Validating a web service security abstraction by typing

An XML web service is, to a first approximation, an RPC service in which requests and responses are encoded in XML as SOAP envelopes, and transported over HTTP. We consider the problem of authenticating requests and responses at the SOAP-level, rather than relying on transport-level security. We propose a security abstraction, inspired by earlier work on secure RPC, in which the methods exported by a web service are annotated with one of three security levels: none, authenticated, or both authenticated and encrypted. We model our abstraction as an object calculus with primitives for defining and calling web services. We describe the semantics of our object calculus by translating to a lower level language with primitives for message passing and cryptography. To validate our semantics, we embed correspondence assertions that specify the correct authentication of requests and responses. By appeal to the type theory for cryptographic protocols of Gordon and Jeffrey's Cryptyc, we verify the correspondence assertions simply by typing. Finally, we describe an implementation of our semantics via custom SOAP headers. Received December 2003 Revised November 2004 Accepted December 2004 by A. E. Abdallah, P. Y. A. Ryan, S. A. Schneider and D. J. Cooke     

Preference-oriented real-time scheduling and its application in fault-tolerant systems

In this paper, we consider a set of real-time periodic tasks where some tasks are preferably executed as soon as possible (ASAP) and others as late as possible (ALAP) while still meeting their deadlines. After introducing the idea of preference-oriented (PO) execution, we formally define the concept of PO-optimality. For fully-loaded systems (with 100% utilization), we first propose a PO-optimal scheduler, namely ASAP-Ensured Earliest Deadline (SEED), by focusing on ASAP tasks where the optimality of ALAP tasks’ preference is achieved implicitly due to the harmonicity of the PO-optimal schedules for such systems. Then, for under-utilized systems (with less than 100% utilization), we show the discrepancies between different PO-optimal schedules. By extending SEED, we propose a generalized Preference-Oriented Earliest Deadline (POED) scheduler that can obtain a PO-optimal schedule for any schedulable task set. The application of the POED scheduler in a dual-processor fault-tolerant system is further illustrated. We evaluate the proposed PO-optimal schedulers through extensive simulations. The results show that, comparing to that of the well-known EDF scheduler, the scheduling overheads of SEED and POED are higher (but still manageable) due to the additional consideration of tasks’ preferences. However, SEED and POED can achieve the preference-oriented execution objectives in a more successful way than EDF.     

时变采样周期网络控制系统的鲁棒容错控制器设计

研究具有时变采样周期网络控制系统的执行器失效的完整性问题．假设系统任意两个连续采样间隔具有上界,利用输入时延法,将时变采样周期网络控制系统等价转化为连续时变时延网络控制系统．在此基础上,基于时延条件,应用Ｌｙａｐｕｎｏｖ稳定性理论和线性矩阵不等式（ＬＭＩｓ）方法证明了鲁棒容错控制律的存在条件,设计了鲁棒容错控制器,并给出了系统完整性条件下的最大允许时延的估计方法．仿真结果验证了所提方法的可行性和有效性．     

A dynamic fault-tolerant message routing algorithm for double-loop networks

Message routing is a fundamental function of a network, and fault-tolerance is an important tool to ensure the quality of service of a network. Assume that the network contains at most one faulty element and the algorithm does not know the faulty element in advance. We present an optimal fault-tolerant message routing algorithm for double-loop networks. We show that sending at most two messages with different routing strategies can ensure that one of the messages will be sent through a shortest path that avoids the faulty element. At each vertex, for any destination, the algorithm needs only constant time and space to determine the next vertex to which the message is to be sent.     

Safe diagnosability for fault-tolerant supervision of discrete-event systems

The problem of achieving fault-tolerant supervision of discrete-event systems is considered from the viewpoint of safe and timely diagnosis of unobservable faults. To this end, the new property of safe diagnosability is introduced and studied. Standard definitions of diagnosability of discrete-event systems deal with the problem of detecting the occurrence of unobservable fault events using model-based inferencing from observed sequences of events. In safe diagnosability, it is required in addition that fault detection occur prior to the execution of a given set of forbidden strings in the failed mode of operation of the system. For instance, this constraint could be required to prevent local faults from developing into failures that could cause safety hazards. If the system is safe diagnosable, reconfiguration actions could be forced upon the detection of faults prior to the execution of unsafe behaviour, thus achieving the objective of fault-tolerant supervision. Necessary and sufficient conditions for safe diagnosability are derived. In addition, the problem of explicitly considering safe diagnosability in controller design, termed “active safe diagnosis problem”, is formulated and solved. A brief discussion of safe diagnosability for timed models of discrete-event systems is also provided.     

地图符号服务与地图服务的耦合

为了实现地图符号在地图服务(WMS)中的应用,达到灵活定制WMS可视化效果的目的,从支持WMS的图层样式描述规范(SLD)入手,通过对SLD和WMS的分析,研究网络地图符号的发布方法,设计地图符号服务框架,提出了基于SLD,地图符号服务与WMS的耦合方法,以解决基于WMS的WebGIS应用中无法通过符号改变地图可视化效果的问题,实验结果表明该方法可以有效地关联地图符号服务与WMS,实现了WMS可视化效果的灵活定制.     

Interval observer framework for fault-tolerant control of linear parameter-varying systems

This paper addresses the problem of passive fault-tolerant control for linear parameter-varying systems subject to actuator faults. The FTC, based on a linear state feedback, is designed to compensate the impact of actuator faults on system performance by stabilising the closed-loop system using interval observers. The design of interval observers is based on the discrete-time Luenberger observer structure, where uncertainties and faults with known bounds are considered. Sufficient conditions for the existence of the proposed observer are explicitly provided. Simulation results are presented to show the effectiveness of the proposed approach.     

一类不确定非线性切换系统的鲁棒容错控制

研究一类不确定非线性切换系统的鲁棒容错控制问题,当执行器失效或部分失效时,利用Lyapunov函数法建立切换闭环系统混杂状态反馈容错控制器存在的充分条件;然后运用线性矩阵不等式将鲁棒容错控制器设计问题转化为一组线性矩阵不等式的可行解问题,从而借助Matlab中线性矩阵不等式工具箱求解;最后通过数值算倒验证了所提出设计方法的有效性.     

A fault-tolerant object service in the OMG's object management architecture

The object management architecture (OMA) has been recognized as a de facto standard in the development of object services in a distributed computing environment. In a distributed system, the provision for failure-recovery is always a vital design issue. However, the fault-tolerant service has not been extensively considered in the current OMA framework, despite the fact that an increasing number of useful common services and common facilities have been adopted in OMA. In this paper, we propose a fault-tolerance developing environment, called Phoinix, which is compatible to the OMA framework. In Phoinix, object services can be developed with embedded fault-tolerance capability to tolerate both hardware and software failures. The fault-tolerance capability in Phoinix is classified into two levels: restart, and rollback-recovery; where the fault-tolerance capability enhances as the level increases. Currently, Phoinix is ported on Orbix 2.0 and on SunOS 4.2. In this paper, the design and implementation of Phoinix is presented and its performance is evaluated.     

Design and implementation of a Byzantine fault tolerance framework for Web services

Many Web services are expected to run with high degree of security and dependability. To achieve this goal, it is essential to use a Web services compatible framework that tolerates not only crash faults, but Byzantine faults as well, due to the untrusted communication environment in which the Web services operate. In this paper, we describe the design and implementation of such a framework, called BFT-WS. BFT-WS is designed to operate on top of the standard SOAP messaging framework for maximum interoperability. It is implemented as a pluggable module within the Axis2 architecture, as such, it requires minimum changes to the Web applications. The core fault tolerance mechanisms used in BFT-WS are based on the well-known Castro and Liskov’s BFT algorithm for optimal efficiency. Our performance measurements confirm that BFT-WS incurs only moderate runtime overhead considering the complexity of the mechanisms.     

A framework for the deployment of adaptable web service compositions

The basic paradigm of service-oriented architectures—publication, discovery, and use—can be interpreted in different ways. Current technologies assume a static and rigid approach: UDDI was conceived with the idea of a centralized repository for service publication and BPEL only supports design–time bindings between the orchestrated workflow and the external services. The trend, however, is towards more flexibility and dynamism. The single centralized repository is being substituted by dedicated repositories that cooperate and exchange information about stored services on demand. Design–time compositions are complemented by mechanisms to allow for the selection and binding of services at runtime. This paper presents the research results of our group in delivering a framework for the deployment of adaptable Web service compositions. The publication infrastructure integrates existing heterogeneous repositories and makes them cooperate for service discovery. The deployment infrastructure supports BPEL-like compositions that can select services dynamically, and also adjust their behavior in response to detected changes and unforeseen events. The framework also provides a monitoring-based validation of running compositions: we provide suitable probes to oversee the execution of deployed compositions. The various parts of the framework are exemplified on a common case study taken from the automotive domain. This research is partially supported by the European IST project SeCSE (Service Centric System Engineering) and the Italian FIRB project ARTDECO (Adaptive infRasTructures for DECentralized Organizations).     

Bibliographical review on reconfigurable fault-tolerant control systems

In this paper, a bibliographical review on reconfigurable (active) fault-tolerant control systems (FTCS) is presented. The existing approaches to fault detection and diagnosis (FDD) and fault-tolerant control (FTC) in a general framework of active fault-tolerant control systems (AFTCS) are considered and classified according to different criteria such as design methodologies and applications. A comparison of different approaches is briefly carried out. Focuses in the field on the current research are also addressed with emphasis on the practical application of the techniques. In total, 376 references in the open literature, dating back to 1971, are compiled to provide an overall picture of historical, current, and future developments in this area.     

Modeling and verifying choreographed multi-agent-based web service compositions regulated by commitment protocols

The competency to compose web services from available services is one of the most crucial problems in the paradigm of service-oriented computing. Conventional software engineering approaches and even standard languages compose web services as workflow models that control the business logic required to coordinate data over participating services. Such models would not apply to the design of multi-agent based web services, which offer high-level abstractions that support autonomy, business-level compliance, and flexible dynamic changes. In this article, we model interactions among multi-agent based web services by commitment modalities in the form of contractual obligations and devote multi-agent commitment protocols to regulate such interactions and engineer services composition. We develop and fully implement an automatic verifier by enriching the MCMAS model checker with certain symbolic algorithms to verify the correctness of protocols, given properties expressed in a temporal commitment logic, suitably extended with actions. We analyze the time and space complexity of the verifier. Finally, we present the experimental results of two case studies, adopted to check the verifier’s efficiency and scalability.     

动态Web服务合成中的服务选择算法研究

为了提高服务合成效率并更好的适应动态变化的应用环境,提出了基于流程修改的服务合成方案,使得复合服务的执行与服务发现过程并行化。提出了基于QoS属性的服务选择算法,该算法能够实现服务执行时选择服务,在考虑综合QoS信息及时间因素的基础上,通过不断更新用户需求来进行服务选择,提高了服务合成效率。实验结果表明,该选择算法可以获得满足用户需求且最优的服务,很好的保证了服务的可靠执行。     

Robust fault-tolerant self-recovering control of nonlinear uncertain systems

In this paper, the problem of devising a fault-tolerant robust control for a class of nonlinear uncertain systems is investigated. Possible failures of the sensor measuring the state variables are considered, and a robust measure is developed to identify the stability- and performance-vulnerable failures. Based on evaluation of the robust measure, a fault-tolerant robust control will switch itself between one robust control strategy designed under normal operation and another under the faulty condition. It is shown that, under two input-to-state stability conditions, the proposed scheme guarantees not only the desired performance under normal operations but also robust stability and best achievable performance when there is a sensor failure of any kind.