Yuanzhuo Wang,Chuang Lin,Peter D. Ungsunan,Xiaomeng Huang

DOI: https://doi.org/10.1007/s11227-009-0343-0

IF: 3.3

2009-01-01

The Journal of Supercomputing

Abstract:In this paper, we propose a service composition model method that supports quantitative computation based on Stochastic Petri Nets (SPN). It can capture the semantics of complex service combinations and their respective specifications. In this method, services are divided into interior services and exterior services. The exterior services will be published to the users, while the interior ones do not need to be published. Six equivalent simplified theorems which can be used to simplify the complex models of interior services to simple models of exterior services are presented. They enable the minimization of the state space of the model and make quantitative computation feasible. In addition, since Grid services are always affected by all kinds of churns in actual applications, we also research survivability and its main attributes for Grid service composition. The definition and computational methods based on the model are put forward. In the end, we use the method presented above to describe and analyze an example of travel Grid services successfully.

Yuhong Wen,Haihong Zhao,Lin Liu

DOI: https://doi.org/10.1109/RePa.2011.6046726

2011-01-01

Abstract:Security requirements analysis for business information systems in today's networked organization is difficult due to the complexity of the systems and the frequent change in the environment. Thus, it requires security knowledge to be explicitly represented, and well understood by system analysts and designer, which in turn being applied in feasible problem contexts. System requirements are often represented in modelling frameworks with different analytical focus, so security requirements knowledge shall reflect such difference and form an integrated treatment. This paper proposes to use modelling concepts from the i* and PF modeling language to capture recurring patterns of security problems. The main concepts used are actors, assets, and relations such as ownership and permissions. The major contribution of the approach is proposing the specific problem frames such as ownership, authorization, attack and protection, by decomposing a large problem into sub-problems (base frames), then evaluate the potential threats (attacking frames) applicable to each sub-problem by evaluate the compatibility of the two, security analysis is integrated into the system design process from the outset. The proposal can be generalized to the design of defensive measures as well as other NFR treatments. © 2011 IEEE.

PengCheng Xiong,YuShun Fan,MengChu Zhou

DOI: https://doi.org/10.1109/tsmca.2009.2037018

2010-01-01

Abstract:Business process execution language for Web services (BPEL) is becoming the industrial standard for modeling Web-service-based business processes. Behavioral compatibility for Web service composition is one of the most important topics. The commonly used reachability exploration method focuses on verifying deadlock freeness. When this property is violated, the states and traces in the reachability graph only give clues to redesign the composition. The redesign must then repeat itself until no deadlock is found. In this paper, multiple Web service interaction is modeled with a Petri net called composition net (C-net for short). The problem of behavioral compatibility among Web services is hence transformed into the deadlock structure problem of a C-net. If services are incompatible, a policy based on appending additional information channels is proposed. It is proved that the policy can offer a good solution that can be mapped back into the BPEL models automatically.

GAO Yong,LIU Yu,XIE Kunqing,WU Lun

2006-01-01

Abstract:In EAI applications,most business processes are implemented by the composition of Web services.The modeling techniques are desired for reliable Web service composition.A model for Web service composition is proposed based on Petri nets.Components of composite Web services are translated into Petri nets representations.With tools Petri nets providing,the composite Web services can be well verified to aid the business processes constructions.

Zhang Shuai,Sun Jianling,Yin Keting,Xu Bin

DOI: https://doi.org/10.1109/ISBIM.2008.106

2009-01-01

Abstract:Verification of services compatibility is an important issue in Web Services composition. With the growing of grain size, services will become more complicated with internal business processes and will have interactions with other services while composition. This paper proposed a Petri Net based approach to analyze the Web Services interactive behaviors compatibility. First, the interacting services are merging and reducing into a composite service. Based on the introduction of an analysis method called the reachability tree, the behavior of composite service can be then verified. At last, two case studies are used to show how the compatibility issue can be detected quantitatively using this approach. © 2008 IEEE.

Wei Tan,Yushun Fan,MengChu Zhou,Zhong Tian

DOI: https://doi.org/10.1109/tase.2009.2034016

IF: 6.636

2010-01-01

IEEE Transactions on Automation Science and Engineering

Abstract:Under Service Oriented Architecture (SOA), service composition is used to integrate service components together to meet new business needs. In this paper, we propose a novel data-driven method to provide service composition guidance to implement given requirements. Based on the relations between business domain data and service domain data, we generate additional data mediations according to three composition rules. With these data relations and composition rules, we propose a Petri-net based approach to the composition of services. In our approach, all the in/output messages of the service operations are modeled as colored places, and service operations themselves are modeled as transitions with input/output places. We first generate a Service Net (SN) that contains all operations in a given service portfolio, and then use Petri-net decomposition techniques to derive a subnet of SN, and this subnet meets the need of the business requirement. Our work can be seen as an effort to bridge the gap between business and service domains.

Zhu-Zhong QIAN,Sang-Lu LU,Li XIE

DOI: https://doi.org/10.3321/j.issn:0254-4164.2006.07.007

2006-01-01

Jisuanji Xuebao/Chinese Journal of Computers

Abstract:Automatic Composition of Web services is one of the most important issues in the research of service-oriented computing (SOC). According to the relationship of messages and activities, Web services are defined as message oriented activity based Petri net model (Moap). The model is characterized in terms of message domain and service process. The formal is used to the service cooperation and the communication with client; the latter is the description of Petri net based service process. Moap supports the reuse of the composite services. Compared with automata based models, Moap can describe parallel composition and the meta-message mechanism benefits the automatic composition. Based on Moap, the problem of service composition is presented including the definition of composite Web service system and the service cooperation. Then, the rules of automatic service composition are proposed and the soundness and the completeness are proven. Finally, an example also proofs the usability of Moap.

YE Ronghua,JIN Zhi,ZHONG Farong

DOI: https://doi.org/10.3778/j.issn.1673-9418.2011.05.008

2011-01-01

Abstract:Generally,the achievement of service composition depends on finding the matched services according to user requirements.Nevertheless the user's needs,which are expressed by natural language usually,are difficult to be used for aggregating services.This paper proposes a requirement model based on environment ontology for composition service.This model is based on the concepts — intention which is defined on one environment entity,and task which is a set of associated intentions.Furthermore,Petri net is applied to represent the relationship between tasks in one requirement,and a method to distinguish requirement is given in this model.Finally,a specific example,travel arrangement,demonstrates the effectiveness of the model.

Yanbin Peng,Zhijun Zheng,Jian Xiang,Ji Gao,Jieqing Ai,Zhenyu Lu,Xueqin Jiang

DOI: https://doi.org/10.1109/WCSE.2009.421

2009-01-01

Abstract:Service composition technology promises a new solution to an age-old problem: how to implement complex, large scale, cross-enterprise business application. However, we must ensure the compatibility between component services in composite service. Current research works in this field only concern semantics compatibility of service interface, yet ignoring the compatibility of service behavior. Therefore, this paper proposes a model of service behavior based on Petri-nets with weight. Based on the novel model, a method is proposed to verify and compute service behavior compatibility.

Yu Zhiwei,Tang Rengzhong,Jia Dongjiao,Ye Fanbo

DOI: https://doi.org/10.3321/j.issn:1004-132X.2007.04.021

2007-01-01

Abstract:To identify the security requirements of information systems, a business process-based security requirement analysis method was presented. Focused on the business process security, the related assets which affect the business process security were identified by security tree model. The security requirements of assets were identified by risk packet and risk transferring model, and then the security requirements list was formed after coverage analysis. Finally, a case was studied to illustrate the proposed method.

Pengcheng Xiong,Mengchu Zhou,Calton Pu,Yushun Fan

DOI: https://doi.org/10.1002/9781119036821.ch17

2015-01-01

Abstract:This chapter models multiple web service interaction with a Petri net called Composition net (C-net). It presents Petri-net-based method to find protocol-level mismatches and then generates solutions to fix the mismatch problems. Technically, the approach consists of three steps. First, the chapter adopts BPEL for web services as the web service composition language. The BPEL description of a composite service is translated into a Petri net model. Second, a mixed-integer 624 a petri net solution to protocol-level mismatches in service composition programming formulation is used to detect the maximal empty siphons, which are then used to find protocol-level mismatches. Third, an algorithm is proposed to find siphon-based solutions for protocol-level mismatches by adding tokens in siphons to prevent them from becoming empty. Finally, time complexity comparisons are made between the approach and existing ones. The proposed one can achieve higher efficiency for resolving protocol-level mismatching issues.

Feng Guo,Meng Zhang

DOI: https://doi.org/10.1109/icise.2009.455

2009-01-01

Abstract:Web Service has become a newly distributed computing paradigm. Modeling and analyzing the workflow of composite web services is the most important task in the process of developing service oriented software. BPEL is the industry standard used for combining a set of web services to define a new composite web service. A Petri net model- WS_Net is defined which suitable for describing the business processes of composite web services. Then, a method used for translating a BPEL process to WS_Net is presented. The reliable data of a composite web services is collected by extending UDDI model. WS_RPN which captures the reliability aspect of the web services composition and can be used for analyzing the reliability of BPEL processed through the execution paths is defined based on WS_Net. Finally an example is used to illustrate the method.

Sabri Mtibaa,Moncef Tagina

DOI: https://doi.org/10.48550/arXiv.1210.5515

2012-10-19

Software Engineering

Abstract:Web services are widely used thanks to their features of universal interoperability between software assets, platform independent and loose-coupled. Web services composition is one of the most challenging topics in service computing area. In this paper, an approach based on High Level Petri-Net model as dynamic configuration schema of web services composition is proposed to achieve self adaptation to run-time environment and self management of composite web services. For composite service based applications, in addition to functional requirements, quality of service properties should be considered. This paper presents and proves some quality of service formulas in context of web service composition. Based on this model and the quality of service properties, a suitable configuration with optimal quality of service can be selected in dynamic way to reach the goal of automatic service composition. The correctness of the approach is proved by a simulation results and corresponding analysis.

Xuanzhe Liu,Gang Huang,Hong Mei

DOI: https://doi.org/10.1109/icws.2008.139

2008-01-01

Abstract:In the past a few years, the Web has undergone a tremendous change towards a highly user-centric environment. Millions of users can participate and collaborate for their own interests and benefits. Service Oriented Computing and web services have created great potential opportunities for the users to build their own applications. Then, it is a pressing issue that, the users can compose services without too complex tasks and efforts. In this paper, we introduce a user-oriented approach which aims to simplify service composition. We leverage the plentiful information residing in service tags, both from service descriptions (such as WSDL) and the annotations tagged by users. Employing some mining algorithms, a Direct Acyclic Graph is built up to represent potential composition opportunities. With a simple and intuitive search, it allows users to explore the space of potentially composable services and achieve service composition in a heuristic manner. We have developed a composition advisor to provide recommendations guiding and assisting the users. It also lets the users discover and make use of services without having to understand too many details of individual candidate services. To enable the users to accomplish service composition in a more interactive access channel, we finally provide a user-friendly prototype based on web browsers. It undoubtedly reduces the complexity and lowers the entry barrier for the users, and makes them better play their role in the Service-Oriented Web Environment.

XuanZhe Liu

DOI: https://doi.org/10.1007/s11432-010-0013-0

2010-01-01

Science China Information Sciences

Abstract:In the recent years, the web has kept growing rapidly and undergone tremendous changes towards a user-centric environment. With the proliferation of services available on the Internet, millions of users are able to voluntarily participate in and collaborate for their own interests and benefits by means of service composition. However, due to the ever increasing number of services, it then becomes a challenging issue to enable the users to rapidly select and compose the proper services. In this paper, we propose an approach which utilizes service communities for automated service composition. This paper makes three contributions. Firstly, we propose the service community architecture and identify two key components to facilitate service discovery and composition. Secondly, assisted by the service community, we provide two composition types to help users explore the space of potential composition opportunities without having to understand too many details of individual candidate services. Finally, we evaluate our approach by performance analysis and provide a web-based prototype that lowers the entry barrier for the users.

Fengyu Zhao,Xin Peng,Wenyun Zhao

DOI: https://doi.org/10.1109/icis.2009.80

2009-01-01

Abstract:In service oriented architecture (SOA) environment, the communication and infrastructure security is crucial. The most important specification addressing Web services security is WS-Security, which collaborates with the SOAP message specifications, providing integrity, confidentiality and authentication for Web services. However, WS-Security focuses SOAP message security between trusted partners. In SOA applications, there are other vulnerabilities which can be exploited to attack by anonymous customer or even trusted partners, and these vulnerabilities do not gain enough attention as WS-Security. Among them, denial-of-service (DoS) is one attack cluster, which exhausts computer and network resources and reduces the availability of Web services. Another one is sensitive data leakage in a specific application domain. In this paper, the security of SOA applications is viewed as the security domain and a three-tier domain was divided based on security domain analysis. For each security sub-domain, security requirement scenario and requirements are presented. The security domain models were given which can be used to build up security services for sub-domain. Based on security model and security service assets, which can evolve along with understanding on security domain, the developers can establish the security implementation for SOA application integration.

Wei Tan,Yushun Fan,MengChu Zhou

DOI: https://doi.org/10.1109/tase.2008.916747

IF: 6.636

2009-01-01

IEEE Transactions on Automation Science and Engineering

Abstract:Automatic Web service composition is gaining momentum as the potential silver bullet in service oriented architecture. The need for interservice compatibility analysis and indirect composition has gone beyond what the existing service composition/verification technologies can handle. Given two services whose interface invocation constraints are described by a Web services-business process execution language (WS-BPEL or BPEL), we analyze their compatibility and adopt mediation as a lightweight approach to make them compatible without changing their internal logic. We first transform a BPEL description into a service workflow net, which is a kind of colored Petri net (CPN). Based on this formalism, we analyze the compatibility of two services, and then devise an approach to check whether there exists any message mediator so that their composition does not violate the constraints imposed by either side. The method for mediator generation is finally proposed to assist the automatic composition of partially compatible services. Our approach is validated through a real-life case and further research directions are pointed out.

Zhang Yuan,Sun Meng

DOI: https://doi.org/10.1109/ICSESS.2011.5982244

2011-01-01

Abstract:We use a scenario-based visual notation, called Policy Sequence Chart (PSC), for specifying security policies in service coordination. A security policy defines a set of security requirements that correspond to permissions, prohibitions and obligations to some executions when some contextual conditions are satisfied. In this paper, we propose an approach of defining operational semantics of PSCs in terms of constraint automata, which can be used as the semantic foundation for checking compliance between service coordination and the security policies.An

Jian Xiao,Li Zheng

DOI: https://doi.org/10.1109/ieem.2007.4419499

2007-01-01

Abstract:This paper considers Web service as a process net and defines it as an extended Petri net, in order to inherit the closure property of Petri nets. Some operators in the web service calculus are illustrated and mapped to the Petri nets operation. Then a multi-stage modeling framework for Web service composition is proposed based on formal modeling language. The framework is semi-automatic. It leverages the advantages of process algebra and semantic web modeling approaches, and integrates various practical tools proposed by literatures in each stage to improve productivity and reduce the expert skill requirements.

Lianshan Sun,Gang Huang,Yanchun Sun,Hui Song,Hong Mei

DOI: https://doi.org/10.1109/qsic.2008.4

2008-01-01

Abstract:Access control of sensitive resources is a widely used means to achieve information security. When building large-scale systems based on popular commercial component middleware, such as J2EE, a usual way to enforce access control is to define access control configurations for components in a declarative manner. These configurations can be interpreted by the J2EE security service to grant or deny access requests to components. However, it is difficult for the developers to define correct access control configurations according to complex and sometimes ambiguous real-world access control requirements. The difficulties come from mainly the complexity of configuring voluminous component methods in large-scale component based systems and some quality constraints on the configurations, for example, the completeness, consistency and performance overhead of configurations. In this paper, we propose a requirements model driven approach for automatic generation of J2EE access control configurations and demonstrate the approach in a J2EE blueprint application.