability approaches regarding their expressiveness with respect to process variability modeling as well as their process support. Thus, we can identify how process variability is actually modeled by existing approaches (i.e., a core set of variability-specific language constructs). In addition, based on the obtained empirical evidence, we derive the VIVACE framework, a complete characterization of process variability which comprises also a core set of features fostering process variability. VIVACE enables PAIS engineers to evaluate existing process variability approaches as well as to select that variability approach meeting their requirements best. In addition, it helps process engineers in dealing with PAISs supporting process variability. Second, to facilitate variability modeling in process families, based on the identified language constructs, we present a set of 10 change patterns and show how they can be implemented in a process variability approach. In particular, these patterns support process family modeling and evolution and are able to ensure process family correctness. In order to prove their effectiveness and analyze their suitability, we applied these change patterns in a real scenario. More concretely, we conduct a case study with a safety standard with a high degree of variability. The case study results show that the application of the change patterns can reduce the effort for process family modeling in a 34% and for evolution in a 40%. In addition, we have analyzed how PAIS engineers apply the patterns and their perceptions of this application. Most of them expressed some benefit when applying the change patterns, did not perceived an increase of mental effort for applying the patterns, and agreed upon the usefulness and ease of use of the patterns.[ES] La creciente adopción de sistemas de información dirigidos por procesos de negocio (PAIS) junto con la alta variabilidad en dichos procesos, han dado lugar a la aparición de colecciones de familias de procesos. Estas familias están constituidas por un modelo de proceso de negocio y sus variantes, las cuales pueden comprender entre cientos y miles de diferentes formas de llevar a cabo ese proceso. Gestionar la variabilidad en este contexto puede resultar muy difícil dado el tamaño que estas familias pueden alcanzar. Motivados por este desafío, se han desarrollado varias soluciones que permiten la gestión de la variabilidad en los procesos de negocio. Sin embargo, con estas soluciones los ingenieros deben crear y gestionar uno por uno todos los elementos de las familias de procesos y asegurar ellos mismos su corrección. Esto puede resultar tedioso y propenso a errores especialmente cuando las familias están compuestas de miles de variantes. Por ejemplo, la variabilidad puede no quedar adecuadamente representada ya que los ingenieros deben ser conscientes de todas y cada una de las variaciones de todas las variantes. Así, son necesarios nuevos métodos que permitan modelar la variabilidad de los procesos de una manera más explícita, a un nivel de abstracción más alto del proporcionado por las soluciones actuales. Sin embargo, cómo se representa la variabilidad en estos métodos resulta crítico (ej.: qué primitivas se utilizan). En este contexto, el uso de patrones de modelado (soluciones reutilizables a un problema recurrente) resultan un camino prometedor. Por ejemplo, los patrones han sido probados como una solución eficaz para gestionar procesos de negocio individuales. El objetivo de esta tesis es mejorar el modelado de la variabilidad en las familias de procesos a través del uso de patrones de cambio. En primer lugar, hemos llevado a cabo un estudio sistemático con el fin de analizar las soluciones existentes que permiten gestionar la variabilidad en los procesos, así como el soporte que estas proporcionan. Así, hemos sido capaces de identificar y analizar cuál es el conjunto básico de primitivas específicas para representar la variabilidad. Además, basándonos en la evidencia empírica obtenida, hemos derivado el marco de evaluación VIVACE, el cual recoge las primitivas de variabilidad y un conjunto básico de características que favorecen la variabilidad en los procesos. El principal objetivo de VIVACE es conformar una completa caracterización de la variabilidad en los procesos de negocio. Asimismo, VIVACE permite evaluar las soluciones que gestionan la variabilidad en los procesos, así como seleccionar la solución que se ajuste mejor a sus necesidades. Finalmente, VIVACE puede ayudar a los ingenieros a gestionar PAISs con variabilidad. En segundo lugar, para facilitar el modelado de la variabilidad en las familias de procesos, basándonos en las primitivas identificadas, hemos definido un conjunto de 10 patrones de cambio y hemos mostrado cómo estos patrones pueden ser implementados. En particular, estos patrones ayudan al modelado y la evolución de familias de procesos y son capaces de garantizar la corrección de la propia familia. Para probar su efectividad y analizar su idoneidad, hemos aplicado estos patrones de cambio en un escenario real. En concreto, hemos llevado a cabo un caso de estudio con un estándar de seguridad con un alto nivel de variabilidad. Los resultados de este caso demuestran que la aplicación de nuestros patrones de cambio puede reducir el esfuerzo para el modelado de familias de procesos en un 34% y para la evolución de esos modelos en un 40%. Además, hemos analizado cómo los ingenieros aplican los patrones y cuáles son sus percepciones de esta aplicación. Como resultado, la mayoría de ellos encontró beneficios al aplicar los patrones. Además, no percibieron un aumento en el esfuerzo mental necesario para aplicarlos y estuvieron de acuerdo en la utilid[CA] La creixent adopció de sistemes d'informació dirigits per processos de negoci (PAIS) junt amb l'alta variabilitat en eixos processos, han donat lloc a la aparició de col·leccions de famílies de processos. Estes famílies es formen de un model de procés de negoci i les seues variants, les quals poden comprendre entre cents i milers de diferents formes de dur a terme eixe procés. Modelar la variabilitat dels processos en este context pot resultar molt difícil donat la grandària que aquestes famílies poden aconseguir. Motivats per este desafiament, s'han desenvolupat diverses solucions que permeten la gestió de la variabilitat en els processos de negoci. No obstant, amb aquestes solucions els enginyers que treballen amb PAIS han de crear i gestionar un a un tots els elements de les famílies de processos i assegurar ells mateixos la seua correcció. Això pot resultar tediós i propens a errors especialment quan les famílies es componen de cents o milers de variants. Per exemple, la variabilitat pot no quedar adequadament representada ja que els enginyers han de ser conscients de totes i cadascuna una de les variacions de totes les variants. Per quest motiu, son necessaris nous mètodes que permeten als enginyers de PAIS modelar la variabilitat dels processos de manera més explícita, sobretot a un nivell d'abstracció més alt del proporcionat per les solucions actuals. No obstant, com es representa la variabilitat en aquestos mètodes resulta crític (ex.: quines primitives s'utilitzen per a modelar la variabilitat en els processos). En aquest context, l'ús de patrons de modelatge (solucions reutilitzables a un problema recurrent) resulten un camí prometedor. Per exemple, els patrons han sigut provats com una solució eficaç per modelar i gestionar processos de negoci individuals. L'objectiu d'aquesta tesi 'es millorar el modelatge de la variabilitat en les famílies de processos a través de l'ús de patrons de canvi. En primer lloc, hem dut a terme un estudi sistemàtic per a analitzar les solucions existents per a gestionar la variabilitat en els processos, així com el suport que aquestes proporcionen. D'aquesta manera, som capaços d'identificar i analitzar quin 'es el conjunt bàsic de primitives específiques per a representar la variabilitat. A més, basant-nos en l'evidència empírica obtinguda, hem derivat el marc d'evacuació VIVACE, el qual arreplega les primitives de variabilitat i un conjunt bàsic de característiques que afavoreixen la variabilitat en els processos. Així mateix, VIVACE permet als enginyers de PAIS avaluar les solucions per a gestionar la variabilitat en els processos, així com seleccionar la solució que s'ajusta millor a les seues necessitats. Finalment, VIVACE també pot ajudar als enginyers a gestionar PAISs que donen suport a aquesta variabilitat. En segon lloc, per a facilitar el modelatge de la variabilitat en les famílies de processos, basant-nos en les primitives identificades, hem definit un conjunt de 10 patrons de canvi i hem mostrat com aquestos poden ser implementats. En particular, estos patrons ajuden al modelatge i l'evolució de famílies de processos i garanteixen la correcció de la pròpia família. Per a provar la seua efectivitat i analitzar la seua idoneïtat, hem aplicat els patrons de canvi en un escenari real. En particular, hem dut a terme un cas d'estudi amb un estàndard de seguretat amb un alt nivell de variabilitat. Els resultats de aquest cas demostren que l'aplicació dels nostres patrons de canvi poden reduir l'esforç per al modelatge de famílies de processos en un 34% i per a l'evolució de eixos models en un 40%. A més, hem analitzat com els enginyers de PAIS apliquen els patrons i quines son les seues percepcions d'esta aplicació. Com a resultat, la majoria d'ells va trobar beneficis al aplicar els patrons de canvi. A més, no van percebre un augment en l'esforç mental necessari per a aplicar-los i van estar d'acord en la utilitat i fAyora Esteras, C. (2015). Enhancing Variability Modeling in Process-Aware Information Systems through Change Patterns [Tesis doctoral no publicada]. Universitat Politècnica de València. https://doi.org/10.4995/Thesis/10251/58426TESI

Project BeARCAT : Baselining, Automation and Response for CAV Testbed Cyber Security : Connected Vehicle & Infrastructure Security Assessment

Connected, software-based systems are a driver in advancing the technology of transportation systems. Advanced automated and autonomous vehicles, together with electrification, will help reduce congestion, accidents and emissions. Meanwhile, vehicle manufacturers see advanced technology as enhancing their products in a competitive market. However, as many decades of using home and enterprise computer systems have shown, connectivity allows a system to become a target for criminal intentions. Cyber-based threats to any system are a problem; in transportation, there is the added safety implication of dealing with moving vehicles and the passengers within

An Extension of Business Process Model and Notation for Security Risk Management

Kaasaegsed infosüsteemide arendamise metoodikad hõlmavad erinevaid tehnilisi äriprotsesside modelleerimise meetmeid. Äriprotsesside modelleerimiseks kasutatav keel (BPMN) on tänapäeval muutunud üheks standartseks meetmeks, mis edukalt rakendatakse infosüsteemide loomisel ning edasi arendamisel selleks, et ettevõtete äriprotsesse kirjeldada ja modelleerida.Vaatamata sellele, et BPMN on hea töörist, mille abil on võimalik ettevõtte äriprotsesse mõistma ja esitama, see ei võimalda äriprotsesside modelleerimisel adresseerida süsteemi turvalisuse aspekte. Autor leiab, et see on BPMN nõrk külg, selle pärast, et turvalise infosüsteemi arendamiseks on oluline nii äriprotsesse kui ka süsteemi turvalisust vaadeldada tervikuna. Käesolevas magistritöös autor töötab välja BPMN 2.0 keele jaoks uusi elemente, mis edaspidi peavad võimaldama adresseerima turvalisuse temaatika süsteemi modelleerimisel. Autori pakutud lahendus põhineb BPMN modelleerimiskeele seostamisel turvalisuse riski juhendamise metoodikaga (ISSRM). Antud magistritöös rakendatakse struktureeritud lähenemine BPMN peamiste aspektide analüüsimisel ja turvalisuse riskide juhtimiseks uute elementide väljatöötamisel, selleks ühildades BPMN ning ISSRM-i kontsepte. Magistritöös on demonstreeritud väljatöötatud lisaelementide kasutus, selgitatud kuidas antud elementidega laiendatud BPMN võimaldab väljendada ettevõtte varasid (assets), nendega seotuid riske (risks) ja riskide käsitlust (risk treatment). See on analüüsitud internetkaupluse varade konfidentsiaalsuse, terviklikkuse ja kättesaadavuse näitel. Autor on veendunud, et BPMN laienemine turvalisuse kontseptide osas ja antud töö raames tehtud konkreetsed ettepanekud aitavad infosüsteemide analüütikutele mõistma kuidas süsteemi turvalisust arendada nii, et läbi äriprotsessi tuvastatud olulisemate ettevõtte varade turvalisus oleks infosüsteemis käsitletud ning tagatud. Autori poolt antud käsitlus on vaadeldud ka laiemas mõttes, nimelt, BPMN keelele pakutud laienemisega avaneb perspektiiv äriprotsesside ja turvalisuse mudeleite koosvõimele ning BPMN-i teiste modelleerimise metoodikatega, nagu ISSRM või Secure Tropos, integreerimisele.Modern Information System (IS) development supports different techniques for business process modelling. Recently Business Process Model and Notation (BPMN) has become a standard that allows modelers to visualize organizational business processes. However, despite the fact that BPMN is a good approach to introduce and understand business processes, there is no opportunity to address security concerns while analysing the business needs. This is a problem, since both business processes and security concerns should be understood in parallel to support a development of the secure systems. In current thesis we introduce the extensions for BPMN 2.0 regarding security aspects. The following proposal is based on alignment of the modelling notation with IS security risk management (ISSRM).We apply a structured approach to understand major aspects of BPMN and propose extensions for security risk management based on the BPMN alignment to the ISSRM concepts. We demonstrate the use of extensions, illustrating how the extended BPMN could express assets, risks and risk treatment on few running examples related to the Internet store assets’ confidentiality, integrity and availability. We believe that our proposal would allow system analysts to understand how to develop security requirements to secure important assets defined through business processes. We also attempt to observe the following approach in the broader sense and we open a possibility for the business and security model interoperability and the model transformation between BPMN and another modelling approach also aligned to ISSRM, Secure Tropos

Investigating business process elements: a journey from the field of Business Process Management to ontological analysis, and back

Business process modelling languages (BPMLs) typically enable the representation of business processes via the creation of process models, which are constructed using the elements and graphical symbols of the BPML itself. Despite the wide literature on business process modelling languages, on the comparison between graphical components of different languages, on the development and enrichment of new and existing notations, and the numerous definitions of what a business process is, the BPM community still lacks a robust (ontological) characterisation of the elements involved in business process models and, even more importantly, of the very notion of business process. While some efforts have been done towards this direction, the majority of works in this area focuses on the analysis of the behavioural (control flow) aspects of process models only, thus neglecting other central modelling elements, such as those denoting process participants (e.g., data objects, actors), relationships among activities, goals, values, and so on. The overall purpose of this PhD thesis is to provide a systematic study of the elements that constitute a business process, based on ontological analysis, and to apply these results back to the Business Process Management field. The major contributions that were achieved in pursuing our overall purpose are: (i) a first comprehensive and systematic investigation of what constitutes a business process meta-model in literature, and a definition of what we call a literature-based business process meta-model starting from the different business process meta-models proposed in the literature; (ii) the ontological analysis of four business process elements (event, participant, relationship among activities, and goal), which were identified as missing or problematic in the literature and in the literature-based meta-model; (iii) the revision of the literature-based business process meta-model that incorporates the analysis of the four investigated business process elements - event, participant, relationship among activities and goal; and (iv) the definition and evaluation of a notation that enriches the relationships between activities by including the notions of occurrence dependences and rationales

Aligning business processes and IT of multiple collaborating organisations

When multiple organisations want to collaborate with one another they have to integrate their business processes. This requires aligning the collaborative business processes and the underlying IT (Information Technology). Realizing the required alignment is, however, not trivial and is the subject of this thesis. We approached the issue of alignment in three steps. First, we explored business-IT alignment problems in detail in a real-life business case. This is done in order to clarify what alignment of business processes and IT systems across a collaboration network entails. Second, we provided a business-IT alignment framework called BITA* (pronounce bita-star). The framework provides modelling abstractions for alignment. Third, we applied the framework in two real-life case studies, including the real-life business case used in step one. By applying the framework in practice we showed that the framework can, in fact, help to address the business-IT alignment problems that we identified in the first step. The work presented in this thesis is conducted over a number of years in the context of four large EU sponsored research projects. The projects focused on alignment problems in two very distinct application areas. Two projects were about realizing transparency systems for meat supply chains and constitute the first case study. The other two projects were about realizing multidisciplinary modelling collaboration systems and constitute the second case study. Although the projects were conducted sequentially the research questions were addressed iteratively over the years. The research methodology that shows how the framework is designed and how the case studies are applied is discussed in detail in chapter 2. In chapter 3 we present BITA*, a Business-IT Alignment framework for multiple collaborating organisations. The main challenges in designing BITA* have been what models to consider for alignment and how to compare them in order to make explicit statements about alignment. We addressed this problem by introducing allocation and alignment modelling constructs to help the alignment process, and the concept of business collaboration model to represent the models that have to be aligned. We identified three groups of stakeholders for whom we designed explicit design viewpoints and associated allocation and alignment models. The Business Process to Business Process (BP2BP) alignment viewpoint is designed for business analysts who have to align diverse business collaboration process models. The IT to IT (IT2IT) alignment viewpoint is designed for software architects to align the distribution of data and IT systems across a collaboration network. The Business Process to IT (BP2IT) alignment viewpoint is designed for an interdisciplinary team of business analysts and software architects who have to align the different ways of supporting business collaboration processes with distributed IT system. An essential element of this thesis has been elaborating how business-IT alignment problems occur in the context of multi-organisational collaboration. The case studies were used to demonstrate business-IT alignment concerns. Particularly, the details of the first case study presented in chapters 4 and 5 were used in chapter 3 to help derive the alignment framework. The case study presented an ideal problem scenario since realizing transparency across supply chains is intrinsically a collaborative effort. The second case study was used to enhance the validity of our approach. The results of the second case study are presented in chapter 6. The alignment framework was designed during the iterative process we followed when realizing a generic transparency system for meat supply chains. To realize the required generic transparency system we needed a reference architecture. To derive the reference architecture we adapted an already existing and broadly-accepted generic reference architecture. We have to adapt the generic reference architecture in order to address specific requirements of the meat sector that were not considered in the generic reference architecture. The adaptation process made it clear that we needed models for representing business collaborations. We, therefore, introduced the notion of business collaboration model, which we used both to model reference architectures and to adapt them. Adaptation required aligning the generic reference architecture with the diverse business collaboration models adopted by the organisations that have to collaborate. The alignment framework is thus used for adapting a generic reference architecture in order to create a reference architecture that the collaborating organisations can, and are willing to, adopt. We identified three types of business collaboration models: business collaboration process model, business collaboration IT model, and a model for representing the relationship between these two. A business collaboration process model is a business process model that spans a collaboration network. A business collaboration IT model is a model of the distribution of the IT across the collaboration network. A business collaboration process-IT model is a model of the relationships between the elements of the business collaboration processes and the elements of the distributed IT. Each organisation is considered to adopt its own business collaboration models. For instance, different actors in meat supply chains have different views on how chain-wide transparency should be realized. Which business processes and IT systems each organisation has to deploy and use depends on the business collaboration models each food operator adopts. If two different food operators adopt the same set of business collaboration models, they are aligned; otherwise they are misaligned. Hence, alignment entails comparing the different business collaboration models adopted by the participating organisations. The results of the alignment process are explicit statements about how convergent or divergent the organisations are from the chosen generic reference architecture. The explicit statements of alignment guide how best the generic and the corresponding organisational business collaboration models can be adapted to create a better state of alignment. To further enhance the validity of the overall approach the second case study was conducted. The second case study was a retrospective investigation of two past research projects focusing on aligning environmental modelling processes and IT systems. A retrospective case study was chosen because launching a new business-IT alignment project involving multiple collaborating organisations was not feasible. The projects were undertaken to support the European Water Framework Directive, which mandated, among other things, participatory, multidisciplinary, river-basin wide and model-based studies to manage the water resources of Europe. The directive particularly required a collaborative approach to building environmental decision support systems and to deriving methodologies for applying existing decision support systems. We applied BITA* to aligning environmental modelling processes and IT systems in order to evaluate the suitability of the framework to addressing alignment problems in other application areas. The contributions of the thesis are summarized in chapter 7. The contributions include a number of design artefacts, which can be grouped into four categories: constructs, models, methods, and instantiations. The contribution in the first category includes the conceptualization of allocation and alignment. The contributions in the second category include allocation and alignment models, and reference architectures. Allocation models are representations of business collaboration models in a form that can be compared and are the basis for alignment modelling. The main contribution in the third category is the BITA* systematic approach to alignment modelling. The contributions in the fourth category are the software systems developed with the help of the reference architectures.</p