1 A Formal Approach to Developing Reliable Service- based Systems Supratik Mukhopadhyay.
-
Upload
ezra-daniels -
Category
Documents
-
view
212 -
download
0
Transcript of 1 A Formal Approach to Developing Reliable Service- based Systems Supratik Mukhopadhyay.
![Page 1: 1 A Formal Approach to Developing Reliable Service- based Systems Supratik Mukhopadhyay.](https://reader036.fdocuments.us/reader036/viewer/2022070412/56649e2e5503460f94b1e803/html5/thumbnails/1.jpg)
1
A Formal Approach to Developing Reliable Service-
based Systems
Supratik Mukhopadhyay
![Page 2: 1 A Formal Approach to Developing Reliable Service- based Systems Supratik Mukhopadhyay.](https://reader036.fdocuments.us/reader036/viewer/2022070412/56649e2e5503460f94b1e803/html5/thumbnails/2.jpg)
2
Middleware/Service-based Systems:
The CORBA Approach What we want:
![Page 3: 1 A Formal Approach to Developing Reliable Service- based Systems Supratik Mukhopadhyay.](https://reader036.fdocuments.us/reader036/viewer/2022070412/56649e2e5503460f94b1e803/html5/thumbnails/3.jpg)
3
Adaptable Service-based Systems
![Page 4: 1 A Formal Approach to Developing Reliable Service- based Systems Supratik Mukhopadhyay.](https://reader036.fdocuments.us/reader036/viewer/2022070412/56649e2e5503460f94b1e803/html5/thumbnails/4.jpg)
4
Requirements of Service-based Systems
Adaptability Provide acceptable failures, overload, or damages Rapid reconfiguration to achieve users’ new
missions Security
Authentication for both users performance in the presence of system and service providers
Protection of critical information infrastructure of distributed services based on flexible security policies
For example, access control requirements Situation-Awareness (SAW) – capability of
being aware of complex situations for Service coordination Adapting workflows when situations change Enforcing situation-aware security policies
![Page 5: 1 A Formal Approach to Developing Reliable Service- based Systems Supratik Mukhopadhyay.](https://reader036.fdocuments.us/reader036/viewer/2022070412/56649e2e5503460f94b1e803/html5/thumbnails/5.jpg)
5
Outline of the Talk Motivations A Running Example Formal Architecture Modeling of Service-based Systems
A calculus (with semantics) and a logic Automated Synthesis of Processes (agents)
from logical specifications Synthesis by natural deduction using Curry-
Howard like correspondence Demo
![Page 6: 1 A Formal Approach to Developing Reliable Service- based Systems Supratik Mukhopadhyay.](https://reader036.fdocuments.us/reader036/viewer/2022070412/56649e2e5503460f94b1e803/html5/thumbnails/6.jpg)
6
Motivations Grand Challenges in Computing Research
Edited by Hoare and MilnerScience for Global Ubiquitous Computing (GUC)
Develop models for systems composed of ad-hoc networks of diverse components
Models need to support context-awareness, adaptive behavior, loose coupling, security, …
Develop calculi and logics to formalize notions of self and context-awareness, migration, …
Develop models for acquisition, distribution, management and sharing of knowledge, and building trust based on such knowledge …
Develop new type systems, new static analysis techniques, new verification techniques suitable for the GUC
![Page 7: 1 A Formal Approach to Developing Reliable Service- based Systems Supratik Mukhopadhyay.](https://reader036.fdocuments.us/reader036/viewer/2022070412/56649e2e5503460f94b1e803/html5/thumbnails/7.jpg)
7
A Simple Example
L
call 911
Police Dept. (PD)
Fire Dept.(FD)
AMS
Accident Report
Accid
ent
ReportA
ccid
ent
Rep
ort
PCAR
Send Patrol Car
FESend
Fire Engine
AMB
Send
Ambulance
911
![Page 8: 1 A Formal Approach to Developing Reliable Service- based Systems Supratik Mukhopadhyay.](https://reader036.fdocuments.us/reader036/viewer/2022070412/56649e2e5503460f94b1e803/html5/thumbnails/8.jpg)
8
Requirements of the AS3 System in the Example
Service coordination requirements 911 center (911) receives information
about accident from observer 911 sends accident report (including
accident location) to the city fire department (FD), the city police department (PD), and the city ambulance management system (AMS)
FD, PD, and AMS send a fire engine (FE), a police car (PCAR), and an ambulance (AMB) respectively to the accident location
![Page 9: 1 A Formal Approach to Developing Reliable Service- based Systems Supratik Mukhopadhyay.](https://reader036.fdocuments.us/reader036/viewer/2022070412/56649e2e5503460f94b1e803/html5/thumbnails/9.jpg)
9
Major Components of Our Approach
Service Specifications
Workflow &Backup Workflow Agents
AnnotatedWorkflow Agents
Distributed SINS Agents
Customizable Failure Handling
Specifications
Timing & Resource
Specifications
ExecutionMonitoring
Goal
Security Policy Specifications
Security Agents
SAW Specifications
SAW Agents
AS3 Logic
Resource Agents
Workflow Scheduler
AS3Cal2SOLCompiler
SOL2JavaCompiler
NMR Axioms
Natural Deduction-Based Proof System Kernel
Failure Handling Axioms
Coordination Axioms
Security Policy Axioms
SAW Axioms
![Page 10: 1 A Formal Approach to Developing Reliable Service- based Systems Supratik Mukhopadhyay.](https://reader036.fdocuments.us/reader036/viewer/2022070412/56649e2e5503460f94b1e803/html5/thumbnails/10.jpg)
10
Existing Standards for Service-based Systems
1. BPEL/BPEL4WS: Industry standard For modeling and executing workflows Lacks formal semantics Does not provide automatic service composition
and adaptation
2. OWL-S, Web Components: Provides constructs for unambiguously
describing the properties and capabilities of Web services
Provides limited formal guarantees Does not provide automatic service composition
![Page 11: 1 A Formal Approach to Developing Reliable Service- based Systems Supratik Mukhopadhyay.](https://reader036.fdocuments.us/reader036/viewer/2022070412/56649e2e5503460f94b1e803/html5/thumbnails/11.jpg)
11
The AS3 Calculus Provide a formal programming model for service-
based systems Is based on classical process calculi, and has
operational semantics involving interactions between: external actions: communication, leaving and joining
groups internal computations: method calls of named services Continuation passing used to provide semantics of
asynchronous service-invocations Can model timeouts and failures (in monadic
style)
![Page 12: 1 A Formal Approach to Developing Reliable Service- based Systems Supratik Mukhopadhyay.](https://reader036.fdocuments.us/reader036/viewer/2022070412/56649e2e5503460f94b1e803/html5/thumbnails/12.jpg)
12
A Calculus for Service-based Systems: The AS3 Calculus
(System) S::= fix I=P (recursion)
N[S] (named domain) S||S (Sys. Comp.)
N ::= x (variable) n (name)
(Process)P::=
(new n) P (name restriction) 0 (inactive process) P par P (par. composition) I (identifier) E.P (external action) C.P (int. computation) P1+P2 (nondet. choice) fail(I) (failure) catch(I).P (failure handler)
time t.P (timeout)P{l1(x1),…;…ln(xn)} (method
export)
External action involves communication, leaving or joining groups, removing firewalls Internal computation takes place by calling methods of identified services
![Page 13: 1 A Formal Approach to Developing Reliable Service- based Systems Supratik Mukhopadhyay.](https://reader036.fdocuments.us/reader036/viewer/2022070412/56649e2e5503460f94b1e803/html5/thumbnails/13.jpg)
13
External ActionsE ::= M (Domain) K (Comm.)
K::= (Comm.) Ch(x) (input) Ch<Str> (output) mc(C1,…,Cn)<Str>
(multicast) Ch::= N (Channel)
M ::= in N (enter a dom.) out N (exit a dom.) open N (open firewall) ε (no action)
![Page 14: 1 A Formal Approach to Developing Reliable Service- based Systems Supratik Mukhopadhyay.](https://reader036.fdocuments.us/reader036/viewer/2022070412/56649e2e5503460f94b1e803/html5/thumbnails/14.jpg)
14
Internal ComputationC::= let x=D instantiate C (let reduction)
if ρ then P else P’ (conditional) replace(I:li) (method replacement) li ← lj (method modification)
ρ (constraint evaluation)
ε (no-computation) tt (constant true) ff (constant false) ⊥ (failed computation)
D::= I:li(y) (method invocation for identified
service)
I:li= prei::posti[y]
pre::=[y] ρ[y]
post::= ([x] ρ[x]) x
::= b (base type) → (function type)
ρ::= x y+c x>y+c x y+c x<y+c
![Page 15: 1 A Formal Approach to Developing Reliable Service- based Systems Supratik Mukhopadhyay.](https://reader036.fdocuments.us/reader036/viewer/2022070412/56649e2e5503460f94b1e803/html5/thumbnails/15.jpg)
15
Operational Semantics of the AS3 Calculus
Γ Γ/I’├ I:li=pre::post[xi]__________________________________________ (service invocation 1)Γ Γ Γ/I’├ I:li(y) → pre::post[y/xi]
Γ/I’,N├ pre[y/xi]→tt__________________________________________ (service invocation 2) Γ/I’├ pre::post[y/xi]→post[y/xi]
Γ/I’,N├ pre[y/xi]→ff___________________________________________ (service inv. fail) Γ/I’∪{failure(I’)}├ pre::post[y/xi]→⊥
![Page 16: 1 A Formal Approach to Developing Reliable Service- based Systems Supratik Mukhopadhyay.](https://reader036.fdocuments.us/reader036/viewer/2022070412/56649e2e5503460f94b1e803/html5/thumbnails/16.jpg)
16
AS3 Processes for the Example
System
fix 911= tel(x). fd<x>.pd<x>.ams<x>.911
fix PD=pd(x).let y= pcar:dispatchCAR(x) instantiate if y== ‘car_sent’ then PDelse fail(PD)
fix AMS=ams(x).let y= amb:dispatchAMB(x) instantiate if y== ‘amb_sent’ then AMSelse fail(AMS)
911
Police Dept. (PD) AMS
![Page 17: 1 A Formal Approach to Developing Reliable Service- based Systems Supratik Mukhopadhyay.](https://reader036.fdocuments.us/reader036/viewer/2022070412/56649e2e5503460f94b1e803/html5/thumbnails/17.jpg)
17
AS3 Processes for the Example (cont.)
L
AMS
fix 911= tel(x). fd<x>.pd<x>.ams<x>.911
Police Dept. (PD)
Fire Dept.(FD)
(x)
<x><x><x><x>
![Page 18: 1 A Formal Approach to Developing Reliable Service- based Systems Supratik Mukhopadhyay.](https://reader036.fdocuments.us/reader036/viewer/2022070412/56649e2e5503460f94b1e803/html5/thumbnails/18.jpg)
18
AS3 Processes for the Example (cont.)
Police Dept. (PD)
fix PD=pd(x).let y= pcar:dispatchCAR(x) instantiate if y== ‘car_sent’ then PDelse fail(PD)
PCAR
<x>
Car Sent
![Page 19: 1 A Formal Approach to Developing Reliable Service- based Systems Supratik Mukhopadhyay.](https://reader036.fdocuments.us/reader036/viewer/2022070412/56649e2e5503460f94b1e803/html5/thumbnails/19.jpg)
19
Synthesis of AS3 Processes Can we synthesize AS3 processes
automatically from declarative specifications? Yes
![Page 20: 1 A Formal Approach to Developing Reliable Service- based Systems Supratik Mukhopadhyay.](https://reader036.fdocuments.us/reader036/viewer/2022070412/56649e2e5503460f94b1e803/html5/thumbnails/20.jpg)
20
Our Approach: Logic-based Synthesis of Process Terms
1. Services described in AS3 logic along with proof rules of the logic form a theory of AS3
systems2. Functional requirements of the mission along
with QoS (real-time, security, situation-awareness) described as formulae in AS3 logic
3. Synthesis amounts to a natural deduction of the requirements using the AS3 theory with service discovery and composition being the computation of a Craig interpolant
4. Calculus terms directly synthesized from the proof using Curry-Howard like correspondence
![Page 21: 1 A Formal Approach to Developing Reliable Service- based Systems Supratik Mukhopadhyay.](https://reader036.fdocuments.us/reader036/viewer/2022070412/56649e2e5503460f94b1e803/html5/thumbnails/21.jpg)
21
AS3 Logic Hybrid Modal Logic talking both about
time and space Sometime modality for temporal evolution,
somewhere modality for spatial location Nominals standing for state
Modalities for communication, leaving joining domains
Atomic formulas for describing relations among variables
![Page 22: 1 A Formal Approach to Developing Reliable Service- based Systems Supratik Mukhopadhyay.](https://reader036.fdocuments.us/reader036/viewer/2022070412/56649e2e5503460f94b1e803/html5/thumbnails/22.jpg)
22
AS3 Logic Syntaxφ ::= 0 (inactivity) pred(x1,…,xn) (user defined atoms) t~c (atomic constraint)
φ1∨φ2 (disjunction) ┐φ (negation) ◊ φ (sometime) Θ φ (somewhere) I (identifier/nominal match) ~::=> | <| ≤| ≥c: Natural Number
![Page 23: 1 A Formal Approach to Developing Reliable Service- based Systems Supratik Mukhopadhyay.](https://reader036.fdocuments.us/reader036/viewer/2022070412/56649e2e5503460f94b1e803/html5/thumbnails/23.jpg)
23
AS3 Logic Syntax (Contd.) φ1|| φ2 (parallel composition) η[φ] (named domain) φ@η (behavior within domain) K(u; φ) (knowledge of an object)serv(u;v; Φ,I) (recording of an object) n φ (quantification over names) t φ (quantification over real variables)
in(n) φ (behavior after entering domain) out(n) φ (behavior after leaving domain) <u> φ (behavior after sending message) T (constant true) I φ (quantification over nominals)
![Page 24: 1 A Formal Approach to Developing Reliable Service- based Systems Supratik Mukhopadhyay.](https://reader036.fdocuments.us/reader036/viewer/2022070412/56649e2e5503460f94b1e803/html5/thumbnails/24.jpg)
24
AS3 Logic: Facts We provide a constructive
interpretation of the logic for process synthesis
Sound (and complete) proof theory (natural deduction-based)
![Page 25: 1 A Formal Approach to Developing Reliable Service- based Systems Supratik Mukhopadhyay.](https://reader036.fdocuments.us/reader036/viewer/2022070412/56649e2e5503460f94b1e803/html5/thumbnails/25.jpg)
25
The Running Example in AS3
LogicEntities: (Nominals/Identifiers)911, PD, AMS, FDFE, AMB, PCARCoordination Requirements:◇K(“accident”,x; 911) (◇<x>911 ))
C1: <x>911 → ◇K(x; PD) ◇K(x; AMS) ◇K(x; FD) C2: K(x; PD) →◇serv(pcar_response; x; PD ; W) C3: K(x; AMS) →◇serv(amb_response; x; AMS; S) C4: K(x; FD) →◇serv(fe_response; x; FD; U) C5: serv(“car_sent”; x; PD ; W) →◇TC6: serv(“amb_sent”; x; AMS ; S) →◇TC7: serv(“fe_sent”; x; FD ; U) →◇T
![Page 26: 1 A Formal Approach to Developing Reliable Service- based Systems Supratik Mukhopadhyay.](https://reader036.fdocuments.us/reader036/viewer/2022070412/56649e2e5503460f94b1e803/html5/thumbnails/26.jpg)
26
Service Specifications in AS3 Logic
S1: dispatchAMB(x;amb;W)→◇serv(amb_response;x;W;amb)S2: dispatchCAR(x;pcar; S)→
◇serv(pcar_response;x;U;pcar) and one other axiom
![Page 27: 1 A Formal Approach to Developing Reliable Service- based Systems Supratik Mukhopadhyay.](https://reader036.fdocuments.us/reader036/viewer/2022070412/56649e2e5503460f94b1e803/html5/thumbnails/27.jpg)
27
Natural Deduction and Process Synthesis
K(“accident”,x; 911)
<x>911
C1: <x>911 → ◇K(x; PD) ◇K(x; AMS) ◇K(x; FD)
K(x; PD)K(x; AMS)K(x; FD)
fix 911=tel(z).tel(x).pd<x>.ams<x>.fd<x>.
fix PD=pd(x).
fix AMS=ams(x).
fix FD=fd(x).
![Page 28: 1 A Formal Approach to Developing Reliable Service- based Systems Supratik Mukhopadhyay.](https://reader036.fdocuments.us/reader036/viewer/2022070412/56649e2e5503460f94b1e803/html5/thumbnails/28.jpg)
28
Natural Deduction and Process Synthesis
G: serv(amb_response; x; AMS; amb)
α: dispatchAMB(x;amb;AMS)
[α: dispatchAMB(x;amb;AMS)]
S1: dispatchAMB(x;amb;AMS)→◇serv(amb_response;x;AMS;amb)
D1: ◊serv(amb_response; x; AMS; amb)
…
fix AMS=… let y= amb:dispatchAMB(x)
instantiate
![Page 29: 1 A Formal Approach to Developing Reliable Service- based Systems Supratik Mukhopadhyay.](https://reader036.fdocuments.us/reader036/viewer/2022070412/56649e2e5503460f94b1e803/html5/thumbnails/29.jpg)
29
ENDEND
![Page 30: 1 A Formal Approach to Developing Reliable Service- based Systems Supratik Mukhopadhyay.](https://reader036.fdocuments.us/reader036/viewer/2022070412/56649e2e5503460f94b1e803/html5/thumbnails/30.jpg)
30
References[1] Distributed control and co-ordination of autonomous agents in a dynamic, reconfigurable system “US Patent
Number: 6336781”[2] Process and system for managing run-time adaptation for general purpose distributed adaptive applications “US
Patent Number: 6324619”[3] Servlet-based architecture for dynamic service composition “US Patent Number: 6330710”[4] Method and apparatus for providing a dynamic service composition software architecture “US Patent Number:
6256771”[5] Security and emergency communication service coordination system and notification control method therefore
“US Patent Number: 6337621”[6] Generic service coordination mechanism for solving supplementary service interaction problems in
communication system “US Patent Number: 5742673”[7] S. Yau et al., Reconfigurable Context-Sensitive Middleware for Pervasive Computing, IEEE Pervasive Computing,
vol. 1(3), 2002, pp. 33-40.[8] M. Mikic-Rakic, N. Medvidovic: Adaptable Architectural Middleware for Programming-in-the-Small-and-Many.
Middleware 2003: 162-181.[9] A. Ranganathan, R. H. Campbell: A Middleware for Context-Aware Agents in Ubiquitous Computing Environments.
Middleware 2003: 143-161.[10] A. Popovici, A. Frei, G. Alonso: A Proactive Middleware Platform for Mobile Computing. Middleware 2003: 455-
473.[11] U. Lang, Access Policies in Middleware, PhD Thesis, University of Cambridge, 2003[12] T. Abdelzaher, B. Blum B, Q. Cao, Y. Chen, D. Evans, J. George, S. George, L. Gu, T. He, S. Krishnamurthy, L. Luo,
S. Son, J. Stankovic, R. Stoleru and A. Wood, EnviroTrack: Towards an Environmental Computing Paradigm for Distributed Sensor Networks , The 24th International Conference on Distributed Computing Systems. Tokyo, Japan. March 23-26, 2004.
[13] S. Yau, H. Davulcu, S. Mukhopadhyay, D. Huang and Y. Yao, Adaptable, Situation-aware, Secure Service-based (AS3) Systems, Proceedings of the IEEE International Symposium Object-oriented, Real-time, Distributed Computing (ISORC’05), 2005.
[14] R. Bharadwaj, S. Mukhopadhyay and N. Padh, “Service Composition in a Secure Agent-based Architecture”, Proceedings of the IEEE International Conference on E-Technologies, E-commerce and E-Service (EEE’05), pp 787—788, 2005
[15] Internet2 Medical Middleware (MedMid) Working Group: Draft Workplan Scenarios, 2003
![Page 31: 1 A Formal Approach to Developing Reliable Service- based Systems Supratik Mukhopadhyay.](https://reader036.fdocuments.us/reader036/viewer/2022070412/56649e2e5503460f94b1e803/html5/thumbnails/31.jpg)
31
References (cont.)[16] E. Sirin, J. A. Hendler, B. Parsia: Semi-automatic Composition of Web Services using Semantic Descriptions. WSMAI 2003: 17-24[17] Z. Duan, A. J. Bernstein, P. M. Lewis, S. Lu: Semantics Based Verification and Synthesis of BPEL4WS Abstract Processes.
ICWS 2004: 734-737[18] G. C. Necula: Enforcing Security and Safety with Proof-Carrying Code. Electr. Notes Theor. Comput. Sci. 20: (1999).[19] B. Li, K. Nahrstedt, A Control-based Middleware Framework for Quality of Service Adaptations, IEEE Journal on Selected Areas
in Communication, vol 17, No. 9, September, 1999[20] K. Roemer, O. Kasten, F. Mattern, Middleware Challenges in Wireless Sensor Networks, Mobile Computing and
Communications Review, vol 3, No. 2, 2002[21] F. Curbera et. al., Business Process Execution Language for Web Services, 2002[22] E. Christensen et. al, The Web Services Description Language (WSDL), IBM[23] T. Berners-Lee et. al, The semantic web, Scientific American, May 2003[24] A. Ankolekar, F. Huch and K. Sycara. Concurrent Execution Semantics for DAML-S with Subtypes. In Proceedings of The First
International Semantic Web Conference (ISWC), 2002[25] E. Newcomer. Understanding Web Services. Addison Wesley, 2002. [26] Endrei, M.; Ang, J.; Arsanjani, A.; Chua, Sook; Comte, P; Krogdahl, P; Luo, M; and Newling, T. (2004)
Patterns: Service-oriented Architecture and Web Services. IBM Redbook, ISBN 073845317X[27] D. Bell and L. La Padula. Secure Computer Systems: Unified Exposition and Multics Interpretation, Technical Report, Mitre
Corporation, 1975[28] S. Ponnekanti and A. Fox, SWORD: A Developer Toolkit for Web Service Composition, In Proceedings of WWW 2002[29] J. Rao et. al, Application of Linear Logic to Web Service Composition, 2004[30] Gruia-Catalin Roman, Jamie Payton: Mobile UNITY Schemas for Agent Coordination. Abstract State Machines 2003: 126-150. [31] Cédric Fournet, Georges Gonthier: The Join Calculus: A Language for Distributed Mobile Programming. APPSEM 2000: 268-332. [32] L. Cardelli, A. D. Gordon: Mobile ambients. Theor. Comput. Sci. 240(1): 177-213 (2000)[33] Woodman, S.J., Palmer, D.J., Shrivastava, S.K, and Wheater, S.M.: Notations for the Specification and Verification of Composite
Web Services, In Proc. of 8th IEEE Int’l Enterprise Distributed Object Computing Conf. (EDOC '04)[34] R. Milner: Communication and Concurrency, Prentice Hall, 1989[35] Gérard Berry, Gérard Boudol: The Chemical Abstract Machine. In Proceedings of POPL 1990: 81-94[36] N. Milanovic and M. Malek: Current Solutions for Web Service Composition, IEEE Internet ComputingNovember/December 2004
(Vol. 8, No. 6) pp. 51-59[37] R. Bharadwaj, “SOL: A Verifiable Synchronous Language for Reactive Systems,” Proc. Synchronous Languages, Applications,
and Programming (SLAP’ 02). http://chacs.nrl.navy.mil/publications/ CHACS/2002/2002bharadwaj-entcs.pdf
![Page 32: 1 A Formal Approach to Developing Reliable Service- based Systems Supratik Mukhopadhyay.](https://reader036.fdocuments.us/reader036/viewer/2022070412/56649e2e5503460f94b1e803/html5/thumbnails/32.jpg)
32
Operational Semantics of AS3 Calculus
______________________________ (fail computation) ⊥.P→fail
C→a_______________________________ (beta reduction) let x=C instantiate P →P[a/x]
C(x)→true_______________________________ (cond eval. true) if C(x) then P else P’ →P
![Page 33: 1 A Formal Approach to Developing Reliable Service- based Systems Supratik Mukhopadhyay.](https://reader036.fdocuments.us/reader036/viewer/2022070412/56649e2e5503460f94b1e803/html5/thumbnails/33.jpg)
33
Operational Semantics of AS3 Calculus
C(x)→false ____________________________ (cond. Eval. false) if C(x) then P else P’ →P’
C(x)→a _____________________________ a {true,false} (cond fail) if C(x) then P else P’ → ⊥
![Page 34: 1 A Formal Approach to Developing Reliable Service- based Systems Supratik Mukhopadhyay.](https://reader036.fdocuments.us/reader036/viewer/2022070412/56649e2e5503460f94b1e803/html5/thumbnails/34.jpg)
34
Operational Semantics (cont.)
_____________________________ (migration inside a domain)
in n.P || n[Q] →n[P||Q]
______________________________ (communication) <m>.P || (x).Q→ P||Q[m/x]
Back
![Page 35: 1 A Formal Approach to Developing Reliable Service- based Systems Supratik Mukhopadhyay.](https://reader036.fdocuments.us/reader036/viewer/2022070412/56649e2e5503460f94b1e803/html5/thumbnails/35.jpg)
35
Structural Congruence A process is congruent to its alpha-renamed variant
If P≌Q then 1. C.P ≌ C.Q2. A.P ≌ A.Q3. P||R ≌ Q||R4. R||P ≌ R||Q5. N[P] ≌ N[Q]6. (new n) P ≌ (new n) Q7. fix I=P ≌ fix I=Q8. P+R ≌ Q+R
![Page 36: 1 A Formal Approach to Developing Reliable Service- based Systems Supratik Mukhopadhyay.](https://reader036.fdocuments.us/reader036/viewer/2022070412/56649e2e5503460f94b1e803/html5/thumbnails/36.jpg)
36
Image Finiteness of Processes
We impose the following restrictions on processes Recursive processes are guarded Parallel composition through recursion is not
allowed (similar to Pi-calculus [Dam 93]) A type system can check for well-formedness
of processes Image Finiteness: A closed process term can
only evolve (in zero or more steps) into finitely many non-congruent process terms using the reduction rules
Restrictions ensure that every process is image finite
Back
![Page 37: 1 A Formal Approach to Developing Reliable Service- based Systems Supratik Mukhopadhyay.](https://reader036.fdocuments.us/reader036/viewer/2022070412/56649e2e5503460f94b1e803/html5/thumbnails/37.jpg)
37
Model Theoretic Semantics of AS3 Logic
P ╞ I if fix I=P
P ╞ <u> φ if there exists Q, R,S,T P≌<u>Q,R ≌ (x).S,T= P||R and Q╞ φ
P ╞ pred(u1,…,un) if for any Q, with P ≦Q, Q is annotated with pred(u1,…,un)
P ╞ in(n) φ if there exists Q, n, R, S, P ≌ in n.Q, Q╞ φ @n, S ≌ P || n[R]
Back
![Page 38: 1 A Formal Approach to Developing Reliable Service- based Systems Supratik Mukhopadhyay.](https://reader036.fdocuments.us/reader036/viewer/2022070412/56649e2e5503460f94b1e803/html5/thumbnails/38.jpg)
38
Transformation Rules for Access Control (Cont.)
A3: ┐restrict(I,σ)→Θ(I ||σ)
A4: Θn[ρ || σ] ∧ Θ(φ || σ)→Θn[φ || σ || ρ]
A5: restrict(φ,σ)∧┐restrict(φ,ρ)→restrict(φ || ρ,σ)
A6: next_hierarchy(I,σ)→restrict(I,σ)
A7: restrict(I,σ) /\ Θ(I || J)→restrict(J,σ) A8: restrict(σ,φ)→restrict(φ,σ)
A9: Θn[φ || J] /\ restrict(K,J)→Θn[φ ||m[K] || J] V Θ(n[φ || J] || m[K])
[Back]
![Page 39: 1 A Formal Approach to Developing Reliable Service- based Systems Supratik Mukhopadhyay.](https://reader036.fdocuments.us/reader036/viewer/2022070412/56649e2e5503460f94b1e803/html5/thumbnails/39.jpg)
39
Service Descriptions in AS3 Logic
S3: dispatchFE(x;fe;S)→ ◇serv(fe_response;x;S;fe)
back
![Page 40: 1 A Formal Approach to Developing Reliable Service- based Systems Supratik Mukhopadhyay.](https://reader036.fdocuments.us/reader036/viewer/2022070412/56649e2e5503460f94b1e803/html5/thumbnails/40.jpg)
40
Policy Enforcement: Model-based Diagnosis and Recovery
System was synthesized based on the assumption that services do not behave maliciously: Unrealistic assumption
Runtime enforcement ensures diagnosis of malicious behavior on the part of services and subsequent recovery
Service specifications used to generate symptoms
Abduction based diagnosis uses the models (process terms) to diagnose breach of trust by services and ensure recovery
![Page 41: 1 A Formal Approach to Developing Reliable Service- based Systems Supratik Mukhopadhyay.](https://reader036.fdocuments.us/reader036/viewer/2022070412/56649e2e5503460f94b1e803/html5/thumbnails/41.jpg)
41
Requirements of AS3 Systems
Adaptability Provide acceptable performance in the presence of
system failures, overload, or damages Rapid reconfiguration to achieve users’ new
missions Security
Authentication for both users and service providers Protection of critical information infrastructure of
distributed services based on flexible security policies
For example, access control requirements Situation-Awareness (SAW) – capability of
being aware of complex situations for Service coordination Adapting workflows when situations change Enforcing situation-aware security policies
![Page 42: 1 A Formal Approach to Developing Reliable Service- based Systems Supratik Mukhopadhyay.](https://reader036.fdocuments.us/reader036/viewer/2022070412/56649e2e5503460f94b1e803/html5/thumbnails/42.jpg)
42
A Simple Example A simplified version of the ship
scenario in the overview slides Intrusion of enemy detected by Monitoring
Agent that reports to the CMD The CMD directly asks shipA (or shipB) to
destroy the enemy ship rather than sending a warning
We assume no failures take place The Combat System Agent has been
eliminated
![Page 43: 1 A Formal Approach to Developing Reliable Service- based Systems Supratik Mukhopadhyay.](https://reader036.fdocuments.us/reader036/viewer/2022070412/56649e2e5503460f94b1e803/html5/thumbnails/43.jpg)
43
AS3 Processes for the Example
System = MA || CMD || fleet [shipA || shipB] fix MA =
if MA: detect_intrusion() then let <x,y>= MA: get_enemy_coordinates()
instantiate <x,y>.MA else
MA
fix CMD = (x,y). in fleet.<x,y>.<destroy>.out fleet.CMD
fix shipA= (x,y).(d). if d=“destroy” then
(shipA:lock_radar(x,y).shipA:load_missile().(let z=shipA:fire() instantiate if z= enemy_destroyed then <z> ) then shipA)
else shipA
shipB ≌shipA
![Page 44: 1 A Formal Approach to Developing Reliable Service- based Systems Supratik Mukhopadhyay.](https://reader036.fdocuments.us/reader036/viewer/2022070412/56649e2e5503460f94b1e803/html5/thumbnails/44.jpg)
44
Workflow Synthesis by Proof
A proof engine for the AS3 logic Design of efficient proof strategies that
involves: proof by deduction proof as a satisfiability problem
efficient SAT solvers efficient automata theoretic procedures
![Page 45: 1 A Formal Approach to Developing Reliable Service- based Systems Supratik Mukhopadhyay.](https://reader036.fdocuments.us/reader036/viewer/2022070412/56649e2e5503460f94b1e803/html5/thumbnails/45.jpg)
45
Synthesis of AS3 Processes Security (access control) model
synthesized through formula rewriting using sound transformation rules in AS3 logic
Service specifications including QoS properties axiomatized in AS3 logic
Functional as well as QoS goals of a mission expressed in AS3 logic
![Page 46: 1 A Formal Approach to Developing Reliable Service- based Systems Supratik Mukhopadhyay.](https://reader036.fdocuments.us/reader036/viewer/2022070412/56649e2e5503460f94b1e803/html5/thumbnails/46.jpg)
46
Proof Theory of AS3 Logic All axioms of constructive propositional modal logic
and the following axioms:
T1: Θ(σ || n[φ]) next_hierarchy(σ,φ)
T2: next_hierarchy(φ,σ)→Θσ
T3: Θ◊φ→◊Θφ
T4: φ→Θφ
T5: ΘΘφφ
![Page 47: 1 A Formal Approach to Developing Reliable Service- based Systems Supratik Mukhopadhyay.](https://reader036.fdocuments.us/reader036/viewer/2022070412/56649e2e5503460f94b1e803/html5/thumbnails/47.jpg)
47
Operational Semantics of the AS3 Calculus (Contd.)
Failure semantics specified as a monad
type M a = uP | uC | failure(I) | ⊥
Γ/I’├ Comp(x) Γ/I’├ val x = t Γ/I’├ post::= ([x] ρ[x]) x ┐(Γ/I’∪N ├ ([x] ρ[x])[t/x]) _________________________________________________ __________________________________________________________________________ ______________ (service fail)
Γ ∪{failure(I)}├ post →⊥
Γ├ failure(I) _____________________________________________________________________________________________ ___________________- (failure compusitio 1)
Γ/I’├ catch(I).P → fail(I)
┐(Γ ├ failure(I))__________________________________________________________________________________ ______________________________ (failure composition 2)
Γ/I├⊥.P → P
![Page 48: 1 A Formal Approach to Developing Reliable Service- based Systems Supratik Mukhopadhyay.](https://reader036.fdocuments.us/reader036/viewer/2022070412/56649e2e5503460f94b1e803/html5/thumbnails/48.jpg)
48
Operational Semantics of the AS3 Calculus (Contd.)
Γ├ Comp(x) Γ├ val x = t Γ├ post::= ([x] ρ[x]) x Γ∪N├ ([x] ρ[x])[t/x] _________________________________________________ ______________________________________________________________ _______________ (post ev)
Γ ∪{x=t}├ post → t
Γ├ Comp(x) Γ├ post → t ________________________________________________________________________________________________________ (let reduct)
Γ├ let x=D instantiate C → C[t/x]
Γ├ Comp(x) Γ├ Comp(y) Γ,N├ ρ[x,y] ________________________________________________________________________________________________________ (cond eval. true)
Γ├ if ρ[x,y] then P else P’ → P
back
![Page 49: 1 A Formal Approach to Developing Reliable Service- based Systems Supratik Mukhopadhyay.](https://reader036.fdocuments.us/reader036/viewer/2022070412/56649e2e5503460f94b1e803/html5/thumbnails/49.jpg)
49
Requirements of Service-based Systems
Adaptability Provide acceptable failures, overload, or damages Rapid reconfiguration to achieve users’ new
missions Security
Authentication for both users performance in the presence of system and service providers
Protection of critical information infrastructure of distributed services based on flexible security policies
For example, access control requirements Situation-Awareness (SAW) – capability of
being aware of complex situations for Service coordination Adapting workflows when situations change Enforcing situation-aware security policies
![Page 50: 1 A Formal Approach to Developing Reliable Service- based Systems Supratik Mukhopadhyay.](https://reader036.fdocuments.us/reader036/viewer/2022070412/56649e2e5503460f94b1e803/html5/thumbnails/50.jpg)
50
Existing Formal Approaches
Rule-based Modeling (SWORD) [28]: Does not allow services having side effects Currently, no work is known that uses SWORD for modeling
situation-awareness or security policies Classical Process Calculi and Synchronous
Programming Languages: Pi calculus [33,34], Ambient Calculus [32], Chemical
Abstract Machine [35]: Does not provide facilities for processing situation information and reacting to it
SOL [37]: Does not provide facilities for automatic service composition
Provides ways for formal reasoning Linear Logic [29]:
Undecidable: provides only semi-automated service composition