Security policy monitoring of BPMN-based service compositions

Service composition is a key concept of Service- Oriented Architecture that allows for combining loosely coupled services that are offered and operated by different service providers. Such environments are expected to dynamically respond to changes that may occur at runtime, including changes in the environment and individual services themselves. Therefore, it is crucial to monitor these loosely-coupled services throughout their lifetime. In this paper, we present a novel framework for monitoring services at runtime and ensuring that services behave as they have promised. In particular, we focus on monitoring non-functional properties that are specified within an agreed security contract. The novelty of our work is based on the way in which monitoring information can be combined from multiple dynamic services to automate the monitoring of business processes and proactively report compliance violations. The framework enables monitoring of both atomic and composite services and provides a user friendly interface for specifying the monitoring policy. We provide an information service case study using a real composite service to demonstrate how we achieve compliance monitoring. The transformation of security policy into monitoring rules, which is done automatically, makes our framework more flexible and accurate than existing techniques

Security Policy Monitoring of BPMN-based Service Compositions

Service composition is a key concept of Service-Oriented Architecture that allows for combining loosely coupled services that are offered and operated by different service providers. Such environments are expected to dynamically respond to changes that may occur at runtime, including changes in the environment and individual services themselves. Therefore, it is crucial to monitor these loosely-coupled services throughout their lifetime. In this paper, we present a novel framework for monitoring services at runtime and ensuring that services behave as they have promised. In particular, we focus on monitoring non-functional properties that are specified within an agreed security contract. The novelty of our work is based on the way in which monitoring information can be combined from multiple dynamic services to automate the monitoring of business processes and proactively report compliance violations. The framework enables monitoring of both atomic and composite services and provides a user friendly interface for specifying the monitoring policy. We provide an information service case study using a real composite service to demonstrate how we achieve compliance monitoring. The transformation of security policy into monitoring rules, which is done automatically, makes our framework more flexible and accurate than existing techniques

Modelling, validating, and ranking of secure service compositions

This is the author accepted manuscript. The final version is available from the publisher via the DOI in this recordIn the world of large-scale applications, software as a service (SaaS) in general and use of microservices, in particular, is bringing service-oriented architectures to a new level: Systems in general and systems that interact with human users (eg, sociotechnical systems) in particular are built by composing microservices that are developed independently and operated by different parties. At the same time, SaaS applications are used more and more widely by enterprises as well as public services for providing critical services, including those processing security or privacy of relevant data. Therefore, providing secure and reliable service compositions is increasingly needed to ensure the success of SaaS solutions. Building such service compositions securely is still an unsolved problem. In this paper, we present a framework for modelling, validating, and ranking secure service compositions that integrate both automated services as well as services that interact with humans. As a unique feature, our approach for ranking services integrates validated properties (eg, based on the result of formally analysing the source code of a service implementation) as well as contractual properties that are part of the service level agreement and, thus, not necessarily ensured on a technical level

Achieving Autonomic Web Service Compositions with Models at Runtime

Over the last years, Web services have become increasingly popular. It is because they allow businesses to share data and business process (BP) logic through a programmatic interface across networks. In order to reach the full potential of Web services, they can be combined to achieve specifi c functionalities. Web services run in complex contexts where arising events may compromise the quality of the system (e.g. a sudden security attack). As a result, it is desirable to count on mechanisms to adapt Web service compositions (or simply called service compositions) according to problematic events in the context. Since critical systems may require prompt responses, manual adaptations are unfeasible in large and intricate service compositions. Thus, it is suitable to have autonomic mechanisms to guide their self-adaptation. One way to achieve this is by implementing variability constructs at the language level. However, this approach may become tedious, difficult to manage, and error-prone as the number of con figurations for the service composition grows. The goal of this thesis is to provide a model-driven framework to guide autonomic adjustments of context-aware service compositions. This framework spans over design time and runtime to face arising known and unknown context events (i.e., foreseen and unforeseen at design time) in the close and open worlds respectively. At design time, we propose a methodology for creating the models that guide autonomic changes. Since Service-Oriented Architecture (SOA) lacks support for systematic reuse of service operations, we represent service operations as Software Product Line (SPL) features in a variability model. As a result, our approach can support the construction of service composition families in mass production-environments. In order to reach optimum adaptations, the variability model and its possible con figurations are verifi ed at design time using Constraint Programming (CP). At runtime, when problematic events arise in the context, the variability model is leveraged for guiding autonomic changes of the service composition. The activation and deactivation of features in the variability model result in changes in a composition model that abstracts the underlying service composition. Changes in the variability model are refl ected into the service composition by adding or removing fragments of Business Process Execution Language (WS-BPEL) code, which are deployed at runtime. Model-driven strategies guide the safe migration of running service composition instances. Under the closed-world assumption, the possible context events are fully known at design time. These events will eventually trigger the dynamic adaptation of the service composition. Nevertheless, it is diffi cult to foresee all the possible situations arising in uncertain contexts where service compositions run. Therefore, we extend our framework to cover the dynamic evolution of service compositions to deal with unexpected events in the open world. If model adaptations cannot solve uncertainty, the supporting models self-evolve according to abstract tactics that preserve expected requirements.Alférez Salinas, GH. (2013). Achieving Autonomic Web Service Compositions with Models at Runtime [Tesis doctoral no publicada]. Universitat Politècnica de València. https://doi.org/10.4995/Thesis/10251/34672TESI

MAPPING BPEL PROCESSES TO DIAGNOSTIC MODELS

Web services are loosely-coupled, self-contained, and self-describing software modules that perform a predetermined task. These services can be linked together to develop an appli­ cation that spans multiple organizations. This linking is referred to as a composition of web services. These compositions potentially can help businesses respond more quickly and more cost-effectively to changing market conditions. Compositions can be specified using a high- level workflow process language. A fault or problem is a defect in a software or software component. A system is said to have a failure if the service it delivers to the user deviates from compliance with the system specification for a specified period of time. A problem causes a failure. Failures are often referred to as symptoms of a problem. A problem can occur on one component but a failure is detected on another component. This suggests a need to be able to determine a problem based on failures. This is referred to as fault diagnosis. This thesis focuses on the design, implementation and evaluation of a diagnostic module that performs automated mapping of a high-level specification of a web services composition to a diagnostics model. A diagnosis model expresses the relationship between problems and potential symptoms. This mapping can be done by a third party service that is not part of the application resulting from the composition of the web services. Automation will allow a third party to do diagnosis for a large number of compositions and should be less error-prone

Open Environmental Platforms: Top-Level Components and Relevant Standards

We present our ideas of an open Information and Communication Technology (ICT) platform for monitoring, mapping and managing our environment. The envisioned solution bridges the gap between the Internet of Things, Content and Services, and highly specific applications, such as oil spill detection or marine monitoring. On the one hand, this environmental platform should be open to new technologies; on the other hand, it has to provide open standard interfaces to various application domains. We identify core components, standards, and needs for new standard development in ICT for environment. We briefly outline how our past and present activities contribute to the development of the desired open environmental platform. Future implementations shall contribute to sustainable developments in the environmental domain.JRC.DDG.H.6-Spatial data infrastructure

Web service composition: A survey of techniques and tools

Web services are a consolidated reality of the modern Web with tremendous, increasing impact on everyday computing tasks. They turned the Web into the largest, most accepted, and most vivid distributed computing platform ever. Yet, the use and integration of Web services into composite services or applications, which is a highly sensible and conceptually non-trivial task, is still not unleashing its full magnitude of power. A consolidated analysis framework that advances the fundamental understanding of Web service composition building blocks in terms of concepts, models, languages, productivity support techniques, and tools is required. This framework is necessary to enable effective exploration, understanding, assessing, comparing, and selecting service composition models, languages, techniques, platforms, and tools. This article establishes such a framework and reviews the state of the art in service composition from an unprecedented, holistic perspective

QoS-based Self-Management for Business Processes

Business processes are commonly implemented as compositions of Web Services, using the Business Process Execution Language (BPEL) as an orchestration specification. Business processes do not only require an appropriate setup but also need to be monitored throughout their runtime, especially when Quality-of-service (QoS) constraints have to be met. Monitoring results may be used for the automated reconfiguration and optimization of business processes. We show how we achieve self-management based on QoS constraints within our system. The BPRules Language that we set up can be used to improve the QoS behavior of business processes by triggering appropriate management actions on the process. Also we propose a service selection strategy for the dynamic selection and replacement of services within business processes