Service Composition for IP Smart Object using Realtime Web Protocols: Concept and Research Challenges

The Internet of Things (IoT) refers to a world-wide network of interconnected physical things using standardized communication protocols. Recent development of Internet Protocol (IP) stacks for resource-constrained devices unveils a possibility for the future IoT based on the stable and scalable IP technology much like today's Internet of computers. One important question remains: how can data and events (denoted as services) introduced by a variety of IP networked things be exchanged and aggregated e ciently in various application domains. Because the true value of IoT lies in the interaction of several services from physical things, answers to this question are essential to support a rapid creation of new IoT smart and ubiquitous applications. The problem is known as service composition. This article explains the practicability of the future full-IP IoT with realtime Web protocols to formally state the problem of service composition for IP smart objects, provides literature review, and discusses its research challenges

Handling Dynamic Requirements in Cloud Computing

Cloud Computing is an Internet-based business paradigm, within which cloud providers offer resources (e.g. storage, computing, network) and cloud consumers use them after accepting the associated agreements. The demand of a particular functionality can rapidly change in this paradigm, so organizations need to count with a method to elicit, analyze, specify, verify, and manage dynamic requirements in a systematic and repeatable way. Existing requirements engineering (RE) approaches for Cloud Computing are generally focused on a limited number of non-functional characteristics (e.g. security, privacy, performance), and service consumers have no guideline to cover multiple dimensions of a requirement in cloud environments. To address this problem, a conceptual model is initially presented to analyze cloud requirements and services. Then, a workflow is proposed for handling those requirements and supporting cloud service adoption. In this paper, we explain our contribution based on practical experience in projects and existing RE approaches.Sociedad Argentina de Informática e Investigación Operativa (SADIO

Automated synthesis of local time requirement for service composition

National Research Foundation (NRF) Singapore ANR-NRF French-Singaporean research program ProMi

Conceptual modelling of adaptive web services based on high-level petri nets

Service technology geared by its SOA architecture and enabling Web services is rapidly gaining in maturity and acceptance. Consequently, most worldwide (private and corporate) cross-organizations are embracing this paradigm by publishing, requesting and composing their businesses and applications in the form of (web-)services. Nevertheless, to face harsh competitiveness such service oriented cross-organizational applications are increasingly pressed to be highly composite, adaptive, knowledge-intensive and very reliable. In contrast to that, Web service standards such as WSDL, WSBPEL, WS-CDL and many others offer just static, manual, purely process-centric and ad-hoc techniques to deploy such services. The main objective of this thesis consists therefore in leveraging the development of service-driven applications towards more reliability, dynamically and adaptable knowledge-intensiveness. This thesis puts forward an innovative framework based on distributed high-level Petri nets and event-driven business rules. More precisely, we developed a new variant of high-level Petri Nets formalism called Service-based Petri nets (CSrv-Nets), that exhibits the following potential characteristics. Firstly, the framework is supported by a stepwise methodology that starts with diagrammatical UML-class diagrams and business rules and leads to dynamically adaptive services specifications. Secondly, the framework soundly integrates behavioural event-driven business rules and stateful services both at the type and instance level and with an inherent distribution. Thirdly, the framework intrinsically permits validation through guided graphical animation. Fourthly, the framework explicitly separates between orchestrations for modelling rule-intensive single services and choreography for cooperating several services through their governing interactive business rules. Fifthly, the framework is based on a two-level conceptualization: (1) the modelling of any rule-centric service with CSrv-Nets; (2) the smooth upgrading of this service modelling with an adaptability-level that allows for dynamically shifting up and down any rule-centric behavior of the running business activities

Specifying and Verifying Contract-driven Composite Web Services: a Model Checking Approach

As a promising computing paradigm in the new era of cross-enterprise e-applications, web services technology works as plugin mode to provide a value-added to applications using Service-Oriented Computing (SOC) and Service-Oriented Architecture (SOA). Verification is an important issue in this paradigm, which focuses on abstract business contracts and where services’ behaviors are generally classified in terms of compliance with / violation of their contracts. However, proposed approaches fail to describe in details both compliance and violation behaviors, how the system can distinguish between them, and how the system reacts after each violation. In this context, specifying and automatically generating verification properties are challenging key issues. This thesis proposes a novel approach towards verifying the compliance with contracts regulating the composition of web services. In this approach, properties against which the system is verified are generated automatically from the composition’s implementation. First, Business Process Execution Language (BPEL)that specifies actions within business processes with web services is extended to create custom activities, called labels. Those labels are used as means to represent the specifications and mark the points the developer aims to verify. A significant advantage of this labeling is the ability to target specific points in the design to be verified, which makes this verification very focused. Second, new translation rules from the extended BPEL into ISPL, the input language of the MCMAS model checker, are provided so that model checking the behavior of our contract-driven compositions is possible. The verification properties are expressed in the CTLC logic, which provides a powerful representation for modeling composition contracts using commitment-based multiagent interactions. A detailed case study with experimental results are also reported ins the thesis

Achieving Autonomic Web Service Compositions with Models at Runtime

Over the last years, Web services have become increasingly popular. It is because they allow businesses to share data and business process (BP) logic through a programmatic interface across networks. In order to reach the full potential of Web services, they can be combined to achieve specifi c functionalities. Web services run in complex contexts where arising events may compromise the quality of the system (e.g. a sudden security attack). As a result, it is desirable to count on mechanisms to adapt Web service compositions (or simply called service compositions) according to problematic events in the context. Since critical systems may require prompt responses, manual adaptations are unfeasible in large and intricate service compositions. Thus, it is suitable to have autonomic mechanisms to guide their self-adaptation. One way to achieve this is by implementing variability constructs at the language level. However, this approach may become tedious, difficult to manage, and error-prone as the number of con figurations for the service composition grows. The goal of this thesis is to provide a model-driven framework to guide autonomic adjustments of context-aware service compositions. This framework spans over design time and runtime to face arising known and unknown context events (i.e., foreseen and unforeseen at design time) in the close and open worlds respectively. At design time, we propose a methodology for creating the models that guide autonomic changes. Since Service-Oriented Architecture (SOA) lacks support for systematic reuse of service operations, we represent service operations as Software Product Line (SPL) features in a variability model. As a result, our approach can support the construction of service composition families in mass production-environments. In order to reach optimum adaptations, the variability model and its possible con figurations are verifi ed at design time using Constraint Programming (CP). At runtime, when problematic events arise in the context, the variability model is leveraged for guiding autonomic changes of the service composition. The activation and deactivation of features in the variability model result in changes in a composition model that abstracts the underlying service composition. Changes in the variability model are refl ected into the service composition by adding or removing fragments of Business Process Execution Language (WS-BPEL) code, which are deployed at runtime. Model-driven strategies guide the safe migration of running service composition instances. Under the closed-world assumption, the possible context events are fully known at design time. These events will eventually trigger the dynamic adaptation of the service composition. Nevertheless, it is diffi cult to foresee all the possible situations arising in uncertain contexts where service compositions run. Therefore, we extend our framework to cover the dynamic evolution of service compositions to deal with unexpected events in the open world. If model adaptations cannot solve uncertainty, the supporting models self-evolve according to abstract tactics that preserve expected requirements.Alférez Salinas, GH. (2013). Achieving Autonomic Web Service Compositions with Models at Runtime [Tesis doctoral no publicada]. Universitat Politècnica de València. https://doi.org/10.4995/Thesis/10251/34672TESI

Information Flow Control in Spring Web Applications

Companies rely extensively on frameworks and APIs when developing their systems, as these mechanisms are quite advantageous. Two of the most conspicuous benefits are their ease of use and workload reduction, allowing for shorter and more responsive development cycles. However, most frameworks do not provide security properties such as data confidentiality as other tools do. A prime example is a Spring. It is the most heavily used Java web development framework, hosting a vast array of functionalities, ranging from data layer functionalities (c.f. hibernate and JPA), security providers, and metrics providers to provide statistical data on the application itself as well as a layer for REST communication. However, to achieve such advanced functionalities, Spring resorts to bytecode manipulation and generation during its startup period, hindering the use of other formal analysis tools that use similar processes in their execution. In a broader sense, we provide a comprehensive approach for the static analysis of spring-based web applications. We introduce hooks in the Spring pipeline, making feasible the formal analysis and manipulation of the complete, run-time-generated appli- cation bytecode through a well-defined interface. The hooks provide not only access to the entire web application’s bytecode but also allow for the replacement of the applica- tion’s component, enabling more complex analysis requiring the instrumentation of the application. To address data confidentiality-related issues in web applications developed with this framework, we propose integrating information flow control tools in the framework’s pipeline. Namely, we combine Spring with Snitch, a tool for hybrid information flow control in Java bytecode that will be used as a case-study.As empresas apoiam-se cada vez mais em frameworks e APIs quando desenvolvem os seus sistemas, pois estas ferramentas fornecem grandes vantagens. Duas das maiores vantages destes sistemas são a sua fácil utilização/integração nos sistemas bem como a quantidade de trabalho que reduzem ao desenvolvedor, permitindo assim períodos de desenvolvimento mais curtos e responsivos. Ainda assim, a mrioria das frameworks não têm como lidar com propriedades de segurança fundamentais como confidencialidade dos dados. Um dos exemplos mais conhecidos é o Spring. É a framework mais usada em Java para desenvolvimento web, oferecendo um vasto leque de funcionalidades, variando entre uma camada que lida com dados (eg: hibernate e JPA), uma camada gestora de segurança nas aplicações, uma camada estatística que permite analisar a performance do sistema e também uma camada para comunicação REST. Para alcançar estas funcionalidades, que não são triviais, o Spring recorre a mecanismos de manipulação de bytecode e geração de código durante o seu período de inicialização, perturbando o uso de ferramentas de análise formais que recorrem a processos semelhantes na sua execução. Em geral, nós fornecemos uma nova forma de lidar com análise formal em aplicações web Spring. Aqui introduzimos hooks no processo de inicialização do Spring, tornando possível que a análise formal e a manipulação de todo o bytecode gerado da aplicação a partir duma interface cuidadosamente definida. Os hooks fornecidos fornecem acesso ao bytecode da aplicação na sua totalidade bem como permitem a substituição do componente da aplicação, permitindo assim a análise complexa e formal por parte da ferramenta que pode requerer instrumentação da aplicação. Para lidar com problemas relacionados com confidencialidade dos dados em aplicações web desenvolvidas com a framework, propomos a integração de ferramentas de controlo do fluxo de informação na prórpia framework. Assim, juntamos Spring e Snitch, uma ferramenta que analisa bytecode para verificar a segurança do fluxo de informação híbrida

Extracting LPL privacy policy purposes from annotated web service source code

Privacy policies are a mechanism used to inform users of the World Wide Web about the processing of their personal data. Such processing has special requirements, since personal data are regulated by data protection legislation. For example, a consent or another legal basis is typically needed. Privacy policies are documents used, among other things, to inform the data subject about processing of their personal data. These are formally represented by privacy languages. In this paper, we present a technique for constructing Layered Privacy Language policy data from web service code bases. Theoretically, we model the purposes of processing within web services by extending the privacy language with composition. We also present a formal analysis method for generating privacy policy purposes from the source code of web services. Furthermore, as a practical contribution, we present a static analysis tool that implements the theoretical solution. Finally, we report a brief case study for validating the too

Model Transformation Approach to Automated Model Driven Development

One of the contemporary challenges of software evolution is to adapt a software system to the changing of requirements and demands from users and environments. An ultimate goal is to encapsulate these requirements into a high-level abstraction, giving the ability to achieve large-scale adaptation of the underlying software implementation. Model-Driven Engineering (MDE) is one of the enabling techniques that supports this objective. In MDE, the e ective creation of models and their transformation are core activities to enable the conversion of source models to target models in order to change model structures or translate models to other software artifacts. The main goal is to provide automation and enable the automated development of a system from its corresponding models. There are several approaches on this matter from high level. However, there is still absence of clear methodology and results on how to apply MDE for a speci c domain with speci c requirements such as the web domain. This research brings contribution toward the solution to automated model development by providing an overview of existing approaches and introducing a novel approach in the emerging eld of web applications and services. To cope with current trend in the growing of complexity of web services as programmatic backbones of modern distributed and cloud architecture, we present an approach using domain speci c language for modeling of web services as the solution to the challenge in scalability of web service modeling and development. We analyze the current state of the problem domain and implement a domain speci c language called Simple Web Service Modeling to support automated model-driven development of such web services. This approach is the solution to the problem in web service development of software-as-service systems that require the support for tenant-speci c architecture. In the domain of web application quality assurance, we build a modeling language for model driven testing of web application that focuses on automation and regression testing. Our techniques are based on building abstractions of web pages and modeling state-machinebased test behavior using Web Testing Modeling Language - a domain speci c language that we developed for web page modeling. This methodology and techniques aim at helping software developers as well as testers to become more productive and reduce the time-tomarket, while maintaining high standards of web application. The proposing techniques is the answer to the lack of concrete methods and toolset in applying model driven development to speci c areas such as web application testing and services. The results of this work can be applied to practical purposes with the methodological support to integrate into existing software development practices.Katedra počítač