DT4BP: a Business Process Modelling Language for Dependable Time-Constrained Business Processes

Today, numerous organisations rely on information software systems to run their businesses. The effectiveness of the information software system then, depends largely on the degree to which the organisation's business is accurately captured in the business model. The business model is an abstract description of the way an organisation's functions. Thus, the more precise the business model, the more accurate the requirement definition of the information software system to be engineered.There are an abundance of tools and notations available today to support the development of many types of business process. Many of these artifacts rely on the concept of a business process to describe a business model. A business process is commonly known as a set of one or more linked procedures or activities which collectively realise a business objective or policy goal, normally within the context of an organisational structure defining functional roles and relationships". This thesis is concerned with modelling business processes as a means to accurately capture an organisation's activities and thus, the requirements of the software system that supports these activities.Among the infinite set of possible business processes, this thesis targets only those characterized by the qualities of dependability, collaboration and time. Business processes having these specific dimensions are referred to as Dependable, Collaborative and Time-Constrained (DCTC) business processes. A dependable business process is one whose failures or the number of occurrences in which business process misses its goal are not unacceptably frequent or severe (from certain viewpoint). A collaborative business process is one that requires the interaction of multiple participants to attain its goal. A time-constrained business process is one that owns at least one property expressed in terms of an upper or lower time bound. This thesis investigates how DCTC business processes can be described such that the resulting model captures all the relevant aspects of each dimension of interest. In addition, the business model must be comprehensible to the stakeholders involved not only in its definition, but also in its further use throughout the software development life cycle.A revision and analysis of notations that exist for modelling business processes conducted in this thesis have revealed that today there does not exist any modelling language that provides comprehensible, suitable and sufficiently expressive support for the characteristics of dependability, collaboration and time in an integrated manner. Hence, a significant part of this thesis is devoted to the definition of a new business process modelling language named DT4BP. The aim of this new modelling language is to be comprehensible, suitable and expressive enough to describe DCTC business processes. The definition of this new modelling language implies that a concrete syntax, an abstract syntax, a semantic domain and a semantic mapping is provided. The definition of this new modelling language is given following the Model-Driven Engineering (MDE) approach, and in particular the metamodelling principles. Thus, meta-models and model transformations are used to precisely specify the abstract syntax and semantic mapping elements of the language definition, respectively. Since DT4BP is a textual modelling language, its concrete syntax is specified by a context-free grammar. The Coordinated Atomic Actions conceptual framework with real-time extensions (Timed-CaaFWrk) is used as the semantic domain as it covers a large part of the abstractions included in dependable collaborative time-constrained business processes. The formalisation of this semantic domain according to the metamodelling principles is also part of the material presented in this thesis. Since the business model is considered as a representation of the requirement document the software system to be developed, it is crucial to validate whether it captures the requirements as intended by the stakeholder before going further in the software development process. Hence, besides the comprehensibility, suitability and expressiveness of the modelling language with respect to the domain of interest, it is of special interest to provide a mechanism that allows modellers to ensure that the business model is correct with respect to the stakeholder's expectations. One way of achieving this goal is to provide the modelling language with an executable semantics. In this manner, any business model can be executed on sample input data, and its dynamic behaviour observed. The observation of the dynamic behaviour of the model may be considered as a simulation of the model based on the sample input data. By performing several simulations of the model, the modeller, in cooperation with the stakeholder, can judge whether the business model is correct. This thesis provides an executable semantics for Timed-CaaFWrk that, used in combination with the model transformation that defines the semantic mapping element of the language definition, allows DT4BP models to be validated by simulation. In this manner, the dynamic behaviour of a particular DT4BP model for a given sample input data can be observed by transforming it into a Timed-CaaFWrk model, which is then run thanks to the given executable semantics

Enforcing reputation constraints on business process workflows

The problem of trust in determining the flow of execution of business processes has been in the centre of research interst in the last decade as business processes become a de facto model of Internet-based commerce, particularly with the increasing popularity in Cloud computing. One of the main mea-sures of trust is reputation, where the quality of services as provided to their clients can be used as the main factor in calculating service and service provider reputation values. The work presented here contributes to the solving of this problem by defining a model for the calculation of service reputa-tion levels in a BPEL-based business workflow. These levels of reputation are then used to control the execution of the workflow based on service-level agreement constraints provided by the users of the workflow. The main contribution of the paper is to first present a formal meaning for BPEL processes, which is constrained by reputation requirements from the users, and then we demonstrate that these requirements can be enforced using a reference architecture with a case scenario from the domain of distributed map processing. Finally, the paper discusses the possible threats that can be launched on such an architecture

Interim research assessment 2003-2005 - Computer Science

This report primarily serves as a source of information for the 2007 Interim Research Assessment Committee for Computer Science at the three technical universities in the Netherlands. The report also provides information for others interested in our research activities

A Software Product Line Approach to Ontology-based Recommendations in E-Tourism Systems

This study tackles two concerns of developers of Tourism Information Systems (TIS). First is the need for more dependable recommendation services due to the intangible nature of the tourism product where it is impossible for customers to physically evaluate the services on offer prior to practical experience. Second is the need to manage dynamic user requirements in tourism due to the advent of new technologies such as the semantic web and mobile computing such that etourism systems (TIS) can evolve proactively with emerging user needs at minimal time and development cost without performance tradeoffs. However, TIS have very predictable characteristics and are functionally identical in most cases with minimal variations which make them attractive for software product line development. The Software Product Line Engineering (SPLE) paradigm enables the strategic and systematic reuse of common core assets in the development of a family of software products that share some degree of commonality in order to realise a significant improvement in the cost and time of development. Hence, this thesis introduces a novel and systematic approach, called Product Line for Ontology-based Tourism Recommendation (PLONTOREC), a special approach focusing on the creation of variants of TIS products within a product line. PLONTOREC tackles the aforementioned problems in an engineering-like way by hybridizing concepts from ontology engineering and software product line engineering. The approach is a systematic process model consisting of product line management, ontology engineering, domain engineering, and application engineering. The unique feature of PLONTOREC is that it allows common TIS product requirements to be defined, commonalities and differences of content in TIS product variants to be planned and limited in advance using a conceptual model, and variant TIS products to be created according to a construction specification. We demonstrated the novelty in this approach using a case study of product line development of e-tourism systems for three countries in the West-African Region of Africa

Architecture-based Evolution of Dependable Software-intensive Systems

This cumulative habilitation thesis, proposes concepts for (i) modelling and analysing dependability based on architectural models of software-intensive systems early in development, (ii) decomposition and composition of modelling languages and analysis techniques to enable more flexibility in evolution, and (iii) bridging the divergent levels of abstraction between data of the operation phase, architectural models and source code of the development phase

A survey on online monitoring approaches of computer-based systems

This report surveys forms of online data collection that are in current use (as well as being the subject of research to adapt them to changing technology and demands), and can be used as inputs to assessment of dependability and resilience, although they are not primarily meant for this use

Arguing satisfaction of security requirements

This chapter presents a process for security requirements elicitation and analysis, based around the construction of a satisfaction argument for the security of a system. The process starts with the enumeration of security goals based on assets in the system, then uses these goals to derive security requirements in the form of constraints. Next, a satisfaction argument for the system is constructed, using a problem-centered representation, a formal proof to analyze properties that can be demonstrated, and structured informal argumentation of the assumptions exposed during construction of the argument. Constructing the satisfaction argument can expose missing and inconsistent assumptions about system context and behavior that effect security, and a completed argument provides assurances that a system can respect its security requirements