Forensic challenges in service oriented architectures

Digital forensics relates to the investigation of a crime or other suspect behaviour using digital evidence. Previous work has dealt with the forensic reconstruction of computer-based activity on single hosts, but with the additional complexity involved with a distributed environment, a Web services-centric approach is required. A framework for this type of forensic examination needs to allow for the reconstruction of transactions spanning multiple hosts, platforms and applications. A tool implementing such an approach could be used by an investigator to identify scenarios of Web services being misused, exploited, or otherwise compromised. This information could be used to redesign Web services in order to mitigate identified risks. This paper explores the requirements of a framework for performing effective forensic examinations in a Web services environment. This framework will be necessary in order to develop forensic tools and techniques for use in service oriented architectures.

Domain-Specific Multi-Modeling of Security Concerns in Service-Oriented Architectures

As a common reference for many in-development standards and execution frameworks, special attention is being paid to Service-Oriented Architectures. SOAs modeling, however, is an area in which a consensus has not being achieved. Currently, standardization organizations are defining proposals to offer a solution to this problem. Nevertheless, until very recently, non-functional aspects of services have not been considered for standardization processes. In particular, there exists a lack of a design solution that permits an independent development of the functional and non-functional concerns of SOAs, allowing that each concern be addressed in a convenient manner in early stages of the development, in a way that could guarantee the quality of this type of systems. This paper, leveraging on previous work, presents an approach to integrate security-related non-functional aspects (such as confidentiality, integrity, and access control) in the development of services.

Multi Domain-Specific Modeling of the Security Concerns of Service-Oriented Architectures

Service-Oriented Architectures (SOA), and Web Services (WS), the technology generally used to implement them, achieve the integration of heterogeneous technologies, providing interoperability, and yielding the reutilization of pre-existent systems. Model-driven development methodologies provide inherent benefits such as increased productivity, greater reuse, and better maintainability, to name a few. Efforts on achieving model-driven development of SOAs already exist, but there is currently no standard solution that addresses non-functional aspects of these services as well. This paper presents an approach to integrate these non-functional aspects in the development of web services, with an emphasis on security.

Web Services Workflows—Composition, Co-Ordination, and Transactions in Service-Oriented Computing

Web services can be seen as a newly emerging research area for Service-oriented Computing and their implementation in Service-oriented Architectures. Web services are self-contained, self-describing modular applications or components providing services. Web services may be dynamically aggregated, composed, and enacted as Web services Workflows. This requires frameworks and interaction protocols for their co-ordination and transaction support. In a Service-oriented Computing setting, transactions are more complex, involve multiple parties (roles), span many organizations, and may be long-running, consisting of a highly decentralized service partner and performed by autonomous entities. A Service-oriented Transaction Model has to provide comprehensive support for long-running propositions including negotiations, conversations, commitments, contracts, tracking, payments, and exception handling. Current transaction models and mechanisms including their protocols and primitives do not sufficiently cater for quality-aware and long running transactions comprising loosely-coupled (federated) service partners and resources. Web services transactions require co-ordination behavior provided by a traditional transaction mechanism to control the operations and outcome of an application. Furthermore, Web services transactions require the capability to handle the co-ordination of processing outcomes or results from multiple services in a more flexible manner. This requires more relaxed forms of transactions—those that do not strictly have to abide by the ACID properties—such as loosely-coupled collaboration and workflows. Furthermore, there is a need to group Web services into applications that require some form of correlation, but do not necessarily require transactional behavior. The purpose of this paper is to provide a state-of-the-art review and overview of some proposed standards surrounding Web services composition, co-ordination, and transaction. In particular the Business Process Execution Language for Web services (BPEL4WS), its co-ordination, and transaction frameworks (WS-Co-ordination and WS-Transaction) are discussed.

Workflow Patterns for Service Oriented Computing in JOLIE

Il presente lavoro di tesi ha come punto focale la descrizione, la verifica e la dimostrazione della realizzabilità dei Workflow Patterns di Gestione del Flusso(Control-Flow) e Risorse (Resource) definiti da parte della Workflow Pattern Initiative (WPI)in JOLIE, un innovativo linguaggio di programmazione orientato ai servizi nato nell'ambito del Service Oriented Computing. Il Service Oriented Computing (SOC) è un nuovo modo di pensare la programmazione di applicazioni distribuite, i cui concetti fondamentali sono i servizi e la composizione. L’approccio SOC definisce la possibilità di costruire un’applicazione in funzione dei servizi che ne realizzano il comportamento tramite una loro composizione, definita secondo un particolare flusso di lavoro. Allo scopo di fornire la necessaria conoscenza per capire la teoria, le meccaniche e i costrutti di JOLIE utilizzati per la realizzazione dei pattern, il seguente lavoro di tesi è stato diviso in quattro parti, corrispondenti ad altrettanti capitoli. Nel primo capitolo viene riportata una descrizione generale del SOC e della Business Process Automation (BPA), che costituisce l’ambiente in cui il SOC è inserito. Per questo viene fatta una disamina della storia informatica sui sistemi distribuiti, fino ad arrivare ai sistemi odierni, presentando in seguito il contesto del BPA e delle innovazioni derivanti dalle sue macro-componenti, di cui il SOC fa parte. Continuando la descrizione dell’approccio Service Oriented, ne vengono presentati i requisiti (pre-condizioni) e si cerca di dare una definizione precisa del termine “servizio”, fino all'enunciazione dei principi SOC declinati nell’ottica delle Service Oriented Architectures, presentando in ultimo i metodi di composizione dei servizi, tramite orchestrazione e coreografia. L’ultima sezione del capitolo prende in considerazione il SOC in un’ottica prettamente industriale e ne evidenzia i punti strategici. Il secondo capitolo è incentrato sulla descrizione di JOLIE, gli aspetti fondamentali dell’approccio orientato ai servizi, che ne caratterizzano profondamente la definizione concettuale (SOCK), e la teoria della composizione dei servizi. Il capitolo non si pone come una descrizione esaustiva di tutte le funzionalità del linguaggio, ma considera soprattutto i concetti teorici, le strutture di dati, gli operatori e i costrutti di JOLIE utilizzati per la dimostrazione della realizzabilità dei Workflow Pattern del capitolo successivo. Il terzo capitolo, più lungo e centrale rispetto agli altri, riguarda la realizzazione dei workflow pattern in JOLIE. All'inizio del capitolo viene fornita una descrizione delle caratteristiche del WPI e dei Workflow Pattern in generale. In seguito, nelle due macro-sezioni relative ai Control-Flow e Resource pattern vengono esposte alcune nozioni riguardanti le metodologie di definizione dei pattern (e.g. la teoria sulla definizione delle Colored Petri Nets) e le convezioni adottate dal WPI, per passare in seguito al vero e proprio lavoro (sperimentale) di tesi riguardo la descrizione dei pattern, l’analisi sulla loro realizzabilità in JOLIE, insieme ad un codice di esempio che esemplifica quanto affermato dall'analisi. Come sommario delle conclusioni raggiunte sui pattern, alla fine di ognuna delle due sezioni definite in precedenza, è presente una scheda di valutazione che, con lo stesso metodo utilizzato e definito dalla WPI, permette di avere una rappresentazione generale della realizzabilità dei pattern in JOLIE. Il quarto capitolo riguarda gli esiti tratti dal lavoro di tesi, riportando un confronto tra le realizzazioni dei pattern in JOLIE e le valutazioni del WPI rispetto agli altri linguaggi da loro considerati e valutati. Sulla base di quanto ottenuto nel terzo capitolo vengono definite le conclusioni del lavoro portato avanti sui pattern e viene delineato un’eventuale scenario riguardante il proseguimento dell’opera concernente la validazione ed il completamento della studio. In ultimo vengono tratte alcune conclusioni sia riguardo JOLIE, nel contesto evolutivo del linguaggio e soprattutto del progetto open-source che è alla sua base, sia sul SOC, considerato nell’ambito del BPA e del suo attuale ambito di sviluppo dinamico.

Dynamic Model-based Management of Service-Oriented Infrastructure.

Models are an effective tool for systems and software design. They allow software architects to abstract from the non-relevant details. Those qualities are also useful for the technical management of networks, systems and software, such as those that compose service oriented architectures. Models can provide a set of well-defined abstractions over the distributed heterogeneous service infrastructure that enable its automated management. We propose to use the managed system as a source of dynamically generated runtime models, and decompose management processes into a composition of model transformations. We have created an autonomic service deployment and configuration architecture that obtains, analyzes, and transforms system models to apply the required actions, while being oblivious to the low-level details. An instrumentation layer automatically builds these models and interprets the planned management actions to the system. We illustrate these concepts with a distributed service update operation.

A service-oriented architecture for text analytics enabled business applications

Experiences showed that developing business applications that base on text analysis normally requires a lot of time and expertise in the field of computer linguistics. Several approaches of integrating text analysis systems with business applications have been proposed, but so far there has been no coordinated approach which would enable building scalable and flexible applications of text analysis in enterprise scenarios. In this paper, a service-oriented architecture for text processing applications in the business domain is introduced. It comprises various groups of processing components and knowledge resources. The architecture, created as a result of our experiences with building natural language processing applications in business scenarios, allows for the reuse of text analysis and other components, and facilitates the development of business applications. We verify our approach by showing how the proposed architecture can be applied to create a text analytics enabled business application that addresses a concrete business scenario. © 2010 IEEE.

Model-Driven Methodology for Rapid Deployment of Smart Spaces based on Resource-Oriented Architectures

Advances in electronics nowadays facilitate the design of smart spaces based on physical mash-ups of sensor and actuator devices. At the same time, software paradigms such as Internet of Things (IoT) and Web of Things (WoT) are motivating the creation of technology to support the development and deployment of web-enabled embedded sensor and actuator devices with two major objectives: (i) to integrate sensing and actuating functionalities into everyday objects, and (ii) to easily allow a diversity of devices to plug into the Internet. Currently, developers who are applying this Internet-oriented approach need to have solid understanding about specific platforms and web technologies. In order to alleviate this development process, this research proposes a Resource-Oriented and Ontology-Driven Development (ROOD) methodology based on the Model Driven Architecture (MDA). This methodology aims at enabling the development of smart spaces through a set of modeling tools and semantic technologies that support the definition of the smart space and the automatic generation of code at hardware level. ROOD feasibility is demonstrated by building an adaptive health monitoring service for a Smart Gym.

Let's Dance: A Language for Service Behavior Modeling

In Service-Oriented Architectures (SOAs), software systems are decomposed into independent units, namely services, that interact with one another through message exchanges. To promote reuse and evolvability, these interactions are explicitly described right from the early phases of the development lifecycle. Up to now, emphasis has been placed on capturing structural aspects of service interactions. Gradually though, the description of behavioral dependencies between service interactions is gaining increasing attention as a means to push forward the SOA vision. This paper deals with the description of these behavioral dependencies during the analysis and design phases. The paper outlines a set of requirements that a language for modeling service interactions at this level should fulfill, and proposes a language whose design is driven by these requirements.

Introduction to the Proceedings of the 1st EDOC 2009 Workshop on Service-Oriented Business Networks and Ecosystems (SOBNE '09)

The first Workshop on Service-Oriented Business Networks and Ecosystems (SOBNE ’09) is held in conjunction with the 13th IEEE International EDOC Conference on 2 September 2009 in Auckland, New Zealand. The SOBNE ’09 program includes 9 peer-reviewed papers (7 full and 2 short papers) and an open discussion session. This introduction to the Proceedings of SOBNE ’09 starts with a brief background of the motivation for the workshop. Next, it contains a short description of the peer-reviewed papers, and finally, after some concluding statements and the announcement of the winners of the Best Reviewer Award and the Most Promising Research Award, it lists the members of the SOBNE ’09 Program Committee and external reviewers of the workshop submissions.

Enterprise architecture and the integration of service-oriented architecture

In recent years, enterprise architecture (EA) has captured a growing attention as a means to systematically consolidate and interrelate diverse business and IT artefacts in order to provide holistic decision support. The recent popularity of a service-orientation has added “service “and related constructs as a new element that requires consideration within an Enterprise Architecture. Since the emergence of the Service-Oriented Architecture (SOA), many attempts have been made to incorporate SOA artefacts in existing EA frameworks. Yet, the approaches taken to achieve this goal differ substantially for the most commonly used EA frameworks to date. SOA in the context of enterprise architecture is one of the future research challenges. Several authors argue that further research is needed in order to understand how SOA impacts prior enterprise architecture frameworks. This study explores SOA integration within EA, identifies SOA integration approaches within EA and identifies factors that impact SOA integration within Enterprise Architecture.

Towards a unified service description language for the internet of services : requirements and first developments

Service-oriented Architectures (SOA) and Web services leverage the technical value of solutions in the areas of distributed systems and cross-enterprise integration. The emergence of Internet marketplaces for business services is driving the need to describe services, not only from a technical level, but also from a business and operational perspective. While, SOA and Web services reside in an IT layer, organizations owing Internet marketplaces are requiring advertising and trading business services which reside in a business layer. As a result, the gap between business and IT needs to be closed. This paper presents USDL (Unified Service Description Language), a specification language to describe services from a business, operational and technical perspective. USDL plays a major role in the Internet of Services to describe tradable services which are advertised in electronic marketplaces. The language has been tested using two service marketplaces as use cases.

The rise of web service ecosystems

The convergence of Internet marketplaces and service-oriented architectures has spurred the growth of Web service ecosystems. This paper articulates a vision for Web service ecosystems, discusses early manifestations of this vision, and presents a unifying architecture to support the emergence of larger and more sophisticated ecosystems