Advertisement

Root-Cause Analysis of Design-Time Compliance Violations on the Basis of Property Patterns

  • Amal Elgammal
  • Oktay Turetken
  • Willem-Jan van den Heuvel
  • Mike Papazoglou
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6470)

Abstract

Today’s business environment demands a high degree of compliance of business processes with business rules, policies, regulations and laws. Compliance regulations, such Sarbanes-Oxley force enterprises to continuously review their business processes and service-enabled applications and ensure that they satisfy the set of relevant compliance constraints. Compliance management should be considered from the very early stages of the business process design. In this paper, a taxonomy of compliance constraints for business processes is introduced based on property specification patterns, where patterns can be used to facilitate the formal specification of compliance constraints. This taxonomy serves as the backbone of the root-cause analysis, which is conducted to reason about and eventually resolve design-time compliance violations. Based on the root-cause analysis, appropriate guidelines and instructions can be provided as remedies to alleviate design-time compliance deviations in service-enabled business processes.

Keywords

Regulatory compliance Compliance constraint detection and prevention Design-time compliance management Formal compliance model Compliance patterns root-cause analysis 

References

  1. 1.
    Papazoglou, M., Traverso, P., Dustdar, S., Leymann, F.: Service-Oriented Computing: State of the Art and Research Challenges. Computer 40, 38–45 (2007)CrossRefGoogle Scholar
  2. 2.
    Sadiq, S., Governatori, G., Naimiri, K.: Modeling Control Objectives for Business Process Compliance. In: 10th International Conference on BPM, Australia, pp. 149–164 (2007)Google Scholar
  3. 3.
    ITIL: Information Technology Infrastructure Library (2010)Google Scholar
  4. 4.
    Dwyer, M., Avrunin, G., Corbett, J.: Property Specification Patterns for Finite-State Verification. In: Workshop on Formal Methods on Software Practice, USA, pp. 7–15 (1998)Google Scholar
  5. 5.
    Liu, Y., Muller, S., Xu, K.: A Static Compliance-Checking Framework for Business Process Models. IBM Systems Journal 46 (2007)Google Scholar
  6. 6.
    Pnueli, A.: The Temporal Logic of Programs. In: 18th IEEE Symposium on Foundations of Computer Science, pp. 46–57 (1977)Google Scholar
  7. 7.
    Dettmer, H.: Goldratt’s Theory of Constraints: a systems approach to continuous improvement, pp. 62–119. ASQC Quality Press (1997)Google Scholar
  8. 8.
    Mosely, H.: Current Reality Trees: An Action Learning Tool for Root Cause Analysis (2006), http://www.jhuccp.org/training/scope/starguide/toc/rootcauseanalysis.ppt
  9. 9.
    Buchi, K.: On a Decision Method in Restricted Second Order Arithmetic. In: International Congress on Logic, Method, Philosophy of Science, Stanford, pp. 1–11 (1960)Google Scholar
  10. 10.
    Clarke, E., Grumberg, J., Peled, D.: Model Checking. MIT Press, Cambridge (2000)Google Scholar
  11. 11.
    Yu, J., Manh, T., Han, J., Jin, Y.: Pattern-Based Property Specification and Verification for Service Composition. In: Aberer, K., Peng, Z., Rundensteiner, E.A., Zhang, Y., Li, X. (eds.) WISE 2006. LNCS, vol. 4255, pp. 156–168. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  12. 12.
    COMPAS official web site – Project description, http://www.compas-ict.eu/project.php Google Scholar
  13. 13.
    Arbab, F., Kokash, N., Meng, S.: Towards Using Reo for Compliance-Aware Business Process Modeling. In: ISOLA 2008, Greece, pp. 108–123 (2008)Google Scholar
  14. 14.
    Governatori, G., Milosevic, Z., Sadiq, S.: Compliance Checking Between Business Processes and Business Contracts. In: EDOC 2006, Hong Kong, pp. 221–232 (2006)Google Scholar
  15. 15.
    Governatori, G., Milosevic, Z.: Dealing with Contract Violations: Formalism and Domain-Specific Language. In: EDOC 2005, pp. 46–57 (2005)Google Scholar
  16. 16.
    Goedertier, S., Vanthienen, J.: Designing Compliant Business Processes with Obligations and Permissions. In: The International BPM Workshops, Austria, pp. 5–14 (2006)Google Scholar
  17. 17.
    Governatori, G., Rotolo, A.: Logic of Violations: A Gentzen System for Reasoning with Contrary-to-duty Obligations. Australasian Journal of Logic (2006)Google Scholar
  18. 18.
    Governatori, G.: Representing Business Contracts in RuleML. International Journal of Cooperative Information Systems (2005)Google Scholar
  19. 19.
    Milosevic, Z., Sadiq, S., Orlowska, M.: Translating business contract into compliant business processes. In: EDOC 2006, pp. 211–220 (2006)Google Scholar
  20. 20.
    Lu, R., Sadiq, S., Governatori, G.: Compliance Aware Business Process Design. In: ter Hofstede, A.H.M., Benatallah, B., Paik, H.-Y. (eds.) BPM Workshops 2007. LNCS, vol. 4928, pp. 120–131. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  21. 21.
    Abouzaid, F., Mullins, J.: A Calculus for Generation, Verification, and Refinement of BPEL Specifications. In: WWV 2007, pp. 43–68 (2007)Google Scholar
  22. 22.
    Giblin, C., Liu, A., Muller, S., B., P., Zhou, X.: Regulations Expressed As Logical Models. 18th Conference of legal knowledge and information systems, pp. 37-48, Belgium (2005),Google Scholar
  23. 23.
    Awad, A., Weidlich, M., Weske, M.: Specification, Verification and Explanation of Violation for Data Aware Compliance Rules. In: Baresi, L., Chi, C.-H., Suzuki, J. (eds.) ICSOC-ServiceWave 2009. LNCS, vol. 5900, pp. 500–515. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  24. 24.
    Namiri, K., Stojanovic, N.: Pattern-based Design and Validation of Business Process Compliance. LNCS, pp. 59–76 (2007)Google Scholar
  25. 25.
    Gruhn, V., Laue, R.: Specification Patterns for Time-Related Properties. In: 12th Int’l Symposium on Temporal Representation and Reasoning, pp. 191–198 (2005)Google Scholar
  26. 26.
    Ghose, A., Koliadis, G.: Auditing Business Process Compliance. In: Krämer, B.J., Lin, K.-J., Narasimhan, P. (eds.) ICSOC 2007. LNCS, vol. 4749, pp. 169–180. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  27. 27.
    Lu, R., Sadiq, S., Governatori, G.: Measurement of Compliance Distance in Business Processes. Information Systems Management 25, 344–355 (2008)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Amal Elgammal
    • 1
  • Oktay Turetken
    • 1
  • Willem-Jan van den Heuvel
    • 1
  • Mike Papazoglou
    • 1
  1. 1.European Research Institute in Service Science (ERISS)Tilburg UniversityTilburgThe Netherlands

Personalised recommendations