Metamodellbasierte und hierarchieorientierte Workflowmodellierung

In dieser Arbeit werden Metamodelle eingesetzt, um Workflow- bzw. Geschäftsprozessmodellierungssprachen und ihre operationale Semantik zu definieren. Mit einer deklarativen und einer hierarchischen Sprache werden zwei Modellierungsweisen verfolgt, die im Bereich der Geschäftsprozessmodellierung nicht weit verbreitet sind. Der Hauptvorteil beim deklarativen Ansatz liegt in einer höheren Flexiblität und bei der hierarchischen Sprache in einer besseren Verständlichkeit der Modelle

Hybrid model checking approach to analysing rule conformance applied to HIPAA privacy rules, A

2017 Summer.Includes bibliographical references.Many of today's computing systems must show evidence of conformance to rules. The rules may come from business protocol choices or from multi-jurisdictional sources. Some examples are the rules that come from the regulations in the Health Insurance Portability and Accountability Act (HIPAA) protecting the privacy of patient information and the Family Educational Rights and Privacy Act (FERPA) protecting the privacy of student education records. The rules impose additional requirements on already complex systems, and rigorous analysis is needed to show that any system implementing the rules exhibit conformance. If the analysis finds that a rule is not satisfied, we adjudge that the system fails conformance analysis and that it contains a fault, and this fault must be located in the system and fixed. The exhaustive analysis performed by Model Checking makes it suitable for showing that systems satisfy conformance rules. Conformance rules may be viewed in two, sometimes overlapping, categories: process- aware conformance rules that dictate process sequencing, and data-aware conformance rules that dictate acceptable system states. Where conformance rules relate to privacy, the analysis performed in model check- ing requires the examination of fine-grained structural details in the system state for showing conformance to data-aware conformance rules. The analysis of these rules may cause model checking to be intractable due to a state space explosion when there are too many system states or too many details in a system state. To over- come this intractable complexity, various abstraction techniques have been proposed that achieve a smaller abstracted system state model that is more amenable to model checking. These abstraction techniques are not useful when the abstractions hide the details necessary to verify conformance. If non-conformance occurs, the abstraction may not allow isolation of the fault. In this dissertation, we introduce a Hybrid Model Checking Approach (HMCA) to analyse a system for both process- and data-aware conformance rules without abstracting the details from a system's detailed process- and data models. Model Checking requires an analysable model of the system under analysis called a program graph and a representation of the rules that can be checked on the program graph. In our approach, we use connections between a process-oriented (e.g. a Unified Modelling Language (UML) activity model) and a data-oriented (e.g. UML class model) to create a unified paths-and-state system model. We represent this unified model as a UML state machine. The rule-relevant part of the state machine along with a graph-oriented formalism of the rules are the inputs to HMCA. The model checker uses an exhaustive unfolding of the program graph to produce a transition system showing all the program graph's reachable paths and states. Intractable complexity during model checking is encountered when trying to create the transition system. In HMCA, we use a divide and conquer approach that applies a slicing technique on the program graph to semi- automatically produce the transition system by analysing each slice individually, and composing its result with the results from other slices. Our ability to construct the transition system from the slices relieves a traditional model checker of that step. We then return to use model checking techniques to verify whether the transition system satisfies the rules. Since the analysis involves examining system states, if any of the rules are not satisfied, we can isolate the specific location of the fault from the details contained in the slices. We demonstrate our technique on an instance of a medical research system whose requirements include the privacy rules mandated by HIPAA. Our technique found seeded faults for common mistakes in logic that led to non-conformance and underspecification leading to conflicts of interests in personnel relationships

Zur Komplexität der Synthese von Petri-Netzen

Petri-Netz-Synthese fragt für ein reguläres Verhalten, das als Transitionssystem A gegeben ist, ob es ein Petri-Netz (einer bestimmten Klasse) gibt, das A implementiert. Diese Arbeit untersucht Varianten dieses Entscheidungsproblems für verschiedene Implementierungen und eine Vielzahl von Petri-Netz-Klassen aus Sicht der klassischen und der parametrisierten Komplexität. Ebenso wird die Komplexität der Modifikations-Techniken Neubeschriftung sowie Kanten-, Ereignis- und Zustandslöschung untersucht, die darauf abzielen, nicht-implememtierbare Transitionssysteme implementierbar zu machen.Petri net synthesis asks, for a regular behavior given as a transition system A, whether there exists a Petri net (of a particular class) that implements A. This work investigates variants of this decision problem for different implementations and a variety of Petri net classes from the point of view of classical and parameterized complexity. Also investigated is the complexity of the modification techniques of relabeling and edge, event, and state deletion, which aim to make non-implementable transition systems implementable