Jutta A. Mülle

An event/trigger mechanism to enforce complex consistency constraints in design databases

Data objects in engineering applications, especially computer aided design, show highly complex structures and a lot of intricate dependencies. Hence a large amount of variably composed consistency constraints have to be dealt with. Furthermore, long transactions which are typical for CAD result in the need to tolerate inconsistencies over unpredictably long periods of time. The demands on mechanisms to enforce consistency in design database systems thus differ from those in business and administrative applications. Comprehensive consistency of the design data can only be attained by degrees. The time and extent of checking have to be determined dynamically and under control by the user. In the case of consistency violations, flexible kinds of reaction are necessary. In this paper we propose an event/trigger mechanism to enforce consistency in design databases that complements the transaction-oriented mechanisms suitable for traditional applications. The underlying ideas are derived from exception handling in programming languages. We present in detail the requirements to meet and how our concept copes with them. We also present an implementation that provides reasonable performance.

Anforderungen technischer Anwendungen an Datenbanksysteme

Eine gangige wenn auch nicht unumstrittene Annahme ist heute, das sich Datenbanksysteme fur technische Anwendungen in wesentlichen Aspekten von denen fur kommerzielle Anwendungen unterscheiden. Ob diese Unterschiede tatsachlich bestehen, worin sie sich ausern und inwieweit verschiedene technische Anwendungen ihrerseits in ihren Anforderungen voneinander abweichen, bedarf systematischer Untersuchungen anstelle reiner Vermutungen. Der vorliegende Beitrag geht diesen Fragen nach und untersucht hierzu vier verschiedene Anwendungsgebiete, drei aus dem Entwurfsbereich und eines aus der Prozesautomatisierung, auf ihre Anforderungen an die Datenhaltung. Es wird gezeigt, das diese Anforderungen in wichtigen Eigenschaften von den in kommerziellen Anwendungen ublichen abweichen, das viele Ahnlichkeiten in den verschiedenen Entwurfsanwendungen bestehen, das aber auch eine einheitliche, alle technischen Anwendungen umfassende Datenbanklosung nicht existiert.

A hybrid approach for generating compatible WS-BPEL partner processes

The Business Process Execution Language for Web Services provides an technology to aggregate encapsulated functionalities for defining high-value Web services. For a distributed application in a B2B interaction, the partners simply need to expose their behavior as BPEL processes and compose them. Still, modeling and composing BPEL processes can be complex and error-prone. With formal methods like Petri nets, it is possible to analyze crucial properties (e.g. compatibility) effectively. In this paper, we present a method that automatically generates compatible partner BPEL processes for a given BPEL processes. Our hybrid approach makes use of formal methods, but also incorporates the structure of the original BPEL process model, such that the generated partner process is easier to understand and manage.

Modelling and transforming security constraints in privacy-aware business processes

Security and privacy are essential for business processes (BPs). In particular, BPs dealing with personally-identifiable information require mechanisms to give data owners control over their data. Currently, business-process-management systems (BPMSs) lack security features important for BPs in SOA. We propose a language sufficiently broad to formulate security constraints. In addition, we considerably ease how data owners can control their security, privacy and trust preferences at process runtime. The BPMS extensions we have implemented transform security-enhanced BPMN schemas into executable secure processes in a versatile manner.

Semantic Support for Security-Annotated Business Process Models

Service-Oriented Architectures (SOA) benefit from business processes (BP), which orchestrate web services (WS) and human actors in cross organizational environments. In this setting, handling the security and privacy issues while exchanging and processing personal data is essential. This lacks for secure business processes management. To achieve this, we represent security constraints descriptively by annotating process models, aiming to enforce these constraints by a secure business process management system (BPMS).To assist the process modeler in annotating process models, we introduce in this paper a tool which provides semantic interoperability during process design. By enforcing a shared conceptualization (ontology) of the security and privacy domains with an ontology base grounded in natural language this tool called knowledge annotator is able to make annotation recommendations according to knowledge stored in a knowledge base. The annotator is validated in an employability use case scenario.

Automatic Generation of Optimized Process Models from Declarative Specifications

Process models often are generic, i. e., describe similar cases or contexts. For instance, a process model for commissioning can cover both vehicles with an automatic and with a manual transmission, by executing alternative tasks. A generic process model is not optimal compared to one tailored to a specific context. Given a declarative specification of the constraints and a specific context, we study how to automatically generate a good process model and propose a novel approach. We focus on the restricted case that there are not any repetitions of a task, as is the case in commissioning and elsewhere, e. g., manufacturing. Our approach uses a probabilistic search to find a good process model according to quality criteria. It can handle complex real-world specifications containing several hundred constraints and more than one hundred tasks. The process models generated with our scheme are superior (nearly twice as fast) to ones designed by professional modelers by hand.

A new verification technique for large processes based on identification of relevant tasks

Verification recently has become a challenging topic for business process languages. Verification techniques like model checking allow to ensure that a process complies with domain-specific requirements, prior to the execution. To execute full-state verification techniques like model checking, the state space of the process needs to be constructed. This tends to increase exponentially with the size of the process schema, or it can even be infinite. We address this issue by means of requirements-specific reduction techniques, i.e., reducing the size of the state space without changing the result of the verification. We present an approach that, for a given requirement the system must fulfill, identifies the tasks relevant for the verification. Our approach then uses these relevant tasks for a reduction that confines the process to regions of interest for the verification. To evaluate our new technique, we use real-world industrial processes and requirements. Mainly because these processes make heavy use of parallelization, full-state-search verification algorithms are not able to verify them. With our reduction in turn, even complex processes with many parallel branches can be verified in less than 10s. HighlightsVerification allows ensuring that a process complies with domain requirements.The state space for verification tends to increase exponentially.We use a reduction that confines the process model to regions for the verification.For the evaluation we use real-world industrial processes and requirements.Our approach verifies complex processes with many parallel branches in few seconds.

User-Friendly Property Specification and Process Verification – A Case Study with Vehicle-Commissioning Processes

Testing in the automotive industry is supposed to guarantee that vehicles are shipped without any flaw. Respective processes are complex, due to the variety of components and electronic devices in modern vehicles. To achieve error-free processes, their formal analysis is required. Specifying and maintaining properties the processes must satisfy in a user-friendly way is a core requirement on any verification system. We have observed that there are few pattern properties that testing processes adhere to, and we describe these patterns. They depend on the context of the processes, e.g., the components of the vehicle or testing stations. We have developed a framework that instantiates the property patterns at verification time and then verifies the process against these instances. Our empirical evaluation with the industrial partner has shown that our framework does detect property violations in processes. From expert interviews we conclude that our framework is user-friendly and well suited to operate in a real production environment.

Secure Business Processes in Service-Oriented Architectures -- A Requirements Analysis

Business-process-management systems are increasingly used in service-oriented architectures (SOA), coordinating activities of loosely coupled information systems, of web services, and of human actors. This often requires exchanging and processing sensitive, personally-identifiable information, e.g., in e-employability and e-health applications. Supporting security in such a service-oriented environment is challenging. Existing approaches focus on security in service-oriented architectures but neglect business-process specific characteristics. Motivated by a real-world business process from the e-employability domain, in this paper we collect security requirements, exploiting the specific properties and semantics of business processes. We evaluate the requirements with respect to the state of the art of suitable security mechanisms and identify possible solutions as well as remaining gaps. We see this article as an important prerequisite for the design and implementation of advanced security mechanisms for business processes.

Datenbankkonzepte für Ingenieuranwendungen: ein Übersicht über den Stand der Entwicklung

Datenbanksysteme zeichnen sich durch eine Reihe von Charakteristika aus, die uber den “klassischen” administrativ-betriebswirtschaftlichen Bereich hinaus zunehmend auch fur Ingenieuranwendungen als vorteilhaft erkannt werden. Die Schwierigkeiten fur einen sofortigen Einsatz in diesem Sektor liegen heute darin, das existierende Systeme hinsichtlich Datenstrukturierung, Konsistenz, Mehrbenutzerbetrieb und Datensicherung keine den neuen Anforderungen entsprechenden Konzepte anbieten. Der Bericht nennt die wichtigsten Unterschiede zu traditionellen Anwendungen und stellt eine Reihe von Losungsvorschlagen fur die genannten Problernkreise vor.