Non-functional Data Collection for Adaptive Business Processes and Decision Making

International audienceMonitoring application services becomes more and more a transverse key activity in SOA. Beyond traditional human system administration and load control, new activities such as autonomic management as well as SLA enforcement raise the stakes over monitoring requirements. In this paper, we address a new monitoring-based activity which is selecting among competitive service offers based on their currently measured QoS. Starting from this use case, the late binding of service calls in SOA given the current QoS of a set of candidate services, we first elicit the requirements and then describe M4ABP (Monitoring for Adaptive Business Process), a middleware component for monitoring services and delivering monitoring data to business processes wishing to call them. M4ABP provides solutions for general requirements: flexibility as well as performance in data access for clients, coherency of data sets and network usage optimization. Lessons learned from this first use case can be applied to similar monitoring scenario, as well as to the larger field of context-aware computing

Management of Business Processes with the BPRules Language in Service Oriented Computing

Quality of Service (QoS) concerns are an important topic for the realization of business processes. While BPEL is considered the de facto standard for web service compositions, QoS requirements are not part of its specification. We present the BPRules (Business Process Rules) language for the management of business processes with respect to QoS concerns. BPRules is a rule-based, declarative language which brings novel benefits in the management of business processes, like QoS dependability for sub-orchestrations and corrective actions tailored to the specific needs of the clients. We present the main constructs of the BPRules language and how they support the flexible adaptation of the business process during runtime. Decision making is done according to the behavior of several process executions. An illustrative scenario shows how BPRules is applied to a business process

0010/2011 - WS-Policy: conceitos e propostas de uso

Em Arquitetura Orientadas a Serviço (SOA - Service-Oriented Architecture) a descoberta do serviço que melhor antende às necessidades do consumidor é um desa-fio. O padrão UDDI é apresentado como principal padrão para armazenamento das descrições dos serviços, permitindo consultar serviços, divulgar atualizações sobre os mesmos e recuperar informações para invocação. No entanto, este padrão não atende a todos os requisitos dos consumidores. Dessa forma, autores propõem extensões deste padrão empregando ontologias e WS-Policy para descoberta de serviços, bem como para monitoramento de execução de serviços. Este trabalho apresenta os principais conceitos de WS-Policy bem como trabalhos da literatura que propõe o uso deste padrão e evolução do mesmo para descoberta de serviços, monitoramento de serviços e definição de atributos de qualidade de serviços (QoS)

Evolution of security engineering artifacts: a state of the art survey

Security is an important quality aspect of modern open software systems. However, it is challenging to keep such systems secure because of evolution. Security evolution can only be managed adequately if it is considered for all artifacts throughout the software development lifecycle. This article provides state of the art on the evolution of security engineering artifacts. The article covers the state of the art on evolution of security requirements, security architectures, secure code, security tests, security models, and security risks as well as security monitoring. For each of these artifacts the authors give an overview of evolution and security aspects and discuss the state of the art on its security evolution in detail. Based on this comprehensive survey, they summarize key issues and discuss directions of future research

KRISEM : a cloud solution for service watchdog

textAs companies continue to grow and expand, Information Technology professionals must constantly ensure the integrity and availability of vital automated services (e.g., HTTP, air traffic control systems etc.). To ensure availability, key automated services needed to keep the organization operational must be monitored continuously. Factors such as program failure and operating system maintenance can cause these services to crash. Services need to be restarted immediately to keep the business operational. There are a variety of automated service monitoring solutions available, but those with universal applicability are of particular interest. The drawbacks of these systems have been their resource limitations as well as the need for complex configuration to make their outage data available from any location. A solution based in the cloud could remove many resource constraints and more easily achieve widespread applicability. This report presents KRISEM, a cloud-based service management approach and application which provides monitoring for services running on remote servers while bypassing many limitations and otherwise necessary configurations to achieve widespread ease of deployment in its pursuit of ensuring higher services availability. User was able to monitor machine to machine communication gateway for Gardner Airport air traffic control system located at Springfield, Missouri with less than 30 minutes configuration time and it recovered from a crash in 2.5 seconds. The application provides all the necessary functionality such as: monitoring, alert notification, data visualization and archiving. The report presents the concept, design, implementation and envisioned future extensions to KRISEM.Electrical and Computer Engineerin

On the Security of Software Systems and Services

This work investigates new methods for facing the security issues and threats arising from the composition of software. This task has been carried out through the formal modelling of both the software composition scenarios and the security properties, i.e., policies, to be guaranteed. Our research moves across three different modalities of software composition which are of main interest for some of the most sensitive aspects of the modern information society. They are mobile applications, trust-based composition and service orchestration. Mobile applications are programs designed for being deployable on remote platforms. Basically, they are the main channel for the distribution and commercialisation of software for mobile devices, e.g., smart phones and tablets. Here we study the security threats that affect the application providers and the hosting platforms. In particular, we present a programming framework for the development of applications with a static and dynamic security support. Also, we implemented an enforcement mechanism for applying fine-grained security controls on the execution of possibly malicious applications. In addition to security, trust represents a pragmatic and intuitive way for managing the interactions among systems. Currently, trust is one of the main factors that human beings keep into account when deciding whether to accept a transaction or not. In our work we investigate the possibility of defining a fully integrated environment for security policies and trust including a runtime monitor. Finally, Service-Oriented Computing (SOC) is the leading technology for business applications distributed over a network. The security issues related to the service networks are many and multi-faceted. We mainly deal with the static verification of secure composition plans of web services. Moreover, we introduce the synthesis of dynamic security checks for protecting the services against illegal invocations

SLA Establishment Decisions: Minimizing the Risk of SLA Violations

This thesis presents an approach for service providers to select an SLA portfolio that minimizes the SLA violation risk. It considers constraints on expected profit and available resources. The problem is addressed by applying decision theory and risk measures, especially by adapting the concept of portfolio selection by Harry Markowitz and the semi-variance. In order to capture a decision maker\u27s attitude towards risk, utility theory and the concept of risk aversion are used

Context Aware Web-Service Monitoring

Monitoring the correct behaviour of a service-based system is a necessity and a key challenge in Service Oriented Computing. Several efforts have been directed towards the development of approaches dealing with the monitoring activity of service-based systems. However, these approaches are in general not suitable when dealing with modifications in service-based systems. Furthermore, existing monitoring approaches do not take into consideration the context of the users and how this context may affect the monitor activity. Consequently, a holistic monitor approach, capable of dealing with the dynamic nature of service-based systems and of taking into consideration the user context, would be highly desirable. In this thesis we present a monitor adaptation framework capable of dealing with changes in a service-based system and different types of users interacting with it. More specifically, the framework obtains a set of monitor rules, necessary to verify the correct behaviour of a service-based system, for a particular user. Moreover, the monitor rules verifying the behaviour of a service-based system relate to properties of the context types defined for a user. The main contributions of our work include the general characterisation of a user interacting with a service-based system and the generation of suitable monitor rules.The proposed framework can be applied to any service composition without the need of further modifications. Our work complements previous research carried on in the area of web service monitoring. More specifically, our work generates a set of suitable monitor rules - related to the user context - which are deployed in a run-time monitor component. Our framework has been tested and validated in several cases considering different scenarios

The knowledge management in small and medium enterprises and the quality management approaches in service-oriented architecture

The thesis is organized into two different sections: the first one deals with the knowledge management (KM) in small and medium enterprises (SMEs), the second one deals with the quality management approaches in Service Oriented Architecture (SOA). The first research topic arises from the awareness that knowledge fertilization is crucial for SMEs competitiveness and to improve network collaboration. Nevertheless, while there is an abundance of studies describing how large companies are successfully exploiting knowledge management practices, regarding SMEs the framework is still fragmented. The Ph.D. program has been aimed at publishing two journal articles: the first one is a literature review, which provides the state of art of KM in SMEs and the second one is an empirical paper, which addresses the research questions emerging from the analysis of the literature review. The research questions concern the barriers hindering the spread of KM practices in SMEs, the main knowledge management systems (KMSs) adopted by SMEs and the impact of the use of KM practices on SME performance; they were subsequently addressed through a field analysis conducted on a sample of SMEs, adopting fuzzy set theory as methodology. Therefore the first section of this thesis is structured as a collection of these two published articles. The second section deals with the quality management approaches in Service-Oriented Architecture (SOA), this research topic arises from the needs to investigate services quality techniques since there is a vast literature concerning the software quality metrics within an object-oriented environment, but this framework cannot be applied to SOA systems. This study attempted to fill this gap presenting the results of a literature review on this topic; the outcomes of the review provide a valuable understanding of the best researched areas and the areas of SOA quality which are poorly investigated. In order to give an answer to one of the retrieved research questions emerging from the analysis of the literature review and concerning the lack of case studies, an empirical analysis on SOA services performance has been carried out in an important telecommunications company by an efficiency analysis. Finally the work’ conclusions are presented which sum up both the knowledge management prospect that the SOA prospect