Formal Behavioural Models and Compliance Analysis for Service - - PowerPoint PPT Presentation

formal behavioural models and compliance analysis for
SMART_READER_LITE
LIVE PREVIEW

Formal Behavioural Models and Compliance Analysis for Service - - PowerPoint PPT Presentation

Oct 12, 2023 292 likes •585 views

Formal Behavioural Models and Compliance Analysis for Service Oriented Systems Natallia Kokash and Farhad Arbab 21/10/2008 FMCO Sophia-Antipolis 1 Introduction Role of Formal Methods in SOA COMPAS Project Reo Coordination

slide-1
SLIDE 1

21/10/2008 FMCO Sophia-Antipolis 1

Formal Behavioural Models and Compliance Analysis for Service Oriented Systems

Natallia Kokash and Farhad Arbab

slide-2
SLIDE 2

21/10/2008 FMCO Sophia-Antipolis 2

Introduction

Role of Formal Methods in SOA COMPAS Project Reo Coordination Language From Business Process Modeling (BPM) to Web

Service (WS) Composition

BPMN to Reo mapping Process analysis, examples

Support for Business Process Compliance

Control flow, transactions, temporal requirements,

Quality of Service (QoS)

Related Work Conclusions and Future Work

slide-3
SLIDE 3

21/10/2008 FMCO Sophia-Antipolis 3

Role of Formal Methods in SOC

Analysis of composition/coordination

languages (e.g., WS-BPEL, WS-CDL)

Complete unambiguous description of service

behavior and non-functional properties

Verification of service interaction protocols Analysis of WS compositions (behavioral

compatibility of services, performance analysis, security, etc.)

Support for automated WS composition …

slide-4
SLIDE 4

21/10/2008 FMCO Sophia-Antipolis 4

COMPAS project

COMPAS = Compliance-driven Models,

Languages, and Architectures for Services

Ensure dynamic and on-going compliance of

software services to business regulations and user requirements

Help organizations to develope business

compliance solutions easier and faster

Use model-driven techniques, domain-specific

languages, and service-oriented computing

http://www.compas-ict.eu/

slide-5
SLIDE 5

21/10/2008 FMCO Sophia-Antipolis 5

What is Compliance?

A multi-faceted concept that encompasses the

capability of an organization to meet requirements coming from

Regulatory/legislative documents Basel II2, Sarbanes-Oxley6, IFRS2, MiFID3, LSF4, HIPAA,

Tabaksblat5, etc.

Business contracts Organization movements towards Quality of Service (QoS)

Compliance can be seen as

A state of “adherence of one set of rules (source rules)

against another set of rules (target rules)”

A process, which is about “ensuring that business processes,

  • perations and practice are in accordance with a prescribed

set of norms”

slide-6
SLIDE 6

21/10/2008 FMCO Sophia-Antipolis 6

Compliance categories

COMPAS has identified

Control flow, locative, information, resource and

temporal compliance concerns

Monitoring, payment, privacy, quality, retention, security

and transaction compliance concerns

Constraints on business process behavior

Workflow structure, data visibility, temporal

constraints…

We aim at dealing with (at least) control flow, resource,

temporal, quality and transaction compliance

slide-7
SLIDE 7

21/10/2008 FMCO Sophia-Antipolis 7

Compliance-aware SOA design

Modeling Implementation Business Process Lifecycle Compliance Concerns Graphical Modeling Tools (GMT) (BPMN, UML2 ADs, BPEL) Reo/Constraint Automata Modeling Tools Java, BPEL, WS-CDL, WSDL DSLs, GMT extensions Constraints, Temporal Logic Formulae, Automata Web Services, WS-Policies, XACML, etc. Model checking, refinement BPMN2Reo,... Code generation

slide-8
SLIDE 8

21/10/2008 FMCO Sophia-Antipolis 8

Reo Coordination Language

=

A B C A B C Exclusive choice (deffered XOR) FIFO1 channel synchronous channel lossy synchronous channel filter channel synchronous drain asynchronous drain synchronous spout asynchronous spout

Service1 Service2 Service3

A B C

Semantics

  • Constraint automata
  • [Baier et al., 2006]
  • Connector coloring
  • [Clarke et al., 2006]

≤τ timer channel P

slide-9
SLIDE 9

21/10/2008 FMCO Sophia-Antipolis 9

Reo Coordination Tools

  • Reo Connector Editor
  • Animation Plug-in
  • Reconfiguration Plug-in
  • Converter to Extended Constraint Automata (time, QoS)
  • Model Checking Tool (provided by University of Dresden)

http://wwwtcs.inf.tu-

dresden.de/~klueppel/TUD_CWI/Welcome.html

  • Java Code Generator (distributed version is also available)
  • http://reo.project.cwi.nl/
  • BPEL to Reo converter (provided by University of Tehran)

[S. Tasharofi et al. 2008]

  • UML Sequence Diagrams to Reo converter – work in progress
  • BPMN to Reo converter – work in progress
slide-10
SLIDE 10

21/10/2008 FMCO Sophia-Antipolis 10

Business Process Design

  • 1. BPMN diagram
  • 2. Reo process

model [Dijkman et al. IST’08]

slide-11
SLIDE 11

21/10/2008 FMCO Sophia-Antipolis 11

Business Process Analysis

  • 3. Reo animation
slide-12
SLIDE 12

21/10/2008 FMCO Sophia-Antipolis 12

Business Process Analysis

QoS analysis with Quantitative Intentional Automata (QIA) – Constraint Automata with quantitative properties, (e.g., arrival rates at ports and average delays of dataflows between ports). For performance analysis, these automata are translated to Continuous-Timed Markov Chains and fed into the PRISM model checker.

slide-13
SLIDE 13

21/10/2008 FMCO Sophia-Antipolis 13

Web Service Composition

  • 4. Service composition
slide-14
SLIDE 14

21/10/2008 FMCO Sophia-Antipolis 14

BPMN

slide-15
SLIDE 15

21/10/2008 FMCO Sophia-Antipolis 15

BPMN2Reo: basic gateways

OR/XOR merge Parallel fork Parallel join Event-based XOR decision ≤τ M g1 g2 Data-based OR/XOR decision

Complex gateways (e.g., m out of n choice) - repository of workflow patterns modeled with Reo http://homepages.cwi.nl/~proenca/webreo/home.htm

slide-16
SLIDE 16

21/10/2008 FMCO Sophia-Antipolis 16

BPMN2Reo: tasks, events and messages

M1 A B

Send order

C D

Receive order

M2 ! M1 A B M2 P

Synchronous message exchange Outgoing messages

M M M Blocking Non-blocking lossy Non-blocking waiting M Message event

Atomic task

slide-17
SLIDE 17

21/10/2008 FMCO Sophia-Antipolis 17

Purchaser Supplier

Create purchase request Send decline Approve purchase request

start

refused approved Send acknowledgment Create purchase order Receive purchase order

start

Source goods Receive purchase order Receive goods and shipment notice

end end

Data-based XOR decision Parallel join Parallel fork XOR merge Receive message Send message

[Sadiq et al, BPM’07]

BPMN2Reo: Example

slide-18
SLIDE 18

21/10/2008 FMCO Sophia-Antipolis 18

BPMN2Reo: Process termination and exception handling

start

T1 T2 Tn

P cancel exception end

! !

cancel start end

P1 P2 Pn

exception

P’

! !

Sequantial sub-processes Sequantial atomic tasks

slide-19
SLIDE 19

21/10/2008 FMCO Sophia-Antipolis 19

BPMN2Reo: Process termination and exception handling

start

P1 P2 Pn P’

end exception cancel

Parallel sub-processes

slide-20
SLIDE 20

21/10/2008 FMCO Sophia-Antipolis 20

BPMN2Reo: Task compensation

commit performed cancel start

C C’

commit performed cancel start

C

(committed) (cancelled) start performed commit cancel

T ~T

C committed cancelled

slide-21
SLIDE 21

21/10/2008 FMCO Sophia-Antipolis 21

Modeling Long Running Business Transactions in Reo

(cancel all performed) start performed

C1 C2 Cn

P cancel cancelled (commit all)

! ! !

If a cancel message is received, the execution has to be stopped and all executed activities have to be compensated for

Encode in a CTL-like logic and automatically check common workflow properties like

  • Durability (no more than one output is reached for any process run)
  • Eventuality (an output is reached for any process run)
  • Atomicity (all involved activities are either successfully completed or

successfully canceled), etc.

slide-22
SLIDE 22

21/10/2008 FMCO Sophia-Antipolis 22

Modeling Long Running Business Transactions in Reo

C1 C2 C3 C4 C5 C6

(commit all) end start A B

C1 C2 C3 C4 C5 C6

end start A B

!

cancel cancelled (commit all) cancel cancelled commit start performed

slide-23
SLIDE 23

21/10/2008 FMCO Sophia-Antipolis 23

Compliance-aware Business Process Design

Separation of Duty

One user cannot execute a whole process E.g., four-eyes principle, “2 users must be involved

in a process consisting of 4 sequential tasks”

Approach

Constraints on task assignment to users expressed

in GMT extensions (e.g., BPMN) or DSLs

  • C. Wolter and A. Schaad “Modeling of Task-Based

Authorization Constraints in BPMN”, BPM’07, volume 4714 of LNCS, Springer, pp. 64–79

slide-24
SLIDE 24

21/10/2008 FMCO Sophia-Antipolis 24

Enforcing Separation of Duty Constraints

[Wolter & Schaad, BPM’07]

A stop

T1

B

T2 T1 T2

stop start

  • Animation engine or model checking tools can be used to verify that

tasks T1 and T2 are executed by different users

  • Reo reconfiguration plug-in can be useful for process modification
slide-25
SLIDE 25

21/10/2008 FMCO Sophia-Antipolis 25

Enforcing Separation of Duty Constraints

[Wolter & Schaad, BPM’07]

Ti 3-Counter

start no yes Does A executes Ti? increase 3 tasks have been executed by A (remove the corresponding token)

!

(The same circuit for B) start stop increase

3-Counter

slide-26
SLIDE 26

21/10/2008 FMCO Sophia-Antipolis 26

Related Work

  • BPMN semantics
  • Dijkman, R.M., Dumas, M., Ouyang, C.: Formal semantics and analysis of

BPMN process models. In: Information and Software Technology (IST). (2008)

  • Wong, P., Gibbons, J.: A process semantics for BPMN. Technical report,

Queensland University of Technology (2007)

  • Wong, P., Gibbons, J.: A relative timed semantics for BPMN. Technical report,

Queensland University of Technology (2007)

  • BPEL semantics
  • Lohmann, N.: A feature-complete Petri net semantics for WS-BPEL 2.0. In:
  • Proc. of the Int.Workshop on Web Services and Formal Methods. Volume 4937
  • f LNCS., Springer (2008) 77-91
  • 11. Lucchia, R., Mazzara, M.: A pi-calculus based semantics for WS-BPEL.

Journal of Logic and Algebraic Programming 70(1) (2007) 96-118

  • Petri-net semantics for web service composition
  • Lohmann, N.: A feature-complete Petri net semantics for WS-BPEL 2.0. In:
  • Proc. of the Int.Workshop onWeb Services and Formal Methods. Volume 4937
  • f LNCS., Springer (2008) 77-91
slide-27
SLIDE 27

21/10/2008 FMCO Sophia-Antipolis 27

Related Work

  • Formal Methods for Compliance-aware Business Process Design
  • Liu, Y., Muller, S., Xu, K.: A static compliance-checking framework for business

process models. IBM Systems Journal 46(2) (2007) 335-361

  • Ghose, A.K., Koliadis, G.: Auditing business process compliance. In: Proc. of

the Int. Conf. on Service-Oriented Architectures (ICSOC'07). Volume 4749 of LNCS., Springer (2007) 169-180

  • Governatori, G., Milosevic, Z., Sadiq, S.: Compliance checking between

business processes and business contracts. In: Proc. of the Int. Enterprize Distributed Object Computing Conf. (EDOC'06), IEEE Computer Society (2006) 221-232

  • Brunel, J., Cuppens, F., Cuppens, N., Sans, T., Bodeveix, J.P.: Security policy

compliance with violation management. In: Proc. of the Workshop on Formal Methods in Security Engineering (FMSE'07), ACM Press (2007) 31-40

  • A. Awad, G. Decker and M. Weske, “Efficient Compliance Checking Using

BPMN-Q and Temporal Logic”, Proc. of the Int. Conf. on Business Process Management (BPM), 2008

  • COMPAS Deliverable 2.1 “State-of-the-art in the field of compliance

languages”

slide-28
SLIDE 28

21/10/2008 FMCO Sophia-Antipolis 28

Reo/Constraint automata and their applications in SOC

  • Arbab, F.: Reo: A channel-based coordination model for component composition. Mathematical

Structures in Computer Science 14(3) (2004) 329-366

  • Baier, C., Sirjani, M., Arbab, F., Rutten, J.: Modeling component connectors in Reo by constraint
  • automata. Science of Computer Programming 61 (2006) 75-113
  • D. Clarke, D. Costa, and F. Arbab. Connector colouring i: Synchronisation and context
  • dependency. Electr. Notes Theor. Comput. Sci., 154(1):101-119, 2006.
  • Arbab, F., Baier, C., de Boer, F.S., Rutten, J.J.M.M.: Models and temporal logics for timed

component connectors. Int. Journal on Software and Systems Modeling 6(1) (2007) 59-82

  • Arbab, F., Koehler, C., Maraikar, Z., Moon, Y.J., Proenca, J.: Modeling, testing and executing

Reo connectors with the Eclipse coordination tools. Workshop on Formal Aspects in Component Software, Elsevier (2008).

  • Arbab, F., Chothia, T., Meng, S., Moon, Y.J.: Component connectors with QoS guarantees. In:
  • Proc. of the Int. Conf. on Coordination Languages (Coordination'07). Volume 4467 of LNCS.,

Springer (2007) 286-304

  • Meng, S., F.Arbab: On resource-sensitive timed component connectors. In: Proc. of the Int. Conf.
  • n Formal Methods for Open Object-Based Distributed Systems (FMOODS'07). Volume 4468 of

LNCS., Springer (2007) 301-316

  • Meng, S., Arbab, F.: Web service choreography and orchestration in Reo and constraint
  • automata. In: Proc. of the ACM Symposium on Applied Computing (SAC'07), ACM Press (2007)

346-353

  • S. Tasharofi, M. Vakilian, R. Z. Moghaddam and M. Sirjani, “Modeling Web Service Interactions

Using the Coordination Language Reo”, Proc. of the Int. Workshop on Web Services and Formal Methods, 2008, volume 4937 of LNCS, Springer, pp. 108-123

slide-29
SLIDE 29

21/10/2008 FMCO Sophia-Antipolis 29

Conclusions and Future Work

Conclusions

A formal behavioral model for business process / service

composition description

Model-driven development – from high-level models to

unambiguous executable models and their implementation

Processes are represented as Reo circuits or constraint

automata

Compliance concerns are expressed as Reo circuits,

constraint automata or logic formulae

Future Work

Further investigation of compliance issues Composition of processes from reusable compliant process

fragments