Petia Wohed,Wil M. P. van der Aalst,Marlon Dumas,Arthur H. M. ter Hofstede,Nick Russell

2005-01-01

Abstract:In this paper an evaluation of BPMN is presented, using the Workflow Patterns as an analysis framework. The analysis provided for BPMN is part of a larger effort aiming at an unbiased and vendor-independent survey of the expressive power of some mainstream modelling languages for process-aware information systems. It is a sequel to an analysis series where languages like BPEL and UML 2.0 A.D were evaluated. The results from the survey could both be used for the selection of a modelling technique, as well as for motivation and input to further development of any of the surveyed languages.

Sérgio Guerreiro,Pedro Sousa

DOI: https://doi.org/10.48550/arXiv.2012.09557

2020-12-17

Abstract:BPMN is a specification language widely used by industry and researchers for business process modeling and execution. It defines clearly how to articulate its concepts, but do not provide mechanism to represent the semantics of the produced models. This paper addresses the problem of how to improve the expressiveness of BPMN models, proposing a definition for the semantics of a business process within a BPMN model, and improving the completeness of the models in a systematic manner, so that models can describe far more situations with few extra managed complexity. We conceive a framework based on the business transaction patterns available in the enterprise ontology body of knowledge to prescribe the foundations of semantic BPMN models. A tool has been developed to automate the framework. Then, two industrial proof-of-concepts are used to measure its coverage, both positive and negative, and to argue about our proposal's usefulness. After that, the proposal is compared with others using a systematic literature review. A full BPMN pattern is proposed encompassing the happy flow, the declinations, the rejections and the revocations, without adding any new element to the BPMN specification. A software tool has been developed, and made publicly available, to support the automatic generation of the BPMN models from the proposed patterns. Our semantified BPMN pattern allowed the identification of a large amount of implicit, and other not implemented, situations in both proof-of-concepts. It is concluded that the usage of a semantic solution, grounded on a sound pattern, allows the systematic enrichment of the BPMN models with a bounded effort. Moreover, to simplify the BPMN executable models' implementation, its elements could be classified as implicit, explicit, or not implemented yet. Finally, related work indicates that this work is demanded, but no full solutions are available.

Software Engineering

Zhi-wei YU,Ren-zhong TANG

DOI: https://doi.org/10.3785/j.issn.1008-973X.2007.08.003

2007-01-01

Abstract:A method of analyzing security objectives of business process elements (BPEs) was presented to determine the security requirements of business processes. According to the business process model, the initial security objectives of BPEs were identified based on a general classification. And the weighting coefficients of the security objectives of activities were affirmed by calculating the in-degree and out-degree of activities. The consistency checking rules and revising principles were brought forward to check and modify the security objectives, the final security objectives of BPEs were obtained. A case study showed that the proposed method could be used to get the security objectives of BPEs objectively.

Guosheng Kang,Hangyu Cheng,Jianxun Liu,Yiping Wen,Jun Peng

DOI: https://doi.org/10.1109/tase.2024.3354929

IF: 6.636

2024-01-01

IEEE Transactions on Automation Science and Engineering

Abstract:Business process modeling is widely used in modern organizations for business description. Business Process Modeling Notation (BPMN), as a de-facto modeling standard, represents business process models in graphical notations. Nevertheless, BPMN lacks intuitive modeling tasks for Industrial Internet application scenarios (e.g., IoT tasks and multi-instance tasks with constraints). Although there are some works on extending BPMN elements to improve the model representation, most of them stay in the conceptual model only without tool support, or they are confined to specific domains. In this paper, we extend both BPMN elements and attributes for application in the Industrial Internet context, and two modeling tools are implemented in a client version and Web version to support business process modeling via low-code, enabling the BPMN extension model from conceptual to executable level. Two real-world case studies in Industrial Internet are conducted to show the usefulness of process models with BPMN extension. Furthermore, a comprehensive user experiment is conducted to evaluate the extended process models and tools, and the experimental results show that process models with extension have better quality compared with traditional process models and provided tools are effective for business process modeling in Industrial Internet applications Note to Practitioners—This article was motivated by the problem of business process modeling for Industrial Internet. Practically, existing methods extend BPMN elements and add text annotations to enhance the representation of process models. Although these methods facilitate process participants to understand the process models in detail, most of them focus on conceptual modeling and increase the complexity of process models. Moreover, the process models and multi-instance business constraints of business processes involving IoT elements are difficult to be represented by using native BPMN. This article proposes a comprehensive business process modeling language, named BPMN $++$ , which extend both new modeling elements for Industrial Internet business requirements and attributes for BPMN multi-instance tasks with the corresponding graphical notations. Then, BPMN $++$ model could be executed on the process engine, enabling the model from conceptual to executable level. Finally, comprehensive experiments are conducted for BPMN $++$ .

automation & control systems

Yu Zhiwei,Tang Rengzhong,Jia Dongjiao,Ye Fanbo

DOI: https://doi.org/10.3321/j.issn:1004-132X.2007.04.021

2007-01-01

Abstract:To identify the security requirements of information systems, a business process-based security requirement analysis method was presented. Focused on the business process security, the related assets which affect the business process security were identified by security tree model. The security requirements of assets were identified by risk packet and risk transferring model, and then the security requirements list was formed after coverage analysis. Finally, a case was studied to illustrate the proposed method.

Junaid Haseeb,Naveed Ahmad,Saif U.R. Malik,Adeel Anjum

DOI: https://doi.org/10.1108/bpmj-02-2019-0078

2019-10-16

Business Process Management Journal

Abstract:Purpose Business process (BP) reengineering is defined as reinventing BPs either structurally or technically to achieve dramatic improvements in performance. In any business process reengineering (BPR) project, process modeling is used to reason about problems found in existing (as-is) process and helps to design target (to-be) process. BP model notation is a widely accepted standard for process modeling. “Expressiveness” and “missing formal semantics” are two problems reported to its modeling practices. In existing studies, solutions to these problems are also proposed but still have certain limitations. The paper aims to discuss this issue. Design/methodology/approach In proposed methodology, a meta-model is formally defined that is composed of commonly used modeling elements and their well-formedness rules to check for syntactic and structural correctness of process models. Proposed solution also check semantics of process models and allows to compare as-is and to-be process models for gap identification which is another important aspect of BPR. To achieve the first goal, Z specification is used to provide formal specifications of modeling constructs and their rules and Z3 (an SMT solver) is used for comparisons and verifying properties. Findings Proposed method addresses both “expressiveness” and “missing formal semantics” of BPR models. The results of its evaluation clearly indicate that using formally specified meta-model, BPR model is syntactically and structurally correct. Moreover, formal modeling of BPs in Z3 helped to compare processes and to check control flow properties. Research limitations/implications Although the proposed method is tested on an example that is widely used in BPR literature, the example is only covering modeling elements which are part of the proposed subset and are reported in literature as frequently used modeling elements. A separate detailed study is required to test it on more complex systems. Practical implications Specifying process models using Z specification and Z3 solver requires certain expertise. Originality/value The proposed method adds value to BPR body of knowledge as it proposes a method to ensure structural and syntactic correctness of models, highlighting the importance of verifying run time properties and providing a direction toward comparing process models for gap analysis.

management,business

Nour Samaro,Timo Hartmann

DOI: https://doi.org/10.35490/ec3.2023.335

2023-07-10

Abstract:In today's data-driven environments, ensuring workflow efficiency and data security are crucial across various processes. The purpose of this study is to introduce a cloud framework based on Business Process Modeling Notation (BPMN) for assessing overheating risk in residential buildings. The framework provides a comprehensive approach, utilizing BPMN modeling to effectively evaluate and optimize risk assessment. By promoting clarity on shared processes and data, the framework enhances data sharing and assessment efficiency. This research significantly advances the field of overheating risk assessment and contributes to the development of cloud-based services for building assessment.

Engineering,Environmental Science

Jörn Eichler

DOI: https://doi.org/10.48550/arXiv.1204.1296

2012-04-05

Cryptography and Security

Abstract:Business process management (BPM) and accompanying systems aim at enabling enterprises to become adaptive. In spite of the dependency of enterprises on secure business processes, BPM languages and techniques provide only little support for security. Several complementary approaches have been proposed for security in the domain of BPM. Nevertheless, support for a systematic procedure for the development of secure electronic business processes is still missing. In this paper, we pinpoint the need for a security engineering process model in the domain of BPM and identify key requirements for such process model.

Seiger, Ronny,Furrer, Frank J.

DOI: https://doi.org/10.1007/s10270-024-01202-z

2024-08-25

Software & Systems Modeling

Abstract:Business process modeling is essential for organizations to comprehend, analyze, and enhance their business operations. The business process model and notation (BPMN) is a standard widely adopted for illustrating business processes. However, it falls short when modeling roles, interactions, and responsibilities within complex modern processes that involve digital, human, and non-human entities, typically found in cyber-physical systems (CPS). In this paper, we introduce Role-based BPMN (RBPMN), a standard-compliant extension of BPMN 2.0 that distinctly depicts roles and their interactions within business processes. We underscore the value of RBPMN and a role-based context modeling approach through a modeling example in CPS that facilitates the representation of role-based variations in the process flow, namely a production process in a smart factory. Our findings suggest that RBPMN is a valuable BPMN extension that enhances the expressiveness, variability, and comprehensiveness of business process models, especially in complex and context-sensitive processes.

computer science, software engineering

Diana Strutzenberger,Juergen Mangler,Stefanie Rinderle-Ma

DOI: https://doi.org/10.1007/s12599-023-00850-7

2024-01-31

Business & Information Systems Engineering

Abstract:The majority of (business) processes described in literature are discrete, i.e., they result in an identifiable and distinct outcome such as a settled customer claim or a produced part. However, there also exists a plethora of processes in process and control engineering that are continuous, i.e., processes that require real-time control systems with constant inlet and outlet flows as well as temporally stable conditions. Examples comprise chemical synthesis and combustion processes. Despite their prevalence and relevance a standard method for modeling continuous processes with BPMN is missing. Hence, the paper provides BPMN modeling extensions for continuous processes enabling an exact definition of the parameters and loop conditions as well as a mapping to executable processes. The BPMN modeling extensions are evaluated based on selected use cases from process and control engineering and interviews with experts from three groups, i.e., process engineers and two groups of process modelers, one with experience in industrial processes and one without. The results from the expert interviews are intended to identify (i) the key characteristics for the representation of continuous processes, (ii) how experts evaluate the current usability and comprehensibility of BPMN for continuous processes, and (iii) potential improvements can be identified regarding the introduced BPMN modeling extensions.

computer science, information systems

Mateusz Zych,Vasileios Mavroeidis,Konstantinos Fysarakis,Manos Athanatos

DOI: https://doi.org/10.1109/CSR57506.2023.10224922

2023-09-10

Abstract:As cyber systems become increasingly complex and cybersecurity threats become more prominent, defenders must prepare, coordinate, automate, document, and share their response methodologies to the extent possible. The CACAO standard was developed to satisfy the above requirements, providing a common machine-readable framework and schema for documenting cybersecurity operations processes, including defensive tradecraft and tactics, techniques, and procedures. Although this approach is compelling, a remaining limitation is that CACAO provides no native modeling notation for graphically representing playbooks, which is crucial for simplifying their creation, modification, and understanding. In contrast, the industry is familiar with BPMN, a standards-based modeling notation for business processes that has also found its place in representing cybersecurity processes. This research examines BPMN and CACAO and explores the feasibility of using the BPMN modeling notation to represent CACAO security playbooks graphically. The results indicate that mapping CACAO and BPMN is attainable at an abstract level; however, conversion from one encoding to another introduces a degree of complexity due to the multiple ways CACAO constructs can be represented in BPMN and the extensions required in BPMN to support CACAO fully.

Cryptography and Security

Imane Bouhali,Agnese Pasquariello,Faida Mhenni,Ferdinando Vitolo,Peter Hehenberger,Stanislao Patalano,Jean‐Yves Choley

DOI: https://doi.org/10.1002/sys.21791

IF: 2.034

2024-10-30

Systems Engineering

Abstract:Mechatronic systems become ever more complex because of their increasing number of interconnected safety critical components and sophistication. MBSE (Model‐based Systems Engineering) and MBSA (Model‐Based Safety Assessment) are the most commonly adopted approaches to deal with the design and safety analysis of mechatronic systems. Unfortunately, both approaches are normally adopted separately, especially in the earlier phases of system design, thus leading to a lack of communication between system engineers and the safety team. This work aims to fill that gap at a high level, that is, through process interaction. This paper proposes an enhanced V‐model for the design of safety‐critical mechatronic systems. It relates a system development process with specific safety assessment methods. Specifically, the proposed workflow details exchange flows between the RFLP (Requirements, Functional, Logical, Physical) method, the FHA (Functional Hazard Analysis), the FMEA (Failure Mode and Effects Analysis), the MBSA and simulation, and the FTA (Fault Tree Analysis). These analyses are complemented with multiphysics modeling and simulation to observe system behavior in functional and failure scenarios, with the aim of requirements verification. The design workflow has been applied to a winged Unmanned Aerial Vehicle to apply the parallel process and the necessary interaction of MBSE and MBSA approaches. The information flows between the individual activities proved effective for designing a safe system before the verification phase. The main benefit of the proposed workflow is providing both the design and safety team with some interaction points, thus avoiding a lack of safety‐critical analysis in the early phases of system design.

engineering, industrial,operations research & management science

Massimiliano de Leoni,Paolo Felli,Marco Montali

DOI: https://doi.org/10.1007/s13740-021-00132-z

2021-06-01

Journal on Data Semantics

Abstract:Abstract The operational backbone of modern organizations is the target of business process management, where business process models are produced to describe how the organization should react to events and coordinate the execution of activities so as to satisfy its business goals. At the same time, operational decisions are made by considering internal and external contextual factors, according to decision models that are typically based on declarative, rule-based specifications that describe how input configurations correspond to output results. The increasing importance and maturity of these two intertwined dimensions, those of processes and decisions, have led to a wide range of data-aware models and associated methodologies, such as BPMN for processes and DMN for operational decisions. While it is important to analyze these two aspects independently, it has been pointed out by several authors that it is also crucial to analyze them in combination. In this paper, we provide a native, formal definition of DBPMN models, namely data-aware and decision-aware processes that build on BPMN and DMN S-FEEL, illustrating their use and giving their formal execution semantics via an encoding into Data Petri nets (DPNs). By exploiting this encoding, we then build on previous work in which we lifted the classical notion of soundness of processes to this richer, data-aware setting, and show how the abstraction and verification techniques that were devised for DPNs can be directly used for DBPMN models. This paves the way towards even richer forms of analysis, beyond that of assessing soundness, that are based on the same technique.

Sérgio Guerreiro,Jan Dietz

2024-09-25

Abstract:This paper presents an integration between DEMO (Design and Engineering Methodology for Organizations) and BPMN (Business Process Model and Notation). While BPMN is widely used for its intuitive, flow-based representation of business processes, it suffers from a lack of formal semantics, ambiguity, and limitations in modeling multi-party collaborations. In contrast, DEMO offers a theoretically robust, ontology-driven framework that focuses on abstracting the essential structure of business processes. A novel approach combining the rigor of DEMO's transaction patterns with the more practical, widely adopted BPMN framework is proposed and demonstrated. This integration allows for the benefits of DEMO's theoretical foundations to be utilized within BPMN diagrams, providing a more comprehensive and precise understanding of business processes. We argue that this combination enriches the modeling of business processes, providing a more coherent and reliable tool for both practitioners and researchers.

Software Engineering,Emerging Technologies

Mustafa Hashmi,Guido Governatori

DOI: https://doi.org/10.1007/978-3-319-02922-1_8

2013-01-01

Abstract:Existing compliance management frameworks (CMFs) offer a multitude of compliance management functionalities for the modeling of specific norms for specific domain and compliance checking of normative requirements. This makes difficult for enterprises to decide on a framework suitable for their compliance requirements. Making a decision on the suitability requires a deep understanding of the functionalities of a framework. Gaining such an understanding is a difficult task which, in turn, requires specialised tools and methodologies for evaluation. Current compliance research lacks such tools and methodologies for evaluating CMFs. This paper reports a methodological evaluation of existing CMFs based on pre-defined evaluation criteria. Our evaluation highlights what existing CMFs can offer, and what they cannot. Also, it underpins various open questions and discusses the challenges in this direction.

Heru Susanto,Mohammad Nabil Almunawar,Yong Chee Tuan,Mehmet Sabih Aksoy,Wahyudin P. Syam

DOI: https://doi.org/10.48550/arXiv.1203.6214

2012-03-28

Abstract:Actually Information security becomes a very important part for the organization's intangible assets, so level of confidence and stakeholder trusted are performance indicator as successes organization. Since information security has a very important role in supporting the activities of the organization, we need a standard or benchmark which regulates governance over information security. The main objective of this paper is to implement a novel practical approach framework to the development of information security management system (ISMS) assessment and monitoring software, called by I-SolFramework. System / software is expected to assist stakeholders in assessing the level of their ISO27001 compliance readiness, the software could help stakeholders understood security control or called by compliance parameters, being shorter and more structured. The case study illustrated provided to the reader with a set of guidelines, that aims easy understood and applicable as measuring tools for ISMS standards (ISO27001) compliance.

Cryptography and Security

Petia Wohed,Nick Russell,Arthur H. M. ter Hofstede,Birger Andersson,Wil M. P. van der Aalst

DOI: https://doi.org/10.1016/j.infsof.2009.02.002

IF: 3.9

2009-01-01

Information and Software Technology

Abstract:In keeping with the proliferation of free software development initiatives and the increased interest in the business process management domain, many open source workflow and business process management systems have appeared during the last few years and are now under active development. This upsurge gives rise to two important questions: What are the capabilities of these systems? and How do they compare to each other and to their closed source counterparts? In other words: What is the state-of-the-art in the area?. To gain an insight into these questions, we have conducted an in-depth analysis of three of the major open source workflow management systems – jBPM, OpenWFE, and Enhydra Shark, the results of which are reported here. This analysis is based on the workflow patterns framework and provides a continuation of the series of evaluations performed using the same framework on closed source systems, business process modelling languages, and web-service composition standards. The results from evaluations of the three open source systems are compared with each other and also with the results from evaluations of three representative closed source systems: Staffware, WebSphere MQ, and Oracle BPEL PM. The overall conclusion is that open source systems are targeted more toward developers rather than business analysts. They generally provide less support for the patterns than closed source systems, particularly with respect to the resource perspective, i.e. the various ways in which work is distributed amongst business users and managed through to completion.

Behjat Zuhaira,Naveed Ahmad

DOI: https://doi.org/10.1108/bpmj-06-2018-0168

2020-08-22

Business Process Management Journal

Abstract:Purpose Significant numbers of business process management (BPM) projects fail. Their failure is attributed toward many factors. Among them, low quality of BPM is one reason. Some of the tasks in BPM have their roots in business process reengineering (BPR). The literature has cited many different critical success and failure factors for quality BPM and BPR. Lack of software tools is one of the technology-oriented factors that results in poor BPM and BPR. This paper aims to build a generic feature set offered by software tools for process modeling their analysis implementation and management. It presents an objective analysis in identifying weaknesses and strengths of these tools, primarily for BPM. Design/methodology/approach A method is proposed to evaluate the quality of process reengineering and management delivered by software tools. It consists of four phases: feature extraction, tool selection, data extraction and tool evaluation. Findings The data gathered is quantified to test research hypotheses, the results are statistically significant and highlight multiple areas for future improvements. Moreover, the cluster visualizations created also help to understand the strengths and weaknesses of BPM/BPR tools. Research limitations/implications Despite the research approach used, there is a chance of subjectivity when it comes to evaluating different tools. Practical implications The paper includes implications for practitioners and researchers for choosing appropriate software tool for process modeling, analysis, implementation and management, matching their requirements with BPM and BPR. It also identifies features that are missing in these tools. Originality/value This paper provides a comprehensive analysis of BPM and supporting tools, relates them to key stages of BPM life cycle and BPR methodologies. It also identifies various areas for further development in these tools.

management,business

Heru Susanto,Mohammad Nabil Almunawar,Yong Chee Tuan,Mehmet Sabih Aksoy,Wahyudin P Syam

DOI: https://doi.org/10.48550/arXiv.1204.0240

2012-04-02

Abstract:Actually Information security becomes a very important part for the organization's intangible assets, so level of confidence and stakeholder trusted are performance indicator as successes organization. Since information security has a very important role in supporting the activities of the organization, we need a standard or benchmark which regulates governance over information security. The main objective of this paper is to implement a novel practical approach framework to the development of information security management system (ISMS) assessment and monitoring software, called by I-SolFramework. System / software is expected to assist stakeholders in assessing the level of their ISO27001 compliance readiness, the software could help stakeholders understood security control or called by compliance parameters, being shorter and more structured. The case study illustrated provided to the reader with a set of guidelines, that aims easy understood and applicable as measuring tools for ISMS standards (ISO27001) compliance.

Cryptography and Security,Software Engineering

Chun Ouyang,Marlon Dumas,Arthur H. M. ter Hofstede,Wil M. P. van der Aalst

DOI: https://doi.org/10.1109/icws.2006.67

2008-01-01

International Journal of Web Services Research

Abstract:The business process modelling notation (BPMN) is a graph-oriented language in which control and action nodes can be connected almost arbitrarily. It is supported by various modelling tools but so far no systems can directly execute BPMN models. The business process execution language for Web services (BPEL) on the other hand is a mainly block-structured language supported by several execution platforms. In the current setting, mapping BPMN models to BPEL code is a necessary step towards unified and standards-based business process development environments. It turns out that this mapping is challenging from a scientific viewpoint as BPMN and BPEL represent two fundamentally different classes of languages. Existing methods for mapping BPMN to BPEL impose limitations on the structure of the source model. This paper proposes a technique that overcomes these limitations. Beyond its direct relevance in the context of BPMN and BPEL, this technique addresses difficult problems that arise generally when translating between flow-based languages with parallelism