On the Enforcement of a Class of Nonlinear Constraints on Petri Nets

International audienceThis paper focuses on the enforcement of nonlinear constraints in Petri nets. First, a supervisory structure is proposed for a nonlinear constraint. The proposed structure consists of added places and transitions. It controls the transitions in the net to be controlled only but does not change its states since there is no arc between the added transitions and the places in the original net. Second, an integer linear programming model is proposed to transform a nonlinear constraint to a minimal number of conjunc-tive linear constraints that have the same control performance as the nonlinear one. By using a place invariant based method, the obtained linear constraints can be easily enforced by a set of control places. The control places consist to a supervisor that can enforce the given nonlinear constraint. On condition that the admissible markings space of a nonlinear constraint is non-convex, another integer linear programming model is developed to obtain a minimal number of constraints whose disjunctions are equivalent to the nonlinear constraint. Finally, a number of examples are provided to demonstrate the proposed approach

Modularity for Security-Sensitive Workflows

An established trend in software engineering insists on using components (sometimes also called services or packages) to encapsulate a set of related functionalities or data. By defining interfaces specifying what functionalities they provide or use, components can be combined with others to form more complex components. In this way, IT systems can be designed by mostly re-using existing components and developing new ones to provide new functionalities. In this paper, we introduce a notion of component and a combination mechanism for an important class of software artifacts, called security-sensitive workflows. These are business processes in which execution constraints on the tasks are complemented with authorization constraints (e.g., Separation of Duty) and authorization policies (constraining which users can execute which tasks). We show how well-known workflow execution patterns can be simulated by our combination mechanism and how authorization constraints can also be imposed across components. Then, we demonstrate the usefulness of our notion of component by showing (i) the scalability of a technique for the synthesis of run-time monitors for security-sensitive workflows and (ii) the design of a plug-in for the re-use of workflows and related run-time monitors inside an editor for security-sensitive workflows

Petri net controllers for Generalized Mutual Exclusion Constraints with floor operators

In this paper a special type of nonlinear marking specifications called stair generalized mutual exclusion constraints (stair-GMECs) is defined. A stair-GMEC can be represented by an inequality whose left-hand is a linear combination of floor functions. Stair-GMECs have higher modeling power than classical GMECs and can model legal marking sets that cannot be defined by OR–AND GMECs. We propose two algorithms to enforce a stair-GMEC as a closed-loop net, in which the control structure is composed by a residue counter, remainder counters, and duplicate transitions. We also show that the proposed control structure is maximally permissive since it prevents all and only the illegal trajectories of a plant net. This approach can be applied to both bounded and unbounded nets. Several examples are proposed to illustrate the approach

Obstructions in Security-Aware Business Processes

This Open Access book explores the dilemma-like stalemate between security and regulatory compliance in business processes on the one hand and business continuity and governance on the other. The growing number of regulations, e.g., on information security, data protection, or privacy, implemented in increasingly digitized businesses can have an obstructive effect on the automated execution of business processes. Such security-related obstructions can particularly occur when an access control-based implementation of regulations blocks the execution of business processes. By handling obstructions, security in business processes is supposed to be improved. For this, the book presents a framework that allows the comprehensive analysis, detection, and handling of obstructions in a security-sensitive way. Thereby, methods based on common organizational security policies, process models, and logs are proposed. The Petri net-based modeling and related semantic and language-based research, as well as the analysis of event data and machine learning methods finally lead to the development of algorithms and experiments that can detect and resolve obstructions and are reproducible with the provided software

Behavioral Constraints for Services

Recently, we introduced the concept of an operating guideline of a service as a structure that characterizes all its properly interacting partner services. The hitherto considered correctness criterion is deadlock freedom of the composition of both services. In practice, there are intended and unintended deadlock-freely interacting partners of a service. In this paper, we provide a formal approach to express intended and unintended behavior as behavioral constraints. With such a constraint, unintended partners can be “filtered" yielding a customized operating guideline. Customized operating guidelines can be applied to validate a service and for service discovery

Exceptions in Information Systems

The concept of exception has been defined in diverse ways. We relate exceptions to computational transactions and to control constructs. Our view of a transaction is very broad, and we consider transactional exceptions to be instances of undefined function values. By giving different interpretations to undefined we arrive at a classification of transactional exceptions. Our primary interest is in information systems, i.e., in database transactions, and in processes that consist of such transactions. In the database context we show that liberal treatment of exceptions is simpler than total quality management for consistency based on a set of constraints. We refer to control operations that link transactions into processes as actions. Actions tend to be time-related, and time Petri nets provide actions with semantics. The time Petri net representation indicates where exceptions can arise. We also consider high-level monitors for the detection of exceptions. Although our emphasis is on detection of exceptions, their handling is also discussed