Quantifiable non-functional requirements modeling and static verification for web service compositions

As service oriented architectures have become more widespread in industry, many complex web services are assembled using independently developed modular services from different vendors. Although the functionalities of the composite web services are ensured during the composition process, the non-functional requirements (NFRs) are often ignored in this process. Since quality of services plays a more and more important role in modern service-based systems, there is a growing need for effective approaches to verifying that a composite web service not only offers the required functionality but also satisfies the desired NFRs. Current approaches to verifying NFRs of composite services (as opposed to individual services) remain largely ad-hoc and informal in nature. This is especially problematic for high-assurance composite web services. High-assurance composite web services are those composite web services with special concern on critical NFRs such as security, safety and reliability. Examples of such applications include traffic control, medical decision support and the coordinated response systems for civil emergencies. The latter serves to motivate and illustrate the work described here. In this dissertation we develop techniques for ensuring that a composite service meets the user-specified NFRs expressible as hard constraints, e.g., the messages of particular operations must be authenticated. We introduce an automata-based framework for verifying that a composite service satisfies the desired NFRs based on the known guarantees regarding the non-functional properties of the component services. This automata-based model is able to represent NFRs that are hard, quantitative constraints on the composite web services. This model addresses two issues previously not handled in the modeling and verification of NFRs for composite web services: (1) the scope of the NFRs and (2) consistency checking of multiple NFRs. A scope of a NFR on a web service composition is the effective range of the NFR on the sub-workflows and modular services of the web service composition. It allows more precise description of a NFR constraint and more efficient verification. When multiple NFRs exist and overlap in their scopes, consistency checking is necessary to avoid wasted verification efforts on conflicting constraints. The approach presented here captures scope information in the model and uses it to check the consistency of multiple NFRs prior to the static verification of web service compositions. We illustrate how our approach can be used to verify security requirements for an Emergency Management System. We then focus on families of highly-customizable, composed web services where repeated verification of similar sets of NFRs can waste computation resources. We introduce a new approach to extend software product line engineering techniques to the web service composition domain. The resulting technique uses a partitioning similar to that between domain engineering and application engineering in the product-line context. It specifies the options that the user can select and constructs the resulting web service compositions. By first creating a web-service composition search space that satisfies the common requirements and then querying the search space as the user makes customization decisions, the technique provides a more efficient way to verify customizable web services. A decision model, illustrated with examples from the emergency-response application, is created to interact with the customers and ensure the consistency of their specifications. The capability to reuse the composition search space is shown to improve the quality of the composite services and reduce the cost of re-verifying the same compositions. By distinguishing the commonalities and the variabilities of the web services, we divide the web composition into two stages: the preparation stage (to construct all commonalities) and the customization stage (to choose optional and alternative features). We thus draw most of the computation overhead into the first stage during the design in order to enable improved runtime efficiency during the second stage. A simulation platform was constructed to conduct experiments on the two verification approaches and three strategies introduced in this dissertation. The results of these experiments were analyzed to show the advantage of our automaton-based model in its verification efficiency with scoping information. We have shown how to choose the most efficient verification strategy from the three strategies of verifying multiple NFRs introduced in this dissertation under different circumstances. The results indicate that the software product line approach has significant efficiency improvement over traditional on-demand verification for highly customizable web service compositions

Specification and verification of views over composite web services using high level Petri-Nets

This paper presents a high level Petri-Net approach for specifying and verifying views over composite Web service. High level Petri-Nets have the capacity of formally modelling and verifying complex systems. A view is mainly used for tracking purposes as it permits representing a contextual snapshot of a composite Web service specification. The use of the proposed high level Petri-Net approach is illustrated with a running example that shows how Web services composition satisfies users\u27 needs. A proof-of-concept of this approach is also presented in the paper

Set Partition and Trace Based Verification of Web Service Composition

AbstractDe*signing and running Web services compositions are error-prone as it is difficult to determine the behavior of web services during execution and their conformance to functional requirements. Interaction among composite Web services may cause concurrency related issues. In this paper, we present a formal model for reasoning and verifying Web services composition at design level. We partition the candidate services being considered for composition into several subsets on the basis of their service invocation order. We arrange these subsets to form a Web services set partition graph and transform to a set of interacting traces. Then, we propose a novel methodology for service interaction verification that uses service description (from WSDL file) to extract the necessary information and facilitates the process of modeling, analyzing, and reasoning the composite services. As a part of verification technique, we use two levels of modeling. This includes abstract modeling that further leads to detailed modeling if required, thereby reducing the computation time and modeling complexity

A Rigorous Methodology for Composing Services

Creating new services through composition of existing ones is an attractive option. However, composition can be complex and service compatibility needs to be checked. A rigorous and industrially-usable methodology is therefore desirable required for creating, verifying, implementing and validating composed services. An explanation is given of the approach taken by CRESS (Communication Representation Employing Systematic Specification). Formal verification and validation are performed through automated translation to LOTOS (Language Of Temporal Ordering Specification). Implementation and validation are performed through automated translation to BPEL (Business Process Execution Logic) and WSDL (Web Services Description Language). The approach is illustrated with an application to grid service composition in e-Social Science

Automata-Based Verification of Non-Functional Requirements in Web Service Composition

We address the problem of how to provide guarantees to a user that an automatically generated composition of independently developed web services meets the non-functional requirements (NFR). The user-specified NFR are in the form of hard constraints. We introduce an automata-based model for representing and reasoning about non-functional requirements for verifying the conformance to NFR. The approach described here enables this verification by lifting the NFR analysis from the level of individual services to the level of the search space of candidate compositions obtained from the functional requirements. The proposed approach can accommodate the different subsets of NFR for different components of a composite service. We introduce three different strategies when multiple NFRs exist and analyze their relative advantages and disadvantages under different scenarios. We present results which show that this approach to verifying the NFR can support efficient re-verification of web-service compositions whenever NFR are updated. The approach described here has been applied in service composition based on NFR in an Emergency Management System

AN INNOVATIVE FRAMEWORK FOR AUTO DYNAMIC SELECTION AND COMPOSITION OF WEB SERVICES

With the availability of ample amount of Web Services similar in functionality and varying in Quality of Service (QoS) over the web, it is essentially required to get the best-suited candidate services for the resultant composite service. QoS plays a decisive role in selecting web Services individually and Composite Web Service as a whole. Certainly, composition is one of the key properties of service-orientation to create new as well as advanced level services, by re-using the existing ones. In distributed environments, services having no quality guarantees, adversely affects the composition outcome. To find the best candidate services for the composition, researchers have opted either Users’ feedback or Providers’ published information but none of them have considered both of them together. In our approach, we have taken into consideration both the things (Users’ feedback and Providers’ published information) together in order to find the best candidate web services by cross verifying both of the information to ascertain the quality of the candidate web services. An innovative framework for the composition of web services along with the detailed methodology and algorithm has been discussed in the second half of the paper

Symbolic model checking composite Web services using operational and control behaviors

This paper addresses the issue of verifying if composite Web services design meets some desirable properties in terms of deadlock freedom, safety (something bad never happens), and reachability (something good will eventually happen). Composite Web services are modeled based on a separation of concerns between business and control aspects of Web services. This separation is achieved through the design of an operational behavior, which defines the composition functioning according to the Web services\u27 business logic, and a control behavior, which identifies the valid sequences of actions that the operational behavior should follow. These two behaviors are formally defined using automata-based techniques. The proposed approach is model checking-based where the operational behavior is the model to be checked against properties defined in the control behavior. The paper proves that the proposed technique allows checking the soundness and completeness of the design model with respect to the operational and control behaviors. Moreover, automatic translation procedures from the design models to the NuSMV model checker\u27s code and a verification tool are reported in the paper. © 2012 Elsevier Ltd. All rights reserved

DISC: A declarative framework for self-healing Web services composition

International audienceWeb services composition design, verification and monitoring are active and widely studied research directions. Little work however has been done in integrating these related dimensions using a unified formalism. In this paper we propose a declarative event-oriented framework, called DISC, that serves as a unified framework to bridge the gap between the process design, verification and monitoring. Proposed framework allows for a composition design to accommodate various aspects such as data relationships and constraints, Web services dynamic binding, compliance regulations, security or temporal requirements and others. Then, it allows for instantiating, verifying and executing the composition design and for monitoring the process while in execution. The effect of run-time violations can also be calculated and a set of recovery actions can be taken, allowing for the self-healing Web services composition

Towards Formalizing QoS of Web Services with Weighted Automata

Web services (WSs) are used more and more as components of distributed applications with a goal to resolve complex tasks that simple services cannot. This use of WSs is connected to the emergence of languages like WS-BPEL which allows describing the external behaviour of WSs on top of the service interfaces. The use of WSs as components of distributed applications implies the possibility to change a failing service for another which can do at least the same things as the replaced service. The composition issues are also of particular interest to WSs users. Different solutions have been proposed during the last years to check such properties, but, to our knowledge, none of them takes QoS aspects into account. This paper introduces underpinnings and a tool for verifying WSs substitutivity and well-formed composition while considering WSs costs such as the execution time of the different operations provided by WSs

Model Checking Commitment-Governed Compositions of Web Services

We propose a new approach towards verifying compositions of web services using model checking. In order to perform such a verification, we transform the web service composition into a Multi-Agent System (MAS) model where the process in charge of the composition and the participating services are represented by agents. We model the behavior of the resulting MAS using the extended Interpreted Systems Programming Language (ISPL+), the dedicated language of the MCMAS+ model checker for MAS. We use commitments between agents to regulate and reason about messages between composite web services. The properties against which the compositions are verified are expressed in the Computation Tree Logic of Commitments (CTLC), an extension of the branching logic CTL that supports commitment modalities. We describe BPEL2ISPL+, a tool we developed to perform the automatic transformation from the web service composition described in Business Process Execution Language (BPEL) into a verifiable MAS model described in ISPL+. The BPEL2ISPL+ tool is applied to a concrete BPEL web service composition and its accurate representation in ISPL+ is obtained. The CTLC properties used to verify the compositions regulated by commitments are represented along with the agents abstracting the participating web services. The MCMAS+ model checker is used to verify the model against these properties, providing thus a new approach to model check agent-based web service compositions governed by commitments