Secure multi-party contracts for web-services

We consider two complementary formal approaches for describing services and their interactive behaviour. The first approach is based on the notion of contracts. Contracts are CCS-like processes that contain a description of the external observable behavior of a service. A notion of compliace has been introduced allowing to check whether the interaction between two parties terminate or gets stuck. The second proposal is based on λ-req, a core calculus for services, with primitives for expressing security policies and for composing services in a call-by-contract fashion. In the dissertation we express CCS contracts via λ-req expressions and we prove that the proposed transformation preserves compliance of contracts, by exploiting the security mechanism of λ-req. The transformation enjoys further properties. Multi-party and secure contracts are naturally handled. Moreover, the resulting notion of compliance is compositional: one can substitute a service with an equivalent one without breaking the security of the composition

Contracts for Abstract Processes in Service Composition

Contracts are a well-established approach for describing and analyzing behavioral aspects of web service compositions. The theory of contracts comes equipped with a notion of compatibility between clients and servers that ensures that every possible interaction between compatible clients and servers will complete successfully. It is generally agreed that real applications often require the ability of exposing just partial descriptions of their behaviors, which are usually known as abstract processes. We propose a formal characterization of abstraction as an extension of the usual symbolic bisimulation and we recover the notion of abstraction in the context of contracts.Comment: In Proceedings FIT 2010, arXiv:1101.426

Multilevel Contracts for Trusted Components

This article contributes to the design and the verification of trusted components and services. The contracts are declined at several levels to cover then different facets, such as component consistency, compatibility or correctness. The article introduces multilevel contracts and a design+verification process for handling and analysing these contracts in component models. The approach is implemented with the COSTO platform that supports the Kmelia component model. A case study illustrates the overall approach.Comment: In Proceedings WCSI 2010, arXiv:1010.233

Web Services Support for Dynamic Business Process Outsourcing

Outsourcing of business processes is crucial for organizations to be effective, efficient and flexible. To meet fast-changing market conditions, dynamic outsourcing is required, in which business relationships are established and enacted on-the-fly in an adaptive, fine-grained way unrestricted by geographic distance. This requires automated means for both the establishment of outsourcing relationships and for the enactment of services performed in these relationships over electronic channels. Due to wide industry support and the underlying model of loose coupling of services, Web services increasingly become the mechanism of choice to connect organizations across organizational boundaries. This paper analyzes to which extent Web services support the dynamic process outsourcing paradigm. We discuss contract -based dynamic business process outsourcing to define requirements and then introduce the Web services framework. Based on this, we investigate the match between the two. We observe that the Web services framework requires further support for cross - organizational business processes and mechanisms for contracting, QoS management and process-based transaction support and suggest ways to fill those gaps

Model Based Development of Quality-Aware Software Services

Modelling languages and development frameworks give support for functional and structural description of software architectures. But quality-aware applications require languages which allow expressing QoS as a first-class concept during architecture design and service composition, and to extend existing tools and infrastructures adding support for modelling, evaluating, managing and monitoring QoS aspects. In addition to its functional behaviour and internal structure, the developer of each service must consider the fulfilment of its quality requirements. If the service is flexible, the output quality depends both on input quality and available resources (e.g., amounts of CPU execution time and memory). From the software engineering point of view, modelling of quality-aware requirements and architectures require modelling support for the description of quality concepts, support for the analysis of quality properties (e.g. model checking and consistencies of quality constraints, assembly of quality), tool support for the transition from quality requirements to quality-aware architectures, and from quality-aware architecture to service run-time infrastructures. Quality management in run-time service infrastructures must give support for handling quality concepts dynamically. QoS-aware modeling frameworks and QoS-aware runtime management infrastructures require a common evolution to get their integration

Primitives for Contract-based Synchronization

We investigate how contracts can be used to regulate the interaction between processes. To do that, we study a variant of the concurrent constraints calculus presented in [1], featuring primitives for multi-party synchronization via contracts. We proceed in two directions. First, we exploit our primitives to model some contract-based interactions. Then, we discuss how several models for concurrency can be expressed through our primitives. In particular, we encode the pi-calculus and graph rewriting.Comment: In Proceedings ICE 2010, arXiv:1010.530

Combining behavioural types with security analysis

Today's software systems are highly distributed and interconnected, and they increasingly rely on communication to achieve their goals; due to their societal importance, security and trustworthiness are crucial aspects for the correctness of these systems. Behavioural types, which extend data types by describing also the structured behaviour of programs, are a widely studied approach to the enforcement of correctness properties in communicating systems. This paper offers a unified overview of proposals based on behavioural types which are aimed at the analysis of security properties

Contractual Testing

Variants of must testing approach have been successfully applied in Service Oriented Computing for capturing compliance between (contracts exposed by) a client and a service and for characterising safe replacement, namely the fact that compliance is preserved when a service exposing a ’smaller’ contract is replaced by another one with a ’larger’ contract. Nevertheless, in multi-party interactions, partners often lack full coordination capabilities. Such a scenario calls for less discriminating notions of testing in which observers are, e.g., the description of uncoordinated multiparty contexts or contexts that are unable to observe the complete behaviour of the process under test. In this paper we propose an extended notion of must preorder, called contractual preorder, according to which contracts are compared according to their ability to pass only the tests belonging to a given set. We show the generality of our framework by proving that preorders induced by existing notions of compliance in a distributed setting are instances of the contractual preorder when restricting to suitable sets of observers