Skip to main content
SpringerLink
Log in

Runtime self-monitoring approach of business process compliance in cloud environments

  • Published:
Cluster Computing Aims and scope Submit manuscript

A Correction to this article was published on 28 February 2018

This article has been updated

Abstract

Recently, several industrial studies have concluded that compliance management is one of the major challenges companies face nowadays. In practice, runtime compliance monitoring is of utmost importance for compliance assurance as during the design-time compliance checking phase, only a subset of the imposed compliance requirements can be statically checked due to the absence of required variable instantiation and contextual information. Furthermore, the fact that a business process model has been statically checked for compliance during design-time does not guarantee that the corresponding running business process instances are usually compliant due to human and machine errors. The problem of runtime monitoring of business process compliance becomes more challenging when business processes are executed in cloud computing environments. In this context, the compliance process can not rely on external components as the whole execution environment is mainly controlled by the cloud providers. In this article, we propose a novel approach to tackle this problem by adopting and configuring the business process models into a form that augment the associated compliance rules so that they can be monitored without the need to rely on external monitoring components. Compared to approaches that depend on an external monitoring component, our approach requires less sophisticated infrastructure when hosted on the cloud as well as less traffic footprint as communication with an external component for monitoring is no longer needed.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13
Fig. 14
Fig. 15
Fig. 16
Fig. 17
Fig. 18

Similar content being viewed by others

Change history

  • 28 February 2018

    The original version of this article unfortunately contained a mistake in the acknowledgement statement.

  • 28 February 2018

    The original version of this article unfortunately contained a mistake in the acknowledgement statement.

  • 28 February 2018

    The original version of this article unfortunately contained a mistake in the acknowledgement statement.

  • 28 February 2018

    The original version of this article unfortunately contained a mistake in the acknowledgement statement.

  • 28 February 2018

    The original version of this article unfortunately contained a mistake in the acknowledgement statement.

  • 28 February 2018

    The original version of this article unfortunately contained a mistake in the acknowledgement statement.

  • 28 February 2018

    The original version of this article unfortunately contained a mistake in the acknowledgement statement.

  • 28 February 2018

    The original version of this article unfortunately contained a mistake in the acknowledgement statement.

  • 28 February 2018

    The original version of this article unfortunately contained a mistake in the acknowledgement statement.

Notes

  1. http://www.accuity.com/industry-updates/free-resources/trends-in-aml-compliance-infographic/.

  2. http://www.activiti.org/javadocs/index.html.

  3. http://docs.camunda.org/latest/api-references/javadoc/.

  4. https://code.google.com/p/oryx-editor/.

  5. http://activiti.org/.

  6. It should be noted that our approach is agnostic towards the underlying business process execution engine and it can be adopted to any business process execution environment or SaaS platform.

  7. FinCEN: http://www.fincen.gov/.

References

  1. Alhamazani, K., Ranjan, R., Mitra, K., Rabhi, F.A., Jayaraman, P.P., Khan, S.U., Guabtni, A., Bhatnagar, V.: An overview of the commercial cloud monitoring tools: research dimensions, design issues, and state-of-the-art. Computing 97(4), 357–377 (2015)

  2. Awad, A., Barnawi, A., Elgammal, A., El Shawi, R., Almalaise, A., Sakr, S.: Runtime detection of business process compliance violations: an approach based on anti patterns. In: Wainwright, R.L., Corchado, J.M., Bechini, A., Hong, J. (eds.) Proceedings of the 30th Annual ACM Symposium on Applied Computing, Salamanca, Spain, April 13–17, 2015, pp. 1203–1210. ACM (2015)

  3. Awad, A., Pascalau, E., Weske, M.: Towards instant monitoring of business process compliance. In: EMISA Forum, vol. 30 (2010)

  4. Awad, A., Weidlich, M., Weske, M.: Specification. Verification and explanation of violation for data aware compliance rules, In: ICSOC/ServiceWave (2009)

  5. Awad, A., Weske, M.: Visualization of compliance violation in business process models. In: BPM Workshops (2009)

  6. Awad, A., Decker, G., Weske, M.: Efficient compliance checking using BPMN-Q and temporal logic. In: BPM (2008)

  7. Baldwin, R., Cave, M., Lodge, M.: Understanding Regulation: Theory, Strategy, and Practice. Oxford University Press (2011)

  8. Banescu, S., Petkovi, M.: Measuring privacy compliance using fitness metrics. In: BPM (2012)

  9. Barbon, F., Traverso, P., Pistore, M., Trainotti, M.: Run-time monitoring of instances and classes of web service compositions. In: ICWS (2006)

  10. Baresi, L., Guinea, S., Pasquale, L.: Self-healing BPEL processes with dynamo and the JBoss rule engine. In: ESSPE (2007)

  11. Baresi, L., Guinea, S.: Towards dynamic monitoring of ws-bpel processes. In: Benatallah, B., Casati, F., Traverso, P. (eds.) Service-Oriented Computing—ICSOC 2005. Lecture Notes in Computer Science, vol. 3826, pp. 269–282. Springer, Berlin (2005)

  12. Basin, D., Harvan, M., Klaedtke, F., Zalinescu, E.: Monpoly: monitoring usage control policies. In: Proceedings of the 2nd International Conference on Runtime Verification (RV 2011), pp. 360–364 (2012)

  13. Basin, D., Klaedtke, F., Müller, S., Pfitzmann, B.: Runtime monitoring of metric first-order temporal properties. In: Hariharan, R., Mukund, M., Vinay, V. (eds.) IARCS Annual Conference on Foundations of Software Technology and Theoretical Computer Science, Leibniz International Proceedings in Informatics (LIPIcs), vol. 2, pp. 49–60. Dagstuhl, Germany (2008). Schloss Dagstuhl–Leibniz-Zentrum fuer Informatik

  14. Beeri, C., Eyal, A., Milo, T., Pilberg, A.: Monitoring business processes with queries. In: VLDB (2007)

  15. Chesani, F., Mello, P., Montali, M., Riguzzi, F., Sebastianis, M., Storari, S.: Checking compliance of execution traces to business rules. In: Ardagna, D., Mecella, M., Yang, J. (eds.) Business Process Management Workshops. Lecture Notes in Business Information Processing, vol. 17, pp. 134–145. Springer, Berlin (2009)

  16. Decker, G., Overdick, H., Weske, M.: Oryx-sharing conceptual models on the Web. In: Conceptual Modeling—ER (2008)

  17. Delfmann, P., Herwig, S., Lis, L., Stein, A., Tent, K., Becker, J.: Pattern specification and matching in conceptual models - a generic approach based on set operations. Enter. Model. Inf. Syst. Archit. 5(3), 24–43 (2010)

    Google Scholar 

  18. Dwyer, M.B., Avrunin, G.S., Corbett, J.C.: Patterns in property specifications for finite-state verification. In: ICSE (1999)

  19. El Kharbili, M., de Medeiros, A.K.A., Stein, S., Van Der Aalst, W.M.P.: Business process compliance checking: current state and future challenges. In: MobIS (2008)

  20. El Kharbili, M., Ma, Q., Kelsen, P., Pulvermueller, E.: Policy-based and model-driven regulatory compliance management. In: EDOC, CoReL (2011)

  21. Elgammal, A., Butler, T.: Towards a framework for semantically-enabled compliance management in financial services. In: 1st International Workshop on Knowledge Aware Service Oriented Applications (KASA?15), co-located with ICSOC. Lecture Notes in Computer Science. Springer, Berlin (2014)

  22. Elgammal, A., Turetken, O., Jan van den Heuvel, W., Papazoglou, M.: Formalizing and appling compliance patterns for business process compliance. In: Software and Systems Modeling, pp. 1–28 (2014)

  23. Elgammal, A., Turetken, O., Jan van den Heuvel, W., Papazoglou, M.: Root-cause analysis of design-time compliance violations on the basis of property patterns. In: ICSOC, LNCS, vol. 6470. Springer (2010)

  24. FATF-GAFI. Fatf 40 recommendations standard. Technical report (2003)

  25. Giblin, C., Mueller, S., Pfitzmann, B.: Towards model-driven compliance automation, From regulatory policies to event monitoring rules (2006)

  26. Hallé, S., Villemaire, R.: XML methods for validation of temporal properties on message traces with data. In: OTM (2008)

  27. Hallé, S. Villemaire, R.: Runtime monitoring of message-based workflows with data. In: EDOC (2008)

  28. Hartman, T.: The Cost of Being Public in the Era of Sarbanes-Oxley. Foley and Lardner LLP (2006)

  29. Kühne, S., Kern, H., Gruhn, V., Laue, R.: Business process modeling with continuous validation. J. Softw. Evol. Process 22(7), 547–566 (2010)

    Article  Google Scholar 

  30. Luckham, D.: The Power of Events: An Introduction to Complex Event Processing in Distributed Enterprise Systems. Addison-Wesley (2002)

  31. Ly, L.T., Maggi, F.M., Montali, M., Rinderle-Ma, S., Van Der Aalst, W.M.P.: A framework for the systematic comparison and evaluation of compliance monitoring approaches. In: EDOC (2013)

  32. Ly, L.T., Rinderle-Ma, S., Dadam, P.: Design and verification of instantiable compliance rule graphs in process-aware information systems. In: CAiSE (2010)

  33. Ly, L.T., Rinderle-Ma, S., Knuplesch, D., Dadam, P.: Monitoring business process compliance using compliance rule graphs. In: OTM (2011)

  34. Maggi, F.M., Di Francescomarino, C., Dumas, M., Ghidini, C.: Predictive monitoring of business processes. In: CAiSE (2014)

  35. Maggi, F.M., Montali, M., Westergaard, M., Van Der Aalst, W.M.P.: An approach based on colored automata. In: BPM, Monitoring Business Constraints with Linear Temporal Logic (2011)

  36. Maggi, F.M., Westergaard, M., Montali, M., van der Aalst, W.M.P.: Runtime verification of ltl-based declarative process models. In: Khurshid, S., Sen, K. (eds.) Runtime Verification. Lecture Notes in Computer Science, vol. 7186, pp. 131–146. Springer, Berlin (2012)

  37. Mahbub, K., Spanoudakis, G.: A framework for requirements monitoring of service based systems. In: ICSOC (2004)

  38. Mell, P., Grance, T.: Definition of cloud computing. Technical report. National Institute of Standard and Technology (NIST) (2009)

  39. Mendling, J., Ploesser, K., Strembeck, M.: Specifying separation of duty constraints in BPEL4 people processes. In: BIS (2008)

  40. Montali, M., Maggi, F.M., Chesani, F., Mello, P., van der Aalst, W.M.P.: Monitoring business constraints with the event calculus (2013)

  41. Mulo, E., Zdun, U., Dustdar, S.: Domain-specific language for event-based compliance monitoring in process-driven SOAs. Serv. Orient. Comput. Appl. 7(1) (2013)

  42. Mulo, E., Zdun, U., Dustdar, S.: Monitoring web service event trails for business compliance. In: SOCA, pp. 1–8. IEEE (2009)

  43. Namiri, K., Stojanovic, N.: Pattern-based design and validation of business process compliance. In: Proceedings of the 2007 OTM Confederated International Conference on On the Move to Meaningful Internet Systems: CoopIS, DOA, ODBASE, GADA, and IS—Volume Part I, OTM’07, pp. 59–76. Springer, Berlin (2007)

  44. Narendra, N.C., Varshney, V.K., Nagar, S., Vasa, M., Bhamidipaty, A.: Optimal control point selection for continuous business process compliance monitoring. In: IEEE/SOLI 2008. IEEE International Conference on Service Operations and Logistics, and Informatics, 2008, vol. 2, pp. 2536–2541, Oct (2008)

  45. OASIS. Web services - human task (ws-humantask) version 1.1. Technical report (2010)

  46. OASIS. Web services business process execution language version 2.0. Technical report (2007)

  47. OASIS. Ws-bpel extension for people (bpel4people) specification version 1.1. Technical report (2010)

  48. Object Management Group. Business process model and notation specification 2.0.2. Technical report (2013)

  49. Pesic, M., Schonenberg, H., van der Aalst, W.M.P.: DECLARE: full support for loosely-structured processes. In: 11th IEEE International Enterprise Distributed Object Computing Conference (EDOC 2007), 15–19 October 2007, Annapolis, Maryland, USA, pp. 287–300. IEEE Computer Society (2007)

  50. Reuter, P., Truman, E.M.: Chasing dirty money: the fight against money laundering. Institute for International Economics (2005)

  51. Sakr, S., Awad, A.: A framework for querying graph-based business process models. In: Proceedings of the 19th International Conference on World Wide Web, WWW ’10, pp. 1297–1300. ACM, New York, NY, USA (2010)

  52. Sebahi, S., Hacid, M.S. Business process monitoring with bpath—(short paper). In: OTM Conferences (1) (2010)

  53. Thullner, R., Rozsnyai, S., Schiefer, J., Obweger, H., Suntinger, M.: Proactive business process compliance monitoring with event-based systems. In: EDOC Workshops (2011)

  54. Thullner, R., Rozsnyai, S., Schiefer, J., Obweger, H., Suntinger, M.: Proactive business process compliance monitoring with event-based systems. In: Enterprise Distributed Object Computing Conference Workshops (EDOCW), 2011 15th IEEE International, pp. 429–437, Aug (2011)

  55. Van Der Aalst, W.M.P., De Medeiros, A.K.A.: Process mining and security: detecting anomalous process executions. In: WISP (2004)

  56. van der Aalst, W., van Hee, K., van der Werf, J.M., Kumar, A., Verdonk, M.: Conceptual model for online auditing. Decis. Support Syst. 50(3) (2011)

  57. Van Der Werf, J.M., Verbeek, E., Van Der Aalst, W.M.P.: Context-aware compliance checking. In: BPM (2012)

  58. Venzke, M.: Specifications using xquery expressions on traces. Electron. Notes Theory Comput. Sci. 105, 109–118 (2004)

    Article  MATH  Google Scholar 

  59. W3C. Xml path language (xpath) 2.0 (second edition) (2011)

  60. Weidlich, M., Ziekow, H., Mendling, J.: Event-based monitoring of process execution violations. In: BPM (2011)

  61. Wolter, C., Miseldine, P., Meinel, C.: Verification of business process entailment constraints using spin. In: Massacci, F., Jr., Redwine, S.T., Zannone, N. (eds.) Engineering Secure Software and Systems. Lecture Notes in Computer Science, vol. 5429, pp. 1–15. Springer, Berlin (2009)

  62. Xiangpeng, Z., Cerone, A., Krishnan, P.: Verifying bpel workflows under authorisation constraints. In: Dustdar, S., Fiadeiro, J., Sheth, A.P. (eds.) Business Process Management. Lecture Notes in Computer Science, vol. 4102, pp. 439–444. Springer, Berlin (2006)

Download references

Acknowledgments

This work was supported by King Abdulaziz City for Science and Technology (KACST) project 11-INF1991-03.

Author information

Authors and Affiliations

  1. King Abdulaziz University, Jeddah, Saudi Arabia

    Ahmed Barnawi & Abdullah Almalaise

  2. Cairo University, Giza, Egypt

    Ahmed Awad & Amal Elgammal

  3. Princess Nourah Bint Abdulrahman University, Riyadh, Saudi Arabia

    Radwa El Shawi

  4. King Saud bin Abdulaziz University for Health Sciences, Riyadh, Saudi Arabia

    Sherif Sakr

Authors
  1. Ahmed Barnawi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ahmed Awad
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Amal Elgammal
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Radwa El Shawi
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Abdullah Almalaise
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Sherif Sakr
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ahmed Awad.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Barnawi, A., Awad, A., Elgammal, A. et al. Runtime self-monitoring approach of business process compliance in cloud environments. Cluster Comput 18, 1503–1526 (2015). https://doi.org/10.1007/s10586-015-0494-0

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10586-015-0494-0

Keywords

Search

Navigation