Aspect oriented service composition for telecommunication applications

This PhD dissertation investigates how to overcome the negative effects of cross cutting concerns in the development of composite service applications. It proposes a combination of dynamic aspect oriented programming with a rules driven service composition mechanism. This combination allows very flexible utilization of aspects based on run-time data. The thesis contributes a join-point model and it integrates techniques for weaving and advice definition into the underlying composition language and execution engine. A particular focus of the thesis is telecommunication applications with their unique model for utilizing heterogeneous constituent services and their severe real-time requirements. Next to its primary use for modular implementation and flexible deployment of concerns in telecommunication applications, the dissertation discusses AOP as a feature for automated management and customization of service applications. The verification of the proposed solution contributes a detailed assessment of run-time performance, including a theoretical model of the AOP implementation. It allows predicting the performance of various alternative solutions. The proposed solution for combined AOP and service composition provides properties, which directly address challenges in pervasive computing and the Internet of things. Thus, this dissertation advances beyond the telecommunication domain with results applicable to various highly relevant technical developments

Implementing the Payment Card Industry (PCI) Data Security Standard (DSS)

Underpinned by the rise in online criminality, the payment card industry (PCI) data security standards (DSS) were introduced which outlines a subset of the core principals and requirements that must be followed, including precautions relating to the software that processes credit card data. The necessity to implement these requirements in existing software applications can present software owners and developers with a range of issues. We present here a generic solution to the sensitive issue of PCI compliance where aspect orientated programming (AOP) can be applied to meet the requirement of masking the primary account number (PAN).  Our architecture allows a definite amount of code to be added which intercepts all the methods specified in the aspect, regardless of future additions to the system thus reducing the amount of work required to the maintain aspect. We believe that the concepts here will provide an insight into how to approach the PCI requirements to undertake the task. The software artefact should also serve as a guide to developers attempting to implement new applications, where security and design are fundamental elements that should be considered through each phase of the software development lifecycle and not as an afterthought

Towards an aspect weaving BPEL engine

This position paper proposes the use of dynamic aspects and the visitor design pattern to obtain a highly configurable and extensible BPEL engine. Using these two techniques, the core of this infrastructural software can be customised to meet new requirements and add features such as debugging, execution monitoring, or changing to another Web Service selection policy. Additionally, it can easily be extended to cope with customer-specific BPEL extensions. We propose the use of dynamic aspects not only on the engine itself but also on the workflow in order to tackle the problems of Web Service hot deployment and hot fixes to long running processes. In this way, composing aWeb Service "on-the-fly" means weaving its choreography interface into the workflow

Monitoring-Oriented Programming: A Tool-Supported Methodology for Higher Quality Object-Oriented Software

This paper presents a tool-supported methodological paradigm for object-oriented software development, called monitoring-oriented programming and abbreviated MOP, in which runtime monitoring is a basic software design principle. The general idea underlying MOP is that software developers insert specifications in their code via annotations. Actual monitoring code is automatically synthesized from these annotations before compilation and integrated at appropriate places in the program, according to user-defined configuration attributes. This way, the specification is checked at runtime against the implementation. Moreover, violations and/or validations of specifications can trigger user-defined code at any points in the program, in particular recovery code, outputting or sending messages, or raising exceptions. The MOP paradigm does not promote or enforce any specific formalism to specify requirements: it allows the users to plug-in their favorite or domain-specific specification formalisms via logic plug-in modules. There are two major technical challenges that MOP supporting tools unavoidably face: monitor synthesis and monitor integration. The former is heavily dependent on the specification formalism and comes as part of the corresponding logic plug-in, while the latter is uniform for all specification formalisms and depends only on the target programming language. An experimental prototype tool, called Java-MOP, is also discussed, which currently supports most but not all of the desired MOP features. MOP aims at reducing the gap between formal specification and implementation, by integrating the two and allowing them together to form a system

A Catalog of Aspect Refactorings for Spring/AOP

The importance of enterprise applications in current organizations makes it necessary to facilitate their maintenance and evolution along their life. These kind of systems are very complex and they have several requirements that orthogonally crosscut the system structure (called crosscutting concerns). Since many of the enterprise systems are developed with the Spring framework, can be taken advantage of the benefit provided by the aspect-oriented module of Spring in order to encapsulate the crosscutting concerns into aspects. In this way, the maintenance and evolution of the enterprise systems will be improved. However, most of the aspect refactorings presented in the literature are not directly applicable to Spring systems. Along this line, in this work we present an adaptation of a catalog of aspect refactorings, initially presented for AspectJ, to be used with Spring/AOP. Also, we conduct a case study in which two enterprise applications developed with the Spring framework are refactored in order to encapsulate their crosscutting concerns into aspects.Fil: Vidal, Santiago Agustín. Consejo Nacional de Investigaciones Científicas y Técnicas. Centro Científico Tecnológico Conicet - Tandil. Instituto Superior de Ingeniería del Software. Universidad Nacional del Centro de la Provincia de Buenos Aires. Instituto Superior de Ingeniería del Software; ArgentinaFil: Marcos, Claudia Andrea. Consejo Nacional de Investigaciones Científicas y Técnicas. Centro Científico Tecnológico Conicet - Tandil. Instituto Superior de Ingeniería del Software. Universidad Nacional del Centro de la Provincia de Buenos Aires. Instituto Superior de Ingeniería del Software; Argentin

Engineering Enterprise Software Systems with Interactive UML Models and Aspect-Oriented Middleware

Large scale enterprise software systems are inherently complex and hard to maintain. To deal with this complexity, current mainstream software engineering practices aim at raising the level of abstraction to visual models described in OMG’s UML modeling language. Current UML tools, however, produce static design diagrams for documentation which quickly become out-of-sync with the software, and thus obsolete. To address this issue, current model-driven software development approaches aim at software automation using generators that translate models into code. However, these solutions don’t have a good answer for dealing with legacy source code and the evolution of existing enterprise software systems. This research investigates an alternative solution by making the process of modeling more interactive with a simulator and integrating simulation with the live software system. Such an approach supports model-driven development at a higher-level of abstraction with models without sacrificing the need to drop into a lower-level with code. Additionally, simulation also supports better evolution since the impact of a change to a particular area of existing software can be better understood using simulated “what-if” scenarios. This project proposes such a solution by developing a web-based UML simulator for modeling use cases and sequence diagrams and integrating the simulator with existing applications using aspect-oriented middleware technology

Using WSDM and Web Service Ping for QoS based Web Service Selection

By using the standard Web Service Distributed Management (WSDM) and Web Service Ping, we introduce a lightweight solution to the Web Service QoS problem. The Management of Web Services (MOWS) part of WSDM is used to publish Web Service's QoS parameters. Management using Web Services (MUWS), the second part of WSDM, is used to monitor IT resources' QoS. Examples are server's QoS, application server's QoS and network's QoS. Web Service Ping can be used as a simple diagnostic tool for Web Service's latency and Web Service's availability across organizational boundaries. Therefore, we propose to introduce a standardized Web Service Ping operation into all Web Services. All QoS data retrieved by using MOWS, MUWS and Web Service Ping, can be used for Web Service selection. We introduced a new Web Service selection architecture, the Delegation Web Service as selector. Compared to Web Service Broker as selector, consumer as selector and QoS enhanced UDDI as selector, the Delegation Web Service as selector offers a better solution for implementing Web Service load balancing and can increase the security of and for Web Services

Self-supervising BPEL Processes

Service compositions suffer changes in their partner services. Even if the composition does not change, its behavior may evolve over time and become incorrect. Such changes cannot be fully foreseen through prerelease validation, but impose a shift in the quality assessment activities. Provided functionality and quality of service must be continuously probed while the application executes, and the application itself must be able to take corrective actions to preserve its dependability and robustness. We propose the idea of self-supervising BPEL processes, that is, special-purpose compositions that assess their behavior and react through user-defined rules. Supervision consists of monitoring and recovery. The former checks the system's execution to see whether everything is proceeding as planned, while the latter attempts to fix any anomalies. The paper introduces two languages for defining monitoring and recovery and explains how to use them to enrich BPEL processes with self-supervision capabilities. Supervision is treated as a cross-cutting concern that is only blended at runtime, allowing different stakeholders to adopt different strategies with no impact on the actual business logic. The paper also presents a supervision-aware runtime framework for executing the enriched processes, and briefly discusses the results of in-lab experiments and of a first evaluation with industrial partners