基于CPN模型的REST服务架构标准特征验证方法研究

当前REST服务架构广泛应用于大规模、可扩展的分布式Web系统中,若应用REST服务架构时不遵循其标准特征,则可能导致基于REST服务架构的Web系统出现性能下降、可扩展性低等问题。因此,实现基于REST服务架构的Web系统前,需要对该系统设计是否满足REST服务架构标准特征进行验证,以提升基于REST服务架构的Web系统的研发质量。提出一种基于CPN模型的REST服务架构标准特征验证方法,即对REST服务架构的五个标准特征约束进行CPN建模,并使用模型状态空间执行路径同步匹配的验证方法,以应用系统的CPN模型和标准特征约束的CPN模型为基础,对模型状态空间中的各自执行路径进行同步匹配,若路径可同步执行完毕,则说明该应用系统满足该REST标准特征约束。以基于REST服务架构的课程管理Web系统为例,验证上述方法的可用性和有效性。实验结果表明,本文所提验证方法可以有效确认基于REST服务架构的Web应用系统设计是否符合REST服务架构的标准特征约束,并在不符合标准特征约束时提供直观、可行的执行数据,便于后续完成应用系统设计缺陷定位及修正。     

Adaptive security architecture for protecting RESTful web services in enterprise computing environment

In this modern era of enterprise computing, the enterprise application integration (EAI) is a well-known industry-recognized architectural principle that is built based on loosely coupled application architecture, where service-oriented architecture (SOA) is the architectural pattern for the implementation of EAI, whose computational elements are called as “services.” Though SOA can be implemented in a wide range of technologies, the web services implementation of SOA becomes the current selective choice due to its simplicity that works on basic Internet protocols. Web service technology defines several supporting protocols and specifications such as SOAP and WSDL for communication with client and server for data interchange. A new architectural paradigm has emerged in SOA in recent years called REpresentational State Transfer (REST) that is also used to integrate loosely coupled service components, named RESTful web services, by system integration consortiums. This SOA implementation does not possess adequate security solutions within it, and its security is completely dependent on network/transport layer security that is obsolete owing to latest web technologies such as Web 2.0 and its upgraded version, Web 3.0. Vendor security products have major implementation constraints such as they need secured organizational environment and breach to SOA specifications, hence introducing new vulnerabilities. Herein, we examine the security vulnerabilities of RESTful web services in the view of popular OWASP rating methodologies and analyze the gaps in the existing security solutions. We hence propose an adaptive security solution for REST that uses public key infrastructure techniques to enhance the security architecture. The proposed security architecture is constructed as an adaptive way-forward Internet-of-Things (IoT) friendly security solution that is comprised of three cyclic parts: learn, predict and prevent. A novel security component named “intelligent security engine” is introduced which learns the possible occurrences of security threats on SOA using artificial neural networks learning algorithms, then it predicts the potential attacks on SOA based on obtained results by the developed theoretical security model, and the written algorithms as part of security solution prevent the SOA attacks. This paper is written to present one of such algorithms to prevent SOA attacks on RESTful web services along the discussion on the obtained results of the conducted proof-of-concept on the real-time SOA environment. A comparison of the proposed system with other competing solutions demonstrates its superiority.     

SeaHttp: A Resource-Oriented Protocol to Extend REST Style for Web of Things

Web of Things （WoT） makes it possible to connect tremendous embedded devices to web in Representational State Transfer （REST） style. Some lightweight RESTful protocols have been proposed for the WoT to replace the HTTP protocol running on embedded devices. However, they keep the principal characteristic of the REST style. In particular, they support one-to-one requests in the client-server mode by four standard RESTful methods （GET, PUT, POST, and DELETE）. This characteristic is however inconsistent with the practical networks of embedded devices, which typically perform a group operation. In order to meet the requirement of group communication in the WoT, we propose a resource-oriented protocol called SeaHttp to extend the REST style by introducing two new methods, namely BRANCH and COMBINE respectively. SeaHttp supports parallel processing of group requests by means of splitting and merging them. In addition SeaHttp adds spatiotemporal attributes to the standard URI for naming a dynamic request group of physical resource. Experimental results show that SeaHttp can reduce average energy consumption of group communication in the WoT by 18.5%, compared with the Constrained Application Protocol （CoAP）.     

基于REST面向资源的企业集成平台框架

为解决异构环境下企业信息系统业务过程整合的问题,提出一种基于REST面向资源的企业信息集成平台框架模型,其中包括适应工作流的资源模型表征方法、支持工作流的资源应用机制以及基于RESTful Web Service的集成平台框架,通过一个实例验证该原型系统的可行性和正确性,该集成平台框架模型可以满足企业业务过程整合的需求。     

表述性状态转移网络服务平台的研究及实施

电子商务的蓬勃发展使得越来越多的采购商们倾向于利用互联网络进行采购。然而,尽管大部分商业网站都提供了详细周全的产品查询功能,但是当采购商们需要查询大量产品,譬如电子产品元器件,来进行采购时,往往费时费力。而网页这种适宜人类用户进行查询浏览的界面形式并不适合程序来自动处理,一个原因就是网页结构的变化会影响网页数据的抽取过程。本文利用网络服务的思想,使数据抽取通过网站提供的独立于网页的服务来完成,从而避免网页结构变化的影响。在剖析了表述性状态转移面向资源以及对资源进行操作的统一接口特性后,本文指出表述性状态转移用于网络服务的优势。基于这种思想,利用CXF框架和Spring技术构建一个表述性状态转移风格的服务平台,该平台向客户提供查询电子产品信息的网络服务。在此服务支持下,客户端程序可以利用XML解析工具方便地抽取所需要的数据信息。     

基于RESTful的校园二手商品交易系统的设计与实现

针对传统校园二手商品交易的不足,结合高校特定区域的优势以及RESTful架构风格的特性,提出基于RESTful的校园二手商品交易系统。对系统进行总体架构、功能模块、数据库以及RESTful API设计,运用Python语言、ORM技术以及Flask框架,实现了系统的商品发布、商品分类展示、商品搜索、商品交易等主要功能。实际测试与应用结果表明,该系统运行比较稳定,具有较强的扩展性,能够较好地满足大学生进行闲置物品交易的需求。     

RESTful Web Services Development Checklist

Representational State Transfer (REST) architectural style proponents describe it as being easy, but this in no way implies that REST is trivial or simplistic, nor does it mean that RESTful systems lack sophistication. The author covers the primary areas that developers must continually consider as they design and build Web services. Tools can certainly provide reminders about these areas and help to track progress, but ultimately, developers must understand the underlying technical issues to be able to make suitable design and implementation choices.     

Distributed simulation of DEVS and Cell-DEVS models using the RISE middleware

With the expansion of the Web, the desire toward global cooperation in the distributed simulation technology has also been on the rise. However, since current distributed simulation interoperability methods are coupled with system implementations, they place constraints on enhancing interoperability and synchronization algorithms. To enhance simulation interoperability on the Web, we implemented the RISE (RESTful Interoperability Simulation Environment) middleware, the first existing simulation middleware to be based on RESTful Web-services (WS). RISE is a general middleware that serves as a container to hold different simulation environments without being specific to a certain environment. RISE can hold heterogeneous simulations, and it exposes them as services via the Web. One of such services is called Distributed CD++ (DCD++) simulation system, an extension of the CD++ core engine that allows executing DEVS and Cell-DEVS models. Here, we introduce a proof-of-concept design and implementation of DCD++ using the distributed simulation using the RISE environment. We show how the RESTful WS interoperability style in RISE has improved the design, implementation and the performance of the DCD++ simulator. We also discuss a substantial performance improvement of the implementation of the RISE-based DCD++ presented here, showing many advantages of the RESTful WS presented here: improved interoperability, a seamless method to be connected into a cloud computing environment, and performance improvement when compared to our SOAP-based DCD++ in a similar testing environment.     

RISE: A general simulation interoperability middleware container

In recent years, new services on the Internet have enabled global cooperation; in particular, the Web has enabled new distributed simulation technology. Much research has been devoted to develop middleware interoperability methods on the Web. However, most existing methods have constraints in the structural rules that are placed on the design of middleware interoperability methods. For example, such constraints make it difficult to enhance interoperability via decoupling systems implementations and design, which is essential in open computing networks, as in the case of the Web. In order to achieve such objectives we present the RISE (RESTful Interoperability Simulation Environment) middleware. This all-purpose WS-based distributed simulation middleware decouples design and implementation while allowing composition scalability and dynamicity. Furthermore, it supports experiment-oriented frameworks and has the ability to put Web 2.0 services in the simulation loop. RISE is the first existing middleware to achieve such objectives, and the first to employ RESTful Web-services. We present the foundations for meeting the above objectives, and the distinct characteristics of RISE from existing Web-based approaches.     

An approach for modeling and analysis of security system architectures

Security system architecture governs the composition of components in security systems and interactions between them. It plays a central role in the design of software security systems that ensure secure access to distributed resources in networked environment. In particular, the composition of the systems must consistently assure security policies that it is supposed to enforce. However, there is currently no rigorous and systematic way to predict and assure such critical properties in security system design. A systematic approach is introduced to address the problem. We present a methodology for modeling security system architecture and for verifying whether required security constraints are assured by the composition of the components. We introduce the concept of security constraint patterns, which formally specify the generic form of security policies that all implementations of the system architecture must enforce. The analysis of the architecture is driven by the propagation of the global security constraints onto the components in an incremental process. We show that our methodology is both flexible and scalable. It is argued that such a methodology not only ensures the integrity of critical early design decisions, but also provides a framework to guide correct implementations of the design. We demonstrate the methodology through a case study in which we model and analyze the architecture of the Resource Access Decision (RAD) Facility, an OMG standard for application-level authorization service.     

多核处理器架构下面向监控的软件运行时验证方法研究

面向监控的软件运行时验证(Monitor-oriented Runtime Verification:MRV)方法可以有效的提高系统可靠性,但是在传统基于单核处理器架构的嵌入式系统中采用MRV方法会给目标系统性能造成较大的影响.本文对基于多核处理器架构的MRV方法进行了初步研究,分析并设计了在线验证、离线验证以及单监视器设计与多监视器设计等多种模式的MRV方法,给出了相应的MRV实现方案,并在几个开源项目中进行了MRV实例应用.实验数据分析表明,在不同模式下,基于多核处理器架构的MRV方法能够从不同程度上有效提高系统运行时验证的性能.本文工作为进一步设计有效的多核架构下MRV方法提供了基础.     

Failure analysis and tolerance strategies in web service ecosystems

Service‐oriented computing and cloud computing are playing critical roles in supporting business collaboration over the Internet. Thanks to the latest development in computing technologies, various large‐scale, evolving, and rapidly growing service ecosystems emerge. However, service failures greatly hamper the usability and reputation of service ecosystems. In the previous work, service failure is not adequately studied from an ecosystem's perspective. To address this gap, we propose a service failure analysis framework based on a complex network model of service ecosystem. This framework comprises a feature model of failed services and several service failure impact indicators. By applying the framework, empirical analysis of failed service features and failure impact assessment can be implemented more easily and precisely. Moreover, to provide failure tolerance strategies for service ecosystems, a novel composition‐based service substitution method is designed to replace the failed services with functional similar ones, such that the service systems are more robust when a failure occurs. As the new substitution method requires fewer structural data of services, it is more convenient to be applied in present RESTful Representational State Transfer (REST) service environment. Both the framework and the service substitution method are tested on real‐world data set, and their usability and efficiency are demonstrated. Copyright © 2014 John Wiley & Sons, Ltd.     

Interactive tool support for CSP || B consistency checking

CSP || B is an integration of two well known formal notations: CSP and B. It provides a method for modelling systems with both complex state (described in B machines) and control flow (described as CSP processes). Consistency checking within this approach verifies that a controller process never calls a B operation outside its precondition. Otherwise the behaviour of the operation cannot be predicted. In previous work, this check was carried out by manually decomposing the model before preprocessing the CSP processes to perform a hand-written weakest precondition proof. In this paper, a framework is described that mechanises consistency checking in a theorem prover and removes the need for preprocessing. This work is based on an existing PVS embedding of the CSP traces model, but it is extended by introducing a notion of state so that the interaction between processes and machines can be analysed. Numerous rules have been defined (and proved) which enable consistency checking and decomposition via PVS proof. These rules also formally justify the relaxation of previous constraints on CSP || B architectures, thereby widening the scope of CSP || B modelling. The PVS embedding and rules presented in this paper are not only applicable to CSP || B specifications, but to other combined approaches which use a non-blocking semantics for the state-based operations. R. Lazic, R. Nagarajan and J. C. P. Woodcock     

Fuzzy-set-based decision making through energy-aware and utility agents within wireless sensor networks

Multi-agent systems (MAS) through their intrinsically distributed nature offer a promising software modelling and implementation framework for wireless sensor network (WSN) applications. WSNs are characterised by limited resources from a computational and energy perspective; in addition, the integrity of the WSN coverage area may be compromised over the duration of the network’s operational lifetime, as environmental effects amongst others take their toll. Thus a significant problem arises—how can an agent construct an accurate model of the prevailing situation in order that it can make effective decisions about future courses of action within these constraints? In this paper, one popular agent architecture, the BDI architecture, is examined from this perspective. In particular, the fundamental issue of belief generation within WSN constraints using classical reasoning augmented with a fuzzy component in a hybrid fashion is explored in terms of energy-awareness and utility.     

Visual modeling of RESTful conversations with RESTalk

The cost savings introduced by Web services through code reuse and integration opportunities have motivated many businesses to develop Web APIs, with ever increasing numbers opting for the REST architectural style. RESTful Web APIs are decomposed in multiple resources, which the client can manipulate through HTTP interactions with well-defined semantics. Getting the resource in the desired state might require multiple client–server interactions, what we define as a RESTful conversation. RESTful conversations are dynamically guided by hypermedia controls, such as links. Thus, when deciding whether and how to use a given RESTful service, the client might not be aware of all the interactions which are necessary to achieve its goal. This is because existing documentation of RESTful APIs describes the static structure of the interface, exposing low-level HTTP details, while little attention has been paid to conceptual, high-level, modeling of the dynamics of RESTful conversations. Low-level HTTP details can be abstracted from during the design phase of the API, or when deciding which API to use. We argue that, in these situations, visual models of the required client–server interactions might increase developers’ efficiency and facilitate their understanding. Thus, to capture all possible interaction sequences in a given RESTful conversation, we propose RESTalk, an extension to the BPMN Choreography diagrams to render them more concise and yet sufficiently expressive in the specific REST domain. We also report on the results obtained from an exploratory survey we have conducted to assess the maturity of the field for a domain-specific language and to obtain feedback for future improvements of RESTalk.     

A unified framework for consistency check

Constraint Satisfaction Problem (CSP) involves finding values for variables to satisfy a set of constraints. Consistency check is the key technique in solving this class of problems. Past research has developed many algorithms for such a purpose, e.g., node consistency, are consistency, generalized node and arc consistency, specific methods for checking specific constraints, etc. In this article, an attempt is made to unify these algorithms into a common framework. This framework consists of two parts. the first part is a generic consistency check algorithm, which allows and encourages each individual constraint to be checked by its specific consistency methods. Such an approach provides a direct way of practical implementation of the CSP model for real problem-solving. the second part is a general schema for describing the handling of each type of constraint. the schema characterizes various issues of constraint handling in constraint satisfaction, and provides a common language for expressing, discussing, and exchanging constraint handling techniques. © 1995 John Wiley & Sons, Inc.