An architecture for certification-aware service discovery

Service-orientation is an emerging paradigm for building complex systems based on loosely coupled components, deployed and consumed over the network. Despite the original intent of the paradigm, its current instantiations are limited to a single trust domain (e.g., a single organization). Also, some of the key promises of service-orientation - such as the dynamic orchestration of externally provided software services, using runtime service discovery and deployment - are still unachieved. One of the main reasons for this is the trust gap that normally arises when software services, offered by previously unknown providers, are to be selected at run-time, without any human intervention. To close this gap, the concept of machine-readable security certificates (called asserts) has been recently introduced, which paves the way to automated processing about security properties of services. Similarly to current security certification schemes, the assessment of the security properties of a service is delegated to an independent third party (certification authority), who issues a corresponding assert, bound to the service. In this paper, we propose an architecture, which exploits the assert concept to realise a certification-aware service discovery framework. The architecture supports the discovery of single services based on certified security properties (in additional to the usual functional properties), as well as the dynamic synthesis of service compositions, that satisfy the given security properties. The architecture is extensible, thus allowing for a range of domain specific matchmaking components, to cover dimensions related to, e.g., performance, cost and other non-functional characteristics

Better abstractions for reusable components & architectures

Software architecture (SA) is a crucial component of Model Driven Engineering (MDE), since it eases the communication and reuse of designs and components. However, existing languages (e.g., UML, AADL, SysML) are lacking many needed features. In particular, they provide rudimentary support for connectors, a first-class element in the components and connectors (C&C) architectural view and one of the most reusable architectural elements. This is unfortunate, since the difficult properties that need to be guaranteed for complex systems are mainly the non-functional properties, like throughput, security and dependability, which are greatly influenced by the employed connectors. This work reviews the basic abstractions of the C&C view of SA and examines extra architectural elements which can support the detailed, explicit and separate description of behaviour, interaction and control logic

Specifying Runtime Environments and Functionalities of Downloadable Components under the Sandbox Model

ISPSE, Kanazawa, Japan, Nov. 2000In this paper, we propose a specification of both runtime environments and software components which can be loaded not only from your local system but also from the other systems over the computer network. Because components from the other system are not always enough reliable or safe to act freely in your own system, you should limit their activities to a certain context. Such assumption is based on the sandbox security model. Because such components are largely influenced by the runtime environments, users sometimes lose sight of the abilities and limitations of such components. Therefore, they fail to reuse the components in the right way. We provide a way to specify such properties, so that component users can precisely understand the abilities and limitations.ArticleProceedings of the International Symposium on Principles of Software Evolution. 138-142 (2000)conference pape

Multi-Dimensional Model Based Engineering for Performance Critical Computer Systems Using the AADL

International audienceThe Architecture Analysis & Design Language, (AADL), Society of Automotive Engineers (SAE), AS5506, was developed to support quantitative analysis of the runtime architecture of the embedded software system in computer systems with multiple critical operational properties, such as responsiveness, safety-criticality, security, and reliability by allowing a model of the system to be annotated with information relevant to each of these quality concerns and AADL to be extended with analysis-specific properties. It supports modelling of the embedded software runtime architecture, the computer system hardware, and the interface to the physical environment of embedded computer systems and system of systems. It was designed to support a full Model Based Engineering lifecycle including system specification, analysis, system tuning, integration, and upgrade by supporting modelling and analysis at multiple levels of fidelity. A system can be automatically integrated from AADL models when fully specified and when source code is provided for the software components

Verification of class liveness properties with Java modeling language

International audienceStatic checking is key for the security of software components. As a component model, this paper considers a Java class enriched with annotations from the Java Modeling Language (JML). It defines a formal execution semantics for repetitive method invocations from this annotated class, called the class in isolation semantics. Afterwards, a pattern of liveness properties is defined, together with its formal semantics, providing a foundation for both static and runtime checking. This pattern is then inscribed in a complete language of temporal properties, called JTPL (Java Temporal Pattern Language), extending JML. We particularly address the verification of liveness properties by auto- matically translating the temporal properties into JML annotations for this class. This automatic translation is implemented in a tool called JAG (JML Annotation Generator). Correctness of the generated annotations ensures that the temporal property is established for the executions of the class in isolation