Presentation is loading. Please wait.

Presentation is loading. Please wait.

21/10/2008FMCO Sophia-Antipolis1 Formal Behavioural Models and Compliance Analysis for Service Oriented Systems Natallia Kokash and Farhad Arbab.

Published byCarol Arnold Modified over 8 years ago

Similar presentations

Presentation on theme: "21/10/2008FMCO Sophia-Antipolis1 Formal Behavioural Models and Compliance Analysis for Service Oriented Systems Natallia Kokash and Farhad Arbab."— Presentation transcript:

1 21/10/2008FMCO Sophia-Antipolis1 Formal Behavioural Models and Compliance Analysis for Service Oriented Systems Natallia Kokash and Farhad Arbab

2 21/10/2008FMCO Sophia-Antipolis2 Introduction Role of Formal Methods in SOA COMPAS Project Reo Coordination Language From Business Process Modeling (BPM) to Web Service (WS) Composition BPMN to Reo mapping Process analysis, examples Support for Business Process Compliance Control flow, transactions, temporal requirements, Quality of Service (QoS) Related Work Conclusions and Future Work

3 21/10/2008FMCO Sophia-Antipolis3 Role of Formal Methods in SOC Analysis of composition/coordination languages (e.g., WS-BPEL, WS-CDL) Complete unambiguous description of service behavior and non-functional properties Verification of service interaction protocols Analysis of WS compositions (behavioral compatibility of services, performance analysis, security, etc.) Support for automated WS composition …

4 21/10/2008FMCO Sophia-Antipolis4 COMPAS project COMPAS = Compliance-driven Models, Languages, and Architectures for Services Ensure dynamic and on-going compliance of software services to business regulations and user requirements Help organizations to develope business compliance solutions easier and faster Use model-driven techniques, domain-specific languages, and service-oriented computing http://www.compas-ict.eu/

5 21/10/2008FMCO Sophia-Antipolis5 What is Compliance? A multi-faceted concept that encompasses the capability of an organization to meet requirements coming from Regulatory/legislative documents Basel II2, Sarbanes-Oxley6, IFRS2, MiFID3, LSF4, HIPAA, Tabaksblat5, etc. Business contracts Organization movements towards Quality of Service (QoS) Compliance can be seen as A state of “adherence of one set of rules (source rules) against another set of rules (target rules)” A process, which is about “ensuring that business processes, operations and practice are in accordance with a prescribed set of norms”

6 21/10/2008FMCO Sophia-Antipolis6 Compliance categories COMPAS has identified Control flow, locative, information, resource and temporal compliance concerns Monitoring, payment, privacy, quality, retention, security and transaction compliance concerns Constraints on business process behavior Workflow structure, data visibility, temporal constraints… We aim at dealing with (at least) control flow, resource, temporal, quality and transaction compliance

7 21/10/2008FMCO Sophia-Antipolis7 Compliance-aware SOA design Modeling Implementation Business Process Lifecycle Compliance Concerns Graphical Modeling Tools (GMT) (BPMN, UML2 ADs, BPEL) Reo/Constraint Automata Modeling Tools Java, BPEL, WS-CDL, WSDL DSLs, GMT extensions Constraints, Temporal Logic Formulae, Automata Web Services, WS-Policies, XACML, etc. Model checking, refinement BPMN2Reo,... Code generation

8 21/10/2008FMCO Sophia-Antipolis8 Reo Coordination Language = A B C A B C Exclusive choice (deffered XOR) FIFO1 channel synchronous channel lossy synchronous channel filter channel synchronous drain asynchronous drain synchronous spout asynchronous spout Service1 Service2 Service3 A B C Semantics Constraint automata [Baier et al., 2006] Connector coloring [Clarke et al., 2006] ≤≤ timer channel P

9 21/10/2008FMCO Sophia-Antipolis9 Reo Coordination Tools Reo Connector Editor Animation Plug-in Reconfiguration Plug-in Converter to Extended Constraint Automata (time, QoS) Model Checking Tool (provided by University of Dresden) http://wwwtcs.inf.tu- dresden.de/~klueppel/TUD_CWI/Welcome.html http://wwwtcs.inf.tu- dresden.de/~klueppel/TUD_CWI/Welcome.html Java Code Generator (distributed version is also available) http://reo.project.cwi.nl/ BPEL to Reo converter (provided by University of Tehran) [S. Tasharofi et al. 2008] UML Sequence Diagrams to Reo converter – work in progress BPMN to Reo converter – work in progress

10 21/10/2008FMCO Sophia-Antipolis10 Business Process Design 1. BPMN diagram 2. Reo process model [Dijkman et al. IST’08]

11 21/10/2008FMCO Sophia-Antipolis11 Business Process Analysis 3. Reo animation

12 21/10/2008FMCO Sophia-Antipolis12 Business Process Analysis QoS analysis with Quantitative Intentional Automata (QIA) – Constraint Automata with quantitative properties, (e.g., arrival rates at ports and average delays of dataflows between ports). For performance analysis, these automata are translated to Continuous-Timed Markov Chains and fed into the PRISM model checker.

13 21/10/2008FMCO Sophia-Antipolis13 Web Service Composition 4. Service composition

14 21/10/2008FMCO Sophia-Antipolis14 BPMN

15 21/10/2008FMCO Sophia-Antipolis15 BPMN2Reo: basic gateways OR/XOR merge Parallel fork Parallel join Event-based XOR decision ≤≤ M g1g1 g2g2 Data-based OR/XOR decision Complex gateways (e.g., m out of n choice) - repository of workflow patterns modeled with Reo http://homepages.cwi.nl/~proenca/webreo/home.htm

16 21/10/2008FMCO Sophia-Antipolis16 BPMN2Reo: tasks, events and messages M1M1 A B Send order C D Receive order M2M2 ! M1M1 A B M2M2 P Synchronous message exchange Outgoing messages M M M BlockingNon-blocking lossy Non-blocking waiting M Message event Atomic task

17 21/10/2008FMCO Sophia-Antipolis17 [Sadiq et al, BPM’07] BPMN2Reo: Example

18 21/10/2008FMCO Sophia-Antipolis18 BPMN2Reo: Process termination and exception handling start T1T1 T2T2 TnTn P cancel exception end ! ! cancel start end P1P1 P2P2 PnPn exception P’ !! Sequantial sub-processes Sequantial atomic tasks

19 21/10/2008FMCO Sophia-Antipolis19 BPMN2Reo: Process termination and exception handling start P1P1 P2P2 PnPn P’ end exception cancel Parallel sub-processes

20 21/10/2008FMCO Sophia-Antipolis20 BPMN2Reo: Task compensation commit performed cancel start C C’ commit performed cancel start C (committed) (cancelled) start performed commit cancel T ~T C committed cancelled

21 21/10/2008FMCO Sophia-Antipolis21 Modeling Long Running Business Transactions in Reo (cancel all performed) start performed C1C1 C2C2 CnCn P cancel cancelled (commit all) ! ! ! If a cancel message is received, the execution has to be stopped and all executed activities have to be compensated for Encode in a CTL-like logic and automatically check common workflow properties like Durability (no more than one output is reached for any process run) Eventuality (an output is reached for any process run) Atomicity (all involved activities are either successfully completed or successfully canceled), etc.

22 21/10/2008FMCO Sophia-Antipolis22 Modeling Long Running Business Transactions in Reo C1C1 C2C2 C3C3 C4C4 C5C5 C6C6 (commit all) end start A B cancelcancelled commit start performed

23 21/10/2008FMCO Sophia-Antipolis23 Compliance-aware Business Process Design Separation of Duty One user cannot execute a whole process E.g., four-eyes principle, “2 users must be involved in a process consisting of 4 sequential tasks” Approach Constraints on task assignment to users expressed in GMT extensions (e.g., BPMN) or DSLs C. Wolter and A. Schaad “Modeling of Task-Based Authorization Constraints in BPMN”, BPM’07, volume 4714 of LNCS, Springer, pp. 64–79

24 21/10/2008FMCO Sophia-Antipolis24 Enforcing Separation of Duty Constraints [Wolter & Schaad, BPM’07] A stop T1T1 B T2T2 T1T1 T2T2 start Animation engine or model checking tools can be used to verify that tasks T 1 and T 2 are executed by different users Reo reconfiguration plug-in can be useful for process modification

25 21/10/2008FMCO Sophia-Antipolis25 Enforcing Separation of Duty Constraints [Wolter & Schaad, BPM’07] TiTi 3-Counter start no yes Does A executes T i ? increase 3 tasks have been executed by A (remove the corresponding token) ! (The same circuit for B) startstop increase 3-Counter

26 21/10/2008FMCO Sophia-Antipolis26 Related Work BPMN semantics Dijkman, R.M., Dumas, M., Ouyang, C.: Formal semantics and analysis of BPMN process models. In: Information and Software Technology (IST). (2008) Wong, P., Gibbons, J.: A process semantics for BPMN. Technical report, Queensland University of Technology (2007) Wong, P., Gibbons, J.: A relative timed semantics for BPMN. Technical report, Queensland University of Technology (2007) BPEL semantics Lohmann, N.: A feature-complete Petri net semantics for WS-BPEL 2.0. In: Proc. of the Int.Workshop on Web Services and Formal Methods. Volume 4937 of LNCS., Springer (2008) 77-91 11. Lucchia, R., Mazzara, M.: A pi-calculus based semantics for WS-BPEL. Journal of Logic and Algebraic Programming 70(1) (2007) 96-118 Petri-net semantics for web service composition Lohmann, N.: A feature-complete Petri net semantics for WS-BPEL 2.0. In: Proc. of the Int.Workshop onWeb Services and Formal Methods. Volume 4937 of LNCS., Springer (2008) 77-91

27 21/10/2008FMCO Sophia-Antipolis27 Related Work Formal Methods for Compliance-aware Business Process Design Liu, Y., Muller, S., Xu, K.: A static compliance-checking framework for business process models. IBM Systems Journal 46(2) (2007) 335-361 Ghose, A.K., Koliadis, G.: Auditing business process compliance. In: Proc. of the Int. Conf. on Service-Oriented Architectures (ICSOC'07). Volume 4749 of LNCS., Springer (2007) 169-180 Governatori, G., Milosevic, Z., Sadiq, S.: Compliance checking between business processes and business contracts. In: Proc. of the Int. Enterprize Distributed Object Computing Conf. (EDOC'06), IEEE Computer Society (2006) 221-232 Brunel, J., Cuppens, F., Cuppens, N., Sans, T., Bodeveix, J.P.: Security policy compliance with violation management. In: Proc. of the Workshop on Formal Methods in Security Engineering (FMSE'07), ACM Press (2007) 31-40 A. Awad, G. Decker and M. Weske, “Efficient Compliance Checking Using BPMN-Q and Temporal Logic”, Proc. of the Int. Conf. on Business Process Management (BPM), 2008 COMPAS Deliverable 2.1 “State-of-the-art in the field of compliance languages”

28 21/10/2008FMCO Sophia-Antipolis28 Reo/Constraint automata and their applications in SOC Arbab, F.: Reo: A channel-based coordination model for component composition. Mathematical Structures in Computer Science 14(3) (2004) 329-366 Baier, C., Sirjani, M., Arbab, F., Rutten, J.: Modeling component connectors in Reo by constraint automata. Science of Computer Programming 61 (2006) 75-113 D. Clarke, D. Costa, and F. Arbab. Connector colouring i: Synchronisation and context dependency. Electr. Notes Theor. Comput. Sci., 154(1):101-119, 2006. Arbab, F., Baier, C., de Boer, F.S., Rutten, J.J.M.M.: Models and temporal logics for timed component connectors. Int. Journal on Software and Systems Modeling 6(1) (2007) 59-82 Arbab, F., Koehler, C., Maraikar, Z., Moon, Y.J., Proenca, J.: Modeling, testing and executing Reo connectors with the Eclipse coordination tools. Workshop on Formal Aspects in Component Software, Elsevier (2008). Arbab, F., Chothia, T., Meng, S., Moon, Y.J.: Component connectors with QoS guarantees. In: Proc. of the Int. Conf. on Coordination Languages (Coordination'07). Volume 4467 of LNCS., Springer (2007) 286-304 Meng, S., F.Arbab: On resource-sensitive timed component connectors. In: Proc. of the Int. Conf. on Formal Methods for Open Object-Based Distributed Systems (FMOODS'07). Volume 4468 of LNCS., Springer (2007) 301-316 Meng, S., Arbab, F.: Web service choreography and orchestration in Reo and constraint automata. In: Proc. of the ACM Symposium on Applied Computing (SAC'07), ACM Press (2007) 346-353 S. Tasharofi, M. Vakilian, R. Z. Moghaddam and M. Sirjani, “Modeling Web Service Interactions Using the Coordination Language Reo”, Proc. of the Int. Workshop on Web Services and Formal Methods, 2008, volume 4937 of LNCS, Springer, pp. 108-123

29 21/10/2008FMCO Sophia-Antipolis29 Conclusions and Future Work Conclusions A formal behavioral model for business process / service composition description Model-driven development – from high-level models to unambiguous executable models and their implementation Processes are represented as Reo circuits or constraint automata Compliance concerns are expressed as Reo circuits, constraint automata or logic formulae Future Work Further investigation of compliance issues Composition of processes from reusable compliant process fragments

Download ppt "21/10/2008FMCO Sophia-Antipolis1 Formal Behavioural Models and Compliance Analysis for Service Oriented Systems Natallia Kokash and Farhad Arbab."

Similar presentations

Web Services Choreography Description Language Overview 24th November2004 Steve Ross-Talbot Chief Scientist, Enigmatec Corporation Ltd Chair W3C Web Services.

Web Services Choreography Description Language Overview 24th November2004 Steve Ross-Talbot Chief Scientist, Enigmatec Corporation Ltd Chair W3C Web Services.
Engineering and Integrating Business Processes Rik Eshuis.

Engineering and Integrating Business Processes Rik Eshuis.
Specification, Partitioning, and Composition Techniques for Web Applications in the Context of Event-B Abdolbaghi Rezazadeh Michael Butler University of.

Specification, Partitioning, and Composition Techniques for Web Applications in the Context of Event-B Abdolbaghi Rezazadeh Michael Butler University of.
MODUL 1 Analisis & Informasi Proses Bisnis (CSA221)

MODUL 1 Analisis & Informasi Proses Bisnis (CSA221)
WebRatio BPM: a Tool for Design and Deployment of Business Processes on the Web Stefano Butti, Marco Brambilla, Piero Fraternali Web Models Srl, Italy.

WebRatio BPM: a Tool for Design and Deployment of Business Processes on the Web Stefano Butti, Marco Brambilla, Piero Fraternali Web Models Srl, Italy.
Software Requirements Engineering

Software Requirements Engineering
A university for the world real R © 2009, www.yawlfoundation.org Chapter 15 The Business Process Execution Language Chun Ouyang Marlon Dumas Petia Wohed.

A university for the world real R © 2009, Chapter 15 The Business Process Execution Language Chun Ouyang Marlon Dumas Petia Wohed.
Task-Oriented, Policy Driven Business Requirements Elicitation for Web Services Stephen Gorton Department of Computer Science, University of Leicester,

Task-Oriented, Policy Driven Business Requirements Elicitation for Web Services Stephen Gorton Department of Computer Science, University of Leicester,
16/02/2009FMSOA workshop1 From Compliant Business Process Specifications to Code Natallia Kokash.

16/02/2009FMSOA workshop1 From Compliant Business Process Specifications to Code Natallia Kokash.
A. Bucchiarone / Pisa/ 30 Jan 2007 Dynamic Software Architectures for Global Computing Antonio Bucchiarone PhD Student – IMT Graduate School Piazza S.

A. Bucchiarone / Pisa/ 30 Jan 2007 Dynamic Software Architectures for Global Computing Antonio Bucchiarone PhD Student – IMT Graduate School Piazza S.
Nadia Ranaldo - Eugenio Zimeo Department of Engineering University of Sannio – Benevento – Italy 2008 ProActive and GCM User Group Orchestrating.

Nadia Ranaldo - Eugenio Zimeo Department of Engineering University of Sannio – Benevento – Italy 2008 ProActive and GCM User Group Orchestrating.
1 The SOCK SAGA Ivan Lanese Computer Science Department University of Bologna Italy Joint work with Gianluigi Zavattaro.

1 The SOCK SAGA Ivan Lanese Computer Science Department University of Bologna Italy Joint work with Gianluigi Zavattaro.
Architecture-driven Modeling and Analysis By David Garlan and Bradley Schmerl Presented by Charita Feldman.

Architecture-driven Modeling and Analysis By David Garlan and Bradley Schmerl Presented by Charita Feldman.
Aligning Business Processes to SOA B. Ramamurthy 6/16/2015Page 1.

Aligning Business Processes to SOA B. Ramamurthy 6/16/2015Page 1.
1 Formal Models for Distributed Negotiations Description Roberto Bruni Dipartimento di Informatica Università di Pisa XVII Escuela de Ciencias Informaticas.

1 Formal Models for Distributed Negotiations Description Roberto Bruni Dipartimento di Informatica Università di Pisa XVII Escuela de Ciencias Informaticas.
Chapter 13: Process Specifications Service-Oriented Computing: Semantics, Processes, Agents – Munindar P. Singh and Michael N. Huhns, Wiley, 2005.

Chapter 13: Process Specifications Service-Oriented Computing: Semantics, Processes, Agents – Munindar P. Singh and Michael N. Huhns, Wiley, 2005.
Bridging the gap between Interaction- and Process-Oriented Choreographies Talk by Ivan Lanese Joint work with Claudio Guidi, Fabrizio Montesi and Gianluigi.

Bridging the gap between Interaction- and Process-Oriented Choreographies Talk by Ivan Lanese Joint work with Claudio Guidi, Fabrizio Montesi and Gianluigi.
WebRatio BPM: a Tool for Design and Deployment of Business Processes on the Web Stefano Butti, Marco Brambilla, Piero Fraternali Web Models Srl, Italy.

WebRatio BPM: a Tool for Design and Deployment of Business Processes on the Web Stefano Butti, Marco Brambilla, Piero Fraternali Web Models Srl, Italy.
Modelling with Coloured Petri Nets Søren Christensen Department of Computer Science University of Aarhus.

Modelling with Coloured Petri Nets Søren Christensen Department of Computer Science University of Aarhus.
© Copyright Eliyahu Brutman Programming Techniques Course.

© Copyright Eliyahu Brutman Programming Techniques Course.

Similar presentations

Ads by Google