References of "Hermann, Frank 50001973"
     in
Bookmark and Share    
Full Text
See detailModeling and Reconfiguration of critical Business Processes for the purpose of a Business Continuity Management respecting Security Risk and Compliance requirements at Credit Suisse using Algebraic Graph Transformation: Extended Version
Brandt, Christoph; Hermann, Frank UL; Groote, Jan-Friso

Report (2010)

Critical business processes can fail. A Business Continuity Management System is a special management system that will de ne how to recover from such failures and speci es temporary work-arounds to make ... [more ▼]

Critical business processes can fail. A Business Continuity Management System is a special management system that will de ne how to recover from such failures and speci es temporary work-arounds to make sure a company is not going out of business in the worst case. However, because today's implementations are primarily organizational best-practice solutions, their security, risk and compliance issues in such a recovery situation are mostly unknown. Algebraic graph theory can be used as a formal method supporting employees when running business processes need to be recon gured to recover from speci c failures. The example discussed is a loan granting process in a real-world banking environment. Because such a process has to respect certain laws, regulations and rules even in emergency situations, we sketch how this can be done during the process recon guration by looking at security, risk and compliance issues, compatible with the graph technique. Furthermore, we show how the analysis can be extended to requirements concerning the information ow using the process algebra mCRL2. [less ▲]

Detailed reference viewed: 107 (4 UL)
Full Text
See detailEnterprise Modelling using Algebraic Graph Transformation - Extended Version
Brandt, Christoph; Hermann, Frank UL; Ehrig, Hartmut et al

Report (2010)

An analysis of today's situation at Credit Suisse has shown severe problems, because it is based on current best practices and ad-hoc modelling techniques to handle important aspects of security, risk and ... [more ▼]

An analysis of today's situation at Credit Suisse has shown severe problems, because it is based on current best practices and ad-hoc modelling techniques to handle important aspects of security, risk and compliance. Based on this analysis we propose in this paper a new enterprise model which allows the construction, integration, transformation and evaluation of di erent organizational models in a big decentralized organization like Credit Suisse. The main idea of the new model framework is to provide small decentralized models and intra-model evaluation techniques to handle services, processes and rules separately for the business and IT universe on one hand and for human-centric and machine-centric concepts on the other hand. Furthermore, the new framework provides inter-modelling techniques based on algebraic graph transformation to establish the connection between di erent kinds of models and to allow integration of the decentralized models. In order to check for security, risk and compliance in a suitable way, our models and techniques are based on di erent kinds of formal methods. In this paper, we show that algebraic graph transformation techniques are useful not only for intra-modelling { using graph grammars for visual languages and graph constraints for requirements { but also for inter-modelling { using triple graph grammars for model transformation and integration. Altogether, we present the overall idea of our new model framework and show how to solve speci c problems concerning intra- and inter-modelling as rst steps. This should give evidence that our framework can also ? This work is partially supported by Credit Suisse (Luxembourg) S.A., 56, Grand Rue BP 40, L-1660 Luxembourg, Telephone: +352 46 00 11-1, Fax: +352 46 32 70 handle important other requirements for enterprise modelling in a big decentralized organization like Credit Suisse. [less ▲]

Detailed reference viewed: 63 (3 UL)
Full Text
Peer Reviewed
See detailSpecification and Verification of Model Transformations
Hermann, Frank UL; Hülsbusch, Mathias; König, Barbara

in Electronic Communications of the EASST (2010), 30

Model transformations are a key concept within model driven development and there is an enormous need for suitable formal analysis techniques for model transformations, in particular with respect to ... [more ▼]

Model transformations are a key concept within model driven development and there is an enormous need for suitable formal analysis techniques for model transformations, in particular with respect to behavioural equivalence of source models and their corresponding target models. For this reason, we discuss the general challenges that arise for the specification and verification of model transformations and present suitable formal techniques that are based on graph transformation. In this context, triple graph grammars show many benefits for the specification process, e.g. modelers can work on an intuitive level of abstraction and there are formal results for syntactical correctness completeness and efficient execution. In order to verify model transformations with respect to behavioural equivalence we apply well-studied techniques based on the double pushout approach with borrowed context, for which the model transformations specified by triple graph transformation rules are flattened to plain (in-situ) graph transformation rules. The potential and adequateness of the presented techniques are demonstrated by an intuitive example, for which we show the correctness of the model transformation with respect to bisimilarity of source and target models. [less ▲]

Detailed reference viewed: 74 (3 UL)
Full Text
Peer Reviewed
See detailEfficient Analysis and Execution of Correct and Complete Model Transformations Based on Triple Graph Grammars
Hermann, Frank UL; Ehrig, Hartmut; Golas, Ulrike et al

in Bézivin, Jean; Soley, R.M.; Vallecillo, A. (Eds.) Proc. Int. Workshop on Model Driven Interoperability (MDI'10) (2010)

Triple Graph Grammars are a well-established, formal and intuitive concept for the specification and analysis of bidirectional model transformations. In previous work we have formalized and analyzed ... [more ▼]

Triple Graph Grammars are a well-established, formal and intuitive concept for the specification and analysis of bidirectional model transformations. In previous work we have formalized and analyzed already termination, correctness, completeness, local confluence and functional behaviour. In this paper, we show how to improve the efficiency of the execution and analysis of model transformations in practical applications by using triple rules with negative application conditions (NACs). In addition to specification NACs, which improve the specification of model transformations, the generation of filter NACs improves the efficiency of the execution and the analysis of functional behaviour supported by critical pair analysis of the tool AGG. We illustrate the results for the well-known model transformation from class diagrams to relational database models. [less ▲]

Detailed reference viewed: 91 (1 UL)
Full Text
Peer Reviewed
See detailPermutation Equivalence of DPO Derivations with Negative Application Conditions based on Subobject Transformation Systems
Hermann, Frank UL

in Electronic Communications of the EASST (2009), 16

Switch equivalence for transformation systems has been successfully used in many domains for the analysis of concurrent behaviour. When using graph transformation as modelling framework for these systems ... [more ▼]

Switch equivalence for transformation systems has been successfully used in many domains for the analysis of concurrent behaviour. When using graph transformation as modelling framework for these systems the concept of negative application conditions (NACs) is widely used -- in particular for the specification of operational semantics. In this paper we show that switch equivalence can be improved essentially for the analysis of systems with NACs by our new concept of permutation equivalence. Two derivations respecting all NACs are called permutation-equivalent if they are switch-equivalent disregarding the NACs. In fact, there are permutation-equivalent derivations which are not switch-equivalent with NACs. As main result of the paper, we solve the following problem: Given a derivation with NACs, we can efficiently derive all permutation-equivalent derivations to the given one by static analysis. The results are based on extended techniques for subobject transformation systems which have been introduced recently. [less ▲]

Detailed reference viewed: 67 (1 UL)
Full Text
Peer Reviewed
See detailTransformation of Type Graphs with Inheritance for Ensuring Security in E-Government Networks
Hermann, Frank UL; Ehrig, Hartmut; Ermel, Claudia

in Wirsing, Martin; Chechik, C. (Eds.) Proc. International Conference on Fundamental Aspects of Software Engineering (FASE'09) (2009)

E-government services usually process large amounts of confidential data, but simultaneously they shall provide simple and userfriendly graphical interfaces. Therefore, security requirements for the ... [more ▼]

E-government services usually process large amounts of confidential data, but simultaneously they shall provide simple and userfriendly graphical interfaces. Therefore, security requirements for the communication between components have to be adhered in a very strict way. Hence it is of main interest that developers can analyze their modularized models of actual systems and that they can detect critical patterns. For this purpose, we present a general and formal framework for critical pattern detection and user-driven correction as well as possibilities for automatic analysis and verification of security requirements on the meta model level. The technique is based on the formal theory of graph transformation, which we extend to transformations of type graphs with inheritance within a type graph hierarchy in order to enable the specification of relevant security requirements in this scenario. The extended theory is shown to fulfil the conditions of a weak adhesive HLR category allowing us to transfer analysis techniques and results shown for this abstract framework of graph transformation. In particular, we discuss how confluence analysis and parallelization can be used to enable distributed critical pattern detection. [less ▲]

Detailed reference viewed: 114 (1 UL)
Full Text
See detailCompleteness and Correctness of Model Transformations based on Triple Graph Grammars with Negative Application Conditions (Long Version)
Ehrig, Hartmut; Hermann, Frank UL; Sartorius, Christoph

Report (2009)

Model transformations are a key concept for modular and distributed model driven development. In this context, triple graph grammars have been investigated and applied to several case studies and they ... [more ▼]

Model transformations are a key concept for modular and distributed model driven development. In this context, triple graph grammars have been investigated and applied to several case studies and they show a convenient combination of formal and intuitive specification abilities. Especially the automatic derivation of forward and backward transformations out of just one specified set of rules for the integrated model simplifies the specification and enhances usability as well as consistency. Since negative application conditions (NACs) are key ingredient for many model transformations based on graph transformation we embed them in the concept of triple graph grammars. As a first main result we can extend the composition/decomposition result for triple graph grammars to the case with NACs. This allows us to show completeness and correctness of model transformations based on rules with NACs and furthermore, we can extend the characterization of information preserving model transformations to the case with NACs. The presented results are applicable to several model transformations and in particular to the well known model transformation from class diagrams to relational data bases, which we present as running example with NACs. [less ▲]

Detailed reference viewed: 77 (2 UL)
Full Text
See detailBehaviour Simulation and Equivalence of Systems Modelled by Graph Transformation
Ehrig, Hartmut; Ermel, Claudia; Hermann, Frank UL et al

in Bulletin of the EATCS (2009), 97

Our new project "Behaviour Simulation and Equivalence of Systems Modelled by Graph Transformation" funded by the German Research Council (DFG) has started in May 2008. In this contribution we present the ... [more ▼]

Our new project "Behaviour Simulation and Equivalence of Systems Modelled by Graph Transformation" funded by the German Research Council (DFG) has started in May 2008. In this contribution we present the main goals of the project and first results. [less ▲]

Detailed reference viewed: 71 (1 UL)
Full Text
Peer Reviewed
See detailCompleteness and Correctness of Model Transformations based on Triple Graph Grammars with Negative Application Conditions
Ehrig, Hartmut; Hermann, Frank UL; Sartorius, Christoph

in Electronic Communications of the EASST (2009), 18

Model transformations are a key concept for modular and distributed model driven development. In this context, triple graph grammars have been inves- tigated and applied to several case studies and they ... [more ▼]

Model transformations are a key concept for modular and distributed model driven development. In this context, triple graph grammars have been inves- tigated and applied to several case studies and they show a convenient combination of formal and intuitive speci?cation abilities. Especially the automatic derivation of forward and backward transformations out of just one specified set of rules for the integrated model simplifies the specification and enhances usability as well as consistency. Since negative application conditions (NACs) are key ingredient for many model transformations based on graph transformation we embed them in the concept of triple graph grammars. As a first main result we can extend the composi- tion/decomposition result for triple graph grammars to the case with NACs. This allows us to show completeness and correctness of model transformations based on rules with NACs and furthermore, we can extend the characterization of information preserving model transformations to the case with NACs. The presented results are applicable to several model transformations and in partic- ular to the well known model transformation from class diagrams to relational data bases, which we present as running example with NACs. [less ▲]

Detailed reference viewed: 64 (1 UL)
Full Text
See detailOn-the-Fly Construction, Correctness and Completeness of Model Transformations based on Triple Graph Grammars: Long Version
Ehrig, Hartmut; Ermel, Claudia; Hermann, Frank UL et al

Report (2009)

Triple graph grammars (TGGs) are a formal and intuitive concept for the specification of model transformations. Their main advantage is an automatic derivation of operational rules for bidirectional model ... [more ▼]

Triple graph grammars (TGGs) are a formal and intuitive concept for the specification of model transformations. Their main advantage is an automatic derivation of operational rules for bidirectional model transformations, which simplifies specification and enhances usability as well as consistency. In this paper we continue previous work on the formal definition of model transformations based on triple graph rules with negative application conditions (NACs). The new notion of partial source consistency enables us to construct consistent model transformations on-the-fly instead of analyzing consistency of completed model transformations. We show the crucial properties termination, correctness and completeness (including NAC-consistency) for the model transformations resulting from our construction. Moreover we define parallel independence for model transformation steps which allows us to perform partial-order reduction in order to improve efficiency. The results are applicable to several relevant model transformations and in particular to our example transformation from class diagrams to database models. [less ▲]

Detailed reference viewed: 63 (1 UL)
Full Text
Peer Reviewed
See detailOn-the-Fly Construction, Correctness and Completeness of Model Transformations based on Triple Graph Grammars
Ehrig, Hartmut; Ermel, Claudia; Hermann, Frank UL et al

in Schürr, Andy; Selic, Bran (Eds.) ACM/IEEE 12th Int. Conf. on Model Driven Engineering Languages and Systems (MODELS'09) (2009)

Triple graph grammars (TGGs) are a formal and intuitive concept for the specification of model transformations. Their main advantage is an automatic derivation of operational rules for bidirectional model ... [more ▼]

Triple graph grammars (TGGs) are a formal and intuitive concept for the specification of model transformations. Their main advantage is an automatic derivation of operational rules for bidirectional model transformations, which simplifies specification and enhances usability as well as consistency. In this paper we continue previous work on the formal definition of model transformations based on triple graph rules with negative application conditions (NACs). The new notion of partial source consistency enables us to construct consistent model transformations on-the-fly instead of analyzing consistency of completed model transformations. We show the crucial properties termination, correctness and completeness (including NAC-consistency) for the model transformations resulting from our construction. Moreover we define parallel independence for model transformation steps which allows us to perform partial-order reduction in order to improve efficiency. The results are applicable to several relevant model transformations and in particular to our example transformation from class diagrams to database models. [less ▲]

Detailed reference viewed: 108 (1 UL)
Full Text
See detailCospan DPO Approach: An Alternative for DPO Graph Transformations
Ehrig, Hartmut; Hermann, Frank UL; Prange, Ulrike

in Bulletin of the EATCS (2009)

The DPO approach for graph transformations is based on productions and direct transformations defined by two pushouts, where, roughly spoken, in the first pushout all items in L without K are deleted and ... [more ▼]

The DPO approach for graph transformations is based on productions and direct transformations defined by two pushouts, where, roughly spoken, in the first pushout all items in L without K are deleted and in the second one all items R without K are added, while those items in K are preserved. Intuitively, K is the intersection of L and R and, formally, p is a span of graph morphisms. In this paper we consider productions which are cospans of graph morphisms, and K corresponds to the union of L and R. As before, direct transformations are defined by double pushouts, but now the first pushout adds all items in KnL and the second one deletes KnR. This basic idea can be extended to an alternative graph transformation approach, called cospan DPO approach. Key notions of the classical DPO approach can be reformulated in the cospan DPO approach and our main result shows in which way corresponding concepts and results are equivalent. [less ▲]

Detailed reference viewed: 146 (2 UL)
Full Text
Peer Reviewed
See detailModeling and Reconfiguration of critical Business Processes for the purpose of a Business Continuity Management respecting Security Risk and Compliance requirements at Credit Suisse using Algebraic Graph Transformation
Brandt, Christoph; Hermann, Frank UL; Engel, Thomas UL

in Enterprise Distributed Object Computing Conference Workshops, 2009. EDOCW 2009. 13th, Proc. International Workshop on Dynamic and Declarative Business Processes (DDBP 2009) (2009)

Critical business processes can fail. Therefore, continuity processes are needed as backup solutions. At the same time business processes are required to comply with security, risk and compliance ... [more ▼]

Critical business processes can fail. Therefore, continuity processes are needed as backup solutions. At the same time business processes are required to comply with security, risk and compliance requirements. In the context discussed here, they should be modeled in a decentralized local and declarative way, including methodological support by tools. By discussing a simplified loan granting process in the context of a Business Continuity Management System at Credit Suisse, we show how algebraic graph transformation can contribute a methodologically sound solution being compatible with all these requirements in a coherent way. As a consequence significant benefits of automation and quality can be realized. The presented contribution is theoretically sound and implementable by the people in the field. [less ▲]

Detailed reference viewed: 165 (3 UL)
Full Text
Peer Reviewed
See detailSecurity and Consistency of IT and Business Models at Credit Suisse realized by Graph Constraints, Transformation and Integration using Algebraic Graph Theory
Brandt, Christoph; Hermann, Frank UL; Engel, Thomas UL

in Proc. Int. Conf. on Exploring Modeling Methods in Systems Analysis and Design 2009 (EMMSAD'09) (2009)

This paper shows typical security and consistency challenges regarding the models of the business and the IT universe of the dynamic service-, process- and rule-based environment at Credit Suisse. It ... [more ▼]

This paper shows typical security and consistency challenges regarding the models of the business and the IT universe of the dynamic service-, process- and rule-based environment at Credit Suisse. It presents a theoretical solution for enterprise engineering that is implementable, and fits smoothly with the daily needs and constraints of the people in the scenario. It further enables decentralized modeling based on cognitive and mathematical or logical concepts. Normative aspects of the models are analyzed by graph constraint checks, while consistency is checked and ensured by model integration and transformation. To cope with theoretical and practical necessities, the presented solution is kept sound and usable as well as extensible and scalable. All techniques are based on one theoretical framework: algebraic graph theory. Therefore, the techniques are compatible with each other. [less ▲]

Detailed reference viewed: 189 (1 UL)
Full Text
See detailPermutation Equivalence of DPO Derivations with Negative Application Conditions based on Subobject Transformation Systems: Long Version
Hermann, Frank UL

Report (2009)

Switch equivalence for transformation systems has been successfully used in many domains for the analysis of concurrent behaviour. When using graph transformation as modelling framework for these systems ... [more ▼]

Switch equivalence for transformation systems has been successfully used in many domains for the analysis of concurrent behaviour. When using graph transformation as modelling framework for these systems the concept of negative application conditions (NACs) is widely used -- in particular for the specification of operational semantics. In this paper we show that switch equivalence can be improved essentially for the analysis of systems with NACs by our new concept of permutation equivalence. Two derivations respecting all NACs are called permutation-equivalent if they are switch-equivalent disregarding the NACs. In fact, there are permutation-equivalent derivations which are not switch-equivalent with NACs. As main result of the paper, we solve the following problem: Given a derivation with NACs, we can efficiently derive all permutation-equivalent derivations to the given one by static analysis. The results are based on extended techniques for subobject transformation systems which have been introduced recently. [less ▲]

Detailed reference viewed: 72 (2 UL)
Peer Reviewed
See detailProcess Construction and Analysis for Workflows Modelled by Adhesive HLR Systems with Application Conditions
Hermann, Frank UL

in Ehrig, Hartmut; Heckel, Reiko; Rozenberg, G. (Eds.) et al Proc. International Conference on Graph Transformation (ICGT'08) (2008)

Graph transformation systems (gts) are suitable for modelling concurrent and distributed behaviour of systems and in particular of workflows. Analysis of the behaviour of these models is in general highly ... [more ▼]

Graph transformation systems (gts) are suitable for modelling concurrent and distributed behaviour of systems and in particular of workflows. Analysis of the behaviour of these models is in general highly complex but it is of main interest, especially for optimizing the system execution. Main focus of the PhD project is a formal approach for constructing the process of a workflow scenario to support possibilities of efficient analysis and execution. Based on the abstract framework of adhesive high level replacement systems the developed techniques will be applied on two levels. First, the framework is instantiated to different kinds of graph as well as Petri net transformation systems which are key ingredient for modelling mobile networks in [1]. In the second level, the modelling techniques are used to specify the production of industrial products, which can involve several thousands of production steps. A case study will show how a chain of production steps taken from a real production facility can be modelled as gts derivation. Formal techniques for process construction and analysis known for basic cases only have to be extended in various dimensions in order to be applied to the model and in general to the domain of workflows. A practical evaluation will compare the results with those derived by standard techniques for process analysis. [less ▲]

Detailed reference viewed: 97 (2 UL)
Full Text
See detailProcess Definition of Adhesive HLR Systems
Hermann, Frank UL

Report (2008)

Process models of graph transformation systems are based on the concept of occurrence grammars, which are a generalization of Petri net processes given by occurrence nets. Recently, subobject ... [more ▼]

Process models of graph transformation systems are based on the concept of occurrence grammars, which are a generalization of Petri net processes given by occurrence nets. Recently, subobject transformation systems were proposed as an abstract framework for occurrence grammars in adhesive categories, but they are restricted to monomorphic matches for transformation steps. In this paper we review the construction of STSs as processes for plain graph grammars and present an extension to weak adhesive HLR categories with non-monomorphic matching, such that e.g. attributed graph grammars are included. [less ▲]

Detailed reference viewed: 41 (1 UL)
Full Text
See detailTransformation of Type Graphs with Inheritance for Ensuring Security in E-Government Networks (Long Version)
Hermann, Frank UL; Ehrig, Hartmut; Ermel, Claudia

Report (2008)

E-government services usually process large amounts of confidential data. Therefore, security requirements for the communication between components have to be adhered in a strict way. Hence, it is of main ... [more ▼]

E-government services usually process large amounts of confidential data. Therefore, security requirements for the communication between components have to be adhered in a strict way. Hence, it is of main interest that developers can analyze their modularized models of actual systems and that they can detect critical patterns. For this purpose, we present a general and formal framework for critical pattern detection and user-driven correction as well as possibilities for automatic analysis and verification at meta-model level. The technique is based on the formal theory of graph transformation, which we extend to transformations of type graphs with inheritance within a type graph hierarchy. We apply the framework to specify relevant security requirements. The extended theory is shown to fulfil the conditions of a weak adhesive HLR category allowing us to transfer analysis techniques and results shown for this abstract framework of graph transformation. In particular, we discuss how confluence analysis and parallelization can be used to enable parallel critical pattern detection and elimination. [less ▲]

Detailed reference viewed: 42 (2 UL)
Peer Reviewed
See detailFrom Model Transformation to Model Integration based on the Algebraic Approach to Triple Graph Grammars
Ehrig, Hartmut; Ehrig, Karsten; Hermann, Frank UL

in Electronic Communications of the EASST (2008), 10

Success and efficiency of software and system design fundamentally relies on its models. The more they are based on formal methods the more they can be automatically transformed to execution models and ... [more ▼]

Success and efficiency of software and system design fundamentally relies on its models. The more they are based on formal methods the more they can be automatically transformed to execution models and finally to implementation code. This paper presents model transformation and model integration as specific problem within bidirectional model transformation, which has shown to support various purposes, such as analysis, optimization, and code generation. The main purpose of model integration is to establish correspondence between various models, especially between source and target models. From the analysis point of view, model integration supports correctness checks of syntactical dependencies between different views and models. The overall concept is based on the algebraic approach to triple graph grammars, which are widely used for model transformation. The main result shows the close relationship between model transformation and model integration. For each model transformation sequence there is a unique model integration sequence and vice versa. This is demonstrated by a quasi-standard example for model transformation between class models and relational data base models. [less ▲]

Detailed reference viewed: 57 (2 UL)
Full Text
See detailOn the Relationship of Model Transformations Based on Triple and Plain Graph Grammars (Long Version)
Ehrig, Hartmut; Ermel, Claudia; Hermann, Frank UL

Report (2008)

Triple graph grammars have been applied and implemented as a formal basis for model transformations in a variety of application areas. They convince by special abilities in automatic derivation of forward ... [more ▼]

Triple graph grammars have been applied and implemented as a formal basis for model transformations in a variety of application areas. They convince by special abilities in automatic derivation of forward backward and several other transformations out of just one specified set of rules for the integrated model defined by a triple of graphs. While many case studies and all implementations, which state that they are using triple graph grammars, do not use triples of graphs this paper presents the justification for many of them. It shows a one to one correspondence between triple graph grammars and suitable plain graph grammars, thus results and benefits of the triple case can be transferred to the plain case. Main results show the relationship between both graph transformation approaches, syntactical correctness of model transformations based on triple graph grammars and a sound and complete condition for functional behaviour. Theoretical results are elaborated on an intuitive case study for a model transformation from class diagrams to database models. [less ▲]

Detailed reference viewed: 58 (2 UL)