EARLY ASSESSMENT OF SERVICE PERFORMANCE USING SIMULATION

The success of web services is changing the way in which software is designed, developed, and distributed. The increasing diffusion of software in the form services, available as commodities over the Internet, has en- abled business scenarios where processes are implemented by composing loosely-coupled services chosen at runtime. Services are in fact continuously re-designed and incrementally developed, released in heterogeneous and distributed environments, and selected and integrated at runtime within external business processes. In this dynamic context, there is the need of solutions supporting the evaluation of service performance at an early stage of the software development process, or even at design time, to support users in an a priori evaluation of the impact, a given service might have when integrated in their business process. A number of useful performance verification and validation techniques are proposed to test and simulate web services, but they assume the availability of service code or at least of reliable information (e.g., collected by testing) on service behavior. Among these approaches, simulation-based techniques are mostly used to assess the behavior of the service and predict its behavior using historical data. Despite the benefits of such solutions, few proposals have addressed the problem of how service performance can be assessed at design time and how historical data can be replaced by simulation data for performance evaluation at early stage of development cycle. In this thesis, the notion of simulation is fully integrated within early phases of the software development process in order to predict the behavior of services. We propose model-based approaches that rely on the amount of information available for the simulation of the performance of service operations. We distinguish full-knowledge, partial-knowledge and zero-knowledge scenarios. In a full-knowledge scenario, the total execution times for each operation and the internal distributions of delays are known and used for performance evaluation. In a partial-knowledge scenario, partial testing results (i.e., the lower and upper bounds to the operation execution times) are used to simulate a service performance. In the zero-knowledge scenario, no testing results are considered; only simulation results are used for performance evaluation. The main contributions of this thesis can be summarized as follows. Firstly, we proposed a model-based approach that relies on Symbolic Transition System (STS) to describe the web services as finite state automata and evaluate their performance. This model was extended for testing and simulation. The testing model annotates model transitions with performance idioms, which allow to evaluate the behavior of the service. The simulation model extends the standard STS-based model with transition probabilities and delay distributions. This model is used to generate a simulation script that allows to simulate the service behavior. Our methodology used simulation along the design and pre-deployment phases of the web service lifecycle to preliminarily assess web service performance using coarse-grained information on the total execution time of each service operation derived by testing. We used testing results and provided some practical examples to validate our methodology and the quality of the performance measurements computed by simulation considering the full-knowledge and partial-knowledge scenarios. The results obtained showed that our simulation gives accurate estimation of the execution times. Secondly, the thesis proposed an approach that permits service developers and software adopters to evaluate service performance in a zero-knowledge scenario, where testing results and service code are not yet available. Our approach is built on expert knowledge to estimate the execution time of the service operation. It evaluates the complexity of the service operation using the input and output Simple Object Access Protocol (SOAP) messages, and the Web Service Description Language (WSDL) interface of the service. Then, the operation interval of execution times is estimated based on profile tables providing the time overhead needed to parse and build SOAP messages, and the performance inferred from the testing of some reference service operations. Our simulation results showed that our zero-knowledge approach gives an accurate approximation of the interval of execution times when compared with the testing results at the end of the development. Thirdly, the thesis proposed an application of our previous approaches to the definition of a framework that allows to negotiate and monitoring the performance Service Level Agreement (SLA) of the web service based on the simulation data. The solution for SLA monitoring is based on the STS-based model for testing and the solution for SLA negotiation is based on the service model for simulation. This work provides an idea about the SLA of the service in advance and how to handle the violations of the SLA on performance after the service deployment.Le succ\ue8s des services Web est entrain de changer la fa\ue7on dont le logiciel est con\ue7u, d\ue9velopp\ue9 et distribu\ue9. La diffusion croissante des logiciels sous forme de services, disponibles en tant que produits sur Internet, a permis la d\ue9finition de sc\ue9narios d\u2019entreprise o\uf9 les processus sont mis en \u153uvre par la composition de services faiblement coupl\ue9s, choisis au moment de l\u2019ex\ue9cution. Les services sont en effet en permanence re-con\ue7us et d\ue9velopp\ue9s progressivement, publi\ue9s dans des environnements h\ue9t\ue9rog\ue8nes et distribu\ue9s, et s\ue9lectionn\ue9s et int\ue9gr\ue9s \ue0 l\u2019ex\ue9cution dans les processus externes d\u2019entreprise. Dans ce contexte dynamique, il est n\ue9cessaire d\u2019avoir des solutions permettant l'\ue9valuation de la performance du service \ue0 un stade pr\ue9coce du processus de d\ue9veloppement des logiciels, ou encore au moment de la conception, afin de permettre aux utilisateurs de faire une \ue9valuation \u201ca priori\u201d de l\u2019impact qu\u2019un service donn\ue9 peut avoir quand il est int\ue9gr\ue9 dans leur processus d\u2019entreprise. Un certain nombre de techniques de v\ue9rification et de validation des performances utiles sont propos\ue9es pour tester et simuler les services web, mais elles requi\ue8rent la disponibilit\ue9 du code source du service ou au moins d\u2019informations fiables (par exemple, recueillies par test) sur le comportement du service. Parmi ces approches, les techniques bas\ue9es sur la simulation sont principalement utilis\ue9es pour \ue9valuer le comportement du service et pr\ue9dire son comportement en utilisant des donn\ue9es obtenues par test. Malgr\ue9 les avantages de ces solutions, peu de propositions ont abord\ue9 le probl\ue8me li\ue9 \ue0 la mani\ue8re dont la performance du service peut \ueatre \u301\ue9valu\ue9e au moment de la conception et comment les donn\ue9es de test peuvent \ueatre remplac\ue9es par les donn\ue9es de simulation en vue de l\u2019\ue9valuation de la performance \ue0 un stade pr\ue9coce du cycle de d\ue9veloppement. Dans cette th\ue8se, la notion de simulation est enti\ue8rement int\ue9gr\ue9e dans les premi\ue8res phases du processus de d\ue9veloppement des logiciels afin de pr\ue9dire le comportement des services. Nous proposons des approches bas\ue9es sur l\u2019utilisation de mod\ue8les s\u2019appuyant sur la quantit\ue9 d\u2019informations disponibles pour la simulation de la performance des op\ue9rations du service web. Nous distinguons les sc\ue9narios full-knowledge, partial-knowledge et zero-knowledge. Dans un sc\ue9nario full-knowledge, les temps d\u2019ex\ue9cution total de chaque op\ue9ration et les distributions internes des d\ue9lais sont connus et utilis\ue9s pour l\u2019\ue9valuation des performances. Dans un sc\ue9nario partial-knowledge, les r\ue9sultats des tests partiels (par exemple, les bornes inf\ue9rieures et sup\ue9rieures des temps d\u2019ex\ue9cution de l\u2019op\ue9ration) sont utilis\ue9s pour simuler la performance du service web. Dans le sc\ue9nario zero-knowledge, aucun r\ue9sultat de test n\u2019est consid\ue9r\ue9, seuls les r\ue9sultats de simulation sont utilis\ue9s pour l\u2019\ue9valuation des performances. Les principales contributions de cette th\ue8se peuvent \ueatre r\ue9sum\ue9es comme suit. Premi\ue8rement, nous avons propos\ue9 une approche bas\ue9e sur l\u2019utilisation de mod\ue8le qui s\u2019appuie sur le Syst\ue8me de Transition Symbolique ( STS ) pour d\ue9crire les services web comme des automates \ue0 \u301\ue9tats finis et \ue9valuer leur performance. Ce mod\ue8le a \u301\ue9t\ue9 \ue9tendu pour les tests et la simulation. Le mod\ue8le de test ajoute aux transitions du mod\ue8le STS standard des idiomes de performance, qui permettent d\u2019\ue9valuer le comportement du service. Cependant, le mod\ue8le de simulation \ue9tend le mod\ue8le STS standard avec des probabilit\ue9s de transition et les distributions de d\ue9lais. Ce mod\ue8le est utilis\ue9 pour g\ue9n\ue9rer un script de simulation permettant de simuler le comportement du service. Notre m\ue9thodologie utilise la simulation tout au long des phases de conception et de pr\ue9-d\ue9ploiement du cycle de vie des services web pour une \ue9valuation pr\ue9liminaire de la performance des services web en utilisant les informations brutes sur le temps total d\u2019ex\ue9cution de chaque op\ue9ration du service web provenant des tests. Nous avons utilis\ue9 les r\ue9sultats des tests et fourni des exemples concrets pour valider notre m\ue9thodologie et la qualit\ue9 des mesures de performance obtenues par simulation en consid\ue9rant les sc\ue9narios full-knowledge et partial-knowledge. Les r\ue9sultats obtenus ont montr\ue9 que notre simulation donne une estimation pr\ue9cise des temps d\u2019ex\ue9cution. Deuxi\ue8mement, notre th\ue8se a propos\ue9 une approche qui permet aux d\ue9veloppeurs de services web et aux utilisateurs des logiciels d\u2019\ue9valuer la performance des services en consid\ue9rant le sc\ue9nario zero-knowledge , o\uf9 les r\ue9sultats des tests et le code source des services ne sont pas encore disponibles. Notre approche est fond\ue9e sur les connaissances des experts pour estimer le temps d\u2019ex\ue9cution de l\u2019op\ue9ration du service web. Il \ue9value la complexit\ue9 de l\u2019op\ue9ration en utilisant les messages SOAP (Simple Object Access Protocol) d\u2019entr\ue9e et de sortie et l\u2019interface de description WSDL (Web Service Description Language) du service. Ensuite, l\u2019intervalle du temps d\u2019ex\ue9cution de l\u2019op\ue9ration est estim\ue9 sur la base des tables de profils fournissant le temps n\ue9cessaire pour parser et construire les messages SOAP, et la performance d\ue9duite \ue0 partir du test de certaines op\ue9rations de web services de r\ue9f\ue9rence. Nos r\ue9sultats de simulation ont montr\ue9 que notre sc\ue9nario zero-knowledge donne une bonne approximation de l\u2019intervalle du temps d\u2019ex\ue9cution par rapport aux r\ue9sultats des tests obtenus \ue0 la fin du d\ue9veloppement. Troisi\ue8mement, cette th\ue8se propose une application de nos pr\ue9c\ue9dentes approches pour la mise en place d\u2019un framework qui permet de n\ue9gocier et de surveiller le contrat de niveau de service (SLA) sur la performance du service web en se basant sur les donn\ue9es de simulation. La solution pour le suivi du contrat de niveau de service est bas\ue9e sur le mod\ue8le STS \ue9tendu pour le test et la solution de n\ue9gociation du niveau de service est bas\ue9e sur le mod\ue8le de service \ue9tendu pour la simulation. Ce travail fournit \ue0 l\u2019avance une id\ue9e sur le contrat de performance du service et la fa\ue7on dont les violations du contrat sont trait\ue9es apr\ue8s le d\ue9ploiement du service web

Formal analysis of security protocols based on web services

This thesis examines the use of multi-stack pushdown automata to model the behaviour and properties of Web services based cryptographic protocols. The protocols are modelled in Promela and verified using the Spin model checker. The Simple Message Exchange Protocol and the Security Token Protocol are protocols that underlie the WS-Security and WS-Trust specifications, respectively. These two protocols are tested for correctness in the presence of an intruder that conforms to the Dolev-Yao model, i.e., it is tested whether the required properties the protocols hold in the presence of a Dolev-Yao intruder. The thesis also extends the Dolev-Yao intruder model to encompass attacks targeted specifically at Web services. An intruder model in Promela is created based on the Dolev-Yao abstraction which is extended to incorporate an XML injection attack model. The behaviour and properties of the Simple Message Exchange Protocol and the Security Token Protocol are then examined when subjected to an XML injection attack using this extended Dolev-Yao model