Multi-tenant Verification-as-a-Service (VaaS) in a cloud

https://doi.org/10.1016/j.simpat.2015.09.003Get rights and content

Abstract

Formal methods and verification technique are often used to develop mission-critical systems. Cloud computing offers new computation models for applications and the new model can be used for formal verification. But formal verification tools and techniques may need to be updated to exploit the cloud architectures. Multi-Tenant Architecture (MTA) is a design architecture used in SaaS (Software-as-a-Service) where a tenant can customize its applications by integrating either services already stored in the SaaS database or newly supplied services. This paper proposes a new concept VaaS (Verification-as-a-Service), similar to SaaS, by leveraging the computing power offered by a cloud environment with automated provisioning, scalability, and service composition. A VaaS hosts verification software in a cloud environment, and these services can be called on demand, and can be composed to verify a software model. This paper presents a VaaS architecture with components, and ways that a VaaS can be used to verify models. Bigragh is selected as the modeling language for illustration as it can model mobile applications. A Bigraph models can be verified by first converting it to a state model, and the state model can be verified by model-checking tools. The VaaS services combination model and execution model are also presented. The algorithm of distributing VaaS services to a cloud is given and its efficiency is evaluated. A case study is used to demonstrate the feasibility of a VaaS.

Introduction

A cloud platform provides scalable computation and new delivery models not available before, and it often has three principal components including Software-as-a-Service (SaaS), Platform-as-a-Service (PaaS) and Infrastructure-as-a-Service (IaaS) with a SaaS running on top of a PaaS, and a PaaS on top of an IaaS. With SaaS, PaaS, and IaaS, large applications not feasible in conventional systems can now be run in a cloud environment.

SaaS has a unique business model, i.e., renting rather than owning software, development processes, and infrastructure. SaaS emphasizes on customization, sharing, security, and scalability, and it often uses Multi-Tenant Architecture (MTA) [1]. Specifically, a MTA SaaS system can have a large number of tenants, and each tenant can have many end users, but all these tenants and users share the same SaaS infrastructure, and all tenant code is stored in the SaaS databases. Thus, MTA allows tenants applications to share component code (or service components) with other tenants in the SaaS infrastructure. One service component may be used by many tenant applications, while each tenant application feels like it has its own software. Furthermore, tenant developers may select various service components to compose their application, and each tenant application is a collection of service components stored in the SaaS database. At runtime, when a user requests a tenant application to be activated and the application is not in the memory yet, the SaaS will retrieve appropriate components from the database, link them to form an application, compile the application, and load the executable in the cloud environment for execution. SaaS can be scaled topologically, across multiple locations, organizations, and business units using dynamic load balancers.

A commercial SaaS may have many tenants, and each tenant many users. Verifying and validating these tenant applications become complex. Many cloud-based quality-assurance (QA) techniques are available including testing, verification, and simulation, and all can take the advantages of enormous computation power offered, such as Testing-as-a-Service (TaaS) [2] and Simulation-as-a-Service (SIMaaS) [3]. A TaaS provides testing services on a cloud and people can submit their software for testing, and SIMaaS provides simulation services.

However, as TaaS inherits the testing limitations: (1) it is expensive or impossible to test all possibilities even in a cloud environment; (2) test case design may be difficult and much effort needed to develop test scripts; (3) one cannot run test until the code is available; and (4) it cannot verify software correctness but detect bugs.

Verification can check software correctness by modeling the application first and then verify the model satisfies certain properties [4], [5]. Formal verification addresses the correctness of intended algorithms with respect to a specification or property using formal methods. It is widely used in cryptographic protocols, combinational circuits, digital circuits, and software. The verification of these systems is done by providing a formal proof on a mathematical model of the system, and the correspondence between the mathematical model and the system. Examples of mathematical objects used to model systems are finite state machines, labeled transition systems, Petri nets, timed automata, hybrid automata, process algebra, formal semantics of programming languages such as operational semantics, denotational semantics, axiomatic semantics, and Hoare logic.

Formal method can be applied in a cloud leveraging the computing power offered. This paper proposes MTA VaaS (Verification-as-a-Service), a scalable cloud-based on-demand service that uses formal models for verification. A MTA VaaS is defined as follows:

A MTA VaaS is a cloud-based multi-tenant service that provides on-demand formal verification services.

A MTA VaaS can use features offered by a cloud such as automated provisioning, scalability, fault-tolerant computing, and concurrent processing. With enormous computing resources at hand, a VaaS can verify software and address behavior, performance, and attribute aspects of software models.

With formal verification software designed using MTA, a VaaS shares many advantages as a SaaS:

  • Cost-sharing of computing resources: Like a SaaS, a VaaS can reduce the upfront costs and increases resource sharing and utilization for verification.

  • Scalable verification: Like a SaaS, a VaaS provides a scalable cloud-based verification environment with auto-provision and de-provision of computing resources.

  • On-demand verification service in 365/7/24: This enables VaaS vendors to offer diverse and large-scale verification services online at anytime anywhere with a cloud access.

  • Pay-as-you-verify: This allows customers to receive on-demand verification services.

  • Verification by third parties: A VaaS can act as an independent 3rd party to evaluate software or cloud-based applications.

The main contributions of this paper are as follows:

  • (1)

    MTA VaaS concept, definition, and architecture as presented in Section 3.

  • (2)

    Bigraph modeling and verification via model transformation to illustrate a VaaS as presented in Section 4.

  • (3)

    VaaS model combination verification and algebra methods to verify the results done by multiple processors as covered in Section 5.

  • (4)

    VaaS execution model as discussed in Section 6.

This paper is organized as follows: Section 2 reviews related works; Section 3 presents a sample VaaS architecture and its model; Section 4 shows Bigraph modeling and verification method via model transformation and model checking; Section 5 gives the model combination verification; Section 6 shows the VaaS execution model; Section 7 presents a case study; and Section 8 concludes this paper.

Section snippets

Related work

Many formal methods and verification techniques have been developed with three main approaches: model checking, deductive verification, and equivalence checking. This section reviews modeling languages, verification tools, and their applications to service-oriented architectures (SOA).

Model checking: This approach explores exhaustively of the concerned property in a model. It is possible for finite models, but also for infinite models where infinite sets of states can be effectively represented

MTA VaaS architecture

In a SaaS, tenants can have their customized applications stored in the SaaS databases, and often the applications are not stored as a unit in the databases. Instead, each tenant application is decomposed into its GUIs, workflows, services, and data components, and each component is stored in the database together with components of the same kinds [31]. For example, a SaaS GUI database contains all the GUI components used by all the tenants. In summary, a typical SaaS has the following features:

Modeling

In a VaaS, all components will be modeled and then verified by model checking tools. Bigraph is used for illustration because it can model mobile applications. A Bigraph model consists of two graph models: location map (place graph) and connection diagrams. Location map indicates the location of each computing node and their nested relationships. The connection diagram describes the relationships among different nodes, connections, and different interfaces. Fig. 3 shows an example of Bigraph

Model combination verification

In model-driven development, each service corresponds to a formal model to be verified, and model components will be labeled as A, B, and C. Each model may need to be verified by verification rules denoted as VR1, VR2, …, and VRn.

For models, there are three steps of verification in a VaaS:

  • Single components: Each model is verified by selected rules, e.g., component A is checked by rules VRs1, VRs2, …, and VRsn, while component C is checked by rules VRp1, VRp2, …, and VRpn.

  • Combinations of

VaaS execution model

The tasks can be executed as input of VSin a parallel or distributed manner, migrated to dynamic allocated resources, and performed in a redundant manner, or embedded within other cloud operations. VaaS services can be partitioned and sent to different processors for parallel and redundant processing. Verification results can be recovered in case of failures in a processor or even in a cluster due to automated redundancy management. The execution of VS can be distributed in by multilevel load

Case study

This section uses a school information system to illustrate a VaaS as shown in Fig. 12. The system consists of five modules (seminars, students, professors, date and classrooms), each module contains the corresponding service and delivery service results to Display & Print services with a unified graphical interface. Lectures and classroom are two main parts in Database. The lecture, student, professor, and date information are included in the seminar database. Classroom information is

Conclusion

This paper proposes MTA VaaS as a cloud-based on-demand verification service. Like a SaaS, a VaaS leverages those capabilities in a cloud environment such as customization, automated provisioning, scalability, automated redundancy management, fault-tolerant computing, and concurrent processing. In a VaaS, verification software is composed by verification components, and a VaaS may evaluate a system incrementally by using a combination model. A VaaS also supports common verification mechanisms

Acknowledgments

This work was supported by National Natural Science Foundations of China (No. 61073013), State Key Laboratory of Software Development Environment (No. SKLSDE-2014ZX-09) and Aviation Science Foundation of China (No. 2012ZC51025).

References (38)

  • Kai Hu et al.

    Exploring AADL verification tool through model transformation

    J. Syst. Architect.

    (2015)
  • Frédéric Jouault

    ATL: a model transformation tool

    Sci. Comput. Program.

    (2008)
  • Kai Hu et al.

    Simulation of real-time systems with clock calculus

    Simul. Model. Pract. Theory

    (2015)
  • W.T. Tsai et al.

    Software-as-a-Service (SaaS): perspectives and challenges

    Sci. China Inf. Sci.

    (2014)
  • Lian Yu, W.T. Tsai, et al., Testing as a service over cloud. Service Oriented System Engineering (SOSE), in: 2010 Fifth...
  • W.T. Tsai, Y. Huang, X.Y. Bai, J. Gao, Scalable architecture for SaaS, in: Proceedings of 15th IEEE International...
  • E.M. Clarke et al.

    Formal methods: state of the art and future directions

    ACM Comput. Surv.

    (1996)
  • J.B. Almeida et al.

    Software Development An Introduction to Program Verification

    (2011)
  • IEEE Standard Glossary of Software Engineering Terminology, IEEE Std...
  • Formal Methods....
  • Lei Pi, Architecture Description Language Semantic and Behavior Analysis, Ph.D Thesis, University of Toulouse,...
  • A. Basu et al.

    Modeling Heterogeneous Real-Time Components in BIP

  • L. Insup et al.

    A family of resource-bound real-time process algebras

    Electron. Notes Theor. Comput. Sci.

    (2006)
  • SAE, Architecture Analysis & Design Language (Standard SAE AS5506A), 2009. Available at...
  • SAE-AS5506/1, SAE Architecture Analysis and Design Language (AADL) Annex Volume 1, Annex E: Error Model Annex,...
  • B. Berthomieu, J.P. Bodeveix, P. Farail, M. Filali, H. Garavel, P. Gaufillet, F. Lang, F. Vernadat, Fiacre: an...
  • Lei Pi, Zhibin Yang, J.P. Bodeveix, F. Mamoun, Kai Hu, Dianfu Ma, A Comparative Study of FIACRE and TASM to Define AADL...
  • Martin Ouimet, Kristina Lundqvist, The TASM Language Reference Manual Version 1.1. MIT,...
  • G. Behrmann et al.

    A tutorial on UPPAAL

  • Cited by (15)

    • DIFCS: A Secure Cloud Data Sharing Approach Based on Decentralized Information Flow Control

      2022, Computers and Security
      Citation Excerpt :

      The model checking technique, one of the powerful formal analysis techniques of the formal method, is widely used in software verification, system analysis, security properties verification for protocol or information system, etc. Security protocol, for instance, the general steps for model checking are as follows: first, the protocol is abstracted and modeled using model representation tool (bi-graph language Famulari et al., 2016, HLPN, etc.). Subsequently, the model is translated to the standard input format language of a model checker (SPIN Holzmann, 1997, PAT Sun et al., 2009, NuSMV Alessandro et al., 2000, etc.).

    • A component-based framework for certification of components in a cloud of HPC services

      2020, Science of Computer Programming
      Citation Excerpt :

      Belletine et al. propose a distributed framework for verifying CTL formulas on a cloud, based on a MapReduce algorithm [88]. Finally, the framework proposed by Kai Hu et al. propose a robust VaaS framework, focusing essentially on the dualism with the main concerns of SaaS (Software-as-a-Service), such as the storage of verification tools and results, scalability problems and fault tolerance [89]. It is the closest framework to the certification framework of HPC Shelf.

    • Formal verification approaches and standards in the cloud computing: A comprehensive and systematic review

      2018, Computer Standards and Interfaces
      Citation Excerpt :

      Then, the simulation results cannot help to evaluate the functional properties such as the system correctness in the cloud computing. Because, formal methods are essential for evaluating the complex systems, and recent scientific studies analyze their case studies using mathematical verification approaches such as model checking [15,43,44], process algebra [10,36,45–47] and theorem proving [49–51] methods. On the other hand, formal verification is an important section for providing the correctness of the complex information systems such as cloud computing [44,57].

    • A formal approach for Docker container deployment

      2021, Concurrency and Computation: Practice and Experience
    • Verification algebra for multi-tenant applications in VaaS architecture

      2021, Software Testing Verification and Reliability
    View all citing articles on Scopus
    View full text