Adaptive Service Composition Based on Runtime Verification of Formal Properties

Service-Oriented Computing (SOC) has been used in business environments in order to integrate heterogeneous systems. The dynamic nature of these environments causes \ changes in the application requirements. As a result, service composition must be flexible, dynamic and adaptive, which motivate the need to ensure the service composition behavior \ at runtime. The development of adaptive service compositions is still an opportunity due to the complexity of dealing with adaptation issues, for example, how to provide runtime verification \ and automatic adaptation. Formal description techniques can be used to detect runtime undesirable behaviors that help in adaptation process. However, formal techniques have been \ used only at design-time. In this paper, we propose an adaptive service composition approach based on the lightweight use of formal methods. The aim is detecting undesirable behaviors in \ the execution trace. Once an undesirable behavior is detected during the execution of a service composition, our approach triggers an adequate reconfiguration plan for the problem at \ runtime. In order to evaluate the effectiveness of the proposal, we illustrate it with a running example

D7.5 FIRST consolidated project results

The FIRST project commenced in January 2017 and concluded in December 2022, including a 24-month suspension period due to the COVID-19 pandemic. Throughout the project, we successfully delivered seven technical reports, conducted three workshops on Key Enabling Technologies for Digital Factories in conjunction with CAiSE (in 2019, 2020, and 2022), produced a number of PhD theses, and published over 56 papers (and numbers of summitted journal papers). The purpose of this deliverable is to provide an updated account of the findings from our previous deliverables and publications. It involves compiling the original deliverables with necessary revisions to accurately reflect the final scientific outcomes of the project

Actes des Sixièmes journées nationales du Groupement De Recherche CNRS du Génie de la Programmation et du Logiciel

National audienceCe document contient les actes des Sixièmes journées nationales du Groupement De Recherche CNRS du Génie de la Programmation et du Logiciel (GDR GPL) s'étant déroulées au CNAM à Paris du 11 au 13 juin 2014. Les contributions présentées dans ce document ont été sélectionnées par les différents groupes de travail du GDR. Il s'agit de résumés, de nouvelles versions, de posters et de démonstrations qui correspondent à des travaux qui ont déjà été validés par les comités de programmes d'autres conférences et revues et dont les droits appartiennent exclusivement à leurs auteurs

The Impact of Petri Nets on System-of-Systems Engineering

The successful engineering of a large-scale system-of-systems project towards deterministic behaviour depends on integrating autonomous components using international communications standards in accordance with dynamic requirements. To-date, their engineering has been unsuccessful: no combination of top-down and bottom-up engineering perspectives is adopted, and information exchange protocol and interfaces between components are not being precisely specified. Various approaches such as modelling, and architecture frameworks make positive contributions to system-of-systems specification but their successful implementation is still a problem. One of the most popular modelling notations available for specifying systems, UML, is intuitive and graphical but also ambiguous and imprecise. Supplying a range of diagrams to represent a system under development, UML lacks simulation and exhaustive verification capability. This shortfall in UML has received little attention in the context of system-of-systems and there are two major research issues: 1. Where the dynamic, behavioural diagrams of UML can and cannot be used to model and analyse system-of-systems 2. Determining how Petri nets can be used to improve the specification and analysis of the dynamic model of a system-of-systems specified using UML This thesis presents the strengths and weaknesses of Petri nets in relation to the specification of system-of-systems and shows how Petri net models can be used instead of conventional UML Activity Diagrams. The model of the system-of-systems can then be analysed and verified using Petri net theory. The Petri net formalism of behaviour is demonstrated using two case studies from the military domain. The first case study uses Petri nets to specify and analyse a close air support mission. This case study concludes by indicating the strengths, weaknesses, and shortfalls of the proposed formalism in system-of-systems specification. The second case study considers specification of a military exchange network parameters problem and the results are compared with the strengths and weaknesses identified in the first case study. Finally, the results of the research are formulated in the form of a Petri net enhancement to UML (mapping existing activity diagram elements to Petri net elements) to meet the needs of system-of-systems specification, verification and validation

Self-managed Workflows for Cyber-physical Systems

Workflows are a well-established concept for describing business logics and processes in web-based applications and enterprise application integration scenarios on an abstract implementation-agnostic level. Applying Business Process Management (BPM) technologies to increase autonomy and automate sequences of activities in Cyber-physical Systems (CPS) promises various advantages including a higher flexibility and simplified programming, a more efficient resource usage, and an easier integration and orchestration of CPS devices. However, traditional BPM notations and engines have not been designed to be used in the context of CPS, which raises new research questions occurring with the close coupling of the virtual and physical worlds. Among these challenges are the interaction with complex compounds of heterogeneous sensors, actuators, things and humans; the detection and handling of errors in the physical world; and the synchronization of the cyber-physical process execution models. Novel factors related to the interaction with the physical world including real world obstacles, inconsistencies and inaccuracies may jeopardize the successful execution of workflows in CPS and may lead to unanticipated situations. This thesis investigates properties and requirements of CPS relevant for the introduction of BPM technologies into cyber-physical domains. We discuss existing BPM systems and related work regarding the integration of sensors and actuators into workflows, the development of a Workflow Management System (WfMS) for CPS, and the synchronization of the virtual and physical process execution as part of self-* capabilities for WfMSes. Based on the identified research gap, we present concepts and prototypes regarding the development of a CPS WFMS w.r.t. all phases of the BPM lifecycle. First, we introduce a CPS workflow notation that supports the modelling of the interaction of complex sensors, actuators, humans, dynamic services and WfMSes on the business process level. In addition, the effects of the workflow execution can be specified in the form of goals defining success and error criteria for the execution of individual process steps. Along with that, we introduce the notion of Cyber-physical Consistency. Following, we present a system architecture for a corresponding WfMS (PROtEUS) to execute the modelled processes-also in distributed execution settings and with a focus on interactive process management. Subsequently, the integration of a cyber-physical feedback loop to increase resilience of the process execution at runtime is discussed. Within this MAPE-K loop, sensor and context data are related to the effects of the process execution, deviations from expected behaviour are detected, and compensations are planned and executed. The execution of this feedback loop can be scaled depending on the required level of precision and consistency. Our implementation of the MAPE-K loop proves to be a general framework for adding self-* capabilities to WfMSes. The evaluation of our concepts within a smart home case study shows expected behaviour, reasonable execution times, reduced error rates and high coverage of the identified requirements, which makes our CPS~WfMS a suitable system for introducing workflows on top of systems, devices, things and applications of CPS.:1. Introduction 15 1.1. Motivation 15 1.2. Research Issues 17 1.3. Scope & Contributions 19 1.4. Structure of the Thesis 20 2. Workflows and Cyber-physical Systems 21 2.1. Introduction 21 2.2. Two Motivating Examples 21 2.3. Business Process Management and Workflow Technologies 23 2.4. Cyber-physical Systems 31 2.5. Workflows in CPS 38 2.6. Requirements 42 3. Related Work 45 3.1. Introduction 45 3.2. Existing BPM Systems in Industry and Academia 45 3.3. Modelling of CPS Workflows 49 3.4. CPS Workflow Systems 53 3.5. Cyber-physical Synchronization 58 3.6. Self-* for BPM Systems 63 3.7. Retrofitting Frameworks for WfMSes 69 3.8. Conclusion & Deficits 71 4. Modelling of Cyber-physical Workflows with Consistency Style Sheets 75 4.1. Introduction 75 4.2. Workflow Metamodel 76 4.3. Knowledge Base 87 4.4. Dynamic Services 92 4.5. CPS-related Workflow Effects 94 4.6. Cyber-physical Consistency 100 4.7. Consistency Style Sheets 105 4.8. Tools for Modelling of CPS Workflows 106 4.9. Compatibility with Existing Business Process Notations 111 5. Architecture of a WfMS for Distributed CPS Workflows 115 5.1. Introduction 115 5.2. PROtEUS Process Execution System 116 5.3. Internet of Things Middleware 124 5.4. Dynamic Service Selection via Semantic Access Layer 125 5.5. Process Distribution 126 5.6. Ubiquitous Human Interaction 130 5.7. Towards a CPS WfMS Reference Architecture for Other Domains 137 6. Scalable Execution of Self-managed CPS Workflows 141 6.1. Introduction 141 6.2. MAPE-K Control Loops for Autonomous Workflows 141 6.3. Feedback Loop for Cyber-physical Consistency 148 6.4. Feedback Loop for Distributed Workflows 152 6.5. Consistency Levels, Scalability and Scalable Consistency 157 6.6. Self-managed Workflows 158 6.7. Adaptations and Meta-adaptations 159 6.8. Multiple Feedback Loops and Process Instances 160 6.9. Transactions and ACID for CPS Workflows 161 6.10. Runtime View on Cyber-physical Synchronization for Workflows 162 6.11. Applicability of Workflow Feedback Loops to other CPS Domains 164 6.12. A Retrofitting Framework for Self-managed CPS WfMSes 165 7. Evaluation 171 7.1. Introduction 171 7.2. Hardware and Software 171 7.3. PROtEUS Base System 174 7.4. PROtEUS with Feedback Service 182 7.5. Feedback Service with Legacy WfMSes 213 7.6. Qualitative Discussion of Requirements and Additional CPS Aspects 217 7.7. Comparison with Related Work 232 7.8. Conclusion 234 8. Summary and Future Work 237 8.1. Summary and Conclusion 237 8.2. Advances of this Thesis 240 8.3. Contributions to the Research Area 242 8.4. Relevance 243 8.5. Open Questions 245 8.6. Future Work 247 Bibliography 249 Acronyms 277 List of Figures 281 List of Tables 285 List of Listings 287 Appendices 28

Model based test suite minimization using metaheuristics

Software testing is one of the most widely used methods for quality assurance and fault detection purposes. However, it is one of the most expensive, tedious and time consuming activities in software development life cycle. Code-based and specification-based testing has been going on for almost four decades. Model-based testing (MBT) is a relatively new approach to software testing where the software models as opposed to other artifacts (i.e. source code) are used as primary source of test cases. Models are simplified representation of a software system and are cheaper to execute than the original or deployed system. The main objective of the research presented in this thesis is the development of a framework for improving the efficiency and effectiveness of test suites generated from UML models. It focuses on three activities: transformation of Activity Diagram (AD) model into Colored Petri Net (CPN) model, generation and evaluation of AD based test suite and optimization of AD based test suite. Unified Modeling Language (UML) is a de facto standard for software system analysis and design. UML models can be categorized into structural and behavioral models. AD is a behavioral type of UML model and since major revision in UML version 2.x it has a new Petri Nets like semantics. It has wide application scope including embedded, workflow and web-service systems. For this reason this thesis concentrates on AD models. Informal semantics of UML generally and AD specially is a major challenge in the development of UML based verification and validation tools. One solution to this challenge is transforming a UML model into an executable formal model. In the thesis, a three step transformation methodology is proposed for resolving ambiguities in an AD model and then transforming it into a CPN representation which is a well known formal language with extensive tool support. Test case generation is one of the most critical and labor intensive activities in testing processes. The flow oriented semantic of AD suits modeling both sequential and concurrent systems. The thesis presented a novel technique to generate test cases from AD using a stochastic algorithm. In order to determine if the generated test suite is adequate, two test suite adequacy analysis techniques based on structural coverage and mutation have been proposed. In terms of structural coverage, two separate coverage criteria are also proposed to evaluate the adequacy of the test suite from both perspectives, sequential and concurrent. Mutation analysis is a fault-based technique to determine if the test suite is adequate for detecting particular types of faults. Four categories of mutation operators are defined to seed specific faults into the mutant model. Another focus of thesis is to improve the test suite efficiency without compromising its effectiveness. One way of achieving this is identifying and removing the redundant test cases. It has been shown that the test suite minimization by removing redundant test cases is a combinatorial optimization problem. An evolutionary computation based test suite minimization technique is developed to address the test suite minimization problem and its performance is empirically compared with other well known heuristic algorithms. Additionally, statistical analysis is performed to characterize the fitness landscape of test suite minimization problems. The proposed test suite minimization solution is extended to include multi-objective minimization. As the redundancy is contextual, different criteria and their combination can significantly change the solution test suite. Therefore, the last part of the thesis describes an investigation into multi-objective test suite minimization and optimization algorithms. The proposed framework is demonstrated and evaluated using prototype tools and case study models. Empirical results have shown that the techniques developed within the framework are effective in model based test suite generation and optimizatio

Modeling and verification of web service composition based interorganizational workflows

Interorganisationale Workflows sind Arbeitsabläufe, welche die Grenzen einer Organisation verlassen und einen Rahmen für Kooperationen der verschiedenen autonomen Organisationen zur Verfügung stellen. Ein wichtiger Punkt für den Entwurf solcher Workflows ist die Balance zwischen Offenheit und Abgrenzung, wobei erstere für Kooperationen und letztere die für den Schutz von Know-how benötigt wird. Workflow Sichten stellen ein effizientes Werkzeug für diesen Zweck zur Verfügung. Durch Offenlegung von bestimmten Teilen eines Prozesses, können Organisationen sowohl kooperieren als auch das Know-how schützen. Diese Dissertation präsentiert nun eine Methode für die korrekte Konstruktion von Workflow Sichten. Es wird angenommen, dass Organisationen Web Service orientierte Technologien zur Modellierung und Implementierung von interorganisationalen Workflows verwenden. Die Anwendung von Web Services bietet Organisationen viele Vorteile. Den eigentlichen Mehrwert von Web Services stellt aber die Kompositionsfähigkeit dar. Verfügbare Web Services können dadurch von anderen Choreographien und Orchestrationen (wieder-)verwendet werden. Die Notwendigkeit der Implementierung von Systemen von Null weg kann minimiert werden. Die zentralen Anforderungen sind einerseits eine Architektur mit adäquatem Potential, andererseits die Verifikation der Korrektheit. Diese Dissertation präsentiert nun eine Architektur zur Modellierung von Web Service Composition basierten interorganisationalen Workflows, genannt föderierte Choreographien, die verglichen mit anderen Architekturen verschiedene Vorteile anbieten. Darüber hinaus werden Algorithmen und Techniken zur Verifikation der strukturellen und temporalen Korrektheit vorgestellt. Strukturelle Korrektheit prüft, ob die Strukturen der beteiligten Prozesse zusammenpassen. Temporale Korrektheit überprüft, ob ein interorganisationaler Workflow, der aus mehreren Choreographien und Orchestrationen besteht hinsichtlich der lokalen und globalen Bedingungen fehlerfrei ist. Mit Hilfe dieser Techniken kann die strukturelle und temporale Konformität des Modells zur Designzeit überprüft werden. Falls das Modell nicht strukturell oder temporal konform ist, können nötige Änderungen durchgeführt werden, sodass die korrekte Ausführung zur Laufzeit garantiert werden kann. Die Überprüfung der Konformität zur Designzeit reduziert die Prozesskosten vor allem wegen den folgenden zwei Gründen: Erstens, die entdeckten Fehler zur Designzeit sind normalerweise billiger als jene, die zur Laufzeit entdeckt werden und zweitens, Fehlerbehandlungsmechanismen können verhindert werden, die wiederum Zusatzkosten verursachen. Zusätzlich zu der vorgestellten Architektur wird eine allgemeinere Architektur zusammen mit den passenden Konformitätsprüfungsalgorithmen präsentiert. Der Ansatz ist Platform- und sprachunabhängig und die Algorithmen sind verteilt.Interorganizational workflows are workflows that cross the boundaries of a single organization and provide a framework for cooperation of different autonomous organizations. An important issue when designing such workflows is the balance between the openness needed for cooperation and the privacy needed for protection of business know-how. Workflow views provide an efficient tool for this aim. By exposure of only selected parts of a process, organizations can both cooperate and protect their business logic. This dissertation presents a technique for a correct construction of workflow views. It is assumed that organizations and partners use web services and web service related technology to model and implement interorganizational workflows. Application of web services offers several advantages for organizations. The real surplus of web services is their capability of being composed to more complex systems. Available web services can be reused by other choreographies and orchestrations and the need for development of new systems from scratch can be minimized. The essential requirements are on the one hand an architecture with adequate capabilities and on the other hand, verification of correctness. This dissertation proposes an architecture for modeling web service composition based interorganizational workflows, called \emph{federated choreographies}, that provides several advantages compared to existing proposals. Moreover, algorithms and techniques for verification of structural and temporal correctness of interorganizational workflows are proposed. Structural conformance checks if the structures of the involved processes match. Temporal conformance checks if an interorganizational workflow composed of choreographies and orchestrations is temporally error-free with respect to local and global temporal constraints. The proposed algorithms can be applied for checking the structural and temporal conformance of the federated choreographies at design-time. If the model is not structurally or temporally conformant, necessary modifications can be done such that the correct execution of the flow at run-time can be guaranteed. The conformance checking at design time reduces the cost of process because of two reasons: first, errors detected at design time are normally cheaper than those detected at run time and second, exception handling mechanisms can be avoided which are, in turn, coupled with additional costs. In addition to the proposed architecture, a more general architecture together with the conformance checking algorithms and techniques for interorganizational workflows are presented. The presented approach is language and platform independent and algorithms work in a distributed manner

A methodology for maintaining trust in virtual environments

The increasing interest in carrying out business in virtual environments has resulted in much research and discussion of trust establishment between the entities involved. Researchers over the years have acknowledged that the success of any transaction or interaction via the virtual medium is determined by the trust level between trusting agent and trusted agent. Numerous publications have attempted to address the various challenges of assigning a trust level and building trust in an interacting party. However, the building and allocating a value of trust is neither easy nor quick. It involves high cost and effort. Hence, the ensuing research challenge is how to maintain the trust that has been established and assigned. Due to the dynamic nature of trust, the trust evolution, and the fragility of trust in virtual environments, one of the most pressing challenges facing the research community is how trust can be maintained over time. This thesis is an effort in that direction. Specifically, the objective of this thesis is to propose a methodology for trust maintenance in virtual environments which we term “Trust Maintenance Methodology” (TMM). The methodology comprises five frameworks that can be used to achieve the objective of trust maintenance.In order to achieve the aforesaid objective, this thesis proposes a: (a) Framework for third party agent selection, (b) Framework for Formalization and Negotiation of service requirements, (c) Framework for Proactive Continuous Performance Monitoring, (d) Framework for Incentive Mechanism, and (e) Framework for Trust Re-calibration.The framework for third party agent selection is used for choosing and selecting a neutral agent who will supervise the interaction between two parties. This is the first step of our methodology. The neutral agent is involved throughout the course of the interaction between two parties and takes a proactive-corrective role in continuous performance monitoring. Once both parties have chosen a neutral agent, they carry out a formalization and negotiation process of their service requirements using our proposed framework. This is in order to create an SLA which will guide the interaction between two parties. The framework for proactive continuous performance monitoring then can be used to evaluate the performance of both parties in delivering their service based on the SLA. If a performance gap occurs during the course of transaction, the third party agent will take action to help both parties close the performance gap in a timely manner. A key salient feature of our continuous performance monitoring is that it is proactive-corrective. Additionally, we design a framework for providing an incentive during the course of interaction to motivate both parties to perform as closely as possible to the terms of the mutual agreement or SLA. By the end of the interaction time space, both parties will be able to re-assess or re-calibrate their trust level using our proposed framework for trust re-calibration.Finally, in order to validate our proposed methodology, we engineered a multi-agent system to simulate the validity of the TMM. Numerous case studies are presented to elucidate the workings of our proposed methodology. Moreover, we run several experiments under various testing conditions including boundary conditions. The results of experiments show that our methodology is effective in assisting the parties to maintain their trust level in virtual environments