SECURITY POLICY ENFORCEMENT IN APPLICATION ENVIRONMENTS USING DISTRIBUTED SCRIPT-BASED CONTROL STRUCTURES

Business processes involving several partners in different organisations impose demanding requirements on procedures for specification, execution and maintenance. A framework referred to as business process management (BPM) has evolved for this purpose over the last ten years. Other approaches, such as service-oriented architecture (SOA) or the concept of virtual organisations (VOs), assist in the definition of architectures and procedures for modelling and execution of so-called collaborative business processes (CBPs). Methods for the specification of business processes play a central role in this context, and, several standards have emerged for this purpose. Among these, Web Services Business Process Execution Language (WS-BPEL, usually abbreviated BPEL) has evolved to become the de facto standard for business process definition. As such, this language has been selected as the foundation for the research in this thesis. Having a broadly accepted standard would principally allow the specification of business processes in a platform-independent manner, including the capability to specify them at one location and have them executed at others (possibly spread across different organisations). Though technically feasible, this approach has significant security implications, particularly on the side that is to execute a process. The research project focused upon these security issues arising when business processes are specified and executed in a distributed manner. The central goal has been the development of methods to cope with the security issues arising when BPEL as a standard is deployed in such a way exploiting the significant aspect of a standard to be platform-independent The research devised novel methods for specifying security policies in such a manner that the assessment of compliance with these policies is greatly facilitated such that the assessment becomes suited to be performed automatically. An analysis of the securityrelevant semantics of BPEL as a specification language was conducted that resulted in the identification of so-called security-relevant semantic patterns. Based on these results, methods to specify security policy-implied restrictions in terms of such semantic patterns and to assess the compliance of BPEL scripts with these policies have been developed. These methods are particularly suited for assessment of remotely defined BPEL scripts since they allow for pre-execution enforcement of local security policies thereby mitigating or even removing the security implications involved in distributed definition and execution of business processes. As initially envisaged, these methods are comparatively easy to apply, as they are based on technologies customary for practitioners in this field. The viability of the methods proposed for automatic compliance assessment has been proven via a prototypic implementation of the essential functionality required for proof-of-concept.Darmstadt Node of the NRG Network at University of Applied Sciences Darmstad

Workflows for Quantitative Data Analysis in The Social Sciences

The background is given to how statistical analysis is used by quantitative social scientists. Developing statistical analyses requires substantial effort, yet there are important limitations in current practice. This has motivated the authors to create a more systematic and effective methodology with supporting tools. The approach to modelling quantitative data analysis in the social sciences is presented. Analysis scripts are treated abstractly as mathematical functions and concretely as web services. This allows individual scripts to be combined into high-level workflows. A comprehensive set of tools allows workflows to be defined, automatically validated and verified, and automatically implemented. The workflows expose opportunities for parallel execution, can define support for proper fault handling, and can be realised by non-technical users. Services, workflows and datasets can also be readily shared. The approach is illustrated with a realistic case study that analyses occupational position in relation to health

Generic access to symbolic computing services

Symbolic computation is one of the computational domains that requires large computational resources. Computer Algebra Systems (CAS), the main tools used for symbolic computations, are mainly designed to be used as software tools installed on standalone machines that do not provide the required resources for solving large symbolic computation problems. In order to support symbolic computations an infrastructure built upon massively distributed computational environments must be developed. Building an infrastructure for symbolic computations requires a thorough analysis of the most important requirements raised by the symbolic computation world and must be built based on the most suitable architectural styles and technologies. The architecture that we propose is composed of several main components: the Computer Algebra System (CAS) Server that exposes the functionality implemented by one or more supporting CASs through generic interfaces of Grid Services; the Architecture for Grid Symbolic Services Orchestration (AGSSO) Server that allows seamless composition of CAS Server capabilities; and client side libraries to assist the users in describing workflows for symbolic computations directly within the CAS environment. We have also designed and developed a framework for automatic data management of mathematical content that relies on OpenMath encoding. To support the validation and fine tuning of the system we have developed a simulation platform that mimics the environment on which the architecture is deployed

Security for Service-Oriented On-Demand Grid Computing

Grid Computing ist mittlerweile zu einem etablierten Standard für das verteilte Höchstleistungsrechnen geworden. Während die erste Generation von Grid Middleware-Systemen noch mit proprietären Schnittstellen gearbeitet hat, wurde durch die Einführung von service-orientierten Standards wie WSDL und SOAP durch die Open Grid Services Architecture (OGSA) die Interoperabilität von Grids signifikant erhöht. Dies hat den Weg für mehrere nationale und internationale Grid-Projekten bereitet, in denen eine groß e Anzahl von akademischen und eine wachsende Anzahl von industriellen Anwendungen im Grid ausgeführt werden, die die bedarfsgesteuerte (on-demand) Provisionierung und Nutzung von Ressourcen erfordern. Bedarfsgesteuerte Grids zeichnen sich dadurch aus, dass sowohl die Software, als auch die Benutzer einer starken Fluktuation unterliegen. Weiterhin sind sowohl die Software, als auch die Daten, auf denen operiert wird, meist proprietär und haben einen hohen finanziellen Wert. Dies steht in starkem Kontrast zu den heutigen Grid-Anwendungen im akademischen Umfeld, die meist offen im Quellcode vorliegen bzw. frei verfügbar sind. Um den Ansprüchen einer bedarfsgesteuerten Grid-Nutzung gerecht zu werden, muss das Grid administrative Komponenten anbieten, mit denen Anwender autonom Software installieren können, selbst wenn diese Root-Rechte benötigen. Zur gleichen Zeit muss die Sicherheit des Grids erhöht werden, um Software, Daten und Meta-Daten der kommerziellen Anwender zu schützen. Dies würde es dem Grid auch erlauben als Basistechnologie für das gerade entstehende Gebiet des Cloud Computings zu dienen, wo ähnliche Anforderungen existieren. Wie es bei den meisten komplexen IT-Systemen der Fall ist, sind auch in traditionellen Grid Middlewares Schwachstellen zu finden, die durch die geforderten Erweiterungen der administrativen Möglichkeiten potentiell zu einem noch größ erem Problem werden. Die Schwachstellen in der Grid Middleware öffnen einen homogenen Angriffsvektor auf die ansonsten heterogenen und meist privaten Cluster-Umgebungen. Hinzu kommt, dass anders als bei den privaten Cluster-Umgebungen und kleinen akademischen Grid-Projekten die angestrebten groß en und offenen Grid-Landschaften die Administratoren mit gänzlich unbekannten Benutzern und Verhaltenstrukturen konfrontieren. Dies macht das Erkennen von böswilligem Verhalten um ein Vielfaches schwerer. Als Konsequenz werden Grid-Systeme ein immer attraktivere Ziele für Angreifer, da standardisierte Zugriffsmöglichkeiten Angriffe auf eine groß e Anzahl von Maschinen und Daten von potentiell hohem finanziellen Wert ermöglichen. Während die Rechenkapazität, die Bandbreite und der Speicherplatz an sich schon attraktive Ziele darstellen können, sind die im Grid enthaltene Software und die gespeicherten Daten viel kritischere Ressourcen. Modelldaten für die neuesten Crash-Test Simulationen, eine industrielle Fluid-Simulation, oder Rechnungsdaten von Kunden haben einen beträchtlichen Wert und müssen geschützt werden. Wenn ein Grid-Anbieter nicht für die Sicherheit von Software, Daten und Meta-Daten sorgen kann, wird die industrielle Verbreitung der offenen Grid-Technologie nicht stattfinden. Die Notwendigkeit von strikten Sicherheitsmechanismen muss mit der diametral entgegengesetzten Forderung nach einfacher und schneller Integration von neuer Software und neuen Kunden in Einklang gebracht werden. In dieser Arbeit werden neue Ansätze zur Verbesserung der Sicherheit und Nutzbarkeit von service-orientiertem bedarfsgesteuertem Grid Computing vorgestellt. Sie ermöglichen eine autonome und sichere Installation und Nutzung von komplexer, service-orientierter und traditioneller Software auf gemeinsam genutzen Ressourcen. Neue Sicherheitsmechanismen schützen Software, Daten und Meta-Daten der Anwender vor anderen Anwendern und vor externen Angreifern. Das System basiert auf Betriebssystemvirtualisierungstechnologien und bietet dynamische Erstellungs- und Installationsfunktionalitäten für virtuelle Images in einer sicheren Umgebung, in der automatisierte Mechanismen anwenderspezifische Firewall-Regeln setzen, um anwenderbezogene Netzwerkpartitionen zu erschaffen. Die Grid-Umgebung wird selbst in mehrere Bereiche unterteilt, damit die Kompromittierung von einzelnen Komponenten nicht so leicht zu einer Gefährdung des gesamten Systems führen kann. Die Grid-Headnode und der Image-Erzeugungsserver werden jeweils in einzelne Bereiche dieser demilitarisierten Zone positioniert. Um die sichere Anbindung von existierenden Geschäftsanwendungen zu ermöglichen, werden der BPEL-Standard (Business Process Execution Language) und eine Workflow-Ausführungseinheit um Grid-Sicherheitskonzepte erweitert. Die Erweiterung erlaubt eine nahtlose Integration von geschützten Grid Services mit existierenden Web Services. Die Workflow-Ausführungseinheit bietet die Erzeugung und die Erneuerung (im Falle von lange laufenden Anwendungen) von Proxy-Zertifikaten. Der Ansatz ermöglicht die sichere gemeinsame Ausführung von neuen, fein-granularen, service-orientierten Grid Anwendungen zusammen mit traditionellen Batch- und Job-Farming Anwendungen. Dies wird durch die Integration des vorgestellten Grid Sandboxing-Systems in existierende Cluster Scheduling Systeme erreicht. Eine innovative Server-Rotationsstrategie sorgt für weitere Sicherheit für den Grid Headnode Server, in dem transparent das virtuelle Server Image erneuert wird und damit auch unbekannte und unentdeckte Angriffe neutralisiert werden. Um die Angriffe, die nicht verhindert werden konnten, zu erkennen, wird ein neuartiges Intrusion Detection System vorgestellt, das auf Basis von Datenstrom-Datenbanksystemen funktioniert. Als letzte Neuerung dieser Arbeit wird eine Erweiterung des modellgetriebenen Softwareentwicklungsprozesses eingeführt, die eine automatisierte Generierung von sicheren Grid Services ermöglicht, um die komplexe und damit unsichere manuelle Erstellung von Grid Services zu ersetzen. Eine prototypische Implementierung der Konzepte wird auf Basis des Globus Toolkits 4, der Sun Grid Engine und der ActiveBPEL Engine vorgestellt. Die modellgetriebene Entwicklungsumgebung wurde in Eclipse für das Globus Toolkit 4 realisiert. Experimentelle Resultate und eine Evaluation der kritischen Komponenten des vorgestellten neuen Grids werden präsentiert. Die vorgestellten Sicherheitsmechanismem sollen die nächste Phase der Evolution des Grid Computing in einer sicheren Umgebung ermöglichen

Geospatial Standards for Web-enabled Environmental Models

Serving geographic information via standardized Web services has been widely accepted as a useful approach. Web-enabled environmental models simulating real-world phenomena are, however, rare. The models predict observations traditionally served by geospatial Web services compliant to well-defined standards. Using standardized Web services could support decoupling of models, comparison of similar models, and the automatic integration into existing geospatial workflows. Modeling experts face several open issues when migrating existing environmental computer models to the Web. The selection of the Web service interface depends on the input parameters required for the successful execution of the computer model. Losing control over the execution of the models, and consequently also the confidence in model results, can be addressed to a certain extent by using translucent and standardized workflow languages. Mechanisms and open problems for the implementation of geospatial Web service compositions are discussed. Two scenarios about oil spills and the exposure to air pollution illustrate the impact of unconfigured model parameters for standard-compliant spatial data clients

Service-Oriented Ad Hoc Grid Computing

Subject of this thesis are the design and implementation of an ad hoc Grid infrastructure. The vision of an ad hoc Grid further evolves conventional service-oriented Grid systems into a more robust, more flexible and more usable environment that is still standards compliant and interoperable with other Grid systems. A lot of work in current Grid middleware systems is focused on providing transparent access to high performance computing (HPC) resources (e.g. clusters) in virtual organizations spanning multiple institutions. The ad hoc Grid vision presented in this thesis exceeds this view in combining classical Grid components with more flexible components and usage models, allowing to form an environment combining dedicated HPC-resources with a large number of personal computers forming a "Desktop Grid". Three examples from medical research, media research and mechanical engineering are presented as application scenarios for a service-oriented ad hoc Grid infrastructure. These sample applications are also used to derive requirements for the runtime environment as well as development tools for such an ad hoc Grid environment. These requirements form the basis for the design and implementation of the Marburg ad hoc Grid Environment (MAGE) and the Grid Development Tools for Eclipse (GDT). MAGE is an implementation of a WSRF-compliant Grid middleware, that satisfies the criteria for an ad hoc Grid middleware presented in the introduction to this thesis. GDT extends the popular Eclipse integrated development environment by components that support application development both for traditional service-oriented Grid middleware systems as well as ad hoc Grid infrastructures such as MAGE. These development tools represent the first fully model driven approach to Grid service development integrated with infrastructure management components in service-oriented Grid computing. This thesis is concluded by a quantitative discussion of the performance overhead imposed by the presented extensions to a service-oriented Grid middleware as well as a discussion of the qualitative improvements gained by the overall solution. The conclusion of this thesis also gives an outlook on future developments and areas for further research. One of these qualitative improvements is "hot deployment" the ability to install and remove Grid services in a running node without interrupt to other active services on the same node. Hot deployment has been introduced as a novelty in service-oriented Grid systems as a result of the research conducted for this thesis. It extends service-oriented Grid computing with a new paradigm, making installation of individual application components a functional aspect of the application. This thesis further explores the idea of using peer-to-peer (P2P networking for Grid computing by combining a general purpose P2P framework with a standard compliant Grid middleware. In previous work the application of P2P systems has been limited to replica location and use of P2P index structures for discovery purposes. The work presented in this thesis also uses P2P networking to realize seamless communication accross network barriers. Even though the web service standards have been designed for the internet, the two-way communication requirement introduced by the WSRF-standards and particularly the notification pattern is not well supported by the web service standards. This defficiency can be answered by mechanisms that are part of such general purpose P2P communication frameworks. Existing security infrastructures for Grid systems focus on protection of data during transmission and access control to individual resources or the overall Grid environment. This thesis focuses on security issues within a single node of a dynamically changing service-oriented Grid environment. To counter the security threads arising from the new capabilities of an ad hoc Grid, a number of novel isolation solutions are presented. These solutions address security issues and isolation on a fine-grained level providing a range of applicable basic mechanisms for isolation, ranging from lightweight system call interposition to complete para-virtualization of the operating systems

Eighth Workshop and Tutorial on Practical Use of Coloured Petri Nets and the CPN Tools, Aarhus, Denmark, October 22-24, 2007

This booklet contains the proceedings of the Eighth Workshop on Practical Use of Coloured Petri Nets and the CPN Tools, October 22-24, 2007. The workshop is organised by the CPN group at the Department of Computer Science, University of Aarhus, Denmark. The papers are also available in electronic form via the web pages: http://www.daimi.au.dk/CPnets/workshop0

An Integrated Methodology for Creating Composed Web/Grid Services

This thesis presents an approach to design, specify, validate, verify, implement, and evaluate composed web/grid services. Web and grid services can be composed to create new services with complex behaviours. The BPEL (Business Process Execution Language) standard was created to enable the orchestration of web services, but there have also been investigation of its use for grid services. BPEL specifies the implementation of service composition but has no formal semantics; implementations are in practice checked by testing. Formal methods are used in general to define an abstract model of system behaviour that allows simulation and reasoning about properties. The approach can detect and reduce potentially costly errors at design time. CRESS (Communication Representation Employing Systematic Specification) is a domainindependent, graphical, abstract notation, and integrated toolset for developing composite web service. The original version of CRESS had automated support for formal specification in LOTOS (Language Of Temporal Ordering Specification), executing formal validation with MUSTARD (Multiple-Use Scenario Testing and Refusal Description), and implementing in BPEL4WS as the early version of BPEL standard. This thesis work has extended CRESS and its integrated tools to design, specify, validate, verify, implement, and evaluate composed web/grid services. The work has extended the CRESS notation to support a wider range of service compositions, and has applied it to grid services as a new domain. The thesis presents two new tools, CLOVE (CRESS Language-Oriented Verification Environment) and MINT (MUSTARD Interpreter), to respectively support formal verification and implementation testing. New work has also extended CRESS to automate implementation of composed services using the more recent BPEL standard WS-BPEL 2.0

Forum Session at the First International Conference on Service Oriented Computing (ICSOC03)

The First International Conference on Service Oriented Computing (ICSOC) was held in Trento, December 15-18, 2003. The focus of the conference ---Service Oriented Computing (SOC)--- is the new emerging paradigm for distributed computing and e-business processing that has evolved from object-oriented and component computing to enable building agile networks of collaborating business applications distributed within and across organizational boundaries. Of the 181 papers submitted to the ICSOC conference, 10 were selected for the forum session which took place on December the 16th, 2003. The papers were chosen based on their technical quality, originality, relevance to SOC and for their nature of being best suited for a poster presentation or a demonstration. This technical report contains the 10 papers presented during the forum session at the ICSOC conference. In particular, the last two papers in the report ere submitted as industrial papers