Tisa: Toward Trustworthy Services in a Service-Oriented Architecture

Verifying whether a service implementation is conforming to its service-level agreements is important to inspire confidence in services in a service-oriented architecture (SoA). Functional agreements can be checked by observing the published interface of the service, but other agreements that are more non-functional in nature, are often verified by deploying a monitor that observes the execution of the service implementation. A problem is that such a monitor must execute in an untrusted environment. Thus, integrity of the results reported by such a monitor crucially depends on its integrity. We contribute an extension of the traditional SoA, based on hardware-based root of trust, that allows clients, brokers and providers to negotiate and validate the integrity of a requirements monitor executing in an untrusted environment. We make two basic claims: first, that it is feasible to realize our approach using existing hardware and software solutions, and second, that integrity verification can be done at a relatively small overhead. To evaluate feasibility, we have realized our approach using current software and hardware solutions. To measure overhead, we have conducted a case study using a collection of Web service implementations available with Apache Axis implementation

Bootstrapping trust in service oriented architecture

Services in a service-oriented architecture are designed to meet desired functional and non-functional requirements. Conformance of a service implementation to its functional requirements can be tested by observing the interface of the service but it is hard to enforce non-functional requirements such as data privacy and safety properties by monitoring the interface alone. Instead the implementation of the service need to be monitored for its conformance to the non-functional properties. A requirement\u27s monitor can be deployed to check this conformance. A key problem is that such monitor must execute in an untrustworthy environment (at the service provider\u27s location).;We argue that the integrity of the reported results of such a monitor crucially depends on the integrity of the monitor itself. Previous research results on trustworthy computing has shown that static properties, such as the checksum, of a remote program can be verified using a hardware-based mechanism called trusted platform module.;This thesis makes two contributions. First, we extend the traditional notion of a service-oriented architecture to accommodate the requirements for trust. Second, we propose a dynamic attestation mechanism that serves to support our extensions. To evaluate our approach, we have conducted a case study using a commercial requirements monitor and a collection of web service implementations available with Apache Axis implementation. Our case study demonstrates the feasibility of verifying the conformance of a web service executing in an untrusted environment with respect to a class of non-functional requirements using our approach. Lack of data privacy during online transactions is a major cause of concern among e-commerce users. By providing a technique to monitor such properties in a decoupled environment our work promises to address the issue of guaranteeing the privacy of confidential client data on the provider\u27s side in a Service Oriented Architecture

An investigation of modelling and design for software service applications

Software services offer the opportunity to use a component-based approach for the design of applications. However, this needs a deeper understanding of how to develop service-based applications in a systematic manner, and of the set of properties that need to be included in the ‘design model’. We have used a realistic application to explore systematically how service-based designs can be created and described. We first identified the key properties of an SOA (service oriented architecture) and then undertook a single-case case study to explore its use in the development of a design for a large-scale application in energy engineering, modelling this with existing notations wherever possible. We evaluated the resulting design model using two walkthroughs with both domain and application experts. We were able to successfully develop a design model around the ten properties identified, and to describe it by adapting existing design notations. A component-based approach to designing such systems does appear to be feasible. However, it needs the assistance of a more integrated set of notations for describing the resulting design model

A Framework for Requirements Decomposition, SLA Management and Dynamic System Reconfiguration

To meet user requirements, systems can be built from Commercial-Off-The-Shelf (COTS) components, potentially from different vendors. However, the gap between the requirements referring to the overall system and the components to build the system from can be large. To close the gap, it is required to decompose the requirements to a level where they can be mapped to components. When the designed system is deployed and ready for operations, its services are sold and pro-vided to customers. One important goal for service providers is to optimize system resource utilization while ensuring the quality of service expressed in the Service Level Agreements (SLAs). For this purpose, the system can be reconfigured dynamically according to the cur-rent workload to satisfy the SLAs while using only necessary resources. To manage the re-configuration of the system at runtime, a set of previously defined patterns called elasticity rules can be used. In elasticity rules, the actions that need to be taken to reconfigure the sys-tem are specified. An elasticity rule is generally invoked by a trigger, which is generated in reaction to a monitoring event. In this thesis, we propose a model-driven management framework which aims at user re-quirements satisfaction, SLA compliance management and enabling dynamic reconfiguration by reusing the design information at runtime. An approach has been developed to derive automatically a valid configuration starting from low level requirements called service configurations. However, the service configurations are far from requirements a user would express. To generate a system configuration from user requirements and alleviate the work of designer, we generate service configurations by de-composing functional user requirements to the level where components can be selected and put together to satisfy the user requirements. We integrated our service configurations gen-erator with the previous configuration generator. In our framework, we reuse the information acquired from system configuration and dimen-sioning to generate elasticity rules offline. We propose a model driven approach to check the compliance of SLAs and generate triggers for invoking applicable elasticity rules when system reconfiguration is required. For handling multiple triggers generated at the same time, we propose a solution to automatically correlate the actions of invoked elasticity rules, when re-quired. The framework consists of a number of metamodels and a set of model transfor-mations. We use the Unified Modeling Language (UML) and its profiling mechanism to de-scribe all the artifacts in the proposed framework. We implement the profiles using Eclipse Modeling Framework (EMF) and Papyrus. To implement the processes, we use the Atlas Transformation Language (ATL). We also use the APIs of the Object Constraint Language (OCL) in the Eclipse environment to develop a tool for checking constraints and generating triggers

Contextual governance for service oriented architecture composition

Currently, business requirements for rapid operational efficiency, customer responsiveness as well as rapid adaptability are driving the need for ever increasing communication and integration capabilities ofthe software assets. Functional decomposition into re-usable software entities, loose coupling, and distribution of resources are all perceived benefits of the investment on Service Oriented Architecture (SOA). This malleability can also bring about the risk of a more difficult oversight. The same service is ideally used in different applications and contexts. This situation forces a supporting infrastructure to allow and manage the adaptability to these different contexts of use. In this thesis, the author proposes to govern such variations in a cost efficient way by composing the core business function offered by a service with other services implementing infrastructure capabilities that fulfil varying non-functional requirements. However, as the number of services increases and their use in different contexts proliferates, it becomes necessary to automate policy enforcement and compliance monitoring. Furthermore, the composition of services into different business applications over a common infrastructure intensifies the need for end-to-end monitoring and analysis in order to assess the business performance impact. Managing the full life-cycle of service definition, deployment, exposure and operation requires management processes that take into account their composition with the infrastructure capabilities that take of non-functional requirements. In addition, policies may change during the life-time of a service. Policy updates may be the result of various reasons including business optimisation, of reaction to new business opportunities, of risk / threat mitigation, of operational emergencies, etc. It becomes therefore clear that a well-designed governance architecture is a prerequisite to implementing a SOA capable of dealing with a complex and dynamic environment.EThOS - Electronic Theses Online ServiceGBUnited Kingdo

GQ-BPAOntoSOA: A goal- and object- based semantic framework for deriving software services from an organisation’s goals and riva business process architecture

Understanding a business organisation is a primary activity that is required for deriving service-oriented systems that assist in carrying out the business activities of an organisation. Business IT alignment is one of the hot topics that concerns with aligning business needs and system needs in order to keep a business organisation competitive in a market. One example in this area is the BPAOntoSOA framework that aligned business process architecture and the service-oriented model of computing. The BPAOntoSOA framework is a semantically enriched framework for deriving service oriented architecture candidate software services from a Riva-based business process architecture. The BPAOntoSOA framework was recently proposed in order to align the candidate software services to the business processes presented in a Riva business process architecture. The activities of the BPAOntoSOA framework are structured into two-semantic-based layers that are formed in a top-down manner. The top layer, the BPAOnt ontology instantiation layer, concerned with conceptualising the Riva business process architecture and the associated business process models. The bottom layer, which is the software service identification layer, concerned with the semantic identification of the service-oriented architecture candidate software services and their associated capabilities. In this layer, RPA clusters were used to describe the derived candidate software service. Ontologies were used in order to support addressing the semantic representation. However, the BPAOntoSOA framework has two limitations. First, the derived candidate software services are identified without considering the business goals. Second, the desired quality of service requirements that constrain the functionality of the software services are absent. This research is concerned with resolving these two limitations within the BPAOntoSOA framework. In this research, the original BPAOntoSOA framework has been extended into the GQ-BPAOntoSOA framework. A new semantic-based layer has been added into the two original layers. The new layer is concerned with conceptualising the goal- and quality- oriented models in order to address their absence in the original BPAOntoSOA framework. The new layer is called the GQOnt ontology instantiation layer. This extension has highlighted the need for aligning the models within the original BPAOnt intonation layer with the ones in the new layer. This is because the BPAOnt was the base for the identification of the candidate software services and capabilities. Therefore, a novel alignment approach has been proposed in order to address this need. Also, the original service identification approach is refined in order to adapt with the integration of goals and quality requirements.The GQ-BPAOntoSOA framework, which is a goal-based and quality-linked extended BPAOntoSOA framework, has been evaluated using the Cancer Care Registration process. This is the same case study used in the evaluation of the BPAOntoSOA framework. And this is required in order to investigate the implication of integrating goals and quality requirements into the pre-existing BPAOntoSOA framework-driven candidate software services. This has shown that: (1) the GQOnt ontology does not only contribute to the extension of the BPAOntoSOA framework, yet it also contributes to providing a semantic representation of a business strategy view for an organisation. The GQOnt ontology acts as an independent repository of knowledge in order to have an early agreement between stakeholders with regard to business goals and quality requirements. The semantic representation could be reused for different purposes with respect to the needs. (2) the alignment approach has bridged the gap between goal-oriented models and Riva-based business process architectures. (3) the Riva business process architecture modelling method and business process models have been enriched with the integration of goals and quality requirements in order to provide a rich representation of business process architecture and process models that reflect an important information for the given organisation. (4) The service identification approach used in the original BPAOntoSOA framework has been enriched with goals and quality requirements. This has affected the identification of candidate software services (clusters) and their capabilities. Also, the derived candidate software services have conformed to service-oriented architecture principles. Accordingly, This research has bridged the gap between the BPAOntoSOA framework and the business goals and quality requirements. This is anticipated to lead to highly consistent, correct and complete software service specifications

Actas del Taller de Trabajo Zoco’08 / JISBD Integración de Aplicaciones Web : XIII Jornadas de Ingeniería del Software y Bases de Datos Gijón, 7 al 10 de Octubre de 2008

Ministerio de Educación y Ciencia TIN2007-64119Junta de Andalucía P07-TIC-0260

Validierung von MultiView-basierten Prozessmodellen mit grafischen Validierungsregeln

Die Bedeutung und Verbreitung von Software wächst im betrieblichen und privaten Umfeld stetig. Das primäre Ziel bei der Verwendung von Software ist die Optimierung manueller oder bereits (teil-) automatisierter Problem- bzw. Aufgabenstellungen. Der zentrale Bezugspunkt bei der Entwicklung der Software ist die Softwarespezifikation. Diese beinhaltet im Idealfall alle für die Softwarelösung relevanten Anforderungen. Ein an Bedeutung gewinnender Bestandteil der Spezifikation sind Geschäftsprozessmodelle. Diese beschreiben dabei die Abläufe der zu entwickelnden Softwarelösung in Form von grafischen Prozessdarstellungen. Aufgrund der zunehmenden Anreicherung der Prozessmodelle mit Anforderungen und Informationen wie bspw. gesetzlichen Bestimmungen oder Details für die modellgetriebene Softwareentwicklung erwachsen aus einfachen Ablaufdarstellungen komplexe und umfangreiche Geschäftsprozessmodelle. Unabhängig davon, ob Geschäftsprozessmodelle zur reinen Spezifikation bzw. Dokumentation dienen oder für die modellgetriebene Softwareentwicklung eingesetzt werden, ist ein zentrales Ziel die Sicherstellung der inhaltlichen Korrektheit der Geschäftsprozessmodelle und damit der darin modellierten Anforderungen. In aktuellen Softwareentwicklungsprozessen werden dazu häufig manuelle Prüfverfahren eingesetzt, welche jedoch häufig sowohl zeit- als auch kostenintensiv und zudem fehleranfällig sind. Automatisierbare Verfahren benötigen allerdings formale Spezifikationssprachen. Diese werden aber aufgrund ihrer mathematisch anmutenden textuellen Darstellung im Umfeld der Geschäftsprozessmodellierung meist abgelehnt. Im Gegensatz zu textuellen Darstellungen sind grafische Repräsentationen häufig leichter verständlich und werden vor allem im Bereich der Geschäftsprozessmodellierung eher akzeptiert. Im Rahmen der Arbeit wird daher ein auf formalen grafischen Validierungsregeln basierendes Konzept zur Überprüfung der inhaltlichen Korrektheit von Geschäftsprozessmodellen vorgestellt. Das Konzept ist dabei unabhängig von der Modellierungssprache der Geschäftsprozessmodelle sowie von der Spezifikationssprache der Validierungsregeln. Zur Verbesserung der Beherrschbarkeit der zunehmend komplexen und umfangreichen Geschäftsprozessmodelle wird zudem ein als MultiVview bezeichnetes Sichtenkonzept vorgestellt. Dies dient zur Reduzierung der grafischen Komplexität und zur Zuordnung von Aufgaben- und Verantwortungsbereichen (beispielsweise Datenschutz- und Sicherheitsmodellierung) bei der Geschäftsprozessmodellierung. Das Gesamtkonzept wurde prototypisch in der Software ARIS Business Architect und als Plug-in für die Entwicklungsumgebung Eclipse realisiert. Eine Evaluation erfolgt zum einen an dem Eclipse Plug-in anhand eines Requirements Engineering Tool Evaluation Framework und zum anderen anhand von Anwendungsfällen aus dem Bereich der öffentlichen Verwaltung, der ELSTER-Steuererklärung und SAP-Referenzprozessen

The quality-aware service selection problem: an adaptive evolutionary approach

Die Qualität der Serviceerbringung (kurz QoS) ist ein wichtiger Aspekt in verteilten, Service-orientierten Systemen. Wenn mehrere Implementierungen einer Funktionalität koexistieren, kann die Wahl eines konkreten Services aufgrund von QoS-Aspekten getroffen werden. Leistung, Verfügbarkeit und Kosten sind Beispiele für QoS-Attribute eines Services. In der vorliegenden Dissertation werden Aspekte dieses Selektionsproblems anhand eines konkreten, Service-orientieren Systems vertieft. Es handelt sich dabei um das TAG-System in ATLAS, einem Hochenergiephysikexperiment am CERN, der Europäischen Organisation für Kernforschung. Die Daten und Services des TAG-Systems sind weltweit verteilt und müssen auf Anfrage selektiert und zu einem Workflow zusammengesetzt werden. Die Optimierung wird aus zwei unterschiedlichen Blickwinkeln. Die Selektion wird als ein dynamisches Pfadoptimierungsproblem unter Nebenbedingungen modelliert, wodurch QoS-Attribute sowohl der Knoten (Services) als auch der Kanten (Netzwerk) berücksichtigt werden können. Dynamische Aspekte des verteilten sind in der Problemformulierung integriert, da sie eine spezifische Herausforderung und Anforderung an Lösungsalgorithmen stellen. Für die dynamische Pareto-Optimierung von Serviceselektionsproblemen wird im Rahmen dieser Arbeit ein Optimierungsansatz mit einem genetischen Algorithmus präsentiert, der über einen persistenten Speicher von früheren Lösungen sowie eine automatische Adaptierung der Mutationsrate eine effiziente Anpassung an das sich ständig verändernde System gewährleistet. Eine Ontologie der Systemkomponenten sowie deren QoS-Attribute bildet die Basis für die Optimierung. Der Ansatz wird im Rahmen der Dissertation hinsichtlich der Qualität der erzielten Lösungen, der Adaptierung an änderungen sowie der Laufzeit evaluiert. Teile des Ansatzes wurden schließ lich in das TAG-System integriert und darin evaluiert.Quality of Service (QoS) is an important aspect in distributed, service-oriented systems. When several concrete services exist that implement the same functionality, the choice of a service instance among many can be made based on QoS considerations, objectives and constraints. Typically considered properties are performance, availability, and costs. In this thesis, aspects of the QoS-aware service selection problem are studied in the context of a distributed, service-oriented system from ATLAS, a high-energy physics experiment at CERN, the European Organization for Nuclear Research. In this so-called TAG system, data and modular services are distributed world-wide and need to be selected and composed on the fly, as a user starts a request. There are two conflicting optimization viewpoints. The service selection is modeled as a dynamic multi-constrained optimal path problem, which allows considering QoS attributes of service instances and of the network. The dynamic aspects of the system are included in the problem definition, as they represent a specific challenge. To address these issues regarding dynamics and conflicting viewpoints, this work proposes a service selection optimization framework based on a multi-objective genetic algorithm capable of efficiently dealing with changing conditions by using a persistent memory of good solutions, and a stepwise adaptation of the mutation rate. A system and QoS attribute ontology as well as a description of dynamics of distributed systems build the basis of the framework. The presented approach is evaluated in terms of optimization quality, adaptability to changes, runtime performance and scalability