1 / 29

Formal Behavioural Models and Compliance Analysis for Service Oriented Systems

Formal Behavioural Models and Compliance Analysis for Service Oriented Systems. Natallia Kokash and Farhad Arbab. Introduction. Role of Formal Methods in SOA COMPAS Project Reo Coordination Language From Business Process Modeling (BPM) to Web Service (WS) Composition BPMN to Reo mapping

nura
Télécharger la présentation

Formal Behavioural Models and Compliance Analysis for Service Oriented Systems

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Formal Behavioural Models and Compliance Analysis for Service Oriented Systems Natallia Kokash and Farhad Arbab FMCO Sophia-Antipolis

  2. Introduction • Role of Formal Methods in SOA • COMPAS Project • Reo Coordination Language • From Business Process Modeling (BPM) to Web Service (WS) Composition • BPMN to Reo mapping • Process analysis, examples • Support for Business Process Compliance • Control flow, transactions, temporal requirements, Quality of Service (QoS) • Related Work • Conclusions and Future Work FMCO Sophia-Antipolis

  3. Role of Formal Methods in SOC • Analysis of composition/coordination languages (e.g., WS-BPEL, WS-CDL) • Complete unambiguous description of service behavior and non-functional properties • Verification of service interaction protocols • Analysis of WS compositions (behavioral compatibility of services, performance analysis, security, etc.) • Support for automated WS composition • … FMCO Sophia-Antipolis

  4. COMPAS project • COMPAS = Compliance-driven Models, Languages, and Architectures for Services • Ensure dynamic and on-going compliance of software services to business regulations and user requirements • Help organizations to develope business compliance solutions easier and faster • Use model-driven techniques, domain-specific languages, and service-oriented computing • http://www.compas-ict.eu/ FMCO Sophia-Antipolis

  5. What is Compliance? • A multi-faceted concept that encompasses the capability of an organization to meet requirements coming from • Regulatory/legislative documents • Basel II2, Sarbanes-Oxley6, IFRS2, MiFID3, LSF4, HIPAA, Tabaksblat5, etc. • Business contracts • Organization movements towards Quality of Service (QoS) • Compliance can be seen as • A state of “adherenceof one set of rules (source rules) against another set ofrules (target rules)” • A process, whichis about “ensuring that business processes, operations andpractice are in accordance with a prescribed set of norms” FMCO Sophia-Antipolis

  6. Compliance categories • COMPAS has identified • Control flow, locative, information, resource and temporal compliance concerns • Monitoring, payment, privacy, quality, retention, security and transaction compliance concerns • Constraints on business process behavior • Workflow structure, data visibility, temporal constraints… • We aim at dealing with (at least) control flow, resource, temporal, quality and transaction compliance FMCO Sophia-Antipolis

  7. Compliance Concerns Business Process Lifecycle Graphical Modeling Tools (GMT) (BPMN, UML2 ADs, BPEL) DSLs, GMT extensions Modeling BPMN2Reo,... Model checking, refinement Constraints, Temporal Logic Formulae, Automata Reo/Constraint Automata Modeling Tools Code generation Implementation Java, BPEL, WS-CDL, WSDL Web Services, WS-Policies, XACML, etc. Compliance-aware SOA design FMCO Sophia-Antipolis

  8. FIFO1 channel synchronous channel lossy synchronous channel ≤ synchronous spout asynchronous spout timer channel Reo Coordination Language P synchronous drain filter channel asynchronous drain B B A A = C C Semantics • Constraint automata • [Baier et al., 2006] • Connector coloring • [Clarke et al., 2006] Exclusive choice (deffered XOR) B Service2 A Service1 Service3 C FMCO Sophia-Antipolis

  9. Reo Coordination Tools • Reo Connector Editor • Animation Plug-in • Reconfiguration Plug-in • Converter to Extended Constraint Automata (time, QoS) • Model Checking Tool (provided by University of Dresden) • http://wwwtcs.inf.tu-dresden.de/~klueppel/TUD_CWI/Welcome.html • Java Code Generator (distributed version is also available) • http://reo.project.cwi.nl/ • BPEL to Reo converter (provided by University of Tehran) • [S. Tasharofi et al. 2008] • UML Sequence Diagrams to Reo converter – work in progress • BPMN to Reo converter – work in progress FMCO Sophia-Antipolis

  10. Business Process Design 1. BPMN diagram [Dijkman et al. IST’08] 2. Reo process model FMCO Sophia-Antipolis

  11. Business Process Analysis 3. Reo animation FMCO Sophia-Antipolis

  12. Business Process Analysis QoS analysis with Quantitative IntentionalAutomata (QIA) – Constraint Automata with quantitative properties, (e.g., arrival rates at ports and average delays of dataflows between ports). Forperformance analysis, these automata are translated to Continuous-Timed Markov Chains and fed into the PRISM model checker. FMCO Sophia-Antipolis

  13. Web Service Composition 4. Service composition FMCO Sophia-Antipolis

  14. BPMN FMCO Sophia-Antipolis

  15. ≤ M g1 g2 BPMN2Reo: basic gateways OR/XOR merge Parallel fork Parallel join Data-based OR/XOR decision Event-based XOR decision Complex gateways (e.g., m out of n choice) - repository of workflow patterns modeled with Reo http://homepages.cwi.nl/~proenca/webreo/home.htm FMCO Sophia-Antipolis

  16. A B Send order M1 M2 Receive order C D P ! A B M1 M2 BPMN2Reo: tasks, events and messages Atomic task M Message event Synchronous message exchange M M M Blocking Non-blocking lossy Non-blocking waiting Outgoing messages FMCO Sophia-Antipolis

  17. Purchaser Parallel join Send decline XOR merge refused Data-based XOR decision Send acknowledgment Receive goods and shipment notice approved Approve purchase request Create purchase request Create purchase order start end Receive message Parallel fork Send message Supplier Receive purchase order Receive purchase order Source goods start end BPMN2Reo: Example [Sadiq et al, BPM’07] FMCO Sophia-Antipolis

  18. T1 T2 Tn ! ! start end P exception cancel P1 P2 Pn ! ! start end exception P’ BPMN2Reo: Process termination and exception handling Sequantial atomic tasks cancel Sequantial sub-processes FMCO Sophia-Antipolis

  19. P1 P2 start end Pn P’ exception cancel BPMN2Reo: Process termination and exception handling Parallel sub-processes FMCO Sophia-Antipolis

  20. commit T C’ start performed (committed) ~T C start committed cancelled C (cancelled) performed commit cancel cancel commit C performed start cancel BPMN2Reo: Task compensation FMCO Sophia-Antipolis

  21. (commit all) C1 C2 Cn ! ! ! start performed (cancel all performed) cancelled P cancel Modeling Long Running Business Transactions in Reo If a cancel message is received, the execution has to be stopped and all executed activities have to be compensated for • Encode in a CTL-like logic and automatically check common workflow properties like • Durability (no more than one outputis reached for any process run) • Eventuality (an output is reached for any process run) • Atomicity (all involvedactivities are either successfully completed or successfullycanceled), etc. FMCO Sophia-Antipolis

  22. A C2 C4 (commit all) C1 C6 ! start end C3 C5 B cancelled cancel Modeling Long Running Business Transactions in Reo (commit all) A C2 C4 commit start C1 C6 performed start end cancelled cancel C3 C5 B FMCO Sophia-Antipolis

  23. Compliance-aware Business Process Design • Separation of Duty • One user cannot execute a whole process • E.g., four-eyes principle, “2 users must be involved in a process consisting of 4 sequential tasks” • Approach • Constraints on task assignment to users expressed in GMT extensions (e.g., BPMN) or DSLs • C. Wolter and A. Schaad “Modeling of Task-Based Authorization Constraints in BPMN”, BPM’07, volume 4714of LNCS, Springer, pp. 64–79 FMCO Sophia-Antipolis

  24. Enforcing Separation of Duty Constraints [Wolter & Schaad, BPM’07] T1 T2 start stop A T1 T2 stop B • Animation engine or model checking tools can be used to verify that tasks T1 and T2 are executed by different users • Reo reconfiguration plug-in can be useful for process modification FMCO Sophia-Antipolis

  25. start 3-Counter 3-Counter 3 tasks have been executed by A (remove the corresponding token) increase Does A executes Ti? yes ! start stop no Ti increase (The same circuit for B) Enforcing Separation of Duty Constraints [Wolter & Schaad, BPM’07] FMCO Sophia-Antipolis

  26. Related Work • BPMN semantics • Dijkman, R.M., Dumas, M., Ouyang, C.: Formal semantics and analysis of BPMNprocess models. In: Information and Software Technology (IST). (2008) • Wong, P., Gibbons, J.: A process semantics for BPMN.Technical report, Queensland University of Technology (2007) • Wong, P., Gibbons, J.: A relative timed semantics forBPMN. Technical report, Queensland University of Technology(2007) • BPEL semantics • Lohmann, N.: A feature-complete Petri net semantics for WS-BPEL 2.0. In: Proc. of the Int.Workshop on Web Services and Formal Methods. Volume 4937 of LNCS., Springer (2008) 77-91 • 11. Lucchia, R., Mazzara, M.: A pi-calculus based semantics for WS-BPEL. Journal of Logic and Algebraic Programming 70(1) (2007) 96-118 • Petri-net semantics for web service composition • Lohmann, N.: A feature-complete Petri net semantics for WS-BPEL 2.0. In: Proc.of the Int.Workshop onWeb Services and Formal Methods. Volume 4937 of LNCS.,Springer (2008) 77-91 FMCO Sophia-Antipolis

  27. Related Work • Formal Methods for Compliance-aware Business Process Design • Liu, Y., Muller, S., Xu, K.: A static compliance-checking framework for businessprocess models. IBM Systems Journal 46(2) (2007) 335-361 • Ghose, A.K., Koliadis, G.: Auditing business process compliance. In: Proc. of theInt. Conf. on Service-Oriented Architectures (ICSOC'07). Volume 4749 of LNCS.,Springer (2007) 169-180 • Governatori, G., Milosevic, Z., Sadiq, S.: Compliance checking between businessprocesses and business contracts. In: Proc. of the Int. Enterprize Distributed ObjectComputing Conf. (EDOC'06), IEEE Computer Society (2006) 221-232 • Brunel, J., Cuppens, F., Cuppens, N., Sans, T., Bodeveix, J.P.: Security policycompliance with violation management. In: Proc. of the Workshop on FormalMethods in Security Engineering (FMSE'07), ACM Press (2007) 31-40 • A. Awad, G. Decker and M. Weske, “Efficient Compliance Checking Using BPMN-Q and Temporal Logic”, Proc. of the Int. Conf. on Business Process Management (BPM), 2008 • COMPAS Deliverable 2.1 “State-of-the-art in the field of compliance languages” FMCO Sophia-Antipolis

  28. Reo/Constraint automata and their applications in SOC • Arbab, F.: Reo: A channel-based coordination model for component composition.Mathematical Structures in Computer Science 14(3) (2004) 329-366 • Baier, C., Sirjani, M., Arbab, F., Rutten, J.: Modeling component connectors inReo by constraint automata. Science of Computer Programming 61 (2006) 75-113 • D. Clarke, D. Costa, and F. Arbab. Connector colouring i: Synchronisation and context dependency. Electr. Notes Theor. Comput. Sci., 154(1):101-119, 2006. • Arbab, F., Baier, C., de Boer, F.S., Rutten, J.J.M.M.: Models and temporal logicsfor timed component connectors. Int. Journal on Software and Systems Modeling6(1) (2007) 59-82 • Arbab, F., Koehler, C., Maraikar, Z., Moon, Y.J., Proenca, J.: Modeling, testing and executing Reo connectors with the Eclipse coordination tools. Workshop on Formal Aspects in Component Software, Elsevier (2008). • Arbab, F., Chothia, T., Meng, S., Moon, Y.J.: Component connectors with QoSguarantees. In: Proc. of the Int. Conf. on Coordination Languages (Coordination'07). Volume 4467 of LNCS., Springer (2007) 286-304 • Meng, S., F.Arbab: On resource-sensitive timed component connectors. In: Proc.of the Int. Conf. on Formal Methods for Open Object-Based Distributed Systems(FMOODS'07). Volume 4468 of LNCS., Springer (2007) 301-316 • Meng, S., Arbab, F.: Web service choreography and orchestration in Reo andconstraint automata. In: Proc. of the ACM Symposium on Applied Computing(SAC'07), ACM Press (2007) 346-353 • S. Tasharofi, M. Vakilian, R. Z. Moghaddam and M. Sirjani, “Modeling Web Service Interactions Using the Coordination Language Reo”, Proc. of the Int. Workshop on Web Services and Formal Methods, 2008, volume 4937 of LNCS, Springer, pp. 108-123 FMCO Sophia-Antipolis

  29. Conclusions and Future Work • Conclusions • A formal behavioral model for business process / service composition description • Model-driven development – from high-level models to unambiguous executable models and their implementation • Processes are represented as Reo circuits or constraint automata • Compliance concerns are expressed as Reo circuits, constraint automata or logic formulae • Future Work • Further investigation of compliance issues • Composition of processes from reusable compliant process fragments FMCO Sophia-Antipolis

More Related