Analysis and Applications of Timed Service Protocols

International audienceWeb services are increasingly gaining acceptance as a framework for facilitating application-to-application interactions within and across enterprises. It is commonly accepted that a service description should include not only the interface, but also the business protocol supported by the service. The present work focuses on the formalization of an important category of protocols that includes time-related constraints (called timed protocols), and the impact of time on compatibility and replaceability analysis. We formalized the following timing constraints: C-Invoke constraints define time windows within which a service operation can be invoked while M-Invoke constraints define expiration deadlines. We extended techniques for compatibility and replaceability analysis between timed protocols by using a semantic-preserving mapping between timed protocols and timed automata, leading to the identification of a novel class of timed automata, called protocol timed automata (PTA). PTA exhibit a particular kind of silent transition that strictly increase the expressiveness of the model, yet they are closed under complementation, making every type of compatibility or replaceability analysis decidable. Finally, we implemented our approach in the context of a larger project called ServiceMosaic, a model-driven framework for Web service life-cycle management

Sound Multi-Party Business Protocols for Service Networks

Service networks comprise large numbers of long-running, highly dynamic complex end-to-end service interactions reflecting asynchronous message flows that typically transcend several organizations and span several geographical locations. At the communication level, service network business protocols can be flexible ranging from conventional inter-organizational point-to-point service interactions to fully blown dynamic multi-party interactions of global reach within which each participant may contribute its activities and services. In this paper we introduce a formal framework enriched with temporal constraints to describe multiparty business protocols for service networks. We extend this framework with the notion of multi-party business protocol soundness and show how it is possible to execute a multi-party protocol consistently in a completely distributed manner while guaranteeing eventual termination

A Formal Framework For Multi-Party Business Protocols (Revision of CentER DP 2008-79)

Enterprise-class information systems based on the principles of Service Oriented Architecture comprise large numbers of long-running, highly dynamic complex end-to-end service interactions, called conversations, based on message exchanges that typically transcend several organizations and span several geographical locations. Conversations in service-based systems can be described using business protocols that are formal notations specifying the timed message exchanges among participants in a conversation from a local point of view (orchestrations) or global (choreographies). In this work we introduce a formal framework based on Deterministic Finite Automata enriched with temporal constraints to describe multi-party business protocols. We also explore the notion of multi-party business protocol soundness and show how it is possible to execute a multi-party protocol consistently in a completely distributed manner and at the same time ensure the progression of the execution (i.e. no “deadlocks”).service oriented architecture;message exchange patterns business protocols;orchestrations;choreographies;soundness

A theory and model for the evolution of software services

Software services are subject to constant change and variation. To control service development, a service developer needs to know why a change was made, what are its implications and whether the change is complete. Typically, service clients do not perceive the upgraded service immediately. As a consequence, service-based applications may fail on the service client side due to changes carried out during a provider service upgrade. In order to manage changes in a meaningful and effective manner service clients must therefore be considered when service changes are introduced at the service provider's side. Otherwise such changes will most certainly result in severe application disruption. Eliminating spurious results and inconsistencies that may occur due to uncontrolled changes is therefore a necessary condition for the ability of services to evolve gracefully, ensure service stability, and handle variability in their behavior. Towards this goal, this work presents a model and a theoretical framework for the compatible evolution of services based on well-founded theories and techniques from a number of disparate fields.

DISC-SET: Handling temporal and security aspects in the Web services composition

International audienceIn this paper we propose the DISC-SeT framework to handle the representation, solution computation and verification of temporal and security requirements in the services composition. The proposed approach provides a flexible event calculus based composition design, that allows for modeling different temporal (response time, time-units and other) and security aspects (access control, confidentiality and others) for Web services with different synchronization modes. The use of a formal approach allows to reason about and verify the security and temporal requirements. Further, as the proposed approach is integrated and builds upon the DISC framework, it allows to learn from run-time security and temporal constraints violations to take recovery actions

An adaptive service oriented architecture: Automatically solving interoperability problems.

Organizations desire to be able to easily cooperate with other companies and still be flexible. The IT infrastructure used by these companies should facilitate these wishes. Service-Oriented Architecture (SOA) and Autonomic Computing (AC) were introduced in order to realize such an infrastructure, however both have their shortcomings and do not fulfil these wishes. This dissertation addresses these shortcomings and presents an approach for incorporating (self-) adaptive behavior in (Web) services. A conceptual foundation of adaptation is provided and SOA is extended to incorporate adaptive behavior, called Adaptive Service Oriented Architecture (ASOA). To demonstrate our conceptual framework, we implement it to address a crucial aspect of distributed systems, namely interoperability. In particular, we study the situation of a service orchestrator adapting itself to evolving service providers.

An adaptive service oriented architecture:Automatically solving interoperability problems

Organizations desire to be able to easily cooperate with other companies and still be flexible. The IT infrastructure used by these companies should facilitate these wishes. Service-Oriented Architecture (SOA) and Autonomic Computing (AC) were introduced in order to realize such an infrastructure, however both have their shortcomings and do not fulfil these wishes. This dissertation addresses these shortcomings and presents an approach for incorporating (self-) adaptive behavior in (Web) services. A conceptual foundation of adaptation is provided and SOA is extended to incorporate adaptive behavior, called Adaptive Service Oriented Architecture (ASOA). To demonstrate our conceptual framework, we implement it to address a crucial aspect of distributed systems, namely interoperability. In particular, we study the situation of a service orchestrator adapting itself to evolving service providers.

A sharing-based approach to supporting adaptation in service compositions

Data-related properties of the activities involved in a service composition can be used to facilitate several design-time and run-time adaptation tasks, such as service evolution, distributed enactment, and instance-level adaptation. A number of these properties can be expressed using a notion of sharing. We present an approach for automated inference of data properties based on sharing analysis, which is able to handle service compositions with complex control structures, involving loops and sub-workflows. The properties inferred can include data dependencies, information content, domain-defined attributes, privacy or confidentiality levels, among others. The analysis produces characterizations of the data and the activities in the composition in terms of minimal and maximal sharing, which can then be used to verify compliance of potential adaptation actions, or as supporting information in their generation. This sharing analysis approach can be used both at design time and at run time. In the latter case, the results of analysis can be refined using the composition traces (execution logs) at the point of execution, in order to support run-time adaptation

Contribution to Quality-driven Evolutionary Software Development process for Service-Oriented Architectures

The quality of software is a key element for the successful of a system. Currently, with the advance of the technology, consumers demand more and better services. Models for the development process have also to be adapted to new requirements. This is particular true in the case of service oriented systems (domain of this thesis), where an unpredictable number of users can access to one or several services. This work proposes an improvement in the models for the software development process based on the theory of the evolutionary software development. The main objective is to maintain and improve the quality of software as long as possible and with the minimum effort and cost. Usually, this process is supported on methods known in the literature as agile software development methods. Other key element in this thesis is the service oriented software architecture. Software architecture plays an important role in the quality of any software system. The Service oriented architecture adds the service flexibility, the services are autonomous and compact assets, and they can be improved and integrated with better facility. The proposed model in this thesis for evolutionary software development makes emphasis in the quality of services. Therefore, some principles of evolutionary development are redefined and new processes are introduced, such as: architecture assessment, architecture recovery and architecture conformance. Every new process will be evaluated with case studies considering quality aspects. They have been selected according to the market demand, they are: the performance, security and evolutionability. Other aspects could be considered of the same way than the three previous, but we believe that these quality attributes are enough to demonstrate the viability of our proposal

The Role of a Microservice Architecture on cybersecurity and operational resilience in critical systems

Critical systems are characterized by their high degree of intolerance to threats, in other words, their high level of resilience, because depending on the context in which the system is inserted, the slightest failure could imply significant damage, whether in economic terms, or loss of reputation, of information, of infrastructure, of the environment, or human life. The security of such systems is traditionally associated with legacy infrastructures and data centers that are monolithic, which translates into increasingly high evolution and protection challenges. In the current context of rapid transformation where the variety of threats to systems has been consistently increasing, this dissertation aims to carry out a compatibility study of the microservice architecture, which is denoted by its characteristics such as resilience, scalability, modifiability and technological heterogeneity, being flexible in structural adaptations, and in rapidly evolving and highly complex settings, making it suited for agile environments. It also explores what response artificial intelligence, more specifically machine learning, can provide in a context of security and monitorability when combined with a simple banking system that adopts the microservice architecture.Os sistemas críticos são caracterizados pelo seu elevado grau de intolerância às ameaças, por outras palavras, o seu alto nível de resiliência, pois dependendo do contexto onde se insere o sistema, a mínima falha poderá implicar danos significativos, seja em termos económicos, de perda de reputação, de informação, de infraestrutura, de ambiente, ou de vida humana. A segurança informática de tais sistemas está tradicionalmente associada a infraestruturas e data centers legacy, ou seja, de natureza monolítica, o que se traduz em desafios de evolução e proteção cada vez mais elevados. No contexto atual de rápida transformação, onde as variedades de ameaças aos sistemas têm vindo consistentemente a aumentar, esta dissertação visa realizar um estudo de compatibilidade da arquitetura de microserviços, que se denota pelas suas caraterísticas tais como a resiliência, escalabilidade, modificabilidade e heterogeneidade tecnológica, sendo flexível em adaptações estruturais, e em cenários de rápida evolução e elevada complexidade, tornando-a adequada a ambientes ágeis. Explora também a resposta que a inteligência artificial, mais concretamente, machine learning, pode dar num contexto de segurança e monitorabilidade quando combinado com um simples sistema bancário que adota uma arquitetura de microserviços