On the Automated Synthesis of Enterprise Integration Patterns to Adapt Choreography-based Distributed Systems

The Future Internet is becoming a reality, providing a large-scale computing environments where a virtually infinite number of available services can be composed so to fit users' needs. Modern service-oriented applications will be more and more often built by reusing and assembling distributed services. A key enabler for this vision is then the ability to automatically compose and dynamically coordinate software services. Service choreographies are an emergent Service Engineering (SE) approach to compose together and coordinate services in a distributed way. When mismatching third-party services are to be composed, obtaining the distributed coordination and adaptation logic required to suitably realize a choreography is a non-trivial and error prone task. Automatic support is then needed. In this direction, this paper leverages previous work on the automatic synthesis of choreography-based systems, and describes our preliminary steps towards exploiting Enterprise Integration Patterns to deal with a form of choreography adaptation.Comment: In Proceedings FOCLASA 2015, arXiv:1512.0694

A standard-driven communication protocol for disconnected clinics in rural areas

The importance of the Electronic Health Record (EHR), which stores all healthcare-related data belonging to a patient, has been recognized in recent years by governments, institutions, and industry. Initiatives like Integrating the Healthcare Enterprise (IHE) have been developed for the definition of standard methodologies for secure and interoperable EHR exchanges among clinics and hospitals. Using the requisites specified by these initiatives, many large-scale projects have been set up to enable healthcare professionals to handle patients' EHRs. Applications deployed in these settings are often considered safety-critical, thus ensuring such security properties as confidentiality, authentication, and authorization is crucial for their success. In this paper, we propose a communication protocol, based on the IHE specifications, for authenticating healthcare professionals and assuring patients' safety in settings where no network connection is available, such as in rural areas of some developing countries. We define a specific threat model, driven by the experience of use cases covered by international projects, and prove that an intruder cannot cause damages to the safety of patients and their data by performing any of the attacks falling within this threat model. To demonstrate the feasibility and effectiveness of our protocol, we have fully implemented it

Requirements-Driven Adaptation of Choreographed Interactions

Electronic services are emerging as the de-facto enabler of interaction interoperability across organization boundaries. Cross-organizational interactions are often “choreographed”, i.e. specified by a messaging protocol from a global point of view independent of the local view of each interacting organization. Local requirements motivating an interaction as well as the global contextual requirements governing the interaction inevitably evolve over time, requiring adaptation of the corresponding interaction protocol. Adaptation of an interaction protocol must ensure the satisfaction of both sets of interaction requirements while maintaining consistency between the global view and the local views of an interaction specification. Such adaptation is not possible with the current state-of-the-art representations of choreographed interactions, as they capture only operational messaging specifications detached from both local organizational requirements as well as global contextual requirements. This thesis presents three novel contributions that tackle adaptation of choreographed interaction protocols: an automated technique for deriving an interaction protocol from requirements, a formalization of consistency between local and global views, and a framework for guiding the adaptation of a choreographed interaction. A choreographed interaction is specified using models of organizational requirements motivating the interaction. We employ the formal semantics embedded in requirements models to automatically derive an interaction protocol. We propose a framework for relating the global and local views of interaction specification and maintaining consistency between them. We develop a metamodel for interaction specification, from which we enumerate adaptation operations. We build a catalogue that provides guidance on performing each operation and propagating changes between the global and local views. These contributions are evaluated using examples from the literature as well as a real-world case study

A Logical Verification Methodology for Service-Oriented Computing

We introduce a logical verification methodology for checking behavioural properties of service-oriented computing systems. Service properties are described by means of SocL, a branching-time temporal logic that we have specifically designed to express in an effective way distinctive aspects of services, such as, e.g., acceptance of a request, provision of a response, and correlation among service requests and responses. Our approach allows service properties to be expressed in such a way that they can be independent of service domains and specifications. We show an instantiation of our general methodology that uses the formal language COWS to conveniently specify services and the expressly developed software tool CMC to assist the user in the task of verifying SocL formulae over service specifications. We demonstrate feasibility and effectiveness of our methodology by means of the specification and the analysis of a case study in the automotive domain

Injecting continuous time execution into service-oriented computing

Service-Oriented Computing is a computing paradigm that utilizes services as fundamental elements to support rapid, low-cost development of distributed applications in heterogeneous environments. In Service-Oriented Computing, a service is defined as an independent and autonomous piece of functionality which can be described, published, discovered and used in a uniform way. SENSORIA Reference Modeling Language is developed in the IST-FET integrated project. It provides a formal abstraction for services at the business level. Hybrid systems arise in embedded control when components that perform discrete changes are coupled with components that perform continuous processes. Normally, the discrete changes can be modeled by finite-state machines and the continuous processes can be modeled by differential equations. In an abstract point of view, hybrid systems are mixtures of continuous dynamics and discrete events. Hybrid systems are studied in different research areas. In the computer science area, a hybrid system is modeled as a discrete computer program interacting with an analog environment. In this thesis, we inject continuous time execution into Service-Oriented Computing by giving a formal abstraction for hybrid systems at the business level in a Service-Oriented point of view, and develop a method for formal verifications. In order to achieve the first part of this goal, we make a hybrid extension of Service-Oriented Doubly Labeled Transition Systems, named with Service-Oriented Hybrid Doubly Labeled Transition Systems, make an extension of the SENSORIA Reference Modeling Language and interpret it over Service-Oriented Hybrid Doubly Labeled Transition Systems. To achieve the second part of this goal, we adopt Temporal Dynamic Logic formulas and a set of sequent calculus rules for verifying the formulas, and develop a method for transforming the SENSORIA Reference Modeling Language specification of a certain service module into the respective Temporal Dynamic Logic formulas that could be verified. Moreover, we provide a case study of a simplified small part of the European Train Control System which is specified and verified with the approach introduced above. We also provide an approach of implementing the case study model with the IBM Websphere Process Server, which is a comprehensive Service-Oriented Architecture integration platform and provides support for the Service Component Architecture programming model. In order to realize this approach, we also provide functions that map models specified with the SENSORIA Reference Modeling Language to Websphere Process Server applications

Modeling Software Components Using Behavior Protocols

This thesis proposes a novel approach for a description of a software component's behavior. The behavior is specified by using behavior protocols - a notation similar to regular expressions, which is easy to read and comprehend

Biometric Authentication System on Mobile Personal Devices

We propose a secure, robust, and low-cost biometric authentication system on the mobile personal device for the personal network. The system consists of the following five key modules: 1) face detection; 2) face registration; 3) illumination normalization; 4) face verification; and 5) information fusion. For the complicated face authentication task on the devices with limited resources, the emphasis is largely on the reliability and applicability of the system. Both theoretical and practical considerations are taken. The final system is able to achieve an equal error rate of 2% under challenging testing protocols. The low hardware and software cost makes the system well adaptable to a large range of security applications