Towards run-time monitoring of web services conformance to business-level agreements

Web service behaviour is currently specified in a mixture of ways, often using methods that are only partially complete. These range from static functional specifications, based on interfaces in WSDL and preconditions in RIF, to business process simulations using executable process-based models such as BPEL, to detailed quality of service (QoS) agreements laid down in a service level agreement (SLA). This paper recognises that something similar to a SLA is required at the higher business level to govern the contract between service producers, brokers and consumers. We call this a business level agreement (BLA) and within this framework, seek to unify disparate aspects of functional specification, QoS and run-time verification. We propose that the method for validating a web service with respect to its advertised BLA should be based on run-time service monitoring. This is a position paper towards defining these goals

An event-based reasoning approach to Web services monitoring

International audienceIn this paper, we propose an event-based framework that allows to specify and reason about the monitoring properties during composition process execution. The proposed approach is highly expressive and allows to specify monitoring properties that can be based on either functional or non-functional requirements, allows multi-level detection of any violation, allows to calculate effects of any such violation on the overall process execution and to recover from it using a set of recovery actions. The choice of a reasoning based approach allows to foresee the effects of violations and respects any functional and non-functional constraints associated with the process, when performing recovery. In addition, as the approach builds upon an event-based declarative framework called DISC, it results in an integrated approach as both composition design and monitoring framework are event-based

DISC: A declarative framework for self-healing Web services composition

International audienceWeb services composition design, verification and monitoring are active and widely studied research directions. Little work however has been done in integrating these related dimensions using a unified formalism. In this paper we propose a declarative event-oriented framework, called DISC, that serves as a unified framework to bridge the gap between the process design, verification and monitoring. Proposed framework allows for a composition design to accommodate various aspects such as data relationships and constraints, Web services dynamic binding, compliance regulations, security or temporal requirements and others. Then, it allows for instantiating, verifying and executing the composition design and for monitoring the process while in execution. The effect of run-time violations can also be calculated and a set of recovery actions can be taken, allowing for the self-healing Web services composition

The SWORD is Mightier Than the Interview: A Framework for Semi-automatic WORkaround Detection

Workarounds can give valuable insights into the work processes that are carried out within organizations. To date, workarounds are usually identified using qualitative methods, such as interviews. We propose the semi-automated WORkaround Detection (SWORD) framework, which takes event logs as input. This extensible framework uses twenty-two patterns to semi-automatically detect workarounds. The value of the SWORD framework is that it can help to identify workarounds more efficiently and more thoroughly than is possible by the use of a more traditional, qualitative approach. Through the use of real hospital data, we demonstrate the applicability and effectiveness of the SWORD framework in practice. We focused on the use of three patterns, which all turned out to be applicable to the characteristics of the data set. The use of two of these patterns also led to the identification of actual workarounds. Future work is geared to the extension of the patterns within the framework and the enhancement of techniques that can help to identify these in real-world data

A Provenance-Aware Policy Language (cProvl) and a Data Traceability Model (cProv) for the Cloud

Provenance plays a pivotal in tracing the origin of something and determining how and why something had occurred. With the emergence of the cloud and the benefits it encompasses, there has been a rapid proliferation of services being adopted by commercial and government sectors. However, trust and security concerns for such services are on an unprecedented scale. Currently, these services expose very little internal working to their customers; this can cause accountability and compliance issues especially in the event of a fault or error, customers and providers are left to point finger at each other. Provenance-based traceability provides a mean to address part of this problem by being able to capture and query events occurred in the past to understand how and why it took place. However, due to the complexity of the cloud infrastructure, the current provenance models lack the expressibility required to describe the inner-working of a cloud service. For a complete solution, a provenance-aware policy language is also required for operators and users to define policies for compliance purpose. The current policy standards do not cater for such requirement. To address these issues, in this paper we propose a provenance (traceability) model cProv, and a provenance-aware policy language (cProvl) to capture traceability data, and express policies for validating against the model. For implementation, we have extended the XACML3.0 architecture to support provenance, and provided a translator that converts cProvl policy and request into XACML type

From security to assurance in the cloud: a survey

The cloud computing paradigm has become a mainstream solution for the deployment of business processes and applications. In the public cloud vision, infrastructure, platform, and software services are provisioned to tenants (i.e., customers and service providers) on a pay-as-you-go basis. Cloud tenants can use cloud resources at lower prices, and higher performance and flexibility, than traditional on-premises resources, without having to care about infrastructure management. Still, cloud tenants remain concerned with the cloud's level of service and the nonfunctional properties their applications can count on. In the last few years, the research community has been focusing on the nonfunctional aspects of the cloud paradigm, among which cloud security stands out. Several approaches to security have been described and summarized in general surveys on cloud security techniques. The survey in this article focuses on the interface between cloud security and cloud security assurance. First, we provide an overview of the state of the art on cloud security. Then, we introduce the notion of cloud security assurance and analyze its growing impact on cloud security approaches. Finally, we present some recommendations for the development of next-generation cloud security and assurance solutions

End-to-end security in service-oriented architecture

A service-oriented architecture (SOA)-based application is composed of a number of distributed and loosely-coupled web services, which are orchestrated to accomplish a more complex functionality. Any of these web services is able to invoke other web services to offload part of its functionality. The main security challenge in SOA is that we cannot trust the participating web services in a service composition to behave as expected all the time. In addition, the chain of services involved in an end-to-end service invocation may not be visible to the clients. As a result, any violation of client’s policies could remain undetected. To address these challenges in SOA, we proposed the following contributions. First, we devised two composite trust schemes by using graph abstraction to quantitatively maintain the trust levels of different services. The composite trust values are based on feedbacks from the actual execution of services, and the structure of the SOA application. To maintain the dynamic trust, we designed the trust manager, which is a trusted-third party service. Second, we developed an end-to-end inter-service policy monitoring and enforcement framework (PME framework), which is able to dynamically inspect the interactions between services at runtime and react to the potentially malicious activities according to the client’s policies. Third, we designed an intra-service policy monitoring and enforcement framework based on taint analysis mechanism to monitor the information flow within services and prevent information disclosure incidents. Fourth, we proposed an adaptive and secure service composition engine (ASSC), which takes advantage of an efficient heuristic algorithm to generate optimal service compositions in SOA. The service compositions generated by ASSC maximize the trustworthiness of the selected services while meeting the predefined QoS constraints. Finally, we have extensively studied the correctness and performance of the proposed security measures based on a realistic SOA case study. All experimental studies validated the practicality and effectiveness of the presented solutions

A Semantical Framework To Engineering WSBPEL Processes

International audienceWeb services promise the interoperability of various applications running on heterogeneous platforms over the Internet, and are gaining more and more attention. Web service composition refers to the process of combining Web services to provide value-added services, which has received much interest in supporting enterprize application integration. Industry standards for Web Service composition, such as WSBPEL, provide the notation and additional control mechanisms for the execution of business processes in Web service collaborations. However, these standards do not provide support for checking interesting properties related to Web Service and process behavior. In an attempt to fill this gap, we describe a formalization of WSBPEL business processes, that adds communications semantics to the specifications of interacting Web services, and uses a formal logic to model their dynamic behavior, which enables their formal analysis and the inference of relevant properties of the systems being built

Standard interface definition for avionics data bus systems

Data bus for avionics system of space shuttle, noting functions of interface unit, error detection and recovery, redundancy, and bus control philosoph