Formal verification of enterprise integration architectures

This is a near-finished paper to be presented in an international research conference. Weak Bisimulation is a process calculus equivalence relation, applied for the verification of communicating concurrent systems [Miln 99]. In this paper we propose the application of Weak Bisimulation for Enterprise Application Integration verification. Formal verification is carried out by taking the system specification and design models of an integrated system and converting them into value passing CCS (Calculus of Communicating Systems) processes. If a Weak Bisimulation relation is found between the two models, then it could be concluded that the EI Architecture is a valid one. The formal verification of an EI Architecture would give value to an EI project framework, allowing the challenge of cumbersome and complex testing typically faced by EI projects [Khan 05], to be alleviated, and thus increasing the possibility of a successful EI project, delivered on time and within the stipulated budgeted costs. This paper shows the applicability of value passing CCS (or equivalent) formal notation to model the EI systems characteristics, as well as investigates into the computation complexity of available weak bisimulation algorithms, in order to analyze the applicability of this proposition in real life.peer-reviewe

Distributed System Contract Monitoring

The use of behavioural contracts, to specify, regulate and verify systems, is particularly relevant to runtime monitoring of distributed systems. System distribution poses major challenges to contract monitoring, from monitoring-induced information leaks to computation load balancing, communication overheads and fault-tolerance. We present mDPi, a location-aware process calculus, for reasoning about monitoring of distributed systems. We define a family of Labelled Transition Systems for this calculus, which allow formal reasoning about different monitoring strategies at different levels of abstractions. We also illustrate the expressivity of the calculus by showing how contracts in a simple contract language can be synthesised into different mDPi monitors.Comment: In Proceedings FLACOS 2011, arXiv:1109.239

a blockchain based proposal for protecting healthcare systems through formal methods

Abstract Blockchain technology is one of the most important and disruptive technologies in the world. Multiple industries are adopting the blockchain technology to innovate the way they work. One of the industries that are looking to adopt the blockchain is the healthcare industry. In fact, the protection of the private information stored in hospital database is a critical issue. In this paper we propose a method aimed to protect information exchanged in hospital networks, with particular regard to magnetic resonance images. As required from blockchain technology, each host network must validate the transiting data network: we exploit formal equivalence checking to perform this validation, by modeling magnetic resonance images in terms of automata by exploiting radiomic features

Formální komponentový model pro mobilní architektury

Disertační práce se zabývá modelováním komponentových systémů a formálním popisem jejich chování. Řešení je založeno na vlastním komponentovém modelu, který je popsán meta-modelem, z logického pohledu, a popisem v pi-kalkulu, z procesního pohledu. Je ukázáno, že komponentový model pokrývá dynamické aspekty softwarových architektur včetně mobility jejich komponent. Dále je popsán způsob modelování chování v architekturách orientovaných na služby a přechod ke komponentovým systémům. Chování konkrétní architektury orientované na služby lze pak vyjádřit jako jediný proces v pi-kalkulu. V závěru práce je navržené řešení ověřeno na případové studii prostředí pro testování kritických aplikací. Přínosem disertační práce je zejména zmíněná podpora dynamických architektur a integrace s architekturami orientovanými na služby.In the thesis, we propose an approach to modelling of component-based systems and formal description of their behaviour. The approach is based on a novel component model defined by a metamodel in a logical view and by description in the pi-calculus in a process view. We show that the component model addresses the dynamic aspects of software architectures including the component mobility. Furthermore, we propose a method of behavioural modelling of service-oriented architectures to pass smoothly from service level to component level and to describe behaviour of a whole system, services and components, as a single pi-calculus process. Finally, we illustrate an application of our approach on a case study of an environment for functional testing of complex safety-critical systems. The support of dynamic architecture and the integration with service-oriented architecture compromise the main advantages of our approach.Katedra softwarového inženýrstvíDepartment of Software EngineeringFaculty of Mathematics and PhysicsMatematicko-fyzikální fakult

Specification and analysis of SOC systems using COWS: a finance case study

Service-oriented computing, an emerging paradigm for distributed computing based on the use of services, is calling for the development of tools and techniques to build safe and trustworthy systems, and to analyse their behaviour. Therefore many researchers have proposed to use process calculi, a cornerstone of current foundational research on specification and analysis of concurrent and distributed systems. We illustrate this approach by focussing on COWS, a process calculus expressly designed for specifying and combining services, while modelling their dynamic behaviour. We present the calculus and one of the analysis techniques it enables, that is based on the temporal logic SocL and the associated model checker CMC. We demonstrate applicability of our tools by means of a large case study, from the financial domain, which is first specified in COWS, and then analysed by using SocL to express many significant properties and CMC to verify them

Modeling and verification of web service composition based interorganizational workflows

Interorganisationale Workflows sind Arbeitsabläufe, welche die Grenzen einer Organisation verlassen und einen Rahmen für Kooperationen der verschiedenen autonomen Organisationen zur Verfügung stellen. Ein wichtiger Punkt für den Entwurf solcher Workflows ist die Balance zwischen Offenheit und Abgrenzung, wobei erstere für Kooperationen und letztere die für den Schutz von Know-how benötigt wird. Workflow Sichten stellen ein effizientes Werkzeug für diesen Zweck zur Verfügung. Durch Offenlegung von bestimmten Teilen eines Prozesses, können Organisationen sowohl kooperieren als auch das Know-how schützen. Diese Dissertation präsentiert nun eine Methode für die korrekte Konstruktion von Workflow Sichten. Es wird angenommen, dass Organisationen Web Service orientierte Technologien zur Modellierung und Implementierung von interorganisationalen Workflows verwenden. Die Anwendung von Web Services bietet Organisationen viele Vorteile. Den eigentlichen Mehrwert von Web Services stellt aber die Kompositionsfähigkeit dar. Verfügbare Web Services können dadurch von anderen Choreographien und Orchestrationen (wieder-)verwendet werden. Die Notwendigkeit der Implementierung von Systemen von Null weg kann minimiert werden. Die zentralen Anforderungen sind einerseits eine Architektur mit adäquatem Potential, andererseits die Verifikation der Korrektheit. Diese Dissertation präsentiert nun eine Architektur zur Modellierung von Web Service Composition basierten interorganisationalen Workflows, genannt föderierte Choreographien, die verglichen mit anderen Architekturen verschiedene Vorteile anbieten. Darüber hinaus werden Algorithmen und Techniken zur Verifikation der strukturellen und temporalen Korrektheit vorgestellt. Strukturelle Korrektheit prüft, ob die Strukturen der beteiligten Prozesse zusammenpassen. Temporale Korrektheit überprüft, ob ein interorganisationaler Workflow, der aus mehreren Choreographien und Orchestrationen besteht hinsichtlich der lokalen und globalen Bedingungen fehlerfrei ist. Mit Hilfe dieser Techniken kann die strukturelle und temporale Konformität des Modells zur Designzeit überprüft werden. Falls das Modell nicht strukturell oder temporal konform ist, können nötige Änderungen durchgeführt werden, sodass die korrekte Ausführung zur Laufzeit garantiert werden kann. Die Überprüfung der Konformität zur Designzeit reduziert die Prozesskosten vor allem wegen den folgenden zwei Gründen: Erstens, die entdeckten Fehler zur Designzeit sind normalerweise billiger als jene, die zur Laufzeit entdeckt werden und zweitens, Fehlerbehandlungsmechanismen können verhindert werden, die wiederum Zusatzkosten verursachen. Zusätzlich zu der vorgestellten Architektur wird eine allgemeinere Architektur zusammen mit den passenden Konformitätsprüfungsalgorithmen präsentiert. Der Ansatz ist Platform- und sprachunabhängig und die Algorithmen sind verteilt.Interorganizational workflows are workflows that cross the boundaries of a single organization and provide a framework for cooperation of different autonomous organizations. An important issue when designing such workflows is the balance between the openness needed for cooperation and the privacy needed for protection of business know-how. Workflow views provide an efficient tool for this aim. By exposure of only selected parts of a process, organizations can both cooperate and protect their business logic. This dissertation presents a technique for a correct construction of workflow views. It is assumed that organizations and partners use web services and web service related technology to model and implement interorganizational workflows. Application of web services offers several advantages for organizations. The real surplus of web services is their capability of being composed to more complex systems. Available web services can be reused by other choreographies and orchestrations and the need for development of new systems from scratch can be minimized. The essential requirements are on the one hand an architecture with adequate capabilities and on the other hand, verification of correctness. This dissertation proposes an architecture for modeling web service composition based interorganizational workflows, called \emph{federated choreographies}, that provides several advantages compared to existing proposals. Moreover, algorithms and techniques for verification of structural and temporal correctness of interorganizational workflows are proposed. Structural conformance checks if the structures of the involved processes match. Temporal conformance checks if an interorganizational workflow composed of choreographies and orchestrations is temporally error-free with respect to local and global temporal constraints. The proposed algorithms can be applied for checking the structural and temporal conformance of the federated choreographies at design-time. If the model is not structurally or temporally conformant, necessary modifications can be done such that the correct execution of the flow at run-time can be guaranteed. The conformance checking at design time reduces the cost of process because of two reasons: first, errors detected at design time are normally cheaper than those detected at run time and second, exception handling mechanisms can be avoided which are, in turn, coupled with additional costs. In addition to the proposed architecture, a more general architecture together with the conformance checking algorithms and techniques for interorganizational workflows are presented. The presented approach is language and platform independent and algorithms work in a distributed manner

An application of augmented MDA for the extended healthcare enterprise

Mobile health systems extend the enterprise computing system of the healthcare provider by bringing services to the patient any time and anywhere. We propose a methodology for the development of such extended enterprise computing systems which applies a model-driven design and development approach augmented with formal validation and verification to address quality and correctness and to support model transformation. At the University of Twente we develop context aware m-health systems based on Body Area Networks (BANs). A set of deployed BANs are supported by a server. We refer to this distributed system as a BAN System. Development of such distributed m-health systems requires a sound software engineering approach and this is what we target with the proposed methodology. The methodology is illustrated with reference to modelling activities targeted at real implementations. BAN implementations are being trialled in a number of clinical settings including epilepsy management and management of chronic pain

Integration of analysis techniques in security and fault-tolerance

This thesis focuses on the study of integration of formal methodologies in security protocol analysis and fault-tolerance analysis. The research is developed in two different directions: interdisciplinary and intra-disciplinary. In the former, we look for a beneficial interaction between strategies of analysis in security protocols and fault-tolerance; in the latter, we search for connections among different approaches of analysis within the security area. In the following we summarize the main results of the research

Distributed system contract monitoring

Runtime verification of distributed systems poses various challenges. A pivotal challenge is the choice of how to distribute the monitors themselves across the system. On one hand, centralised monitoring may result in increased communication overhead and information exposure across locations, while, on the other hand, systems with dynamic topologies and properties are difficult to address using static monitor choreographies. In this paper we present mDPi, a location-aware π-calculus extension for reasoning about the distributed monitoring scenario. We also define numerous monitoring strategies for a regular expression-based logic, including a novel approach in which monitors migrate to ensure local monitoring. Finally, we present a number of results which emerge from this formalism, justifying our approach.peer-reviewe

A Framework for Software Component Interface Specification and Analysis

Although markets are emerging for commercial off-the-shelf components (such as Sun JavaBeans), there are many barriers to widespread component adoption. This is due to the inherent `black-box' nature of software components: developers have no knowledge or control of the component's internal characteristics. Without source or design details, developers only have the component's interface, documentation and test results to answer important questions about reliability, proper use, behavior andperformance. The current best practice of specifying a component's capabilities by providing only the syntax and informal documentation is insufficient to assemble mission or safety-critical systems successfully. To address these problems we have developed a framework forcreating and analyzing the concise specifications of components and their related interfaces. The framework extends a formal model for software architecture descriptions to support the specification of a range of terms. With formal component specifications developers can use the framework to analyze the properties of individual components or of entire systems. Unlike other approaches, the formal basis and implementation of our framework enhance understanding and automates much of thecomponent analysis process