Formal certification and compliance for run-time service environments

With the increased awareness of security and safety of services in on-demand distributed service provisioning (such as the recent adoption of Cloud infrastructures), certification and compliance checking of services is becoming a key element for service engineering. Existing certification techniques tend to support mainly design-time checking of service properties and tend not to support the run-time monitoring and progressive certification in the service execution environment. In this paper we discuss an approach which provides both design-time and runtime behavioural compliance checking for a services architecture, through enabling a progressive event-driven model-checking technique. Providing an integrated approach to certification and compliance is a challenge however using analysis and monitoring techniques we present such an approach for on-going compliance checking

Specifying and Analysing SOC Applications with COWS

COWS is a recently defined process calculus for specifying and combining service-oriented applications, while modelling their dynamic behaviour. Since its introduction, a number of methods and tools have been devised to analyse COWS specifications, like e.g. a type system to check confidentiality properties, a logic and a model checker to express and check functional properties of services. In this paper, by means of a case study in the area of automotive systems, we demonstrate that COWS, with some mild linguistic additions, can model all the phases of the life cycle of service-oriented applications, such as publication, discovery, negotiation, orchestration, deployment, reconfiguration and execution. We also provide a flavour of the properties that can be analysed by using the tools mentioned above

Analysis of SLA compliance in the cloud: An automated, model-based approach

Service Level Agreements (SLA) are commonly used to specify the quality attributes between cloud service providers and the customers. A violation of SLAs can result in high penalties. To allow the analysis of SLA compliance before the services are deployed, we describe in this paper an approach for SLA-aware deployment of services on the cloud, and illustrate its workflow by means of a case study. The approach is based on formal models combined with static analysis tools and generated runtime monitors. As such, it fits well within a methodology combining software development with information technology operations (DevOps)

Conformance Checking and Simulation-based Evolutionary Optimization for Deployment and Reconfiguration of Software in the Cloud

Many SaaS providers nowadays want to leverage the cloud's capabilities also for their existing applications, for example, to enable sound scalability and cost-effectiveness. This thesis provides the approach CloudMIG that supports SaaS providers to migrate those applications to IaaS and PaaS-based cloud environments. CloudMIG consists of a step-by-step process and focuses on two core components. (1) Restrictions imposed by specific cloud environments (so-called cloud environment constraints (CECs)), such as a limited file system access or forbidden method calls, can be validated by an automatic conformance checking approach. (2) A cloud deployment option (CDO) determines which cloud environment, cloud resource types, deployment architecture, and runtime reconfiguration rules for exploiting a cloud's elasticity should be used. The implied performance and costs can differ in orders of magnitude. CDOs can be automatically optimized with the help of our simulation-based genetic algorithm CDOXplorer. Extensive lab experiments and an experiment in an industrial context show CloudMIG's applicability and the excellent performance of its two core components

A framework for orchestrating secure and dynamic access of IoT services in multi-cloud environments

IoT devices have complex requirements but their limitations in terms of storage, network, computing, data analytics, scalability and big data management require it to be used it with a technology like cloud computing. IoT backend with cloud computing can present new ways to offer services that are massively scalable, can be dynamically configured, and delivered on demand with largescale infrastructure resources. However, a single cloud infrastructure might be unable to deal with the increasing demand of cloud services in which hundreds of users might be accessing cloud resources, leading to a big data problem and the need for efficient frameworks to handle a large number of user requests for IoT services. These challenges require new functional elements and provisioning schemes. To this end, we propose the usage of multi-clouds with IoT which can optimize the user requirements by allowing them to choose best IoT services from many services hosted in various cloud platforms and provide them with more infrastructure and platform resources to meet their requirements. This paper presents a novel framework for dynamic and secure IoT services access across multi-clouds using cloud on-demand model. To facilitate multi-cloud collaboration, novel protocols are designed and implemented on cloud platforms. The various stages involved in the framework for allowing users access to IoT services in multi-clouds are service matchmaking (i.e. to choose the best service matching user requirements), authentication (i.e. a lightweight mechanism to authenticate users at runtime before granting them service access), and SLA management (including SLA negotiation, enforcement and monitoring). SLA management offers benefits like negotiating required service parameters, enforcing mechanisms to ensure that service execution in the external cloud is according to the agreed SLAs and monitoring to verify that the cloud provider complies with those SLAs. The detailed system design to establish secure multi-cloud collaboration has been presented. Moreover, the designed protocols are empirically implemented on two different clouds including OpenStack and Amazon AWS. Experiments indicate that proposed system is scalable, authentication protocols result only in a limited overhead compared to standard authentication protocols, and any SLA violation by a cloud provider could be recorded and reported back to the user.N/