El autor Rafael M. Gasca ha publicado 8 artículo(s):

Dentro de las organizaciones, los problemas de optimización pueden encontrarse en numerosos ejemplos, tales como minimizar los costes de producción, los errores producidos, o maximizar la fidelidad de los clientes. La resolución de estos problemas es un reto que conlleva un esfuerzo extra. Hoy en día, los problemas de Big Data se suman a estos problems de optimización en dichas empresas. Desafortunadamente, afrontar estos problemas en la pequeña y mediana empresa es extremadamente difícil o incluso imposible. En este artículo, proponemos la arquitectura llamada Fabiola, que permite describir los datos distribuidos y estructurados en problemas de optimización que pueden ser paralelizados. Además, Fabiola aplica las técnicas de Programación con Restricciones para poder devolver la solución a dichos problemas de optimización.

Autores: Luisa Parody / Angel Jesus Varela Vaca / Rafael M. Gasca / 
Palabras Clave: big data - Estructura de Datos - Problemas de Optimización - Programación con Restricciones

Organizations execute daily activities to meet their objectives. The performance of these activities can be fundamental for achieving a business objective, but they also imply the assumption of certain security risks that might go against a company’s security policies. A risk may be defined as the effects of uncertainty on the achievement of the goals of a company, some of which can be associated with security aspects (e.g., data corruption or data leakage). The execution of the activities can be choreographed using business processes models, in which the risk of the entire business process model derives from a combination of the single activity risks (executed in an isolated manner). In this paper, the problem of automatic security risk management in the current BPMS is addresses. First, a formalization of the risk elements according to process models is included. These elements are supported as a BPMN 2.0 extension of risk information that is analyzed to determine nonconformance regarding risk goals. In addition, a diagnosis of the risk associated with the activity responsible for the nonconformance is also carried out. To this end, the proposal applies mechanisms based on the model-based diagnosis in which activities are in nonconformance with regard to the acceptable level of risk. The automation of diagnosis is carried out using artificial intelligence techniques based on constraint programming. The proposal is supported by the implementation of a plug-in that enables the graphical specification of the extension and the automation of the verification and diagnosis process. To the best of our knowledge, this is the first published work that addresses the risk-aware design of business processes with automatic techniques.

Autores: Angel Jesus Varela Vaca / Luisa Parody / Rafael M. Gasca / Maria Teresa Gómez López / 
Palabras Clave: Business Process Management - Business Process Model - Constraint programming - Model-based Diagnosis - Security-Risk Assessment

Los procesos de negocio ofrecen la infraestructura necesaria para la combinación de distintas actividades en un único proceso. Dicha combinación puede implicar el intercambio de datos entre las mismas, de forma que la calidad de datos toma una especial relevancia. Si los datos que utilizan las actividades involucradas no tienen el nivel de calidad adecuado, el resultado generado por el proceso podría no ser ni fiable ni usable por el usuario final. Una forma de garantizar la confiabilidad en los datos es mediante una certificación de su nivel de calidad. La certificación de los niveles de calidad de los datos que deben manejar las actividades que se combinan, puede ser descrita mediante el uso de la familia de estándares ISO/IEC 8000-100. El uso de esta certificación supone una nueva restricción que ha de tenerse en cuenta a la hora de buscar el resultado global en la combinación de actividades. En este artículo se propone el diseño y la implementación de una Arquitectura de Servicios llamada I8K, que se encarga del proceso de evaluación y certificación de los datos, y de como ésta se ha aplicado a un ejemplo motivador sobre la combinacíon de actividades para la organización de un viaje, que implica la búsqueda de billete de avión, estancia en hotel, y opcionalmente el alquiler de coches.

Autores: Isabel Bermejo / Luisa Parody / Ismael Caballero / María Teresa Gómez-López / Rafael M. Gasca / 
Palabras Clave: Arquitectura de Servicios - Calidad de Datos - Combinación de Actividades - ISO 8000-100 - Procesos de Negocio

Los datos son uno de los activos más importantes de las organizaciones. Prueba de ello son las iniciativas que están surgiendo para disponer y analizar la mayor cantidad de datos posibles (efecto Big Data), pudiendo así poder descubrir patrones de comportamiento de posibles clientes. Así es frecuente que las organizaciones adquieran datos de terceras partes, datos que son usados como base para los procesos de negocio. Pero, en general, si los datos adquiridos no tienen un nivel de calidad adecuado, entonces no podrá extraerse de ellos el máximo rendimiento. Para evitar esto, es posible establecer acuerdos a niveles de servicio para la adquisición de datos, que es el principal objeto de este artículo. Para ello, se puede usar ISO 8000 partes 100 a 140, que tratan específicamente sobre el intercambio de datos maestros. Para facilitar dicho intercambio de datos, proponemos el uso de un framework que permite combinar los servicios web que satisfacen los correspondientes requisitos de la familia de estándares. Dicho framework consiste en dos componentes: I8K ­ una arquitectura de servicio ­ e ICS-API ­ una interfaz de programación de aplicaciones que permite usar I8K-. La principal aportación de este artículo radica en describir cómo usar el framework para implementar los aspectos tecnológicos de los acuerdos a niveles de servicio, cuando la calidad de datos tiene que ser tenida en cuenta durante el intercambio de datos como parte de la operativa.

Autores: Ismael Caballero / Isabel Bermejo / Luisa Parody / Mª Teresa Gómez López / Rafael M. Gasca / Mario Piattini / 
Palabras Clave: Acuerdo a nivel de servicio - Calidad de Datos - I8K - Intercambio de Datos Maestros - ISO 8000-1x0

The proper configuration of systems has become a fundamental factor to avoid cybersecurity risks. Thereby, the analysis of cybersecurity vulnerabilities is a mandatory task, but the number of vulnerabilities and system configurations that can be threatened is extremely high. In this paper, we propose a method that uses software product line techniques to analyse the vulnerable configuration of the systems. We propose a solution, entitled AMADEUS, to enable and support the automatic analysis and testing of cybersecurity vulnerabilities of configuration systems based on feature models. AMADEUS is a holistic solution that is able to automate the analysis of the specific infrastructures in the organisations, the existing vulnerabilities, and the possible configurations extracted from the vulnerability repositories. By using this information, AMADEUS generates automatically the feature models, that are used for reasoning capabilities to extract knowledge, such as to determine attack vectors with certain features. AMADEUS has been validated by demonstrating the capacities of feature models to support the threat scenario, in which a wide variety of vulnerabilities extracted from a real repository are involved. Furthermore, we open the door to new applications where software product line engineering and cybersecurity can be empowered.

Autores: Angel Jesus Varela Vaca / Rafael M. Gasca / José Antonio Carmona-Fombella / Maria Teresa Gómez López / 
Palabras Clave: cybersecurity - feature model - pentesting - reasoning - Testing - vulnerabilities - vulnerable configuration

Declarative business processes are commonly used to describe permitted and prohibited actions in a BP. However, most current proposals of declarative languages fail in three aspects: (1) they tend to be oriented only towards the execution order of the activities; (2) the optimization is oriented only towards the minimization of the execution time or the resources used in the business process; and (3) there is an absence of capacity of execution of declarative models in commercial Business Process Management Systems.

Therefore, this contribution aims at taking into account these three aspects, by means of: (1) the formalization of a hybrid model oriented towards obtaining the outcome data optimization by combining a data-oriented declarative specification and a control-flow-oriented imperative specification; and (2) the automatic creation from this hybrid model to an imperative model that is executable in a standard Business Process Management System.

An approach, based on the definition of a hybrid business process, which uses a constraint programming paradigm, is presented. This approach enables the optimized outcome data to be obtained at runtime for the various instances. In order to work out our approach, a language capable of defining a hybrid model is provided, and applied to a case study. Likewise, the automatic creation of an executable constraint satisfaction problem is addressed, whose resolution allows us to attain the optimized outcome data. A brief computational study is also shown.

Autores: Luisa Parody / María Teresa Gómez-López / Rafael M. Gasca / 
Palabras Clave:

Business process modelling constitutes an essential and crucial task in the Business Process Management. Typically, business processes, henceforth referred to as BP, are specified in an imperative manner, which define exactly how things have to be performed. But sometimes, a BP may be exposed to different environments and subjected to many conditions in which not always a sequence of activities can be described at design time. This is the reason why several authors have proposed languages to define BP as declarative models. These declarative languages tend to be used to describe the possible execution order of the activities, allowed or prohibited, instead of the exact order of the activities.
There are a significant number of researches that detect the necessity to include the data description into the BP model. Unfortunately this effort has only been applied to imperative models, not being the declarative models the focus of the studies, more centred on the order of activities. The role of data in declarative languages has not been very relevant, mostly limited to describe the execution or not of an activity, depending on the value of a variable of the dataflow. Unfortunately, none of them is worried about a declarative description of exchanged data between the activities, and how they can influence the model.
In this work, an analysis of the declarative languages found in the literature has been made in great depth. The analysis includes an study of how the most important declarative languages address data management, by means of the formalism for reasoning that they used (Linear Temporal Logic, Event Calculus,…); the capacity to include the data perspective; and the use of the declarative languages (validation, construction and/or assistance). Thanks to this analysis, the necessity to define a new language where the data aspects take more relevant place is demonstrated. In order to solve this lack in declarative languages, we propose a Data-Oriented Optimization LanguagE, called DOODLE, that represents graphically a declarative model which includes the BP requirements referring to data description. This new point of view of declarative languages focused on data permits to represent declaratively, the model of a business process according to
This work has been published in the 22nd International Conference on Information Systems Development (ISD 2013), ranked as A in ERA and CORE Conference Rankings. This work has been partially funded by the Ministry of Science and Technology of Spain (TIN2009-13714) and the European Regional Development Fund (ERDF/FEDER).

Autores: Luisa Parody / María Teresa Gómez-López / Rafael M. Gasca / 
Palabras Clave:

Autores: Angel Jesus Varela Vaca / David Garcia Rosado / Luis Enrique Sanchez Crespo / Maria Teresa Gómez López / Rafael M. Gasca / Eduardo Fernandez-Medina / 
Palabras Clave: Configuration models - Cyber-physical system - cybersecurity - Diagnosis - security - Security requirements - Security verification