QServ: Integrating Testing and Auditing into QoS Management of Web Services

In a web service environment, service requesters are able to locate functionally equivalent services dynamically making quality of service (QoS) the differentiating factor amongst the web services. Service providers need to formulate QoS aware services in order to remain competitive and to achieve the highest possible profit from their offerings. There are several quality attributes to consider in any operating environment and we’ve grouped these requirements into 5 major categories: Service Dependability, Architectural Flexibility, Operational Capability, Risk Exposure and Financial Accountability. In the web services environment the realization of the attributes in these quality categories has increased in complexity due to the distributed and dynamic nature of the environment. While much of the research, standards and specifications address these issues, to the knowledge of the authors, an end to end solution for managing the quality attributes in a web service environment that include both testing and auditing has not been proposed. This paper will describe some of the current research that has been conducted to address the various aspects of quality as well as introduce the design for an end-to-end solution that will include testing and auditing

An automated model-based test oracle for access control systems

In the context of XACML-based access control systems, an intensive testing activity is among the most adopted means to assure that sensible information or resources are correctly accessed. Unfortunately, it requires a huge effort for manual inspection of results: thus automated verdict derivation is a key aspect for improving the cost-effectiveness of testing. To this purpose, we introduce XACMET, a novel approach for automated model-based oracle definition. XACMET defines a typed graph, called the XAC-Graph, that models the XACML policy evaluation. The expected verdict of a specific request execution can thus be automatically derived by executing the corresponding path in such graph. Our validation of the XACMET prototype implementation confirms the effectiveness of the proposed approach.Comment: 7 page

A verified and optimized Stream X-Machine testing method, with application to cloud service certification

The Stream X-Machine (SXM) testing method provides strong and repeatable guarantees of functional correctness, up to a specification. These qualities make the method attractive for software certification, especially in the domain of brokered cloud services, where arbitrage seeks to substitute functionally equivalent services from alternative providers. However, practical obstacles include: the difficulty in providing a correct specification, the translation of abstract paths into feasible concrete tests, and the large size of generated test suites. We describe a novel SXM verification and testing method, which automatically checks specifications for completeness and determinism, prior to generating complete test suites with full grounding information. Three optimisation steps achieve up to a ten-fold reduction in the size of the test suite, removing infeasible and redundant tests. The method is backed by a set of tools to validate and verify the SXM spec-ification, generate technology-agnostic test suites and ground these in SOAP, REST or rich-client service implementations. The method was initially validated using seven specifications, three cloud platforms and five grounding strategies