Soft behaviour modelling of user communities

A soft modelling approach for describing behaviour in on-line user communities is introduced in this work. Behaviour models of individual users in dynamic virtual environments have been described in the literature in terms of timed transition automata; they have various drawbacks. Soft multi/agent behaviour automata are defined and proposed to describe multiple user behaviours and to recognise larger classes of user group histories, such as group histories which contain unexpected behaviours. The notion of deviation from the user community model allows defining a soft parsing process which assesses and evaluates the dynamic behaviour of a group of users interacting in virtual environments, such as e-learning and e-business platforms. The soft automaton model can describe virtually infinite sequences of actions due to multiple users and subject to temporal constraints. Soft measures assess a form of distance of observed behaviours by evaluating the amount of temporal deviation, additional or omitted actions contained in an observed history as well as actions performed by unexpected users. The proposed model allows the soft recognition of user group histories also when the observed actions only partially meet the given behaviour model constraints. This approach is more realistic for real-time user community support systems, concerning standard boolean model recognition, when more than one user model is potentially available, and the extent of deviation from community behaviour models can be used as a guide to generate the system support by anticipation, projection and other known techniques. Experiments based on logs from an e-learning platform and plan compilation of the soft multi-agent behaviour automaton show the expressiveness of the proposed model

Operating guidelines for services

In the paradigm of service-oriented computing, companies organize their core competencies as services and may request other functionalities from services of other companies. Services provide high flexibility, platform independent loose coupling, and distributed execution. They may thus help to reduce the complexity of dynamically binding and integrating heterogenous processes within and across organizations. The vision of service-oriented architectures is to provide a framework for publishing new services, for on demand searching for and discovery of existing services, and for dynamically binding services to achieve common business goals. That way, each individual organization gains more flexibility to dynamically react on new challenges. As services may be created or modified, or collaborations may be restructured at any point in time, a new challenge arises in this setting—the challenge for deciding the compatibility of the composed services before their actual binding. Recent literature distinguishes four different aspects of service compatibility: syntactical, behavioral, semantical, and non-functional compatibility. In this thesis, we focus on behavioral compatibility and abstract from the other aspects. Potential behavioral incompatibilities between services include deadlocks (two services wait for a message of each other), livelocks (two services keep exchanging messages without progressing), and pending messages that have been sent but cannot be received anymore. For stateful services that interact via asynchronous message passing, deciding behavioral compatibility is far from trivial. Local changes to one service may introduce errors in some or even all other services of an interaction. The verification of behavioral compatibility suffers from state explosion problems and is restricted by privacy issues. That is, the parties of an interaction are essentially autonomous and may be competitors in other business fields. Consequently, they do not want to reveal the internals of their processes to the other participants in order to hide trade secrets. To systematically approach this challenge, we introduce a formal framework based on Petri nets and automata for service modeling and formalize behavioral compatibility as deadlock freedom of the composition of the services. The main contribution of this thesis is to introduce the concept of the operating guideline of a service. Operating guidelines provide a formal characterization of the set of all behaviorally compatible services R for a given service S. Usually, this set is infinite. However, the operating guideline OGS of a service S serves as a finite representation of this infinite set. Furthermore, the operating guideline of S reveals only internals that are inevitably necessary to decide behavioral compatibility with S. We provide a construction method of operating guidelines for finite-state services with bounded communication. Operating guidelines can be used in many applications in the context of serviceoriented computing. The most fundamental application is to support the discovery of behaviorally compatible services. To this end, we develop a matching procedure that efficiently decides whether a given service R is characterized by the operating guideline OGS of a service S. If R matches, then both services R and S are behaviorally compatible and can be bound together to interact with each other. If R does not match with OGS, then the services are behaviorally incompatible and may run into severe behavioral errors and not reach their common business goal. Operating guidelines can furthermore be applied in the novel research areas of service substitutability and the generation of adapter services, for instance. To this end, we develop methods to compare the sets of services characterized by the operating guidelines OGS and OGS0 . If OGS0 characterizes more services than OGS, then the service S can be substituted by the service S0 without loosing any behaviorally compatible interaction partner R. Furthermore, we show how to synthesize a service R from the operating guideline OGS such that R is behaviorally compatible to S by construction. All results presented in this thesis are implemented in our service analysis tool Fiona. Fiona may compute operating guidelines for services modeled as Petri nets. It may match a service with an operating guideline, compare operating guidelines for equivalence or an inclusion relation, and synthesize service adapters for behaviorally incompatible services. Together with the tool BPEL2oWFN— which translates web services specified in BPEL into Petri net models of the services—we can immediately apply our results to services that stem from practic

On the Security of Software Systems and Services

This work investigates new methods for facing the security issues and threats arising from the composition of software. This task has been carried out through the formal modelling of both the software composition scenarios and the security properties, i.e., policies, to be guaranteed. Our research moves across three different modalities of software composition which are of main interest for some of the most sensitive aspects of the modern information society. They are mobile applications, trust-based composition and service orchestration. Mobile applications are programs designed for being deployable on remote platforms. Basically, they are the main channel for the distribution and commercialisation of software for mobile devices, e.g., smart phones and tablets. Here we study the security threats that affect the application providers and the hosting platforms. In particular, we present a programming framework for the development of applications with a static and dynamic security support. Also, we implemented an enforcement mechanism for applying fine-grained security controls on the execution of possibly malicious applications. In addition to security, trust represents a pragmatic and intuitive way for managing the interactions among systems. Currently, trust is one of the main factors that human beings keep into account when deciding whether to accept a transaction or not. In our work we investigate the possibility of defining a fully integrated environment for security policies and trust including a runtime monitor. Finally, Service-Oriented Computing (SOC) is the leading technology for business applications distributed over a network. The security issues related to the service networks are many and multi-faceted. We mainly deal with the static verification of secure composition plans of web services. Moreover, we introduce the synthesis of dynamic security checks for protecting the services against illegal invocations

FLACOS’08 Workshop proceedings

The 2nd Workshop on Formal Languages and Analysis of Contract-Oriented Software (FLACOS’08) is held in Malta. The aim of the workshop is to bring together researchers and practitioners working on language-based solutions to contract-oriented software development. The workshop is partially funded by the Nordunet3 project “COSoDIS” (Contract-Oriented Software Development for Internet Services) and it attracted 25 participants. The program consists of 4 regular papers and 10 invited participant presentations

Injecting continuous time execution into service-oriented computing

Service-Oriented Computing is a computing paradigm that utilizes services as fundamental elements to support rapid, low-cost development of distributed applications in heterogeneous environments. In Service-Oriented Computing, a service is defined as an independent and autonomous piece of functionality which can be described, published, discovered and used in a uniform way. SENSORIA Reference Modeling Language is developed in the IST-FET integrated project. It provides a formal abstraction for services at the business level. Hybrid systems arise in embedded control when components that perform discrete changes are coupled with components that perform continuous processes. Normally, the discrete changes can be modeled by finite-state machines and the continuous processes can be modeled by differential equations. In an abstract point of view, hybrid systems are mixtures of continuous dynamics and discrete events. Hybrid systems are studied in different research areas. In the computer science area, a hybrid system is modeled as a discrete computer program interacting with an analog environment. In this thesis, we inject continuous time execution into Service-Oriented Computing by giving a formal abstraction for hybrid systems at the business level in a Service-Oriented point of view, and develop a method for formal verifications. In order to achieve the first part of this goal, we make a hybrid extension of Service-Oriented Doubly Labeled Transition Systems, named with Service-Oriented Hybrid Doubly Labeled Transition Systems, make an extension of the SENSORIA Reference Modeling Language and interpret it over Service-Oriented Hybrid Doubly Labeled Transition Systems. To achieve the second part of this goal, we adopt Temporal Dynamic Logic formulas and a set of sequent calculus rules for verifying the formulas, and develop a method for transforming the SENSORIA Reference Modeling Language specification of a certain service module into the respective Temporal Dynamic Logic formulas that could be verified. Moreover, we provide a case study of a simplified small part of the European Train Control System which is specified and verified with the approach introduced above. We also provide an approach of implementing the case study model with the IBM Websphere Process Server, which is a comprehensive Service-Oriented Architecture integration platform and provides support for the Service Component Architecture programming model. In order to realize this approach, we also provide functions that map models specified with the SENSORIA Reference Modeling Language to Websphere Process Server applications

Model checking usage policies

We study usage automata, a formal model for specifying policies on the usage of resources. Usage automata extend finite state automata with some additional features, parameters and guards, that improve their expressivity. We show that usage automata are expressive enough to model policies of real-world applications. We discuss their expressive power, and we prove that the problem of telling whether a computation complies with a usage policy is decidable. The main contribution of this paper is a model checking technique for usage automata. The model is that of usages, i.e. basic processes that describe the possible patterns of resource access and creation. In spite of the model having infinite states, because of recursion and resource creation, we devise a polynomial-time model checking technique for deciding when a usage complies with a usage policy

Correctness of services and their composition

We study correctness of services and their composition and investigate how the design of correct service compositions can be systematically supported. We thereby focus on the communication protocol of the service and approach these questions using formal methods and make contributions to three scenarios of SOC.Wir studieren die Korrektheit von Services und Servicekompositionen und untersuchen, wie der Entwurf von korrekten Servicekompositionen systematisch unterstützt werden kann. Wir legen dabei den Fokus auf das Kommunikationsprotokoll der Services. Mithilfe von formalen Methoden tragen wir zu drei Szenarien von SOC bei

A Semantic Framework for Declarative and Procedural Knowledge

In any scientic domain, the full set of data and programs has reached an-ome status, i.e. it has grown massively. The original article on the Semantic Web describes the evolution of a Web of actionable information, i.e.\ud information derived from data through a semantic theory for interpreting the symbols. In a Semantic Web, methodologies are studied for describing, managing and analyzing both resources (domain knowledge) and applications (operational knowledge) - without any restriction on what and where they\ud are respectively suitable and available in the Web - as well as for realizing automatic and semantic-driven work\ud ows of Web applications elaborating Web resources.\ud This thesis attempts to provide a synthesis among Semantic Web technologies, Ontology Research, Knowledge and Work\ud ow Management. Such a synthesis is represented by Resourceome, a Web-based framework consisting of two components which strictly interact with each other: an ontology-based and domain-independent knowledge manager system (Resourceome KMS) - relying on a knowledge model where resource and operational knowledge are contextualized in any domain - and a semantic-driven work ow editor, manager and agent-based execution system (Resourceome WMS).\ud The Resourceome KMS and the Resourceome WMS are exploited in order to realize semantic-driven formulations of work\ud ows, where activities are semantically linked to any involved resource. In the whole, combining the use of domain ontologies and work ow techniques, Resourceome provides a exible domain and operational knowledge organization, a powerful engine for semantic-driven work\ud ow composition, and a distributed, automatic and\ud transparent environment for work ow execution