Ubiquitous Nature of Event-Driven Approaches: A Retrospective View

This paper retrospectively analyzes the progress of event-based capability and their applicability in various domains. Although research on event-based approaches started in a humble manner with the intention of introducing triggers in database management systems for monitoring application state and to automate applications by reducing/eliminating user intervention, currently it has become a force to reckon with as it finds use in many diverse domains. This is primarily due to the fact that a large number of real-world applications are indeed event-driven and hence the paradigm is apposite. In this paper, we briefly overview the development of the ECA (or event-condition-action) paradigm. We briefly discuss the evolution of the ECA paradigm (or active capability) in relational and Object-oriented systems. We then describe several diverse applications where the ECA paradigm has been used effectively. The applications range from customized monitoring of web pages to specification and enforcement of access control policies using RBAC (role-based access control). The multitude of applications clearly demonstrate the ubiquitous nature of event-based approaches to problems that were not envisioned as the ones where the active capability would be applicable. Finally, we indicate some future trends that can benefit from the ECA paradigm

Leveraging service-oriented business applications to a rigorous rule-centric dynamic behavioural architecture.

Today’s market competitiveness and globalisation are putting pressure on organisations to join their efforts, to focus more on cooperation and interaction and to add value to their businesses. That is, most information systems supporting these cross-organisations are characterised as service-oriented business applications, where all the emphasis is put on inter-service interactions rather than intra-service computations. Unfortunately for the development of such inter-organisational service-oriented business systems, current service technology proposes only ad-hoc, manual and static standard web-service languages such as WSDL, BPEL and WS-CDL [3, 7]. The main objective of the work reported in this thesis is thus to leverage the development of service-oriented business applications towards more reliability and dynamic adaptability, placing emphasis on the use of business rules to govern activities, while composing services. The best available software-engineering techniques for adaptability, mainly aspect-oriented mechanisms, are also to be integrated with advanced formal techniques. More specifically, the proposed approach consists of the following incremental steps. First, it models any business activity behaviour governing any service-oriented business process as Event-Condition-Action (ECA) rules. Then such informal rules are made more interaction-centric, using adapted architectural connectors. Third, still at the conceptual-level, with the aim of adapting such ECA-driven connectors, this approach borrows aspect-oriented ideas and mechanisms, and proposes to intercept events, select the properties required for interacting entities, explicitly and separately execute such ECA-driven behavioural interactions and finally dynamically weave the results into the entities involved. To ensure compliance and to preserve the implementation of this architectural conceptualisation, the work adopts the Maude language as an executable operational formalisation. For that purpose, Maude is first endowed with the notions of components and interfaces. Further, the concept of ECA-driven behavioural interactions are specified and implemented as aspects. Finally, capitalising on Maude reflection, the thesis demonstrates how to weave such interaction executions into associated services

Self-managed Workflows for Cyber-physical Systems

Workflows are a well-established concept for describing business logics and processes in web-based applications and enterprise application integration scenarios on an abstract implementation-agnostic level. Applying Business Process Management (BPM) technologies to increase autonomy and automate sequences of activities in Cyber-physical Systems (CPS) promises various advantages including a higher flexibility and simplified programming, a more efficient resource usage, and an easier integration and orchestration of CPS devices. However, traditional BPM notations and engines have not been designed to be used in the context of CPS, which raises new research questions occurring with the close coupling of the virtual and physical worlds. Among these challenges are the interaction with complex compounds of heterogeneous sensors, actuators, things and humans; the detection and handling of errors in the physical world; and the synchronization of the cyber-physical process execution models. Novel factors related to the interaction with the physical world including real world obstacles, inconsistencies and inaccuracies may jeopardize the successful execution of workflows in CPS and may lead to unanticipated situations. This thesis investigates properties and requirements of CPS relevant for the introduction of BPM technologies into cyber-physical domains. We discuss existing BPM systems and related work regarding the integration of sensors and actuators into workflows, the development of a Workflow Management System (WfMS) for CPS, and the synchronization of the virtual and physical process execution as part of self-* capabilities for WfMSes. Based on the identified research gap, we present concepts and prototypes regarding the development of a CPS WFMS w.r.t. all phases of the BPM lifecycle. First, we introduce a CPS workflow notation that supports the modelling of the interaction of complex sensors, actuators, humans, dynamic services and WfMSes on the business process level. In addition, the effects of the workflow execution can be specified in the form of goals defining success and error criteria for the execution of individual process steps. Along with that, we introduce the notion of Cyber-physical Consistency. Following, we present a system architecture for a corresponding WfMS (PROtEUS) to execute the modelled processes-also in distributed execution settings and with a focus on interactive process management. Subsequently, the integration of a cyber-physical feedback loop to increase resilience of the process execution at runtime is discussed. Within this MAPE-K loop, sensor and context data are related to the effects of the process execution, deviations from expected behaviour are detected, and compensations are planned and executed. The execution of this feedback loop can be scaled depending on the required level of precision and consistency. Our implementation of the MAPE-K loop proves to be a general framework for adding self-* capabilities to WfMSes. The evaluation of our concepts within a smart home case study shows expected behaviour, reasonable execution times, reduced error rates and high coverage of the identified requirements, which makes our CPS~WfMS a suitable system for introducing workflows on top of systems, devices, things and applications of CPS.:1. Introduction 15 1.1. Motivation 15 1.2. Research Issues 17 1.3. Scope & Contributions 19 1.4. Structure of the Thesis 20 2. Workflows and Cyber-physical Systems 21 2.1. Introduction 21 2.2. Two Motivating Examples 21 2.3. Business Process Management and Workflow Technologies 23 2.4. Cyber-physical Systems 31 2.5. Workflows in CPS 38 2.6. Requirements 42 3. Related Work 45 3.1. Introduction 45 3.2. Existing BPM Systems in Industry and Academia 45 3.3. Modelling of CPS Workflows 49 3.4. CPS Workflow Systems 53 3.5. Cyber-physical Synchronization 58 3.6. Self-* for BPM Systems 63 3.7. Retrofitting Frameworks for WfMSes 69 3.8. Conclusion & Deficits 71 4. Modelling of Cyber-physical Workflows with Consistency Style Sheets 75 4.1. Introduction 75 4.2. Workflow Metamodel 76 4.3. Knowledge Base 87 4.4. Dynamic Services 92 4.5. CPS-related Workflow Effects 94 4.6. Cyber-physical Consistency 100 4.7. Consistency Style Sheets 105 4.8. Tools for Modelling of CPS Workflows 106 4.9. Compatibility with Existing Business Process Notations 111 5. Architecture of a WfMS for Distributed CPS Workflows 115 5.1. Introduction 115 5.2. PROtEUS Process Execution System 116 5.3. Internet of Things Middleware 124 5.4. Dynamic Service Selection via Semantic Access Layer 125 5.5. Process Distribution 126 5.6. Ubiquitous Human Interaction 130 5.7. Towards a CPS WfMS Reference Architecture for Other Domains 137 6. Scalable Execution of Self-managed CPS Workflows 141 6.1. Introduction 141 6.2. MAPE-K Control Loops for Autonomous Workflows 141 6.3. Feedback Loop for Cyber-physical Consistency 148 6.4. Feedback Loop for Distributed Workflows 152 6.5. Consistency Levels, Scalability and Scalable Consistency 157 6.6. Self-managed Workflows 158 6.7. Adaptations and Meta-adaptations 159 6.8. Multiple Feedback Loops and Process Instances 160 6.9. Transactions and ACID for CPS Workflows 161 6.10. Runtime View on Cyber-physical Synchronization for Workflows 162 6.11. Applicability of Workflow Feedback Loops to other CPS Domains 164 6.12. A Retrofitting Framework for Self-managed CPS WfMSes 165 7. Evaluation 171 7.1. Introduction 171 7.2. Hardware and Software 171 7.3. PROtEUS Base System 174 7.4. PROtEUS with Feedback Service 182 7.5. Feedback Service with Legacy WfMSes 213 7.6. Qualitative Discussion of Requirements and Additional CPS Aspects 217 7.7. Comparison with Related Work 232 7.8. Conclusion 234 8. Summary and Future Work 237 8.1. Summary and Conclusion 237 8.2. Advances of this Thesis 240 8.3. Contributions to the Research Area 242 8.4. Relevance 243 8.5. Open Questions 245 8.6. Future Work 247 Bibliography 249 Acronyms 277 List of Figures 281 List of Tables 285 List of Listings 287 Appendices 28

Conceptual modelling of adaptive web services based on high-level petri nets

Service technology geared by its SOA architecture and enabling Web services is rapidly gaining in maturity and acceptance. Consequently, most worldwide (private and corporate) cross-organizations are embracing this paradigm by publishing, requesting and composing their businesses and applications in the form of (web-)services. Nevertheless, to face harsh competitiveness such service oriented cross-organizational applications are increasingly pressed to be highly composite, adaptive, knowledge-intensive and very reliable. In contrast to that, Web service standards such as WSDL, WSBPEL, WS-CDL and many others offer just static, manual, purely process-centric and ad-hoc techniques to deploy such services. The main objective of this thesis consists therefore in leveraging the development of service-driven applications towards more reliability, dynamically and adaptable knowledge-intensiveness. This thesis puts forward an innovative framework based on distributed high-level Petri nets and event-driven business rules. More precisely, we developed a new variant of high-level Petri Nets formalism called Service-based Petri nets (CSrv-Nets), that exhibits the following potential characteristics. Firstly, the framework is supported by a stepwise methodology that starts with diagrammatical UML-class diagrams and business rules and leads to dynamically adaptive services specifications. Secondly, the framework soundly integrates behavioural event-driven business rules and stateful services both at the type and instance level and with an inherent distribution. Thirdly, the framework intrinsically permits validation through guided graphical animation. Fourthly, the framework explicitly separates between orchestrations for modelling rule-intensive single services and choreography for cooperating several services through their governing interactive business rules. Fifthly, the framework is based on a two-level conceptualization: (1) the modelling of any rule-centric service with CSrv-Nets; (2) the smooth upgrading of this service modelling with an adaptability-level that allows for dynamically shifting up and down any rule-centric behavior of the running business activities

Gestion unifiée et dynamique de la sécurité : un cadriciel dirigé par les situations

Les systèmes de gestion de la sécurité (SGS) font le lien entre les exigences de sécurité et le domaine d'application technique. D'un côté, le SGS doit permettre à l'administrateur sécurité de traduire les exigences de sécurité en configurations de sécurité (appelé ici le processus de déploiement). De l'autre, il doit lui fournir des mécanismes de supervision (tels que des SIEM, IDS, fichiers de logs, etc.) afin de vérifier que l'état courant du système est toujours conforme aux exigences de sécurité (appelé ici processus de supervision). Aujourd'hui, garantir que les exigences de sécurité sont respectées nécessite une intervention humaine. En effet, les processus de déploiement et de supervision ne sont pas reliés entre eux. Ainsi, les SGS ne peuvent garantir que les exigences de sécurité sont toujours respectées lorsque le comportement du système change. Dans le cadre du projet européen PREDYKOT, nous avons tenté de boucler la boucle de gestion en intégrant les informations sur le changement de comportement du système et en les injectant dans le processus de déploiement. Cela permet de faire appliquer des mesures de sécurité dynamiques en fonction des changements de comportement du système. Toutefois, il existe diverses approches pour exprimer et mettre en œuvre des politiques de sécurité. Chaque solution de gestion est dédiée à des problématiques de gestion des autorisations ou à celles des configurations de sécurité. Chaque solution fournit son propre langage de politique, son propre modèle architectural et son propre protocole de gestion. Or, il est nécessaire de gérer à la fois les autorisations et les configurations de sécurité de manière unifiée. Notre contribution porte principalement sur trois points : Le retour d'information de supervision : Le processus de supervision capture le comportement dynamique du système au travers d'évènements. Chaque évènement transporte peu de sens. Nous proposons de considérer non pas les évènements individuellement mais de les agréger pour former des situations afin d'amener plus de sémantique sur l'état du système. Nous utilisons ce concept pour relier les exigences de sécurité, les changements dans le système et les politiques de sécurité à appliquer. Un nouvel agent, appelé gestionnaire de situations, est responsable de la gestion du cycle de vie des situations (début et fin de situation, etc.) Nous avons implanté cet agent grâce à la technologie de traitement des évènements complexes. Expression de la politique : Nous proposons d'utiliser le concept de situation comme élément central pour exprimer des politiques de sécurité dynamiques. Les décisions de sécurité peuvent être alors automatiquement dirigées par les situations sans avoir besoin de changer la règle courante. Nous appliquons l'approche de contrôle d'accès à base d'attributs pour spécifier nos politiques. Cette approche orientée par les situations facilite l'écriture des règles de sécurité mais aussi leur compréhension. De plus, ces politiques étant moins techniques, elles sont plus proches des besoins métiers. L'architecture de gestion : Nous présentons une architecture de gestion orientée événement qui supporte la mise en œuvre de politiques de sécurité dirigées par les situations. Considérer les messages de gestion en terme d'évènements, nous permet d'être indépendant de tout protocole de gestion. En conséquence, notre architecture couvre de manière unifiée les approches de gestion des autorisations comme des configurations (obligations) selon les modèles de contrôle de politiques en externalisation comme en approvisionnement. De plus, les agents de gestion sont adaptables et peuvent être dynamiquement améliorés avec de nouvelles fonctionnalités de gestion si besoin. Notre cadriciel a été complètement implanté et est conforme au standard XACMLv3 d'OASIS. Enfin, nous avons évalué la généricité de notre approche à travers quatre scénarii.A Security Management System (SMS) connects security requirements to the technical application domain. On the one hand, an SMS must allow the security administrator/officer to translate the security requirements into security configurations that is known as the enforcement process. On the other hand, it must supply the administrator/officer with monitoring features (SIEM, IDS, log files, etc.) to verify that the environments' changes do not affect the compliance to the predefined security requirements known as the monitoring process. Nowadays, guarantying security objectives requires a human intervention. Therefore, the SMS enforcement process is disconnected from the monitoring process. Thus, an SMS cannot dynamically guarantee that security requirements are still satisfied when environment behavior changings are observed. As part of the European project PREDYKOT, we have worked on closing the management loop by establishing a feedback on the dynamic behavior, captured from the environment, to impact the enforcement process. As a result, expressing and applying a dynamic security policy will be possible. However, many policy expression and enforcement approaches exist currently. Each security management solution is dedicated to some specific issues related to authorization or to system/network management. Each solution provides a specific policy language, an architectural model and a management protocol. Nevertheless, closing the management loop implies managing both authorizations and system/network configurations in a unified framework. Our contribution tackles the following three main issues: Feedback: The monitoring process captures the highly dynamics of the behavior through events. However, each event is not semantically associated with other events. We propose to get more semantics about behavior's changings thus introducing the concept of "situation" to be dealt with in security management applications. This concept aggregates events and links relevant security requirements, relevant behavior changes, and relevant policy rules. A new management agent, called the situation manager, has been added. The latter is responsible for the management process of the situations lifecycle (situation beginning and ending, etc.). We implement this software module using the complex event processing technology. Policy Expression: We propose to specify dynamic security policies oriented by situations. By doing so, the expression of the security policy rules becomes simpler to understand, easier to write and closer to the business and security needs. Hence, each relevant situation orients automatically the policy evaluation process towards a new dynamic decision that doesn't require updating the policy rules. We apply the attribute-based expression approach because of its ability to represent everything through attribute terms, which is a flexible way to express our dynamic policy rules. Enforcement Architecture: we propose a unified and adaptive architecture that supports situations-oriented policies enforcement. We choose to build an event-driven architecture. Exchanging management messages in terms of events allows our architecture to be independent from the management protocols. Thus, it covers in a unified way authorizations as well as configurations management approaches considering both provisioning and outsourcing policy control models. In addition, management agents are adaptable and can be upgraded dynamically with new management functionalities. Our framework has been implemented and is compliant with the OASIS XACMLv3 standard. Finally, we evaluated our contributed according to four different scenarios to prove its generic nature

Ami-deu : un cadre sémantique pour des applications adaptables dans des environnements intelligents

Cette thèse vise à étendre l’utilisation de l'Internet des objets (IdO) en facilitant le développement d’applications par des personnes non experts en développement logiciel. La thèse propose une nouvelle approche pour augmenter la sémantique des applications d’IdO et l’implication des experts du domaine dans le développement d’applications sensibles au contexte. Notre approche permet de gérer le contexte changeant de l’environnement et de générer des applications qui s’exécutent dans plusieurs environnements intelligents pour fournir des actions requises dans divers contextes. Notre approche est mise en œuvre dans un cadriciel (AmI-DEU) qui inclut les composants pour le développement d’applications IdO. AmI-DEU intègre les services d’environnement, favorise l’interaction de l’utilisateur et fournit les moyens de représenter le domaine d’application, le profil de l’utilisateur et les intentions de l’utilisateur. Le cadriciel permet la définition d’applications IoT avec une intention d’activité autodécrite qui contient les connaissances requises pour réaliser l’activité. Ensuite, le cadriciel génère Intention as a Context (IaaC), qui comprend une intention d’activité autodécrite avec des connaissances colligées à évaluer pour une meilleure adaptation dans des environnements intelligents. La sémantique de l’AmI-DEU est basée sur celle du ContextAA (Context-Aware Agents) – une plateforme pour fournir une connaissance du contexte dans plusieurs environnements. Le cadriciel effectue une compilation des connaissances par des règles et l'appariement sémantique pour produire des applications IdO autonomes capables de s’exécuter en ContextAA. AmI- DEU inclut également un outil de développement visuel pour le développement et le déploiement rapide d'applications sur ContextAA. L'interface graphique d’AmI-DEU adopte la métaphore du flux avec des aides visuelles pour simplifier le développement d'applications en permettant des définitions de règles étape par étape. Dans le cadre de l’expérimentation, AmI-DEU comprend un banc d’essai pour le développement d’applications IdO. Les résultats expérimentaux montrent une optimisation sémantique potentielle des ressources pour les applications IoT dynamiques dans les maisons intelligentes et les villes intelligentes. Notre approche favorise l'adoption de la technologie pour améliorer le bienêtre et la qualité de vie des personnes. Cette thèse se termine par des orientations de recherche que le cadriciel AmI-DEU dévoile pour réaliser des environnements intelligents omniprésents fournissant des adaptations appropriées pour soutenir les intentions des personnes.Abstract: This thesis aims at expanding the use of the Internet of Things (IoT) by facilitating the development of applications by people who are not experts in software development. The thesis proposes a new approach to augment IoT applications’ semantics and domain expert involvement in context-aware application development. Our approach enables us to manage the changing environment context and generate applications that run in multiple smart environments to provide required actions in diverse settings. Our approach is implemented in a framework (AmI-DEU) that includes the components for IoT application development. AmI- DEU integrates environment services, promotes end-user interaction, and provides the means to represent the application domain, end-user profile, and end-user intentions. The framework enables the definition of IoT applications with a self-described activity intention that contains the required knowledge to achieve the activity. Then, the framework generates Intention as a Context (IaaC), which includes a self-described activity intention with compiled knowledge to be assessed for augmented adaptations in smart environments. AmI-DEU framework semantics adopts ContextAA (Context-Aware Agents) – a platform to provide context-awareness in multiple environments. The framework performs a knowledge compilation by rules and semantic matching to produce autonomic IoT applications to run in ContextAA. AmI-DEU also includes a visual tool for quick application development and deployment to ContextAA. The AmI-DEU GUI adopts the flow metaphor with visual aids to simplify developing applications by allowing step-by-step rule definitions. As part of the experimentation, AmI-DEU includes a testbed for IoT application development. Experimental results show a potential semantic optimization for dynamic IoT applications in smart homes and smart cities. Our approach promotes technology adoption to improve people’s well-being and quality of life. This thesis concludes with research directions that the AmI-DEU framework uncovers to achieve pervasive smart environments providing suitable adaptations to support people’s intentions

Coordinating Service Compositions : Model and Infrastructure for Collaborative Creation of Electronic Documents

Electronic documents frequently include contributions from different human and non-human sources. The Web, for instance, offers ever-changing content and services which can perform activities during document creation. This thesis introduces a solution for collaborative document creation which maps contributions of human and non-human participants to software services. The joint flexible composition and coordination of these services leads to a novel understanding of dynamic Web-based documents

Knowledge-base and techniques for effective service-oriented programming & management of hybrid processes

Recent advances in Web 2.0, SOA, crowd-sourcing, social and collaboration technologies, as well as cloud-computing, have truly transformed the Internet into a global development and deployment platform. As a result, developers have been presented with ubiquitous access to countless Web-services, resources and tools. However, while enabling tremendous automation and reuse opportunities, new productivity challenges have also emerged: The exploitation of services and resources nonetheless requires skilled programmers and a development-centric approach; it is thus inevitably susceptible to the same repetitive, error-prone and time consuming integration work each time a developer integrates a new API. Business Process Management on the other hand were proposed to support service-based integration. It provided the benefit of automation and modelling, which appealed to non-technical domain-experts. The problem however: it proves too rigid for unstructured processes. Thus, without this level of support, building new application either requires extensive manual programming or resorting to homebrew solutions. Alternatively, with the proliferation of SaaS, various such tools could be used for independent portions of the overall process - although this either presupposes conforming to the in-built process, or results in "shadow processes" via use of e-mail or the like, in order to exchange information and share decisions. There has therefore been an inevitable gap in technological support between structured and unstructured processes. To address these challenges, this thesis deals with transitioning process-support from structured to unstructured. We have been motivated to harness the foundational capabilities of BPM for its application to unstructured processes. We propose to achieve this by: First, addressing the productivity challenges of Web-services integration - simplifying this process - whilst encouraging an incremental curation and collective reuse approach. We then extend this to propose an innovative Hybrid-Process Management Platform that holistically combines structured, semi-structured and unstructured activities, based on a unified task-model that encapsulates a spectrum of process specificity. We have thus aimed to bridge the current lacking technology gap. The approach presented has been exposed as service-based libraries and tools. Whereby, we have devised several use-case scenarios and conducted user-studies in order to evaluate the overall effectiveness of our proposed work