Verification and Validation of Formal Data-Centric Business Models

This paper addresses the problem of describing and analysing internally consistent data within business process workflow specifications. We use Rodin platform for verifying the correctness of the Event-B models. These models we obtain from an ontology and an associated set of normative constraints by applying mapping rules. The latter enable us to transform these specifications into Event-B modular artefacts. The resulting model, by virtue of the Event-B formalism, is very close to a typical loosely coupled component-based implementation of a business system workflow, but has the additional value of being amenable to theorem proving techniques to check and refine data representation with respect to process evolution. In this paper, we give a formal account of the design specifications defined by Event- B modules and perform verification and validation by using theorem proving techniques provided by Rodin platform

A Declarative Framework for Specifying and Enforcing Purpose-aware Policies

Purpose is crucial for privacy protection as it makes users confident that their personal data are processed as intended. Available proposals for the specification and enforcement of purpose-aware policies are unsatisfactory for their ambiguous semantics of purposes and/or lack of support to the run-time enforcement of policies. In this paper, we propose a declarative framework based on a first-order temporal logic that allows us to give a precise semantics to purpose-aware policies and to reuse algorithms for the design of a run-time monitor enforcing purpose-aware policies. We also show the complexity of the generation and use of the monitor which, to the best of our knowledge, is the first such a result in literature on purpose-aware policies.Comment: Extended version of the paper accepted at the 11th International Workshop on Security and Trust Management (STM 2015

Ensuring the semantic correctness of a BAUML artifact-centric BPM

Context: Using models to represent business processes provides several advantages, such as facilitating the communication between the stakeholders or being able to check the correctness of the processes before their implementation. In contrast to traditional process modeling approaches, the artifact-centric approach treats data as a key element of the process, also considering the tasks or activities that are performed in it. Objective: This paper presents a way to verify and validate the semantic correctness of an artifact-centric business process model defined using a combination of UML and OCL models - a BAUML model. Method: We achieve our goal by presenting several algorithms that encode the initial models into first-order logic, which then allows to use an existing satisfiability checking tool to determine their correctness. Results: An approach to verify and validate an artifact-centric BPM specified in BAUML, which uses a combination of UML and OCL models. To do this, we provide a method to translate all BAUML components into a set of logic formulas. The result of this translation ensures that the only changes allowed are those specified in the model, and that those changes are taking place according the order established by the model. Having obtained this logic representation, these models can be validated by any existing reasoning method able to deal with negation of derived predicates. Moreover, we show how to automatically generate the relevant tests to validate the models. We also show the feasibility of our approach by implementing a prototype tool and applying it to a running example. Conclusion: It is feasible to ensure the semantic correctness of an artifact-centric business process model in practice.Peer ReviewedPostprint (author's final draft

Computerization of workflows, guidelines and care pathways: a review of implementation challenges for process-oriented health information systems

There is a need to integrate the various theoretical frameworks and formalisms for modeling clinical guidelines, workflows, and pathways, in order to move beyond providing support for individual clinical decisions and toward the provision of process-oriented, patient-centered, health information systems (HIS). In this review, we analyze the challenges in developing process-oriented HIS that formally model guidelines, workflows, and care pathways. A qualitative meta-synthesis was performed on studies published in English between 1995 and 2010 that addressed the modeling process and reported the exposition of a new methodology, model, system implementation, or system architecture. Thematic analysis, principal component analysis (PCA) and data visualisation techniques were used to identify and cluster the underlying implementation ‘challenge’ themes. One hundred and eight relevant studies were selected for review. Twenty-five underlying ‘challenge’ themes were identified. These were clustered into 10 distinct groups, from which a conceptual model of the implementation process was developed. We found that the development of systems supporting individual clinical decisions is evolving toward the implementation of adaptable care pathways on the semantic web, incorporating formal, clinical, and organizational ontologies, and the use of workflow management systems. These architectures now need to be implemented and evaluated on a wider scale within clinical settings

Reasoning on the usage control security policies over data artifact business process models

The inclusion of security aspects in organizations is a crucial aspect to ensure compliance with both internal and external regulations. Business process models are a well-known mechanism to describe and automate the activities of the organizations, which should include security policies to ensure the correct performance of the daily activities. Frequently, these security policies involve complex data which cannot be represented using the standard Business Process Model Notation (BPMN). In this paper, we propose the enrichment of the BPMN with a UML class diagram to describe the data model, that is also combined with security policies defined using the UCONABC framework annotated within the business process model. The integration of the business process model, the data model, and the security policies provides a context where more complex reasoning can be applied about the satisfiability of the security policies in accordance with the business process and data models. To do so, wetransform the original models, including security policies, into the BAUML framework (an artifact-centric approach to business process modelling). Once this is done, it is possible to ensure that there are no inherent errors in the model (verification) and that it fulfils the business requirements (validation), thus ensuring that the business process and the security policies are compatible and that they are aligned with the business security requirements.This work has been supported by Project PID2020-112540RB-C44 funded by MCIN/AEI/ 10.13039/501100011033, Project TIN2017-87610-R funded by MCIN/AEI/10.13039/501100011033 and FEDER “Una manera de hacer Europa”, Project 2017-SGR-1749 by the Generalitat de Catalunya, Projects COPERNICA (P20 01224) and METAMORFOSIS by the Junta de Andalucía.Peer ReviewedPostprint (published version

Artifact-centric business process models in UML : specification and reasoning

Business processes are directly involved in the achievement of an organization's goals, and for this reason they should be performed in the best possible way. Modeling business processes can help to achieve this as, for instance, models can facilitate the communication between the people involved in the process, they provide a basis for process improvement and they can help perform process management. Processes can be modeled from many different perspectives. Traditional process modeling has followed the process-centric (or activity-centric) perspective, where the focus is on the sequencing of activities (i.e. the control flow), largely ignoring or underspecifying the data required by these tasks. In contrast, the artifact-centric (or data-centric) approach to process modeling focuses on defining the data required by the tasks and the details of the tasks themselves in terms of the changes they make to the data. The BALSA framework defines four dimensions which should be represented in any artifact-centric business process model: business artifacts, lifecycle, services (i.e. tasks) and associations. Using different types of models to represent these dimensions will result in distinct representations, whose differing characteristics (e.g. the degree of formality or understandability) will make them more appropriate for one purpose or another. Considering this, in the first part of this thesis we propose a framework, BAUML, for modeling business processes following an artifact-centric perspective. This framework is based on using a combination of UML and OCL models, and its goal is to have a final representation of the process which is both understandable and formal, to avoid ambiguities and errors. However, once a process model has been defined, it is important to ensure its quality. This will avoid the propagation of errors to the process's implementation. Although there are many different quality criteria, we focus on the semantic correctness of the model, answering questions such as "does it represent reality correctly?" or "are there any errors and contradictions in it?". Therefore, the second part of this thesis is concerned with finding a way to determine the semantic correctness of our BAUML models. We are interested in considering the BAUML model as a whole, including the meaning of the tasks. To do so, we first translate our models into a well-known framework, a DCDS (Data-centric Dynamic System) to which then modelchecking techniques can be applied. However, DCDSs have been defined theoretically and there is no tool that implements them. For this reason, we also created a prototype tool, AuRUS-BAUML, which is able to translate our BAUML models into logic and to reason on their semantic correctness using an existing tool, SVTe. The integration between AuRUS-BAUML and SVTe is transparent to the user. Logically, the thesis also presents the logic translation which is performed by the tool.Els processos de negoci estan directament relacionats amb els objectius de negoci, i per tant és important que aquests processos es duguin a terme de la millor manera possible. Optar per modelar-los pot ajudar a aconseguir-ho, ja que els models proporcionen nombrosos avantatges. Per exemple: faciliten la comunicació entre les parts involucrades en el procés, proporcionen una base a partir del qual millorar-lo, i poden ajudar a gestionar-lo. Els processos es poden modelar des de diferents perspectives. El modelat tradicional de processos s'ha basat molt en la perspectiva anomenada "process-centric" (centrada en processos) o "activity-centric" (centrada en activitats), que posa l'èmfasi en la seqüència d'activitats o tasques que s'han d'executar, ignorant en gran mesura les dades necessàries per dur a terme aquestes tasques. Per altra banda, la perspectiva "artifact-centric" (centrada en artefactes) o "data-centric" es basa en definir les dades que necessiten les tasques i els detalls de les tasques en si, representant els canvis que aquestes fan a les dades. El framework BALSA defineix quatre dimensions que haurien de representar-se en qualsevol model artifact-centric: els artefactes de negoci (business artifacts), els cicles de vida (lifecycles), els serveis (services) i les associacions (associations). Utilitzant diferents tipus de models per representar aquestes dimensions porta a obtenir diverses representacions amb característiques diferents. Aquesta varietat de característiques farà que els models resultants siguin més apropiats per un propòsit o per un altre. Considerant això, en la primera part d'aquesta tesi proposem un framework, BAUML, per modelar processos de negoci seguint una perspectiva artifact-centric. El framework es basa en utilitzar una combinació de models UML i OCL, i el seu objectiu és obtenir una representació final del procés que sigui a la vegada comprensible i formal, per tal d'evitar ambigüitats i errors. Un cop definit el procés, és important assegurar-ne la qualitat. Això evitarà la propagació d'errors a la implementació final del procés. Malgrat que hi ha molts criteris de qualitat diferents, ens centrarem en la correctesa semàntica del model, per respondre a preguntes com ara "representa la realitat correctament?" o "conté errors o contradiccions?". En conseqüència, la segona part d'aquesta tesi se centra en buscar una manera per determinar la correctesa semàntica d'un model BAUML. Ens interessa considerar el model com un tot, incloent el significat de les tasques (és a dir, el detall del que fan). Per aconseguir-ho, primer traduïm les tasques a un framework reconegut, DCDSs (Data-centric Dynamic Systems). Un cop obtingut, s'hi poden aplicar tècniques de model-checking per determinar si compleix certes propietats. Malauradament, els DCDSs s'han definit a nivell teòric i no hi ha cap eina que els implementi. Per aquest motiu, hem creat un prototip d'eina, AuRUS-BAUML, que és capaç de traduir els nostres models BAUML a lògica i aplicar-hi tècniques de raonament per determinar-ne la correctesa semàntica. Per la part de raonament, l'AuRUS-BAUML fa servir una eina existent, l'SVTe. La integració entre l'AuRUS-BAUML i l'SVTe és transparent de cara a l'usuari. Lògicament, la tesi també presenta la traducció a lògica que porta a terme l'eina

Principles and Concepts of Agent-Based Modelling for Developing Geospatial Simulations

The aim of this paper is to outline fundamental concepts and principles of the Agent-Based Modelling (ABM) paradigm, with particular reference to the development of geospatial simulations. The paper begins with a brief definition of modelling, followed by a classification of model types, and a comment regarding a shift (in certain circumstances) towards modelling systems at the individual-level. In particular, automata approaches (e.g. Cellular Automata, CA, and ABM) have been particularly popular, with ABM moving to the fore. A definition of agents and agent-based models is given; identifying their advantages and disadvantages, especially in relation to geospatial modelling. The potential use of agent-based models is discussed, and how-to instructions for developing an agent-based model are provided. Types of simulation / modelling systems available for ABM are defined, supplemented with criteria to consider before choosing a particular system for a modelling endeavour. Information pertaining to a selection of simulation / modelling systems (Swarm, MASON, Repast, StarLogo, NetLogo, OBEUS, AgentSheets and AnyLogic) is provided, categorised by their licensing policy (open source, shareware / freeware and proprietary systems). The evaluation (i.e. verification, calibration, validation and analysis) of agent-based models and their output is examined, and noteworthy applications are discussed.Geographical Information Systems (GIS) are a particularly useful medium for representing model input and output of a geospatial nature. However, GIS are not well suited to dynamic modelling (e.g. ABM). In particular, problems of representing time and change within GIS are highlighted. Consequently, this paper explores the opportunity of linking (through coupling or integration / embedding) a GIS with a simulation / modelling system purposely built, and therefore better suited to supporting the requirements of ABM. This paper concludes with a synthesis of the discussion that has proceeded. The aim of this paper is to outline fundamental concepts and principles of the Agent-Based Modelling (ABM) paradigm, with particular reference to the development of geospatial simulations. The paper begins with a brief definition of modelling, followed by a classification of model types, and a comment regarding a shift (in certain circumstances) towards modelling systems at the individual-level. In particular, automata approaches (e.g. Cellular Automata, CA, and ABM) have been particularly popular, with ABM moving to the fore. A definition of agents and agent-based models is given; identifying their advantages and disadvantages, especially in relation to geospatial modelling. The potential use of agent-based models is discussed, and how-to instructions for developing an agent-based model are provided. Types of simulation / modelling systems available for ABM are defined, supplemented with criteria to consider before choosing a particular system for a modelling endeavour. Information pertaining to a selection of simulation / modelling systems (Swarm, MASON, Repast, StarLogo, NetLogo, OBEUS, AgentSheets and AnyLogic) is provided, categorised by their licensing policy (open source, shareware / freeware and proprietary systems). The evaluation (i.e. verification, calibration, validation and analysis) of agent-based models and their output is examined, and noteworthy applications are discussed.Geographical Information Systems (GIS) are a particularly useful medium for representing model input and output of a geospatial nature. However, GIS are not well suited to dynamic modelling (e.g. ABM). In particular, problems of representing time and change within GIS are highlighted. Consequently, this paper explores the opportunity of linking (through coupling or integration / embedding) a GIS with a simulation / modelling system purposely built, and therefore better suited to supporting the requirements of ABM. This paper concludes with a synthesis of the discussion that has proceeded

Query Stability in Monotonic Data-Aware Business Processes [Extended Version]

Organizations continuously accumulate data, often according to some business processes. If one poses a query over such data for decision support, it is important to know whether the query is stable, that is, whether the answers will stay the same or may change in the future because business processes may add further data. We investigate query stability for conjunctive queries. To this end, we define a formalism that combines an explicit representation of the control flow of a process with a specification of how data is read and inserted into the database. We consider different restrictions of the process model and the state of the system, such as negation in conditions, cyclic executions, read access to written data, presence of pending process instances, and the possibility to start fresh process instances. We identify for which facet combinations stability of conjunctive queries is decidable and provide encodings into variants of Datalog that are optimal with respect to the worst-case complexity of the problem.Comment: This report is the extended version of a paper accepted at the 19th International Conference on Database Theory (ICDT 2016), March 15-18, 2016 - Bordeaux, Franc

Data-Flow Modeling: A Survey of Issues and Approaches

This paper presents a survey of previous research on modeling the data flow perspective of business processes. When it comes to modeling and analyzing business process models the current research focuses on control flow modeling (i.e. the activities of the process) and very little attention is paid to the data-flow perspective. But data is essential in a process. In order to execute a workflow, the tasks need data. Without data or without data available on time, the control flow cannot be executed. For some time, various researchers tried to investigate the data flow perspective of process models or to combine the control and data flow in one model. This paper surveys those approaches. We conclude that there is no model showing a clear data flow perspective focusing on how data changes during a process execution. The literature offers some similar approaches ranging from data modeling using elements from relational database domain, going through process model verification and ending with elements related to Web Services