Skip to main content
SpringerLink
Log in

Domain-specific language for event-based compliance monitoring in process-driven SOAs

  • Original Research Paper
  • Published:
Service Oriented Computing and Applications Aims and scope Submit manuscript

Abstract

Organizations today are required to adhere to a number of compliance concerns from laws, regulations and policies. Compliance is achieved through defining and implementing so-called controls in the organizations’ business processes. Organizations that build their systems based on the process-driven SOA paradigm realize business processes through orchestration of services to handle the process’ business activities. These business activities or groups of business activities in some cases realize the compliance controls. We propose an approach for implementing event-based compliance monitoring infrastructure that observes such business processes to verify that compliance is indeed adhered to. Our approach is essentially a model-driven technique for realizing this infrastructure. We implement a domain-specific language for specification of compliance directives, and we include code generation templates to generate compliance monitoring code, which is leveraged by complex event processing components to monitor for compliance. We evaluate the impact of our approach on the effort and productivity of a developer who is specifying compliance directives.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8

Similar content being viewed by others

Notes

  1. http://www.bis.org/publ/bcbs107.htm.

  2. http://www.commissiecorporategovernance.nl/Corporate_Governance_Code.

  3. http://www.gpo.gov/fdsys/pkg/CRPT-107hrpt610/pdf/CRPT-107hrpt610.pdf.

  4. www.isaca.org/cobit/.

  5. We use the terms directives and rules interchangeably.

References

  1. Zdun U, Hentrich C, Dustdar S (2007) Modeling process-driven and service-oriented architectures using patterns and pattern primitives. ACM Trans Web 1(3):14

    Article  Google Scholar 

  2. Kung P, Hagen C, Rodel M, Seifert S (2005) Business process monitoring& measurement in a large bank: challenges and selected approaches. In: Proceedings of the 16th international workshop on database and expert systems applications, pp 955–961

  3. Cannon JC, Byers M (2006) Compliance deconstructed. Queue 4(7):30–37

    Article  Google Scholar 

  4. Anderson R (2008) Security engineering. Wiley, New York

    Google Scholar 

  5. O’Grady S (2004) SOA meets compliance: compliance oriented architecture. http://redmonk.com/public/COA_final.pdf. Accessed April 2010

  6. Sadiq SW, Governatori G, Namiri K (2007) Modeling control objectives for business process compliance. In: Alonso G, Dadam P, Rosemann M (eds) BPM. Lecture notes in computer science, vol 4714. Springer, Berlin, pp 149–164

  7. Bonazzi R, Hussami L, Pigneur Y (2010) Compliance management is becoming a major issue in is design. In: D’Atri A, Saccà D (eds) Information systems: people, organizations, institutions, and technologies. Physica-Verlag, Heidelberg, pp 391–398

  8. Mulo E, Zdun U, Dustdar S (2009) Monitoring web service event trails for business compliance. In: SOCA, IEEE, pp 1–8

  9. Stoneburner G, Goguen A, Feringa A (2002) National institute of standards and technology special publications 800–30: risk management guide for information technology Systems

  10. IT Governance Institute (ITGI) (2006) IT control objectives for Sarbanes-Oxley. 2nd edn. Information Systems Audit and Control Association (ISACA) Inc

  11. Havey M (2005) Essential business process modeling. O’Reilly Media, Inc., USA

    Google Scholar 

  12. Object Management Group/Business Process Management Initiative (2008) Business process modeling notation (bpmn) version 1.0

  13. Zur Muehlen M, Rosemann M (2000) Workflow-based process monitoring and controlling-technical and organizational issues. In: Proceedings of the 33rd annual hawaii international conference on system, sciences, vol 2, pp 10

  14. McGregor C, Kumaran S (2002) Business process monitoring using web services in B2B e-commerce. In: Proceedings of the international parallel and distributed processing symposium (IPDPS 2002), pp 219–226

  15. Grigori D, Casati F, Castellanos M, Dayal U, Sayal M, Shan MC (2004) Business process intelligence. Comput Ind 53(3):321–343

    Article  Google Scholar 

  16. Luckham DC (2002) The power of events: an introduction to complex event processing in distributed enterprise systems. Addison-Wesley, Reading

    Google Scholar 

  17. Greiner T, Düster W, Pouatcha F, von Ammon R, Brandl HM, Guschakowski D (2006) Business activity monitoring of norisbank taking the example of the application easycredit and the future adoption of complex event processing (CEP). In: Proceedings of the 4th international symposium on principles and practice of programming in Java (PPPJ ’06), ACM, New York, pp 237–242

  18. Rozsnyai S, Vecera R, Schiefer J, Schatten A (2007) Event cloud—searching for correlated business events. In: The 9th IEEE international conference on e-commerce technology and the 4th IEEE international conference on enterprise computing, e-commerce and e-services (CEC/EEE 2007), pp 409–420

  19. Wei M, Ari I, Li J, Dekhil M (2007) ReCEPtor: sensing complex events in data streams for service-oriented architectures. Technical report HPL-2007-176, HP Labs

  20. Brandl HM (2007) Complex event processing in the context of business activity monitoring. University of Applied Sciences Regensburg, Master’s thesis

  21. Wu E, Diao Y, Rizvi S (2006) High-performance complex event processing over streams. In: Proceedings of the ACM SIGMOD international conference on management of data (SIGMOD ’06), ACM, New York, pp 407–418

  22. Völter M (2009) Md* best practices. J Object Technol 8(6):79–102

    Google Scholar 

  23. Workflow Management Coalition Specification (1999) Workflow management coalition terminology& glossary (Document No. WFMC-TC-1011). Workflow Management Coalition Specification

  24. Wohed P, van der Aalst WMP, Dumas M, ter Hofstede AHM, Russell N (2006) On the suitability of bpmn for business process modelling. In: Dustdar S, Fiadeiro JL, Sheth AP (eds) Business process management. Lecture notes in computer science, vol 4102. Springer, Berlin, pp 161–176

  25. Zdun U (2010) A DSL toolkit for deferring architectural decisions in DSL-based software design. Inf Softw Technol 52(7):733–748

    Article  Google Scholar 

  26. EsperTech (2009) Esper reference documentation version 3.2.0. EsperTech Inc

  27. Basili V, Caldiera G, Rombach H (1994) The goal question metric approach. Encycl Softw Eng 1:528–532

    Google Scholar 

  28. Li W, Henry SM (1993) Object-oriented metrics that predict maintainability. J Syst Softw 23(2):111–122

    Article  Google Scholar 

  29. Hatton L (1998) Does oo sync with how we think? IEEE Softw 15(3):46–54

    Article  Google Scholar 

  30. Henderson-Sellers B (1996) Object-oriented metrics: measures of complexity. Prentice Hall object-oriented series, Prentice Hall PTR,

  31. Oman P, Hagemeister J (1992) Metrics for assessing a software system’s maintainability. In: Proceerdings of the 1992, conference on software maintenance, pp 337–344

  32. Mahbub K, Spanoudakis G (2004) A framework for requirements monitoring of service based systems. In: Aiello M, Aoyama M, Curbera F, Papazoglou MP (eds) ACM, ICSOC, pp 84–93

  33. Giblin C, Liu AY, Zhou X (2005) Regulations expressed as logical models (REALM). In: A.I.O.S. Press (ed) Proceedings of the 18th annual conference on legal knowledge and information systems (JURIX ’05), pp 37–48

  34. Giblin C, Müller S, Pfitzmann B (2006) From regulatory policies to event monitoring rules: towards model-driven compliance automation. Technical report RZ 3662, IBM Research

  35. Rozinat A, van der Aalst WMP (2008) Conformance checking of processes based on monitoring real behavior. Inf Syst 33(1):64–95

    Article  Google Scholar 

  36. Baresi L, Ghezzi C, Guinea S (2004) Smart monitors for composed services. In: Proceedings of the 2nd international conference on Service oriented computing (ICSOC ’04), ACM, New York, 193–202

  37. Baresi L, Guinea S, Plebani P (2006) Lecture notes in computer science. In: WS-policy for service monitoring. Springer, Berlin, pp. 72–83

  38. Erradi A, Maheshwari P, Tosic V (2007) WS-policy based monitoring of composite web services. In: 5th IEEE European conference on web services (ECOWS ’07), pp 99–108

  39. Vaculin R, Sycara K (2007) Specifying and monitoring composite events for semantic web services. In: 5th IEEE European conference on web services (ECOWS ’07), pp 87–96

  40. Li Z, Jin Y, Han J (2006) A runtime monitoring and validation framework for web service interactions. In: The Australian software engineering conference (ASWEC ’06), pp 70–79

  41. Benatallah B, Casati F, Toumani F (2004) Analysis and management of web service protocols. In: Proceedings of the 23rd international conference on conceptual modeling (ER ’04), Shanghai, pp 524–541

  42. Sayal M, Casati F, Dayal U, Shan MC (2002) Business process cockpit. In: VLDB, Morgan Kaufmann, pp 880–883

Download references

Acknowledgments

This work was supported by funds from the European Commission (contract No. 215175 for the FP7-ICT-2007-1 project COMPAS).

Author information

Authors and Affiliations

  1. Distributed Systems Group, Institute of Information Systems, Vienna University of Technology, Vienna, Austria

    Emmanuel Mulo & Schahram Dustdar

  2. Faculty of Computer Science, University of Vienna, Vienna, Austria

    Uwe Zdun

Authors
  1. Emmanuel Mulo
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Uwe Zdun
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Schahram Dustdar
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Emmanuel Mulo.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Mulo, E., Zdun, U. & Dustdar, S. Domain-specific language for event-based compliance monitoring in process-driven SOAs. SOCA 7, 59–73 (2013). https://doi.org/10.1007/s11761-012-0121-3

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11761-012-0121-3

Keywords

Search

Navigation