基于标注的业务过程合规性验证方法

doi:10.11772/j.issn.1001-9081.2014.07.2115

计算机应用 ›› 2014, Vol. 34 ›› Issue (7): 2115-2123.DOI: 10.11772/j.issn.1001-9081.2014.07.2115

基于标注的业务过程合规性验证方法

龚平¹,冯在文²

1. 福建师范大学数学与计算机科学学院，福州 350007
2. 软件工程国家重点实验室(武汉大学)，武汉 430072

收稿日期:2014-01-20 修回日期:2014-02-28 发布日期:2014-08-01 出版日期:2014-07-01
通讯作者: 龚平
作者简介:龚平(1982-)，男，福建福州人，讲师，博士，CCF会员，主要研究方向：服务计算、业务过程管理、形式化分析与验证；冯在文(1980-), 男，湖北
基金资助:
国家自然科学基金资助项目;福建省自然基金资助项目

Annotation-based compliance checking for business processes

GONG Ping¹,FENG Zaiwen²

1. School of Mathematics Computer Science, Fujian Normal University, Fuzhou Fujian 350007, China;
2. State Key Laboratory of Software Engineering (Wuhan University), Wuhan Hubei 430072, China

Received:2014-01-20 Revised:2014-02-28 Online:2014-08-01 Published:2014-07-01
Contact: GONG Ping

摘要/Abstract

摘要：

当前，企业的业务活动受到越来越多的来自政府法律法规、行业标准及自身内控制度的规范约束。如何确保支撑企业业务活动的过程感知系统是合规的已成为信息系统(IS)研究领域的热点问题。确保过程模型的合规性是实现过程感知系统的合规性的重要前提。针对过程设计阶段过程模型的合规性，扩展前期关于语义标注过程模型的可执行性分析的工作，提出了基于标注的合规性验证方法。方法包括:合规性规则模式的标注表达式生成和基于合规性标注的过程模型的可执行性分析方法。合规性标注表达式描述了规则所关联的活动及其相应的合规性约束，对合规性验证的调试及运行时合规性检测评估能起到有效的支持作用；合规性标注的过程模型的可执行分析方法是利用满足性求解器对合规性信息标注后的过程模型是否可执行进行求解。通过银行开户的流程案例，证明了上述方法的有效性。

Abstract:

At present, enterprise's business are more and more circumscribed by the laws, regulations, standards and internal control system. How to enforce enterprises process-aware information system compliant has already become an important issue in Information System (IS) research. Ensure compliance of the process model is the important premise to realize process perception system compliance. In view of the compliance of process model at the process design stage, by extending previous work on executabililty checking for the semantically annotated process model, an annotation-based compliance checking was proposed, which mainly included techniques for generating annotation expressions for the compliance rule patterns and analyzing compliance annotated process model. Compliance annotation expressions specify the involved activities and constraints, which are the essential information for compliance debugging and run-time detection and evaluation. By using Satisfiability (SAT) solver, the compliance annotated process model can be efficiently checked and debugged.

中图分类号:

TP393

龚平冯在文. 基于标注的业务过程合规性验证方法[J]. 计算机应用, 2014, 34(7): 2115-2123.

GONG Ping FENG Zaiwen. Annotation-based compliance checking for business processes[J]. Journal of Computer Applications, 2014, 34(7): 2115-2123.

参考文献

［1］DUMAS M, van der AALST W, HOFSTEDE A T. Process-aware information systems: bridging people and software though process technology［M］. New York: Wiley and Sons, 2005.
［2］ELGMMAL A, TURETKEN O, van den HEUVEL W J, et al. On the formal specification of regulatory compliance: a comparative analysis［C］// Proceedings of rhe 2010 International Conference on Service Oriented Computing. Berlin: Springer-Verlag, 2010: 27-38.
［3］ELGMMAL A, TURETKEN O, van den HEUVEL W J. Using patterns for the analysis and resolution of compliance violations［J］. International Journal of Cooperative Information Systems, 2012, 21(1): 21-54.
［4］LOHMANN N. Compliance by design for artifact-centric business processes［J］. Information Systems, 2013, 38(4): 606-618.
［5］AWAD A, WEIDLICH M, WESKE M. Visually specifying compliance rules and explaining their violations for business processes［J］. Journal of Visual Languages and Computing, 2011, 22(1): 20-55.
［6］GONG P, JIANG J M, ZHANG S. Executability analysis for semantically annotated process model［C］// Proceedings of the 2012 Asia Pacific Service Computing Conference. Piscataway: IEEE, 2012: 117-124.
［7］BECHER J, DELFMANN P, EGGERT M, et al. Generalizability and applicability of model-based business process compliance-checking approaches-A state of the art analysis and research roadmap［J］. Journal of VHB, 2012, 5(2):221-247.
［8］GHOSE A. K. and KOLIADIS G. Auditing business process compliance［C］// Proceedings of the 2007 International Conference on Service Oriented Computing. Berlin: Springer-Verlag, 2007:169-180.
［9］D'APRILE D, GIORDANO L. Verifying compliance of business processes with temporal answer sets［C/OL］.［2013-10-20］. http://ceur-ws.org/Vol-810/paper-l09.pdf.
［10］HOFFMANN J, WEBER I, GOVERNATORI G. On compliance checking for clausal constraints in annotated process models［J］. Information Systems Frontiers, 2012,14(2): 155-177.
［11］WEBER I, HOFFMANN J, MENDING J. Beyond soundness: on the verification of semantic business process models［J］. Distributed Parallel Databases, 2010, 27(3):271-343.
［12］RODRIGUEZ C, SCHLEICHER D, DANIEL F, et al. SOA-enabled compliance management: instrumenting, assessing, and analyzing service-based business processes［J］. Service Oriented Computing and Applications, 2013, 7(4):275-292.
［13］CARON F, VANTHIENEN J, BAESENS B. Comprehensive rule-based compliance checking and risk management with process mining［J］. Decision Support Systems, 2013, 54(3): 1357-1369.
［14］CONFORTI R, ROSA M L, FORTINO F. Real-time risk monitoring in business processes: a sensor-based approach［J］. Journal of Systems and Software, 2013, 86(11):2939-2965.

[1]	宗学军韩冰王国刚宁博伟何戡连莲. TDRFuzzer:基于自适应动态区间策略的工业控制协议模糊测试方法[J]. 《计算机应用》唯一官方网站, 0, (): 0-0.
[2]	张明, 付乐, 王海峰. 面向边缘计算的并发数据流接转控制模型[J]. 《计算机应用》唯一官方网站, 2024, 44(12): 3876-3883.
[3]	郑智强王锐棋范子静何发镁姚叶鹏汪秋云姜政伟. DNS隧道检测技术研究综述[J]. 《计算机应用》唯一官方网站, 0, (): 0-0.
[4]	张立孝马垚杨玉丽于丹陈永乐. 基于命名实体识别的大规模物联网二进制组件识别[J]. 《计算机应用》唯一官方网站, 0, (): 0-0.
[5]	刘羿希, 何俊, 吴波, 刘丙童, 李子玉. DevSecOps中软件安全性测试技术综述[J]. 《计算机应用》唯一官方网站, 2024, 44(11): 3470-3478.
[6]	庞川林, 唐睿, 张睿智, 刘川, 刘佳, 岳士博. D2D通信系统中基于图卷积网络的分布式功率控制算法[J]. 《计算机应用》唯一官方网站, 2024, 44(9): 2855-2862.
[7]	方介泼, 陶重犇. 应对零日攻击的混合车联网入侵检测系统[J]. 《计算机应用》唯一官方网站, 2024, 44(9): 2763-2769.
[8]	张一鸣曹腾飞. 基于本地漂移和多样性算力的联邦学习优化算法[J]. 《计算机应用》唯一官方网站, 0, (): 0-0.
[9]	徐航, 杨智, 陈性元, 韩冰, 杜学绘. 基于自适应敏感区域变异的覆盖引导模糊测试[J]. 《计算机应用》唯一官方网站, 2024, 44(8): 2528-2535.
[10]	陈虹, 齐兵, 金海波, 武聪, 张立昂. 融合1D-CNN与BiGRU的类不平衡流量异常检测[J]. 《计算机应用》唯一官方网站, 2024, 44(8): 2493-2499.
[11]	耿海军董赟胡治国池浩田杨静尹霞. 基于Attention-1DCNN-CE的加密流量分类方法[J]. 《计算机应用》唯一官方网站, 0, (): 0-0.
[12]	邓淼磊阚雨培孙川川徐海航樊少珺周鑫. 基于深度学习的网络入侵检测系统综述[J]. 《计算机应用》唯一官方网站, 0, (): 0-0.
[13]	陈瑞龙胡涛卜佑军伊鹏胡先君乔伟. 面向加密恶意流量检测模型的堆叠集成对抗防御方法[J]. 《计算机应用》唯一官方网站, 0, (): 0-0.
[14]	吴中岱, 韩德志, 蒋海豹, 冯程, 韩冰, 陈重庆. 海洋船舶通信网络安全综述[J]. 《计算机应用》唯一官方网站, 2024, 44(7): 2123-2136.
[15]	姚梓豪, 栗远明, 马自强, 李扬, 魏良根. 基于机器学习的多目标缓存侧信道攻击检测模型[J]. 《计算机应用》唯一官方网站, 2024, 44(6): 1862-1871.

基于标注的业务过程合规性验证方法

Annotation-based compliance checking for business processes

PDF

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 15

编辑推荐

Metrics