The DYNAMOS approach to support context-aware service provisioning in mobile environments

To efficiently make use of information and services available in ubiquitous environments, mobile users need novel means for locating relevant content, where relevance has a user-specific definition. In the DYNAMOS project, we have investigated a hybrid approach that enhances context-aware service provisioning with peer-to-peer social functionalities. We have designed and implemented a system platform and application prototype running on smart phones to support this novel conception of service provisioning. To assess the feasibility of our approach in a real-world scenario, we conducted field trials in which the research subject was a community of recreational boaters.     

Dynamic SLAs management in service oriented environments

The increasing adoption of service oriented architectures across different administrative domains, forces service providers to use effective mechanisms and strategies of resource management in order for them to be able to guarantee the quality levels their customers demands during service provisioning. Service level agreements (SLA) are the most common mechanism used to establish agreements on the quality of a service (QoS) between a service provider and a service consumer. The WS-Agreement specification, developed by the Open Grid Forum, is a Web Service protocol to establish agreements on the QoS level to be guaranteed in the provision of a service. The committed agreement cannot be modified during service provision and is effective until all activities pertaining to it are finished or until one of the signing party decides to terminate it. In B2B scenarios where several service providers are involved in the composition of a service, and each of them plays both the parts of provider and customer, several one-to-one SLAs need to be signed. In such a rigid context the global QoS of the final service can be strongly affected by any violation on each single SLA. In order to prevent such violations, SLAs need to adapt to any possible needs that might come up during service provision. In this work we focus on the WS-Agreement specification and propose to enhance the flexibility of its approach. We integrate new functionality to the protocol that enable the parties of a WS-Agreement to re-negotiate and modify its terms during the service provision, and show how a typical scenario of service composition can benefit from our proposal.     

Semantic service provisioning for smart objects: Integrating IoT applications into the web

Internet of Things (IoT) applications residing on the Web are the next logical development of the recent effort from academia and industry to design and standardize new communication protocols for smart objects. This paper proposes the service provisioning architecture for smart objects with semantic annotation to enables the integration of IoT applications into the Web. We aim to bring smart object services to the Web and make them accessible by plenty of existing Web APIs in consideration of its constraints such as limited resources (ROM, RAM, and CPU), low-power microcontrollers, and low-bitrate communication links.     

Deriving business processes with service level agreements from early requirements

When designing a service-based business process employing loosely coupled services, one is not only interested in guaranteeing a certain flow of work, but also in how the work will be performed. This involves the consideration of non-functional properties which go from execution time and costs, to trust and security. Ideally, a designer would like to have guarantees over the behavior of the services involved in the process. These guarantees are the object of Service Level Agreements.We propose a methodology to design service-based business processes together with Service Level Agreements that guarantee a certain quality of execution, with particular emphasis on security. Starting from an early requirements analysis modeled in the Secure Tropos formalism, we provide a set of user-guided transformations and reasoning tools the final output of which is a set of processes in the form of Secure BPELs together with a set of Service Level Agreements to be signed by participating services. To show the potential impact of the approach, we illustrate the functioning of the methodology on a collaborative procurement scenario derived from the application domain of a research project.     

Conformance analysis in networks with service level agreements

To achieve some level of Quality of Service (QoS) assurance, a network usually has Service Level Agreements (SLAs) with its users and neighboring domains, which describe the QoS level that the service provider is committed to provide, and the specification of traffic that users or neighboring domains are allowed to send. An interesting and important question arises as to whether a flow is still conformant to its original traffic specification after crossing the network since it may interact with other flows within the network. In this paper, we study analytically the extent to which a flow and an aggregate of flows become non-conformant through an analysis of the stochastic burstiness increase of flows after crossing a per-flow scheduling network and an aggregate scheduling network . The stochastic behavior of a server in aggregate scheduling networks is also studied to determine the conformance deterioration of individual flows, which provides the theoretical conformance deterioration bound and provides useful results for conformance analysis in an aggregate scheduling network with general topology. Our theoretical results are verified by extensive simulations.     

Lifetime service level agreement management with autonomous agents for services provision

In the web services environment, service level agreements (SLA) refers to mutually agreed understandings and expectations between service consumers and providers on the service provision. Although management of SLA is critical to wide adoption of web services technologies in the real world, support for it is very limited nowadays, especially in web service composition scenarios. There lacks adequate frameworks and technologies supporting various SLA operations such as SLA formation, enforcement, and recovery. This paper presents a novel agent-based framework which utilises the agents’ ability of negotiation, interaction, and cooperation to facilitate autonomous SLA management in the context of service composition provision. Based on this framework, mechanisms for autonomous SLA operations are proposed and discussed. Results from simulations show that by integrating agents and web services the framework can address issues of SLA management drawn from sophisticated service composition scenarios.     

A service provisioning system for distributed personalization with private data protection

Personalized services can provide significant user benefits since they adapt their behavior to better support the user. Personalized services use a variety of data related to the user to decide their behavior. Thus personalized service needs a provisioning system that can collect the data that impacts service behavior and allows selection of the most appropriate service. However, in the coming ubiquitous environment, some data necessary for determining service behavior might be unavailable due to two possible reasons. One is that the data does not exit. The other is that the data exists but cannot be accessed. For example, users do not want to disclose their personal information, and service providers do not also want to expose data related to their knowhow in services. This paper describes a new service provisioning system for distributed personalization with private data protection. Specifically, the system selects applicable services by assessing how well each candidate service behaves when some data is missing. It then executes those selected services while hiding the users’ and providers’ private data in a distributed manner. We first summarize the requirements for a personalized service system, and introduce our fundamental policies for the system. The two main components of our system are then described in detail. One component is a service assessment mechanism that can judge if a service can work without data that can be used for adaptation. The second component is a service execution mechanism that can utilize private data while still ensuring privacy. This component divides service logic and executes divided logic where necessary data is available. The paper finally describes our prototype implementation and its performance evaluation results.     

SLA-controlled interconnection charging in next generation networks

Next generation network (NGN) should facilitate a single party to establish quality of service (QoS) enabled path between the two IP providers mutually interconnected by one or more transit providers. For that purpose, an end-to-end service level agreement (SLA) should be negotiated and maintained. In this article, we propose interconnection charging, which is controlled by the end-to-end SLA. Relationships between the required, offered, and actually achieved inter-provider QoS are quantified through the degrees of offering and provisioning, at both end-to-end and per-domain levels. Nominal retail price offered to end users and interconnection costs related with particular SLA are then corrected if needed, depending on the offered and provisioned QoS levels. We further propose five policies for interconnection charging and compare them under different QoS provisioning scenarios. Results of the analysis indicate that a properly selected SLA-controlled interconnection charging policy should encourage providers: (1) to offer services with different QoS levels; (2) to offer service that perfectly or most approximately matches the required QoS and (3) to achieve the contracted QoS level.     

Inter-autonomous system provisioning for end-to-end bandwidth guarantees

This paper addresses the issue of provisioning end-to-end bandwidth guarantees across multiple Autonomous Systems (ASes). We first review a cascaded model for negotiating and establishing service level agreements for end-to-end bandwidth guarantees between ASes. We then present a network dimensioning system that uses traffic engineering mechanisms for the provisioning of end-to-end bandwidth guarantees. The network dimensioning system solves two problems: (1) the economic problem of how to determine the optimum amount of bandwidth that needs to be purchased from adjacent downstream ASes at a minimum total cost; (2) given the available bandwidth resources within and beyond the AS as a result of (1), the engineering problem of how to assign bandwidth guaranteed routes to the predicted traffic while optimizing the network resource utilization. We formulate both as integer-programming problems and prove them to be NP-hard. An efficient genetic algorithm and an efficient greedy-penalty heuristic are, respectively, used to solve the two problems and we show that these perform significantly better than simple heuristic and random approaches.     

Spare capacity provisioning for quasi-static traffic

Resource provisioning has for long been an important area of research in network design. The traffic grooming problem in optical networks is a design problem of aggregating sub-wavelength traffic demands onto lightpaths and lightpaths onto fiber links such that the required electronic switching capability, hence network cost, can be minimized. Because of the reconfiguration cost in optical grooming networks, a reactive resource provisioning approach may become inefficient, and result in revenue loss. In this paper, we propose an over-provisioning scheme, which pre-allocates the spare capacity of lightpaths to dynamic sub-wavelength traffic demands such that the network can be more agile in responding to traffic increment requests. For the single-link case, we formulate the problem as a non-linear programming problem, and for under reasonable assumptions, we prove the objective function is convex. We provide an exact algorithm to find the optimal solution. The problem with general topologies is then studied. We prove the NP-hardness in this case, and propose heuristics. Numerical results show our heuristics perform well.     

Secure service composition with information flow control in service clouds

Service clouds built on cloud infrastructures and service-oriented architecture provide users with a novel pattern of composing basic services to achieve complicated tasks. However, in multiple clouds environment, outsourcing data and applications pose a great challenge to information flow security for the composite services, since sensitive data may be leaked to unauthorized attackers during service composition. Although model checking has been considered as a promising approach to enforce information flow security precisely, its high complexity on modeling and the heavy cost on verification cause great burdens to the process of service composition. In this paper, we propose a distributed approach to composing services securely with information flow control. In our approach, each service component is first verified through model checking, and then a compositional verification procedure is executed to ensure the information flow security along with the composition of these services. The experimental results indicate that our approach can reduce the cost of verification compared with the global verification approach.     

A generic architecture for autonomic service and network management

As the Internet evolves into an all-IP communication infrastructure, a key issue to consider is that of creating and managing IP-based services with efficient resource utilization in a scalable, flexible, and automatic way. In this paper, we present the Autonomic Service Architecture (ASA), a uniform framework for automated management of both Internet services and their underlying network resources. ASA ensures the delivery of services according to specific service level agreements (SLAs) between customers and service providers. As an illustrative example, ASA is applied to the management of DiffServ/MPLS networks, where we propose an autonomic bandwidth sharing scheme. With the proposed scheme, the bandwidth allocated for each SLA can be automatically adjusted according to the measured traffic load and under policy control for efficient resource utilization, while SLA compliance over the network is always guaranteed.     

Matrix based proactive resource provisioning in mobile cloud environment

Mobile cloud computing is a dynamic, virtually scalable and network based computing environment where mobile device acts as a thin client and applications run on remote cloud servers. Mobile cloud computing resources required by different users depend on their respective personalized applications. Therefore, efficient resource provisioning in mobile clouds is an important aspect that needs special attention in order to make the mobile cloud computing a highly optimized entity. This paper proposes an adaptive model for efficient resource provisioning in mobile clouds by predicting and storing resource usages in a two dimensional matrix termed as resource provisioning matrix. These resource provisioning matrices are further used by an independent authority to predict future required resources using artificial neural network. Independent authority also checks and verifies resource usage bill computed by cloud service provider using resource provisioning matrices. It provides cost computation reliability for mobile customers in mobile cloud environment. Proposed model is implemented on Hadoop using three different applications. Results indicate that proposed model provides better mobile cloud resources utilization as well as maintains quality of service for mobile customer. Proposed model increases battery life of mobile device and decreases data usage cost for mobile customer.     

Research on dynamic business composition based on web service proxies

Web services-based business composition brings a number of advantages to the enterprise application development. How to select and compose the web services based on their functionality and QoS (Quality of Service) dynamically prove to be more and more important. In this paper we develop a proxy-based framework to compose Web services dynamically. The framework is featured with a QoS model, an effective service discovery and selection algorithms to facilitate the dynamic integration of Web services and management of abnormalities. Furthermore, a business process constructing method based on service slice is put forward to satisfy the users’ personalized requirements more effectively and flexibly. Our study concerns both functionality and QoS characteristics of Web services to identify the optimal business process solutions. A Complete case study is also included in this paper and the performance demonstrated that the framework and algorithms can provide a tangible and reliable solution to dynamic Web service composition and adaptation.     

基于ITIL体系的安全服务级别管理研究

通过引入IT服务管理的理念,将安全运营管理定位为IT基础设施库ITIL中的服务,同时综合借鉴BS7799、NIST SP800系列以及其它有关信息安全标准的特点,构建基于ITIL的网络安全运营管理体系,帮助解决安全运营管理平台相关技术和产品的研究开发过程缺乏标准和规范的问题.服务级别管理是基于ITIL的网络安全运营管理体系保证安全服务达到组织或客户的期望并获得认可的关键,是基于安全服务级别协议的协商、定案、监控、报告和总结的过程.详细阐述了安全服务级别管理的相关概念、流程以及与安全运营管理体系其它过程间的关系.     

Resource provisioning in collaborative fog computing for multiple delay-sensitive users

Fog computing is an emerging paradigm that supplies storage, computation, and networking resources between traditional cloud data centers and end devices. This article focuses on the resource provisioning problem in collaborative fog computing for multiple delay-sensitive users. Our goal is to implement a resource provisioning strategy for network operators to minimize the total monetary cost by considering the deadline and capacity constraints. Two scenarios are considered: unlimited-processor fog nodes (UPFN) and limited-processor fog nodes (LPFN). In either scenario, we prove that the resource provisioning problem is NP-hard. First, we consider the UPFN scenario that the processors of fog nodes are unlimited and users' requests can be ideally processed in parallel. Two algorithms are proposed which greedily delete fog nodes based on the local or global collaborative influences until there is no feasible provisioning to guarantee the deadline of users. Then we extend the resource provisioning problem to a more realistic and complicated scenario LPFN in which the scheduling delay cannot be ignored. Two types of tasks are considered. One is the arbitrarily divided tasks, and a near-optimal solution bounded by has been found. m is the number of fog nodes, and is the upper bound on the Lipschitz constant of the delay function. Another one is the application-driven tasks, and we propose a heuristic algorithm. Extensive experiments validate the efficiency of the proposed algorithms.     

Secure overlay networks for federated service provision and management

This paper presents the components and formal information model enabling the dynamic creation and management of secure overlay networks. Special attention will be paid to the solution provided to two important open issues: the definition of a certificate path building and validation algorithm (to ease the trust establishment and negotiation processes) and the definition and negotiation of SLAs in inter-domain secure overlay scenarios. Given a set of already existing domains with certain trust relationships, each overlay network allows the secure sharing of some (or all) of its services. For this, the administrator of each administrative domain will define using a formal information model which services he wants to share with any other domain, and which ones is he expecting from these other domains. Time and other networking conditions can also be indicated allowing secure overlay networks to be dynamically and automatically established and managed.