88 research outputs found
Service Composition for IP Smart Object using Realtime Web Protocols: Concept and Research Challenges
The Internet of Things (IoT) refers to a world-wide network of interconnected physical things using standardized communication protocols. Recent development of Internet Protocol (IP) stacks for resource-constrained devices unveils a possibility for the future IoT based on the stable and scalable IP technology much like today's Internet of computers. One important question remains: how can data and events (denoted as services) introduced by a variety of IP networked things be exchanged and aggregated e ciently in various application domains. Because the true value of IoT lies in the interaction of several services from physical things, answers to this question are essential to support a rapid creation of new IoT smart and ubiquitous applications. The problem is known as service composition. This article explains the practicability of the future full-IP IoT with realtime Web protocols to formally state the problem of service composition for IP smart objects, provides literature review, and discusses its research challenges
Handling Dynamic Requirements in Cloud Computing
Cloud Computing is an Internet-based business paradigm, within which cloud providers offer resources (e.g. storage, computing, network) and cloud consumers use them after accepting the associated agreements. The demand of a particular functionality can rapidly change in this paradigm, so organizations need to count with a method to elicit, analyze, specify, verify, and manage dynamic requirements in a systematic and repeatable way. Existing requirements engineering (RE) approaches for Cloud Computing are generally focused on a limited number of non-functional characteristics (e.g. security, privacy, performance), and service consumers have no guideline to cover multiple dimensions of a requirement in cloud environments. To address this problem, a conceptual model is initially presented to analyze cloud requirements and services. Then, a workflow is proposed for handling those requirements and supporting cloud service adoption. In this paper, we explain our contribution based on practical experience in projects and existing RE approaches.Sociedad Argentina de Informática e Investigación Operativa (SADIO
Automated synthesis of local time requirement for service composition
National Research Foundation (NRF) Singapore ANR-NRF French-Singaporean research program ProMi
Conceptual modelling of adaptive web services based on high-level petri nets
Service technology geared by its SOA architecture and enabling Web services is
rapidly gaining in maturity and acceptance. Consequently, most worldwide
(private and corporate) cross-organizations are embracing this paradigm by
publishing, requesting and composing their businesses and applications in the
form of (web-)services. Nevertheless, to face harsh competitiveness such service oriented
cross-organizational applications are increasingly pressed to be highly
composite, adaptive, knowledge-intensive and very reliable. In contrast to that,
Web service standards such as WSDL, WSBPEL, WS-CDL and many others
offer just static, manual, purely process-centric and ad-hoc techniques to deploy
such services.
The main objective of this thesis consists therefore in leveraging the development
of service-driven applications towards more reliability, dynamically
and adaptable knowledge-intensiveness. This thesis puts forward an innovative
framework based on distributed high-level Petri nets and event-driven business
rules. More precisely, we developed a new variant of high-level Petri Nets formalism
called Service-based Petri nets (CSrv-Nets), that exhibits the following
potential characteristics. Firstly, the framework is supported by a stepwise
methodology that starts with diagrammatical UML-class diagrams and business
rules and leads to dynamically adaptive services specifications. Secondly, the
framework soundly integrates behavioural event-driven business rules and stateful
services both at the type and instance level and with an inherent distribution.
Thirdly, the framework intrinsically permits validation through guided graphical
animation. Fourthly, the framework explicitly separates between orchestrations
for modelling rule-intensive single services and choreography for cooperating
several services through their governing interactive business rules. Fifthly, the
framework is based on a two-level conceptualization: (1) the modelling of any
rule-centric service with CSrv-Nets; (2) the smooth upgrading of this service
modelling with an adaptability-level that allows for dynamically shifting up and
down any rule-centric behavior of the running business activities
Specifying and Verifying Contract-driven Composite Web Services: a Model Checking Approach
As a promising computing paradigm in the new era of cross-enterprise e-applications, web services technology works as plugin mode to provide a value-added to applications using Service-Oriented Computing (SOC) and Service-Oriented Architecture (SOA). Verification is an important issue in this paradigm, which focuses on abstract business contracts and where services’ behaviors are generally classified in terms of compliance with / violation of their contracts. However, proposed approaches fail to describe in details both compliance and violation behaviors, how the system can distinguish between them, and how the system reacts after each violation. In this context, specifying and automatically generating verification properties are challenging key issues. This thesis proposes a novel approach towards verifying the compliance with contracts regulating the composition of web services. In this approach, properties against which the system is verified are generated automatically from the composition’s implementation. First, Business Process Execution Language (BPEL)that specifies actions within business processes with web services is extended to create custom activities, called labels. Those labels are used as means to represent the specifications and mark the points the developer aims to verify. A significant advantage of this labeling is the ability to target specific points in the design to be verified, which makes this verification very focused. Second, new translation rules from the extended BPEL into ISPL, the input language of the MCMAS model checker, are provided so that model checking the behavior of our contract-driven compositions is possible. The verification properties are expressed in the CTLC logic, which provides a powerful representation for modeling composition contracts using commitment-based multiagent interactions. A detailed case study with experimental results are also reported ins the thesis
Achieving Autonomic Web Service Compositions with Models at Runtime
Over the last years, Web services have become increasingly popular. It is because they allow businesses to share data and business process (BP) logic through a programmatic interface across networks. In order to reach the full potential of
Web services, they can be combined to achieve specifi c functionalities.
Web services run in complex contexts where arising events may compromise the quality of the system (e.g. a sudden security attack). As a result, it is desirable to count on mechanisms to adapt Web service compositions (or simply
called service compositions) according to problematic events in the context. Since critical systems may require prompt responses, manual adaptations are unfeasible in large and intricate service compositions. Thus, it is suitable to
have autonomic mechanisms to guide their self-adaptation. One way to achieve this is by implementing variability constructs at the language level. However, this approach may become tedious, difficult to manage, and error-prone as the number of con figurations for the service composition grows.
The goal of this thesis is to provide a model-driven framework to guide autonomic adjustments of context-aware service compositions. This framework spans over design time and runtime to face arising known and unknown context events (i.e., foreseen and unforeseen at design time) in the close and open worlds respectively.
At design time, we propose a methodology for creating the models that guide autonomic changes. Since Service-Oriented Architecture (SOA) lacks support for systematic reuse of service operations, we represent service operations as Software Product Line (SPL) features in a variability model. As a result, our approach can support the construction of service composition families in mass production-environments. In order to reach optimum adaptations, the variability model and its possible con figurations are verifi ed at design time using Constraint Programming (CP).
At runtime, when problematic events arise in the context, the variability model is leveraged for guiding autonomic changes of the service composition. The activation and deactivation of features in the variability model result in changes in a composition model that abstracts the underlying service composition. Changes in the variability model are refl ected into the service composition by adding or removing fragments of Business Process Execution Language (WS-BPEL)
code, which are deployed at runtime. Model-driven strategies guide the safe migration of running service composition instances. Under the closed-world assumption, the possible context events are fully known at design time. These
events will eventually trigger the dynamic adaptation of the service composition. Nevertheless, it is diffi cult to foresee all the possible situations arising in uncertain contexts where service compositions run. Therefore, we extend our
framework to cover the dynamic evolution of service compositions to deal with unexpected events in the open world. If model adaptations cannot solve uncertainty, the supporting models self-evolve according to abstract tactics that
preserve expected requirements.Alférez Salinas, GH. (2013). Achieving Autonomic Web Service Compositions with Models at Runtime [Tesis doctoral no publicada]. Universitat Politècnica de València. https://doi.org/10.4995/Thesis/10251/34672TESI
Information Flow Control in Spring Web Applications
Companies rely extensively on frameworks and APIs when developing their systems,
as these mechanisms are quite advantageous. Two of the most conspicuous benefits
are their ease of use and workload reduction, allowing for shorter and more responsive
development cycles. However, most frameworks do not provide security properties such
as data confidentiality as other tools do. A prime example is a Spring. It is the most
heavily used Java web development framework, hosting a vast array of functionalities,
ranging from data layer functionalities (c.f. hibernate and JPA), security providers, and
metrics providers to provide statistical data on the application itself as well as a layer for
REST communication. However, to achieve such advanced functionalities, Spring resorts
to bytecode manipulation and generation during its startup period, hindering the use of
other formal analysis tools that use similar processes in their execution.
In a broader sense, we provide a comprehensive approach for the static analysis of
spring-based web applications. We introduce hooks in the Spring pipeline, making
feasible the formal analysis and manipulation of the complete, run-time-generated appli-
cation bytecode through a well-defined interface. The hooks provide not only access to
the entire web application’s bytecode but also allow for the replacement of the applica-
tion’s component, enabling more complex analysis requiring the instrumentation of the
application.
To address data confidentiality-related issues in web applications developed with this
framework, we propose integrating information flow control tools in the framework’s
pipeline. Namely, we combine Spring with Snitch, a tool for hybrid information flow
control in Java bytecode that will be used as a case-study.As empresas apoiam-se cada vez mais em frameworks e APIs quando desenvolvem
os seus sistemas, pois estas ferramentas fornecem grandes vantagens. Duas das maiores
vantages destes sistemas são a sua fácil utilização/integração nos sistemas bem como a
quantidade de trabalho que reduzem ao desenvolvedor, permitindo assim períodos de
desenvolvimento mais curtos e responsivos. Ainda assim, a mrioria das frameworks não
têm como lidar com propriedades de segurança fundamentais como confidencialidade dos
dados. Um dos exemplos mais conhecidos é o Spring. É a framework mais usada em Java
para desenvolvimento web, oferecendo um vasto leque de funcionalidades, variando entre
uma camada que lida com dados (eg: hibernate e JPA), uma camada gestora de segurança
nas aplicações, uma camada estatística que permite analisar a performance do sistema e
também uma camada para comunicação REST. Para alcançar estas funcionalidades, que
não são triviais, o Spring recorre a mecanismos de manipulação de bytecode e geração
de código durante o seu período de inicialização, perturbando o uso de ferramentas de
análise formais que recorrem a processos semelhantes na sua execução.
Em geral, nós fornecemos uma nova forma de lidar com análise formal em aplicações
web Spring. Aqui introduzimos hooks no processo de inicialização do Spring, tornando
possível que a análise formal e a manipulação de todo o bytecode gerado da aplicação a
partir duma interface cuidadosamente definida. Os hooks fornecidos fornecem acesso ao
bytecode da aplicação na sua totalidade bem como permitem a substituição do componente
da aplicação, permitindo assim a análise complexa e formal por parte da ferramenta que
pode requerer instrumentação da aplicação.
Para lidar com problemas relacionados com confidencialidade dos dados em aplicações
web desenvolvidas com a framework, propomos a integração de ferramentas de controlo
do fluxo de informação na prórpia framework. Assim, juntamos Spring e Snitch, uma
ferramenta que analisa bytecode para verificar a segurança do fluxo de informação híbrida
Extracting LPL privacy policy purposes from annotated web service source code
Privacy policies are a mechanism used to inform users of the World Wide Web about the processing of their personal data. Such processing has special requirements, since personal data are regulated by data protection legislation. For example, a consent or another legal basis is typically needed. Privacy policies are documents used, among other things, to inform the data subject about processing of their personal data. These are formally represented by privacy languages. In this paper, we present a technique for constructing Layered Privacy Language policy data from web service code bases. Theoretically, we model the purposes of processing within web services by extending the privacy language with composition. We also present a formal analysis method for generating privacy policy purposes from the source code of web services. Furthermore, as a practical contribution, we present a static analysis tool that implements the theoretical solution. Finally, we report a brief case study for validating the too
Model Transformation Approach to Automated Model Driven Development
One of the contemporary challenges of software evolution is to adapt a software system
to the changing of requirements and demands from users and environments. An ultimate
goal is to encapsulate these requirements into a high-level abstraction, giving the ability
to achieve large-scale adaptation of the underlying software implementation. Model-Driven
Engineering (MDE) is one of the enabling techniques that supports this objective. In MDE,
the e ective creation of models and their transformation are core activities to enable the
conversion of source models to target models in order to change model structures or translate
models to other software artifacts. The main goal is to provide automation and enable
the automated development of a system from its corresponding models. There are several
approaches on this matter from high level. However, there is still absence of clear methodology
and results on how to apply MDE for a speci c domain with speci c requirements such
as the web domain. This research brings contribution toward the solution to automated
model development by providing an overview of existing approaches and introducing a novel
approach in the emerging eld of web applications and services.
To cope with current trend in the growing of complexity of web services as programmatic
backbones of modern distributed and cloud architecture, we present an approach using
domain speci c language for modeling of web services as the solution to the challenge in
scalability of web service modeling and development. We analyze the current state of the
problem domain and implement a domain speci c language called Simple Web Service Modeling
to support automated model-driven development of such web services. This approach
is the solution to the problem in web service development of software-as-service systems that
require the support for tenant-speci c architecture.
In the domain of web application quality assurance, we build a modeling language for
model driven testing of web application that focuses on automation and regression testing.
Our techniques are based on building abstractions of web pages and modeling state-machinebased
test behavior using Web Testing Modeling Language - a domain speci c language
that we developed for web page modeling. This methodology and techniques aim at helping
software developers as well as testers to become more productive and reduce the time-tomarket,
while maintaining high standards of web application. The proposing techniques is
the answer to the lack of concrete methods and toolset in applying model driven development
to speci c areas such as web application testing and services. The results of this work can
be applied to practical purposes with the methodological support to integrate into existing
software development practices.Katedra počítač
- …