Sören Witt

Integrated privacy modeling and validation for business process models

Privacy is an important issue, inducing a strong interest in correct holistic treatment of data in processes and systems of enterprises. Beside avoiding infringements, trust in the correct holistic treatment of data increases the overall trust in an enterprise, gaining a competitive advantage. More and more, enterprises utilize business process models (BPMs) to specify, document or optimize (existing) processes and systems. Hence, such BPMs also offer the chance to analyze and validate specifications or existing systems with respect to privacy requirements. In this contribution we present the concept of Integrated Privacy Modeling and Validation and its implementation in our BPM validation and verification framework Business Application Modeler (BAM). BAM enables the automatic validation of BPMs against graphically specified, formal privacy requirements, which can reduce error-prone and expensive manual checking. Furthermore, BAM provides the MultiView concept which allows the definition of concentrated and reduced, privacy related views on BPMs.

BAM: A Requirements Validation and Verification Framework for Business Process Models

Requirements Engineering is an important part of software development processes. Business process models are widely used for the specification of software. Hence, the quality of the software depends on the quality of the process models. Validation of these semi-formal models against informal requirements has to be done manually. In contrast, formal requirements can be used for automatic validation and verification of process models. However, there is a gap between textual formal specification languages and graphical process models. In this contribution we present the Business Application Modeler (BAM). This is a modeling and Validation and Verification (V&V) tool, that reduces this gap by integrating formal, graphical and reusable requirement specifications into the modeling workflow. Furthermore, BAM provides the definition of customizable views on the models (MultiView), that reduce modeling complexity and allow the assignment of responsibilities. We further show how BAM integrates into a common requirements engineering process.

Rule Determination and Process Verification Using Business Capabilities

Business architectures are an important part of any enterprise architecture containing business processes and business capabilities. High quality business processes are key factors for the success of a company. Hence, the quality and the correctness or compliance have to be verified. We propose to use the business capabilities for an efficient and easily understandable definition of rules to perform this verification. The rule specification is based on rule patterns to define requirements from an operational point of view. These patterns are derived from experience gained in projects for modeling and optimization of business processes with extensive manual checks. For the rule validation we rely on model checking as an established technology to cope with the dynamic properties of processes. We present a tool based approach to automate this verification integrated in a unique system with a common user interface.

Framework for Business Process Verification

There are numerous concepts and tools for modeling business processes and several academic approaches to verify business processes. However, most modeling tools don’t integrate the checking of the processes. The three-tier architecture of the Business Application Modeler (BAM) provides the graphical representation of business models and rules (presentation layer) as well as integrates a verification mechanism layer with an intermediate transformation layer.

Applying Pattern-Based Graphical Validation Rules to Business Process Models

Business Process Models (BPMs) are widely used for documentation and (model driven) software development. Due to the increasing complexity of BPMs automated checking is unavoidable to ensure the quality of BPMs. This requires formal specification methods that address high level (domain-specific) requirements (e.g. Compliance) in a manner that is comprehensible for stakeholders without mathematical background and provide a high level of generalizability. In previous publications we conceptually introduced the G-CTL notation for formal graphical validation rules, tackling these issues. Based on G-CTL, we present a pattern based specification and matching mechanism for such graphical validation rules. We describe the mapping of the graphical G-CTL rules into textual CTL instances for the particular BPM to be checked. Moreover, the approach enhances the generalizability by supporting the abstraction from concrete names of elements in BPMs and its application is not limited to a particular BPM notation.

On Improving the Maintainability of Compliance Rules for Business Processes

Business process regulatory compliance management (RCM) is ensuring that the business processes of an organization are in accordance with laws and other domain-specific regulations. In order to achieve compliance, various approaches advocate checking process models using formal compliance rules that are derived from regulations. However, this shifts the problem of ensuring compliance to the rules - for example, the derived rules have to be updated in the case that regulations are changed. In this paper we show how existing RCM solutions can be extended with traceability between compliance rules and regulations. Traceability supports the alignment of regulations and rules and thus helps improving the overall maintainability of compliance rules.

Business Application Modeler: A process model Validation and Verification tool.

(Business) Process models are common artifacts in requirements engineering. The models can be enriched with plenty of (detailed) information and their at least semi formal character even enables model driven approaches or direct execution in workflow engines. Validity of process models is crucial. Manual checking is expensive and error-prone, especially for requirements that regard the content level (e.g. compliance). To enable automated checking, an adequate method for formal specification is necessary. We present the Business Application Modeler (BAM), which is a modeling and Validation & Verification tool that integrates modeling of processes and formal graphical validation rules. These rules can be automatically applied to process models. In particular, the modeler is supported by visualizations of checking results directly in the process models. Next to highlighting mechanisms this support includes recommendations for the correction of errors.

Visualization of Checking Results for Graphical Validation Rules

Graphically represented Business Process Models (BPMs) are common artifacts in documentation as well as in early phases of (software) development processes. The Graphical Computation Tree Logic (G-CTL) is a notation to define formal graphical validation rules on the same level of abstraction as the BPMs, allowing to specify high-level requirements regarding the content level of the BPMs. The research tool Business Application Modeler (BAM) enables the automatic validation of BPMs with G-CTL rules. While details of the validation procedure are hidden from the user, the checking results need to be presented adequately. In this contribution, we present and discuss methods for visualization and analysis of the checking results in the context of G-CTL based validations. We elaborate how artifacts, which are generated during a validation procedure, may be used to derive different visualizations, and we show how these methods can be combined into more expressive visualizations.

Tool-based checking of business process models

Business process models describe the behaviour of commercial information systems. Since these models are the base for the development and understanding of such information systems the business process models are subject of strict quality assurance. Such an importance leads to the idea to support the checking by an automated tool concept. The paper presents such an integrated, tool-based validation concept supporting human testers who are mainly business experts and not test experts. Such business experts may use the process model notations they are familiar with modelling the processes as well as the rules for these models. The automated testing system integrates model checking tools to perform the validation. The result is then presented to the human user. In case of an error detected by the check, a counter example demonstrating one source of the error is presented directly in the business process model.

Dependencies in business process rule hierarchies

Automated checking concepts for business process models support human testers considerably by saving time. However, this new checking ability results in a comparatively large number of rules representing requirements. But without a comprehensible representation of the relations between the rules on the one hand its hard to keep track on the validated rules and on the other hand to correctly interpret the validation results. In this paper we propose an improvement for the automated validation of business process models by offering elements to create abstract rules and arranging these rules in hierarchies. Top-down and bottom-up testing are supported by stepwise activating (and validating) the rules starting from the top of the hierarchy (or bottom respectively). Moreover, the rule hierarchies may be reused when similar systems are to be validated by configuring a valid rule sub-set for the specific business process system.