Annotation-based compliance checking for business processes

doi:10.11772/j.issn.1001-9081.2014.07.2115

Journal of Computer Applications ›› 2014, Vol. 34 ›› Issue (7): 2115-2123.DOI: 10.11772/j.issn.1001-9081.2014.07.2115

Previous Articles Next Articles

Annotation-based compliance checking for business processes

GONG Ping¹,FENG Zaiwen²

1. School of Mathematics Computer Science, Fujian Normal University, Fuzhou Fujian 350007, China;
2. State Key Laboratory of Software Engineering (Wuhan University), Wuhan Hubei 430072, China

Received:2014-01-20 Revised:2014-02-28 Online:2014-07-01 Published:2014-08-01
Contact: GONG Ping

基于标注的业务过程合规性验证方法

龚平¹,冯在文²

1. 福建师范大学数学与计算机科学学院，福州 350007
2. 软件工程国家重点实验室(武汉大学)，武汉 430072

通讯作者: 龚平
作者简介:龚平(1982-)，男，福建福州人，讲师，博士，CCF会员，主要研究方向：服务计算、业务过程管理、形式化分析与验证；冯在文(1980-), 男，湖北
基金资助:
国家自然科学基金资助项目;福建省自然基金资助项目

Abstract

Abstract:

At present, enterprise's business are more and more circumscribed by the laws, regulations, standards and internal control system. How to enforce enterprises process-aware information system compliant has already become an important issue in Information System (IS) research. Ensure compliance of the process model is the important premise to realize process perception system compliance. In view of the compliance of process model at the process design stage, by extending previous work on executabililty checking for the semantically annotated process model, an annotation-based compliance checking was proposed, which mainly included techniques for generating annotation expressions for the compliance rule patterns and analyzing compliance annotated process model. Compliance annotation expressions specify the involved activities and constraints, which are the essential information for compliance debugging and run-time detection and evaluation. By using Satisfiability (SAT) solver, the compliance annotated process model can be efficiently checked and debugged.

摘要：

当前，企业的业务活动受到越来越多的来自政府法律法规、行业标准及自身内控制度的规范约束。如何确保支撑企业业务活动的过程感知系统是合规的已成为信息系统(IS)研究领域的热点问题。确保过程模型的合规性是实现过程感知系统的合规性的重要前提。针对过程设计阶段过程模型的合规性，扩展前期关于语义标注过程模型的可执行性分析的工作，提出了基于标注的合规性验证方法。方法包括:合规性规则模式的标注表达式生成和基于合规性标注的过程模型的可执行性分析方法。合规性标注表达式描述了规则所关联的活动及其相应的合规性约束，对合规性验证的调试及运行时合规性检测评估能起到有效的支持作用；合规性标注的过程模型的可执行分析方法是利用满足性求解器对合规性信息标注后的过程模型是否可执行进行求解。通过银行开户的流程案例，证明了上述方法的有效性。

CLC Number:

TP393

GONG Ping FENG Zaiwen. Annotation-based compliance checking for business processes[J]. Journal of Computer Applications, 2014, 34(7): 2115-2123.

龚平冯在文. 基于标注的业务过程合规性验证方法[J]. 计算机应用, 2014, 34(7): 2115-2123.

References

［1］DUMAS M, van der AALST W, HOFSTEDE A T. Process-aware information systems: bridging people and software though process technology［M］. New York: Wiley and Sons, 2005.
［2］ELGMMAL A, TURETKEN O, van den HEUVEL W J, et al. On the formal specification of regulatory compliance: a comparative analysis［C］// Proceedings of rhe 2010 International Conference on Service Oriented Computing. Berlin: Springer-Verlag, 2010: 27-38.
［3］ELGMMAL A, TURETKEN O, van den HEUVEL W J. Using patterns for the analysis and resolution of compliance violations［J］. International Journal of Cooperative Information Systems, 2012, 21(1): 21-54.
［4］LOHMANN N. Compliance by design for artifact-centric business processes［J］. Information Systems, 2013, 38(4): 606-618.
［5］AWAD A, WEIDLICH M, WESKE M. Visually specifying compliance rules and explaining their violations for business processes［J］. Journal of Visual Languages and Computing, 2011, 22(1): 20-55.
［6］GONG P, JIANG J M, ZHANG S. Executability analysis for semantically annotated process model［C］// Proceedings of the 2012 Asia Pacific Service Computing Conference. Piscataway: IEEE, 2012: 117-124.
［7］BECHER J, DELFMANN P, EGGERT M, et al. Generalizability and applicability of model-based business process compliance-checking approaches-A state of the art analysis and research roadmap［J］. Journal of VHB, 2012, 5(2):221-247.
［8］GHOSE A. K. and KOLIADIS G. Auditing business process compliance［C］// Proceedings of the 2007 International Conference on Service Oriented Computing. Berlin: Springer-Verlag, 2007:169-180.
［9］D'APRILE D, GIORDANO L. Verifying compliance of business processes with temporal answer sets［C/OL］.［2013-10-20］. http://ceur-ws.org/Vol-810/paper-l09.pdf.
［10］HOFFMANN J, WEBER I, GOVERNATORI G. On compliance checking for clausal constraints in annotated process models［J］. Information Systems Frontiers, 2012,14(2): 155-177.
［11］WEBER I, HOFFMANN J, MENDING J. Beyond soundness: on the verification of semantic business process models［J］. Distributed Parallel Databases, 2010, 27(3):271-343.
［12］RODRIGUEZ C, SCHLEICHER D, DANIEL F, et al. SOA-enabled compliance management: instrumenting, assessing, and analyzing service-based business processes［J］. Service Oriented Computing and Applications, 2013, 7(4):275-292.
［13］CARON F, VANTHIENEN J, BAESENS B. Comprehensive rule-based compliance checking and risk management with process mining［J］. Decision Support Systems, 2013, 54(3): 1357-1369.
［14］CONFORTI R, ROSA M L, FORTINO F. Real-time risk monitoring in business processes: a sensor-based approach［J］. Journal of Systems and Software, 2013, 86(11):2939-2965.

[1]	. Moving target defense decision-making algorithm based on multi-stage evolutionary signal game model [J]. Journal of Computer Applications, 0, (): 0-0.
[2]	ZHU Yuna, ZHANG Yutao, YAN Shaoge, FAN Yudan, CHEN Hantuo. Protocol identification approach based on semi-supervised subspace clustering [J]. Journal of Computer Applications, 2021, 41(10): 2900-2904.
[3]	. Positive influence maximization based on reverse influence sampling [J]. Journal of Computer Applications, 0, (): 0-0.
[4]	GUO Mian, ZHANG Jinyou. Computation offloading policy for machine learning in mobile edge computing environments [J]. Journal of Computer Applications, 2021, 41(9): 2639-2645.
[5]	NI Ping, CHEN Wei. Reflective cross-site scripting vulnerability detection based on fuzzing test [J]. Journal of Computer Applications, 2021, 41(9): 2594-2601.
[6]	. Secure offloading optimization of wireless powered mobile edge computing system [J]. Journal of Computer Applications, 0, (): 0-0.
[7]	. Cross chain mechanism based on Spark blockchain [J]. Journal of Computer Applications, 0, (): 0-0.
[8]	. Design and Simulation of Software Defined Network Flow Rule Conflict Detection System Based on OpenFlow [J]. Journal of Computer Applications, 0, (): 0-0.
[9]	. Transmission control protocol congestion control switching scheme based on scenario change [J]. Journal of Computer Applications, 0, (): 0-0.
[10]	CHEN Weiwei, CAO Li, GU Xiang. E-forensics model for internet of vehicles based on blockchain [J]. Journal of Computer Applications, 2021, 41(7): 1989-1995.
[11]	XIAO Yuelei, DENG Xiaofan. Improvement and analysis of certificate-based wired local area network security association scheme [J]. Journal of Computer Applications, 2021, 41(7): 1970-1976.
[12]	. Containerized virtual network embedding algorithm based on time-varying resources [J]. Journal of Computer Applications, 0, (): 0-0.
[13]	DONG Wentao, LI Zhuo, CHEN Xin. Online short video content distribution strategy based on federated learning [J]. Journal of Computer Applications, 2021, 41(6): 1551-1556.
[14]	SHI Anni, LI Taoshen, WANG Zhe, HE Lu. Relay selection strategy for cache-aided full-duplex simultaneous wireless information and power transfer system [J]. Journal of Computer Applications, 2021, 41(6): 1539-1545.
[15]	GE Lina, HU Yugu, ZHANG Guifen, CHEN Yuanyuan. Reverse hybrid access control scheme based on object attribute matching in cloud computing environment [J]. Journal of Computer Applications, 2021, 41(6): 1604-1610.

Annotation-based compliance checking for business processes

基于标注的业务过程合规性验证方法

PDF

Knowledge

Abstract

Cite this article

share this article

References

Related Articles 15

Recommended Articles

Metrics