Skip to main content
SpringerLink
Log in

Dependability certification of services: a model-based approach

  • Published:
Computing Aims and scope Submit manuscript

Abstract

The advances and success of the Service-Oriented Architecture (SOA) paradigm have produced a revolution in ICT, particularly, in the way in which software applications are implemented and distributed. Today, applications are increasingly provisioned and consumed as web services over the Internet, and business processes are implemented by dynamically composing loosely coupled applications provided by different suppliers. In this highly dynamic context, clients (e.g., business owners or users selecting a service) are concerned about the dependability of their services and business processes. In this paper, we define a certification scheme that allows to verify the dependability properties of services and business processes. Our certification scheme relies on discrete-time Markov chains and awards machine-readable dependability certificates to services, whose validity is continuously verified using run-time monitoring. Our solution can be integrated within existing SOAs, to extend the discovery and selection process with dependability requirements and certificates, and to support a dependability-aware service composition.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7

Similar content being viewed by others

References

  1. Alves A et al (2007) Web services business process execution language version 2.0. OASIS. http://docs.oasis-open.org/wsbpel/2.0/OS/wsbpel-v2.0-OS.html

  2. Anisetti M, Ardagna C, Damiani E (2013) Security certification of composite services: a test-based approach. In: Proceedings of 20th IEEE international conference on web services

  3. Anisetti M, Ardagna C, Damiani E, Maggesi J (2012) Security certification-aware service discovery and selection. In: Proceedings of 5th international conference on service-oriented computing and applications

  4. Anisetti M, Ardagna C, Damiani E, Saonara F (2013) A test-based security certification scheme for web services. ACM Trans Web 7(2):5

    Article  Google Scholar 

  5. Ardagna C, Damiani E, Jhawar R, Piuri V (2012) A model-based approach to reliability certification of services. In: Proceedings of 6th international conference on digital ecosystem technologies— complex environment engineering

  6. Avizienis A, Laprie JC, Randell B, Landwehr C (2004) Basic concepts and taxonomy of dependable and secure computing. IEEE Trans Dependable Secure Comput 1(1):11–33

    Article  Google Scholar 

  7. Bentakouk L, Poizat P, Zaïdi F (2009) A formal framework for service orchestration testing based on symbolic transition systems. In: Proceedings of the 21st IFIP WG 6.1 international conference on testing of software and communication systems

  8. Bentakouk L, Poizat P, Zaïdi F (2011) Checking the behavioral conformance of web services with symbolic testing and an SMT solver. In: Proceedings of 5th international conference on tests and proofs

  9. Buckley I et al (2011) Towards pattern-based reliability certification of services. In: Proceedings of 1st international symposium on secure virtual infrastructures

  10. Cheung RC (1980) A user-oriented software reliability model. IEEE Trans Softw Eng 6:118–125

    Article  MATH  Google Scholar 

  11. Damiani E, Ardagna C, El Ioini N (eds) (2009) Open source systems security certification. Springer, NewYork

  12. Damiani E, De Capitani di vimercati S, Paraboschi S, Samarati P (2002) Securing SOAP e-services. Int J Inf Secur 1(2):100–115

    Google Scholar 

  13. Ding Z, Jiang M, Kandel A (2012) Port-based reliability computing for service composition. IEEE Transact Serv Comput 5(3):422–436

    Article  Google Scholar 

  14. Frantzen L, Tretmans J, de Vries R (2006) Towards model-based testing of web services. In: Proceedings of the international workshop on web services—modeling and testing

  15. Herrmann D (2002) Using the common criteria for IT security evaluation. Auerbach Publications, Boca Raton

    Book  Google Scholar 

  16. Iyer S, Nakayama M, Gerbessiotis A (2009) A Markovian dependability model with cascading failures. IEEE Trans Comput 58:1238–1249

    Article  MathSciNet  Google Scholar 

  17. Jhawar R, Piuri V (2013) Adaptive resource management for balancing availability and performance in cloud computing. In: Proceedings of 10th international conference on security and cryptography

  18. Jhawar R, Piuri V (2013) Fault tolerance and resilience in cloud computing environments. In: Computer and information security handbook, 2nd edn. Morgan Kaufmann, Burlington

  19. Jhawar R, Piuri V, Samarati P (2012) Supporting security requirements for resource management in cloud computing. In: Proceedings of 15th IEEE international conference on computational science and engineering

  20. Jhawar R, Piuri V, Santambrogio M (2013) Fault tolerance management in cloud computing: a system-level perspective. IEEE Syst J 7(2):288–297

    Article  Google Scholar 

  21. Keum C, Kang S, Ko IY, Baik J, Choi YI (2006) Generating test cases for web services using extended finite state machine. In: Proceedings of 18th IFIP international conference on testing communicating systems

  22. Kourtesis D, Ramollari E, Dranidis D, Paraskakis I (2010) Increased reliability in SOA environments through registry-based conformance testing of web services. Prod Plan Control 21(2):130–144

    Article  Google Scholar 

  23. Mateescu R, Rampacek S (2008) Formal modeling and discrete-time analysis of BPEL web services. Advances in enterprise engineering I, Lecture Notes in Business Information Processing, vol 10. Springer, Berlin/Heidelberg, pp 179–193

  24. Muppala J, Malhotra M, Trivedi K (1996) Markov dependability models of complex systems: Analysis techniques. In: Reliability and maintenance of complex systems. NATO ASI Series F: Computer and Systems Sciences, vol 154, pp 442–486

  25. Mustafiz S, Sun X, Kienzle J, Vangheluwe H (2008) Model-driven assessment of system dependability. Softw Syst Model 7(4):487–502

    Article  Google Scholar 

  26. Papazoglou M (2003) Web services and business transactions. World Wide Web 6:49–91

    Article  Google Scholar 

  27. Pathak J, Basu S, Honavar V (2006) Modeling web service composition using symbolic transition systems. In: Proceedings of AAAI workshop on AI-driven technologies for service-oriented computing

  28. Riccobene E, Potena P, Scandurra P (2012) Reliability prediction for service component architectures with the SCA-ASM component model. In: Proceedings of 38th EUROMICRO conference on software engineering and advanced applications

  29. Salva S, Laurencot P, Rabhi I (2010) An approach dedicated for web service security testing. In: Proceedings of 5th international conference on software engineering advances

  30. Salva S, Rabhi I (2009) Automatic web service robustness testing from WSDL descriptions. In: Proceedings of 12th European workshop on dependable computing

  31. Samarati P, De Capitani di Vimercati S (2010) Data protection in outsourcing scenarios: issues and directions. In: Proceedings of 5th ACM symposium on information, computer and communications security. Beijing, China

  32. Tretmans J (2011) Model-based testing and some steps towards test-based modelling. In: Proceedings of 11th international school on formal methods for eternal networked software systems

  33. Trivedi K et al (2009) Dependability and security models. In: Proceedings of 7th international workshop on design of reliable communication networks

  34. USA Department of Defence: Department Of Defense Trusted Computer System Evaluation Criteria (1985). http://csrc.nist.gov/publications/secpubs/rainbow/std001.txt

  35. van Veenendaal E (2012) Standard glossary of terms used in Software Testing Version 2.2. International Software Testing Qualifications Board. http://www.astqb.org/documents/ISTQB_glossary_of_testing_terms_2.2.pdf. Accessed in August 2013

Download references

Acknowledgments

This work was partly funded by the European Commission under the project ASSERT4SOA (contract n. FP7-257351), the Italian Ministry of Research within PRIN project “GenData 2020” (2010RTFWBH), and by Google, under the Google Research Award program.

Author information

Authors and Affiliations

  1. Dipartimento di Informatica, Università degli Studi di Milano, 26013 , Crema (CR), Italy

    Claudio A. Ardagna, Ravi Jhawar & Vincenzo Piuri

Authors
  1. Claudio A. Ardagna
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ravi Jhawar
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Vincenzo Piuri
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Claudio A. Ardagna.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Ardagna, C.A., Jhawar, R. & Piuri, V. Dependability certification of services: a model-based approach. Computing 97, 51–78 (2015). https://doi.org/10.1007/s00607-013-0348-7

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s00607-013-0348-7

Keywords

Mathematics Subject Classification

Search

Navigation