Multi-party authentication protocols for web services

The Web service technology allows the dynamic composition of a workflow (or a business flow) by composing a set of existing Web services scattered across the Internet. While a given Web service may have multiple service instances taking part in several workflows simultaneously, a workflow often involves a set of service instances that belong to different Web services. In order to establish trust relationships amongst service instances, new security protocols are urgently needed. Hada and Maruyama [HAD02] presented a session-oriented, multi-party authentication protocol to resolve this problem. Within a session the protocol provides a common session secret shared by all the service instances, thereby distinguishing the instances from those of other sessions. However, individual instances cannot be distinguished and identified by the session secret. This leads to vulnerable session management and poor threat containment. In this thesis, we present a new design for a multi-party authentication protocol. In this protocol, each service instance is provided with a unique identifier. The Diffie-Hellman Key Agreement scheme is employed to generate the trust relationship between service instances within the same flow. The Coordinated Atomic Action scheme is exploited for achieving an improved level of threat containment. The new protocol was implemented in Java and evaluated by a combined use of experiments and model-based analysis. The results show that the time consumption for multi-party authentication increases linearly as the number of service instances that are introduced into a session increases. Our solution is therefore potentially applicable for Web service flow with a large number of participants. Various public key algorithms are also compared and evaluated during the experiments in order to select the most suitable one for our new protocol

Technical debt-aware and evolutionary adaptation for service composition in SaaS clouds

The advantages of composing and delivering software applications in the Cloud-Based Software as a Service (SaaS) model are offering cost-effective solutions with minimal resource management. However, several functionally-equivalent web services with diverse Quality of Service (QoS) values have emerged in the SaaS cloud, and the tenant-specific requirements tend to lead the difficulties to select the suitable web services for composing the software application. Moreover, given the changing workload from the tenants, it is not uncommon for a service composition running in the multi-tenant SaaS cloud to encounter under-utilisation and over-utilisation on the component services that affects the service revenue and violates the service level agreement respectively. All those bring challenging decision-making tasks: (i) when to recompose the composite service? (ii) how to select new component services for the composition that maximise the service utility over time? at the same time, low operation cost of the service composition is desirable in the SaaS cloud. In this context, this thesis contributes an economic-driven service composition framework to address the above challenges. The framework takes advantage of the principal of technical debt- a well-known software engineering concept, evolutionary algorithm and time-series forecasting method to predictively handle the service provider constraints and SaaS dynamics for creating added values in the service composition. We emulate the SaaS environment setting for conducting several experiments using an e-commerce system, realistic datasets and workload trace. Further, we evaluate the framework by comparing it with other state-of-the-art approaches based on diverse quality metrics

Cloud service localisation

The essence of cloud computing is the provision of software and hardware services to a range of users in dierent locations. The aim of cloud service localisation is to facilitate the internationalisation and localisation of cloud services by allowing their adaption to dierent locales. We address the lingual localisation by providing service-level language translation techniques to adopt services to dierent languages and regulatory localisation by providing standards-based mappings to achieve regulatory compliance with regionally varying laws, standards and regulations. The aim is to support and enforce the explicit modelling of aspects particularly relevant to localisation and runtime support consisting of tools and middleware services to automating the deployment based on models of locales, driven by the two localisation dimensions. We focus here on an ontology-based conceptual information model that integrates locale specication in a coherent way

A Requirement-centric Approach to Web Service Modeling, Discovery, and Selection

Service-Oriented Computing (SOC) has gained considerable popularity for implementing Service-Based Applications (SBAs) in a flexible\ud and effective manner. The basic idea of SOC is to understand users'\ud requirements for SBAs first, and then discover and select relevant\ud services (i.e., that fit closely functional requirements) and offer\ud a high Quality of Service (QoS). Understanding users’ requirements\ud is already achieved by existing requirement engineering approaches\ud (e.g., TROPOS, KAOS, and MAP) which model SBAs in a requirement-driven\ud manner. However, discovering and selecting relevant and high QoS\ud services are still challenging tasks that require time and effort\ud due to the increasing number of available Web services. In this paper,\ud we propose a requirement-centric approach which allows: (i) modeling\ud users’ requirements for SBAs with the MAP formalism and specifying\ud required services using an Intentional Service Model (ISM); (ii)\ud discovering services by querying the Web service search engine Service-Finder\ud and using keywords extracted from the specifications provided by\ud the ISM; and(iii) selecting automatically relevant and high QoS services\ud by applying Formal Concept Analysis (FCA). We validate our approach\ud by performing experiments on an e-books application. The experimental\ud results show that our approach allows the selection of relevant and\ud high QoS services with a high accuracy (the average precision is\ud 89.41%) and efficiency (the average recall is 95.43%)

Forum Session at the First International Conference on Service Oriented Computing (ICSOC03)

The First International Conference on Service Oriented Computing (ICSOC) was held in Trento, December 15-18, 2003. The focus of the conference ---Service Oriented Computing (SOC)--- is the new emerging paradigm for distributed computing and e-business processing that has evolved from object-oriented and component computing to enable building agile networks of collaborating business applications distributed within and across organizational boundaries. Of the 181 papers submitted to the ICSOC conference, 10 were selected for the forum session which took place on December the 16th, 2003. The papers were chosen based on their technical quality, originality, relevance to SOC and for their nature of being best suited for a poster presentation or a demonstration. This technical report contains the 10 papers presented during the forum session at the ICSOC conference. In particular, the last two papers in the report ere submitted as industrial papers