Specification, decomposition and agent synthesis for situation-aware service-based systems

Service-based systems are distributed computing systems with the major advantage of enabling rapid composition of distributed applications, such as collaborative research and development, e-business, health care, military applications and homeland security, regardless of the programming languages and platforms used in developing and running various components of the applications. In dynamic service-oriented computing environment, situation awareness (SAW) is needed for system monitoring, adaptive service coordination and flexible security policy enforcement. To greatly reduce the development effort of SAW capability in service-based systems and effectively support runtime system adaptation, it is necessary to automate the development of reusable and autonomous software components, called SAW agents, for situation-aware service-based systems. In this paper, a logic-based approach to declaratively specifying SAW requirements, decomposing SAW specifications for efficient distributed situation analysis, and automated synthesis of SAW agents is presented. This approach is based on AS³ calculus and logic, and our declarative model for SAW. Evaluation results of our approach are also presented.     

Parallel programming on a high‐performance application‐runtime

High‐performance application development remains challenging, particularly for scientists making the transition to a heterogeneous grid environment. In general areas of computing, virtual environments such as Java and .Net have proved to be successful in fostering application development, allowing users to target and compile to a single environment, rather than a range of platforms, instruction sets and libraries. However, existing runtime environments are focused on business and desktop computing and they do not support the necessary high‐performance computing (HPC) abstractions required by e‐Scientists. Our work is focused on developing an application‐runtime that can support these services natively. The result is a new approach to the development of an application‐runtime for HPC: the Motor system has been developed by integrating a high‐performance communication library directly within a virtual machine. The Motor message passing library is integrated alongside and in cooperation with other runtime libraries and services while retaining a strong message passing performance. As a result, the application developer is provided with a common environment for HPC application development. This environment supports both procedural languages, such as C, and modern object‐oriented languages, such as C#. This paper describes the unique Motor architecture, presents its implementation and demonstrates its performance and use. Copyright © 2008 John Wiley & Sons, Ltd.     

Maximizing quality of experience through context‐aware mobile application scheduling in cloudlet infrastructure

Application software execution requests, from mobile devices to cloud service providers, are often heterogeneous in terms of device, network, and application runtime contexts. These heterogeneous contexts include the remaining battery level of a mobile device, network signal strength it receives and quality‐of‐service (QoS) requirement of an application software submitted from that device. Scheduling such application software execution requests (from many mobile devices) on competent virtual machines to enhance user quality of experience (QoE) is a multi‐constrained optimization problem. However, existing solutions in the literature either address utility maximization problem for service providers or optimize the application QoS levels, bypassing device‐level and network‐level contextual information. In this paper, a multi‐objective nonlinear programming solution to the context‐aware application software scheduling problem has been developed, namely, QoE and context‐aware scheduling (QCASH) method, which minimizes the application execution times (i.e., maximizes the QoE) and maximizes the application execution success rate. To the best of our knowledge, QCASH is the first work in this domain that inscribes the optimal scheduling problem for mobile application software execution requests with three‐dimensional context parameters. In QCASH, the context priority of each application is measured by applying min–max normalization and multiple linear regression models on three context parameters—battery level, network signal strength, and application QoS. Experimental results, found from simulation runs on CloudSim toolkit, demonstrate that the QCASH outperforms the state‐of‐the‐art works well across the success rate, waiting time, and QoE. Copyright © 2016 John Wiley & Sons, Ltd.     

An Adaptive Middleware for Context-Sensitive Communications for Real-Time Applications in Ubiquitous Computing Environments

Context-sensitivity is an important expected capability in applications in ubiquitous computing (ubicomp) environments. These applications need to use different contextual information from the user, host device, on board sensors, network, and the ambient environments to systematically adapt their actions. In addition, some context-sensitive applications may use specific contextual conditions to trigger impromptu and possibly short-lived interactions with applications in other devices. This property, referred to as context-sensitive or context-aware communications, allows applications to form short-range mobile ad hoc networks consisting of mobile and stationary devices, sensors, and other computing resources. Real-time applications, especially those having reactive behavior, running on embedded devices and requiring context-sensitive communications support, pose new challenges related to systematic representation of specific contexts, associations of contexts with real-time actions, timely context data collection and propagation, and transparent context-sensitive connection establishment. An object-based middleware can be effective to meet these challenges if such a middleware can provide a well-defined development framework as well as lightweight runtime services. In this paper, an adaptive and object-based middleware, called reconfigurable context-sensitive middleware (RCSM) is presented to facilitate context-sensitive communications in ubicomp environments. To facilitates context-sensitive communications, RCSM provides a context-aware interface definition language for specifying context-sensitive interfaces of real-time objects, an object container framework for generating interfaces-specific context-analyzers, and a context-sensitive object request broker for context-sensitive object discovery and impromptu connection management. RCSM is adaptive in the sense that depending on the context-sensitive behavior of the applications, it adapts its object discovery and connection management mechanisms.     

Extending UML to model Web 2.0‐based context‐aware applications

Web 2.0 Mashups offer entirely new opportunities for context‐aware application (CAA) developers by integrating Web 2.0 technologies to facilitate interoperability among heterogeneous context‐aware systems. From a software engineering perspective, a visualized approach for Web 2.0‐based CAA modeling is crucial. Current CAA development, however, cannot provide a conceptual model for Web 2.0‐based CAA. Therefore, the development efficiency and potential for reuse are decreased. The UML is a general purpose modeling language with potential for use in many application domains. However, UML often lacks elements needed to model concepts in specific domains, such as Web 2.0‐based CAA modeling. To address the above issues, this study presents the Web 2.0‐based CAA UML profile, a UML profile for modeling Web 2.0‐based CAA. Copyright © 2011 John Wiley & Sons, Ltd.     

Collaboration and coordination in process-centered software development environments: a review of the literature

Process-centered software development environments are systems that provide automated support for software development activities.Such environments mediate the efforts of potentially large groups of developers working on a common project. This mediation is based on runtime support for actual work performance based on formal representations of work.In the present work, we survey and assess the contributions of the software process literature under the perspective of support for collaboration and coordination. A broad range of alternative approaches to various aspects of representation and runtime support are identified, based on the analysis of an expressive number of systems. The identified functionality can serve both as a guide for the evaluation and selection of systems of this kind as well as a roadmap for the development of new, improved systems.     

JAC: an aspect‐based distributed dynamic framework

In this paper, we present the Java Aspect Components (JAC) framework for building aspect‐oriented distributed applications in Java. This paper describes the aspect‐oriented programming model and the architectural details of the framework implementation. The framework enables extension of application semantics for handling well‐separated concerns. This is achieved with a software entity called an aspect component (AC). ACs provide distributed pointcuts, dynamic wrappers and metamodel annotations. Distributed pointcuts are a key feature of our framework. They enable the definition of crosscutting structures that do not need to be located on a single host. ACs are dynamic. They can be added, removed, and controlled at runtime. This enables our framework to be used in highly dynamic environments where adaptable software is needed. Copyright © 2004 John Wiley & Sons, Ltd.     

网络安全态势感知研究综述

网络安全态势感知不同于传统的安全措施,它可以对网络中各种活动的行为进行辨识,从宏观的角度进行意图理解和影响评估,进而提供合理的决策支持,在提高网络的监控能力、应急响应能力及预测网络安全的发展趋势等方面都具有重要的意义。分别对态势感知和网络安全态势感知的定义进行了归纳梳理,对经典的态势感知模型和新发展的网络安全态势感知模型进行了总结与对比;介绍了网络安全态势感知的关键技术,主要分为基于层次化分析、机器学习、免疫系统和博弈论的技术;介绍了近年来网络安全态势感知在因特网、工控网和物联网中的应用;对其未来发展趋势和待解决的问题进行了总结与展望。     

Design and implementation of the secure compiler and virtual machine for developing secure IoT services

Recent years have seen the development of computing environments for IoT (Internet of Things) services, which exchange large amounts of information using various heterogeneous devices that are always connected to networks. Since the data communication and services occur on a variety of devices, which not only include traditional computing environments and mobile devices such as smartphones, but also household appliances, embedded devices, and sensor nodes, the security requirements are becoming increasingly important at this point in time. Already, in the case of mobile applications, security has emerged as a new issue, as the dissemination and use of mobile applications have been rapidly expanding. This software, including IoT services and mobile applications, is continuously exposed to malicious attacks by hackers, because it exchanges data in the open Internet environment. The security weaknesses of this software are the direct cause of software breaches causing serious economic loss. In recent years, the awareness that developing secure software is intrinsically the most effective way to eliminate the software vulnerability, rather than strengthening the security system of the external environment, has increased. Therefore, methodology based on the use of secure coding rules and checking tools is attracting attention to prevent software breaches in the coding stage to eliminate the above vulnerabilities. This paper proposes a compiler and a virtual machine with secure software concepts for developing secure and trustworthy services for IoT environments. By using a compiler and virtual machine, we approach the problem in two stages: a prevention stage, in which the secure compiler removes the security weaknesses from the source code during the application development phase, and a monitoring stage, in which the secure virtual machine monitors abnormal behavior such as buffer overflow attacks or untrusted input data handling while applications are running.     

Toward Application-Aware Security and Reliability

Two trends - the increasing complexity of computer systems and their deployment in mission- and life-critical applications - are driving the need to provide applications with security and reliability support. Compounding the situation, the Internet's ubiquity has made systems much more vulnerable to malicious attacks that can have far-reaching implications on our daily lives. Clearly, the traditional one-size-fits-all approach to security and reliability is no longer sufficient or acceptable from the user perspective. In this article, we introduce the concept of application-aware checking as an alternative. By extracting application via recent breakthroughs in compiler analysis and enforcing the characteristics at runtime with the hardware modules embedded in the reliability and security engine (RSE), it's possible to achieve security and reliability with low overheads and false-positive rates     

HEARTDROID—Rule engine for mobile and context‐aware expert systems

Building mobile context‐aware systems is inherently complex and non‐trivial task. It consists of several phases starting from acquisition of context, through modeling to execution of contextual models. Today, such systems are mostly implemented on mobile platforms, that introduce specific requirements, such as intelligibility, robustness, privacy, and efficiency. Over the last decade, along with the rapid development of mobile industry, many approaches were developed that unevenly support these requirements. This is mainly caused by the fact that current modelling and reasoning methods are not crafted to operate in mobile environments. We argue that the use of rule‐based reasoning tailored to mobile environments is an optimal solution. Rules are based on symbolic knowledge representation, as such they meet the general tendency to enforce understandability, intelligibility, and controllability of artificial intelligence software, as stated in the recent European Union General Data Protection Regulation. To this goal, we introduce a lightweight rule engine dedicated for Android platform called HEARTDROID. It executes models in the HMR+ rule language that are capable of expressing uncertainty of knowledge, capturing dynamics of mobile environment and provide high level of intelligibility. We present a qualitative and quantitative comparison of HEARTDROID with the most popular rule engines available.     

TAO在舰载指控系统中的应用研究

在舰载指控领域中,基于TAO进行构件化的软件开发,由于缺乏构件开发和运行时管理等工具的支持,因此增加了应用软件开发与管理的复杂性。该文针对舰载指控系统的应用特征,对TAO进行了适应性改造和扩充,形成一套构件化开发和运行的集成环境,以简化舰载指控应用构件的开发,增强其灵活性及运行效率。     

Human exploration and development of space: using XML database Space Wide Web: Space Wide Web by adapters in distributed systems configuration from reusable components

Human exploration and development of space will involve opening the space frontier by exploring, using and enabling the development of space through information technology, while expanding the human experience into the far reaches of space. At that point in time we assert that the current primitive World Wide Web (Web) will be replaced and dramatically expanded into an Interstellar Space Wide Web (SWW). The current state-of-the-art low-orbits communications satellites constellations will be dramatically expanded to higher orbits and to orbits supporting work on other remote human colonies. This will be necessary in order to furnish in a human-friendly way the necessary software and information that will be needed in support of Interstellar Space Wide Information Technologies. Many of the problems encountered in conceiving of, modeling, designing and deploying such a facility will be different from those problems encountered in today’s Web. Future research and development work will be to identify some of these problems and to conceptually model a few of their solutions. In this work we describe research into the development of scalable tools and techniques that reduce the effort associated with component integration, both with respect to network environments and with respect to other components within the application. Our approach is also targeted at increasing the reusability of software components and software architectures. Our research is to investigate current problems in leveraging adapters as a means to configure of large-scale Next Generation distributed systems software from reusable architectures and components. Our approach to solving this problem is through the development of a novel configuration model and network-aware runtime environment called SWWACXML, for Space Wide Web Adapter Configuration eXtensible Markup Language. SWWACXML provides support for cross-layer architectural configuration at both the application level and the level of individual network connections. The language associated with this environment captures component interaction properties and network level quality-of-service (QoS) constraints. Adapters will be generated automatically from SWWACXML specifications. These adapters are part of the SWWACXML runtime system. The runtime system includes facilities for automatic configuration and runtime reconfiguration, as well as efficient management of network connections and QoS options. This facilitates reuse because components are not tied to interactions or environments. Another aspect of this work will focus on development and experimentation with a novel Web-based interaction paradigm that allows client adapters to tailor themselves to servers at runtime. One of the strengths of our approach is that clients do not have to be tied to specific servers at implementation time. Rather, a client’s adapter loads an SWWACXML configuration page from the server. The SWWACXML configuration page defines the appropriate interaction, including management of heterogeneous network QoS options. We believe our approach is amenable to facilitate a style of dynamic reconfiguration, where clients can at runtime change server, communication or interaction protocol. Future researchers and developers will design and implement the SWWACXML system in a distributed test-bed. They will develop performance analysis techniques to judge the success and efficiency of our approach.     

Runtime software architecture based on reflective middleware

Copyright by Science in China Press 2004 Since its first literate identification and discussion[1], software architecture (SA) has become an important subfield of software engineering, receiving increasing attention from both academic and industrial communities. SA describes the gross structure of a software system with a collection of components, connectors and constraints[2]. In gen-eral, SA acts as a bridge between requirements and implementation and provides a blue-print for system cons…     

A hybrid positioning system for technology‐independent location‐aware computing

Location‐aware computing is a form of context‐aware mobile computing that refers to the ability of providing users with services that depend on their position. Locating the user terminal, often called positioning, is essential in this form of computing. Towards this aim, several technologies exist, ranging from personal area networking, to indoor, outdoor, and up to geographic area systems. Developers of location‐aware software applications have to face with a number of design choices, that typically depend on the chosen technology. This work addresses the problem of easing the development of pull location‐aware applications, by allowing uniform access to multiple heterogeneous positioning systems. Towards this aim, the paper proposes an approach to structure location‐aware mobile computing systems in a way independent of positioning technologies. The approach consists in structuring the system into a layered architecture, that provides application developers with a standard Java Application Programming Interface (JSR‐179 API), and encapsulates location data management and technology‐specific positioning subsystems into lower layers with clear interfaces. In order to demonstrate the proposed approach we present the development of HyLocSys. It is an open hybrid software architecture designed to support indoor/outdoor applications, which allows the uniform (combined or separate) use of several positioning technologies. HyLocSys uses a hybrid data model, which allows the integration of different location information representations (using symbolic and geometric coordinates). Moreover, it allows support to handset‐ and infrastructure‐based positioning approaches while respecting the privacy of the user. The paper presents a prototypal implementation of HyLocSys for heterogeneous scenarios. It has been implemented and tested on several platforms and mobile devices. Copyright © 2009 John Wiley & Sons, Ltd.     

Model-driven specification and enforcement of RBAC break-glass policies for process-aware information systems

ContextIn many organizational environments critical tasks exist which – in exceptional cases such as an emergency – must be performed by a subject although he/she is usually not authorized to perform these tasks. Break-glass policies have been introduced as a sophisticated exception handling mechanism to resolve such situations. They enable certain subjects to break or override the standard access control policies of an information system in a controlled manner.ObjectiveIn the context of business process modeling a number of approaches exist that allow for the formal specification and modeling of process-related access control concepts. However, corresponding support for break-glass policies is still missing. In this paper, we aim at specifying a break-glass extension for process-related role-based access control (RBAC) models.MethodWe use model-driven development (MDD) techniques to provide an integrated, tool-supported approach for the definition and enforcement of break-glass policies in process-aware information systems. In particular, we provide modeling support on the computation independent model (CIM) layer as well as on the platform independent model (PIM) and platform specific model (PSM) layers.ResultsOur approach is generic in the sense that it can be used to extend process-aware information systems or process modeling languages with support for process-related RBAC and corresponding break-glass policies. Based on the formal CIM layer metamodel, we present a UML extension on the PIM layer that allows for the integrated modeling of processes and process-related break-glass policies via extended UML Activity diagrams. We evaluated our approach in a case study on real-world processes. Moreover, we implemented our approach at the PSM layer as an extension to the BusinessActivity library and runtime engine.ConclusionOur integrated modeling approach for process-related break-glass policies allows for specifying break-glass rules in process-aware information systems.     

A task‐based and resource‐aware approach to dynamically generate optimal software architecture for intelligent service robots

Intelligent service robots provide various services to users by understanding the context and goals of a user task. In order to provide more reliable services, intelligent service robots need to consider various factors, such as their surrounding environments, users' changing needs, and constrained resources. To handle these factors, most of the intelligent service robots are controlled by a task‐based control system, which generates a task plan that represents a sequence of actions, and executes those actions by invoking the corresponding functions. However, the traditional task‐based control systems lack the consideration of resource factors even though intelligent service robots have limited resources (limited computational power, memory space, and network bandwidth). Moreover, system‐specific concerns such as the relationships among functional modules are not considered during the task generation phase. Without considering both the resource conditions and interdependencies among software modules as a whole, it will be difficult to efficiently manage the functionalities that are essential to provide core services to users. In this paper, we propose a mechanism for intelligent service robots to efficiently use their resources on‐demand by separating system‐specific information from task generation. We have defined a sub‐architecture that corresponds to each action of a task plan, and provides a way of using the limited resources by minimizing redundant software components and maintaining essential components for the current action. To support the optimization of resource consumption, we have developed a two‐phase optimization process, which is composed of the topological and temporal optimization steps. We have conducted an experiment with these mechanisms for an infotainment robot, and simulated the optimization process. Results show that our approach contributed to increase the utilization rate by 20% of the robot resources. Copyright © 2011 John Wiley & Sons, Ltd.     

JavAdaptor—Flexible runtime updates of Java applications

Software is changed frequently during its life cycle. New requirements come, and bugs must be fixed. To update an application, it usually must be stopped, patched, and restarted. This causes time periods of unavailability, which is always a problem for highly available applications. Even for the development of complex applications, restarts to test new program parts can be time consuming and annoying. Thus, we aim at dynamic software updates to update programs at runtime. There is a large body of research on dynamic software updates, but so far, existing approaches have shortcomings either in terms of flexibility or performance. In addition, some of them depend on specific runtime environments and dictate the program's architecture. We present JavAdaptor , the first runtime update approach based on Java that (a) offers flexible dynamic software updates, (b) is platform independent, (c) introduces only minimal performance overhead, and (d) does not dictate the program architecture. JavAdaptor combines schema changing class replacements by class renaming and caller updates with Java HotSwap using containers and proxies. It runs on top of all major standard Java virtual machines. We evaluate our approach's applicability and performance in non‐trivial case studies and compare it with existing dynamic software update approaches. Copyright © 2012 John Wiley & Sons, Ltd.     

Hippocratic binary instrumentation: First do no harm

In-lined Reference Monitors (IRMs) cure binary software of security violations by instrumenting them with runtime security checks. Although over a decade of research has firmly established the power and versatility of the in-lining approach to security, its widespread adoption by industry remains impeded by concerns that in-lining may corrupt or otherwise harm intended, safe behaviors of the software it protects. Practitioners with such concerns are unwilling to adopt the technology despite its security benefits for fear that some software may break in ways that are hard to diagnose.This paper shows how recent approaches for machine-verifying the policy-compliance (soundness) of IRMs can be extended to also formally verify IRM preservation of policy-compliant behaviors (transparency). Feasibility of the approach is demonstrated through a transparency-checker implementation for Adobe ActionScript bytecode. The framework is applied to enforce security policies for Adobe Flash web advertisements and automatically verify that their policy-compliant behaviors are preserved.