A Static Compliance Checking Framework for Business Process Models

Regulatory compliance of business operations is a critical problem for enterprises. As enterprises increasingly use business process management systems to automate their business processes, technologies to automatically check compliance of process models against compliance rules are becoming important. In this paper, we present a method for improving the reliability and minimizing the risk of failure of business process management systems from a compliance perspective. The proposed method allows for the separate modeling of both process models and compliance concerns. Business process models expressed in the Business Process Execution Language are transformed into Pi calculus and then into Finite State Machines. Compliance rules captured in the graphical Business Property Specification Language are translated into Linear Temporal Logic. Thus, process models can be verified against these compliance rules by means of model checking technology. The benefit of our method is threefold: Through the automated verification of a large set of business process models, our approach increases deployment efficiency and lowers the risk of installing non-compliant processes. Furthermore, it reduces the cost associated with inspecting business process models for compliance. Finally, compliance checking may guarantee compliance of new process models before their execution and thereby increases the reliability of business operations in general.

By: Y Liu; Samuel Mueller; K. Xu

Published in: IBM Systems Journal, volume 46, (no 2), pages in 2007


This Research Report is available. This report has been submitted for publication outside of IBM and will probably be copyrighted if accepted for publication. It has been issued as a Research Report for early dissemination of its contents. In view of the transfer of copyright to the outside publisher, its distribution outside of IBM prior to publication should be limited to peer communications and specific requests. After outside publication, requests should be filled only by reprints or legally obtained copies of the article (e.g., payment of royalties). I have read and understand this notice and am a member of the scientific community outside or inside of IBM seeking a single copy only.


Questions about this service can be mailed to reports@us.ibm.com .