Formal Behavioural Models and Compliance Analysis for Service Oriented Systems Natallia Kokash and Farhad Arbab 21/10/2008 FMCO Sophia-Antipolis 1
Introduction � Role of Formal Methods in SOA � COMPAS Project � Reo Coordination Language � From Business Process Modeling (BPM) to Web Service (WS) Composition � BPMN to Reo mapping � Process analysis, examples � Support for Business Process Compliance � Control flow, transactions, temporal requirements, Quality of Service (QoS) � Related Work � Conclusions and Future Work 21/10/2008 FMCO Sophia-Antipolis 2
Role of Formal Methods in SOC � Analysis of composition/coordination languages (e.g., WS-BPEL, WS-CDL) � Complete unambiguous description of service behavior and non-functional properties � Verification of service interaction protocols � Analysis of WS compositions (behavioral compatibility of services, performance analysis, security, etc.) � Support for automated WS composition � … 21/10/2008 FMCO Sophia-Antipolis 3
COMPAS project � COMPAS = Compliance-driven Models, Languages, and Architectures for Services � Ensure dynamic and on-going compliance of software services to business regulations and user requirements � Help organizations to develope business compliance solutions easier and faster � Use model-driven techniques, domain-specific languages, and service-oriented computing � http://www.compas-ict.eu/ 21/10/2008 FMCO Sophia-Antipolis 4
What is Compliance? � A multi-faceted concept that encompasses the capability of an organization to meet requirements coming from � Regulatory/legislative documents � Basel II2, Sarbanes-Oxley6, IFRS2, MiFID3, LSF4, HIPAA, Tabaksblat5, etc. � Business contracts � Organization movements towards Quality of Service (QoS) � Compliance can be seen as � A state of “adherence of one set of rules (source rules) against another set of rules (target rules)” � A process, which is about “ensuring that business processes, operations and practice are in accordance with a prescribed set of norms” 21/10/2008 FMCO Sophia-Antipolis 5
Compliance categories � COMPAS has identified � Control flow, locative, information, resource and temporal compliance concerns � Monitoring, payment, privacy, quality, retention, security and transaction compliance concerns � Constraints on business process behavior � Workflow structure, data visibility, temporal constraints… � We aim at dealing with (at least) control flow, resource, temporal, quality and transaction compliance 21/10/2008 FMCO Sophia-Antipolis 6
Compliance-aware SOA design Compliance Concerns Business Process Lifecycle Graphical Modeling Tools (GMT) DSLs, GMT extensions Modeling (BPMN, UML2 ADs, BPEL) Model checking, BPMN2Reo,... refinement Constraints, Reo/Constraint Automata Temporal Logic Formulae, Modeling Tools Automata Implementation Code generation Java, BPEL, Web Services, WS-Policies, WS-CDL, WSDL XACML, etc. 21/10/2008 FMCO Sophia-Antipolis 7
Reo Coordination Language P synchronous asynchronous synchronous lossy synchronous filter channel FIFO1 channel drain drain channel channel ≤ τ synchronous timer channel asynchronous spout spout B B A A = Semantics C C Constraint automata � Exclusive choice (deffered XOR) [Baier et al., 2006] � B Connector coloring � Service2 A [Clarke et al., 2006] � Service1 Service3 C 21/10/2008 FMCO Sophia-Antipolis 8
Reo Coordination Tools Reo Connector Editor � Animation Plug-in � Reconfiguration Plug-in � Converter to Extended Constraint Automata (time, QoS) � Model Checking Tool (provided by University of Dresden) � � http://wwwtcs.inf.tu- dresden.de/~klueppel/TUD_CWI/Welcome.html Java Code Generator (distributed version is also available) � http://reo.project.cwi.nl/ � BPEL to Reo converter (provided by University of Tehran) � � [S. Tasharofi et al. 2008] UML Sequence Diagrams to Reo converter – work in progress � BPMN to Reo converter – work in progress � 21/10/2008 FMCO Sophia-Antipolis 9
Business Process Design 1. BPMN diagram [Dijkman et al. IST’08] 2. Reo process model 21/10/2008 FMCO Sophia-Antipolis 10
Business Process Analysis 3. Reo animation 21/10/2008 FMCO Sophia-Antipolis 11
Business Process Analysis QoS analysis with Quantitative Intentional Automata (QIA) – Constraint Automata with quantitative properties, (e.g., arrival rates at ports and average delays of dataflows between ports). For performance analysis, these automata are translated to Continuous-Timed Markov Chains and fed into the PRISM model checker. 21/10/2008 FMCO Sophia-Antipolis 12
Web Service Composition 4. Service composition 21/10/2008 FMCO Sophia-Antipolis 13
BPMN 21/10/2008 FMCO Sophia-Antipolis 14
BPMN2Reo: basic gateways OR/XOR merge Parallel fork Parallel join g 1 ≤ τ g 2 M Data-based OR/XOR decision Event-based XOR decision Complex gateways (e.g., m out of n choice) - repository of workflow patterns modeled with Reo http://homepages.cwi.nl/~proenca/webreo/home.htm 21/10/2008 FMCO Sophia-Antipolis 15
BPMN2Reo: tasks, events and messages Atomic task A B Send order M 1 M 2 M Receive order C Message event D Synchronous message exchange P M M M ! A B Blocking Non-blocking lossy Non-blocking waiting Outgoing messages M 1 M 2 21/10/2008 FMCO Sophia-Antipolis 16
BPMN2Reo: Example [Sadiq et al, BPM’07] Parallel Send decline Purchaser XOR merge refused join Data-based XOR decision Send acknowledgment Receive goods and approved shipment notice Create purchase order start end Approve Create purchase purchase Receive request request message Parallel Send fork message Receive purchase order Source Receive purchase order start end goods 21/10/2008 FMCO Sophia-Antipolis 17 Supplier
BPMN2Reo: Process termination and exception handling T 1 T 2 T n ! ! start end P exception Sequantial atomic tasks cancel P 1 P 2 P n ! ! start end exception P’ cancel Sequantial sub-processes 21/10/2008 FMCO Sophia-Antipolis 18
BPMN2Reo: Process termination and exception handling Parallel sub-processes P 1 P 2 start end P n P’ exception cancel 21/10/2008 FMCO Sophia-Antipolis 19
BPMN2Reo: Task compensation T start performed ~T committed cancelled C commit cancel commit (committed) commit C C’ performed start start C (cancelled) performed cancel cancel 21/10/2008 FMCO Sophia-Antipolis 20
Modeling Long Running Business Transactions in Reo (commit all) C 1 C 2 C n ! ! ! start performed (cancel all performed) If a cancel message is cancelled received, the execution has P to be stopped and all executed activities have to cancel be compensated for Encode in a CTL-like logic and automatically check common workflow properties like • Durability ( no more than one output is reached for any process run) • Eventuality ( an output is reached for any process run) • Atomicity ( all involved activities are either successfully completed or successfully canceled), etc. 21/10/2008 FMCO Sophia-Antipolis 21
Modeling Long Running Business Transactions in Reo (commit all) A C 2 C 4 commit start C 1 C 6 performed start end cancelled cancel C 3 C 5 B A C 2 C 4 (commit all) C 1 C 6 ! start end C 3 C 5 B 21/10/2008 FMCO Sophia-Antipolis 22 cancelled cancel
Compliance-aware Business Process Design � Separation of Duty � One user cannot execute a whole process � E.g., four-eyes principle, “2 users must be involved in a process consisting of 4 sequential tasks” � Approach � Constraints on task assignment to users expressed in GMT extensions (e.g., BPMN) or DSLs � C. Wolter and A. Schaad “Modeling of Task-Based Authorization Constraints in BPMN”, BPM’07, volume 4714 of LNCS, Springer, pp. 64–79 21/10/2008 FMCO Sophia-Antipolis 23
Enforcing Separation of Duty Constraints [Wolter & Schaad, BPM’07] T 1 T 2 start stop A T 1 T 2 stop B • Animation engine or model checking tools can be used to verify that tasks T 1 and T 2 are executed by different users • Reo reconfiguration plug-in can be useful for process modification 21/10/2008 FMCO Sophia-Antipolis 24
Enforcing Separation of Duty Constraints [Wolter & Schaad, BPM’07] start 3-Counter 3-Counter 3 tasks have been increase Does A executed by A executes T i ? yes ! (remove the start stop corresponding token) no T i increase (The same circuit for B) 21/10/2008 FMCO Sophia-Antipolis 25
Recommend
More recommend