A Policy Specification Language for Composite Services

Creating complex systems by combining smaller component services is one of the fundamental concepts in Service Oriented Architecture. Service compositions are built by combining loosely coupled services that are, usually, offered and operated by different service providers. While this approach offers several benefits, it makes the implementation and representation of the security requirements difficult. This paper reviews several requirement specification languages and analyses their suitability for composite services. A set of requirements is identified and a comparison between different specification languages is presented along with some conclusion on the suitability of each language in expressing security requirements for composite services

Event-driven Temporal Models for Explanations - ETeMoX: Explaining Reinforcement Learning

Modern software systems are increasingly expected to show higher degrees of autonomy and self-management to cope with uncertain and diverse situations. As a consequence, autonomous systems can exhibit unexpected and surprising behaviours. This is exacerbated due to the ubiquity and complexity of Artificial Intelligence (AI)-based systems. This is the case of Reinforcement Learning (RL), where autonomous agents learn through trial-and-error how to find good solutions to a problem. Thus, the underlying decision-making criteria may become opaque to users that interact with the system and who may require explanations about the system’s reasoning. Available work for eXplainable Reinforcement Learning (XRL) offers different trade-offs: e.g. for runtime explanations, the approaches are model-specific or can only analyse results after-the-fact. Different from these approaches, this paper aims to provide an online model-agnostic approach for XRL towards trustworthy and understandable AI. We present ETeMoX, an architecture based on temporal models to keep track of the decision-making processes of RL systems. In cases where the resources are limited (e.g. storage capacity or time to response), the architecture also integrates complex event processing, an event-driven approach, for detecting matches to event patterns that need to be stored, instead of keeping the entire history. The approach is applied to a mobile communications case study that uses RL for its decision-making. In order to test the generalisability of our approach, three variants of the underlying RL algorithms are used: Q-Learning, SARSA and DQN. The encouraging results show that using the proposed configurable architecture, RL developers are able to obtain explanations about the evolution of a metric, relationships between metrics, and were able to track situations of interest happening over time windows

Security Policy Monitoring of BPMN-based Service Compositions

Service composition is a key concept of Service-Oriented Architecture that allows for combining loosely coupled services that are offered and operated by different service providers. Such environments are expected to dynamically respond to changes that may occur at runtime, including changes in the environment and individual services themselves. Therefore, it is crucial to monitor these loosely-coupled services throughout their lifetime. In this paper, we present a novel framework for monitoring services at runtime and ensuring that services behave as they have promised. In particular, we focus on monitoring non-functional properties that are specified within an agreed security contract. The novelty of our work is based on the way in which monitoring information can be combined from multiple dynamic services to automate the monitoring of business processes and proactively report compliance violations. The framework enables monitoring of both atomic and composite services and provides a user friendly interface for specifying the monitoring policy. We provide an information service case study using a real composite service to demonstrate how we achieve compliance monitoring. The transformation of security policy into monitoring rules, which is done automatically, makes our framework more flexible and accurate than existing techniques