Specification and Verification of Contract-Based Applications

Nowadays emerging paradigms are being adopted by several companies, where applications are built by assembling loosely-coupled distributed components, called services. Services may belong to possibly mutual distrusted organizations and may have conflicting goals. New methodologies for designing and verifying these applications are necessary for coping with new scenarios in which a service does not adhere with its prescribed behaviour, namely its contract. The thesis tackles this problem by proposing techniques for specifying and verifying distributed applications. The first contribution is an automata-based model checking technique for ensuring both service compliance and security requirements in a composition of services. We further develop the automata-based approach by proposing a novel formal model of contracts based on tailored finite state automata, called contract automata. The proposed model features several notions of contract agreement described from a language-theoretic perspective, for characterising the modalities in which the duties and requirements of services are fulfilled. Contract automata are equipped with different composition operators, to uniformly model both single and composite services, and techniques for synthesising an orchestrator to enforce the properties of agreement. Algorithms for verifying these properties are introduced, based on control theory and linear programming techniques. The formalism assumes the existence of possible malicious components trying to break the overall agreement, and techniques for detecting and banning eventually liable services are described. We study the conditions for dismissing the central orchestrator in order to generate a distributed choreography of services, analysing both closed and open choreographed systems, with synchronous or asynchronous interactions. We relate contract automata with different intutionistic logics for contracts, introduced for solving mutual circular dependencies between the requirements and the obligations of the parties, with either linear or non-linear availability of resources. Finally, a prototypical tool implementing the theory developed in the thesis is presented.

[1]  S. Wallace Algorithms and Model Formulations in Mathematical Programming , 1989, NATO ASI Series.

[2]  Ivan Lanese,et al.  Bridging the Gap between Interaction- and Process-Oriented Choreographies , 2008, 2008 Sixth IEEE International Conference on Software Engineering and Formal Methods.

[3]  Luca Padovani,et al.  Contracts for Mobile Processes , 2009, CONCUR.

[4]  Steffen van Bakel,et al.  Orchestrated Session Compliance , 2015, ICE.

[5]  P. Darondeau,et al.  Opacity enforcing control synthesis , 2008, 2008 9th International Workshop on Discrete Event Systems.

[6]  S. Pinchinat,et al.  You can always compute maximally permissive controllers under partial observation when they exist , 2005, Proceedings of the 2005, American Control Conference, 2005..

[7]  Mario Bravetti,et al.  Contract-Based Discovery and Composition of Web Services , 2009, SFM.

[8]  Bertrand Meyer,et al.  Applying 'design by contract' , 1992, Computer.

[9]  Matthew Hennessy,et al.  Modelling session types using contracts , 2016, Math. Struct. Comput. Sci..

[10]  Jonathan F. Bard,et al.  Practical Bilevel Optimization: Algorithms and Applications (Nonconvex Optimization and Its Applications) , 2006 .

[11]  Antonio Brogi,et al.  Automated Generation of BPEL Adapters , 2006, CIbSE.

[12]  Jeffrey D. Ullman,et al.  Introduction to Automata Theory, Languages and Computation , 1979 .

[13]  Matthew Hennessy,et al.  Using Higher-Order Contracts to Model Session Types (Extended Abstract) , 2013, CONCUR.

[14]  Prakash Panangaden,et al.  The semantic foundations of concurrent constraint programming , 1991, POPL '91.

[15]  Ivica Crnkovic,et al.  Building Reliable Component-Based Software Systems , 2002 .

[16]  Paola Inverardi,et al.  A Model-Based Synthesis Process for Choreography Realizability Enforcement , 2013, FASE.

[17]  Massimo Bartoletti,et al.  Compliance in Behavioural Contracts: A Brief Survey , 2015, Programming Languages with Applications to Biology and Security.

[18]  Fabrizio Montesi,et al.  Progress as Compositional Lock-Freedom , 2014, COORDINATION.

[19]  S. Ross-Talbot Orchestration and Choreography : Standards , Tools and Technologies for Distributed Workflows , 2005 .

[20]  D. R. Fulkerson,et al.  A Simple Algorithm for Finding Maximal Network Flows and an Application to the Hitchcock Problem , 1957, Canadian Journal of Mathematics.

[21]  Gustavo Alonso,et al.  Web Services: Concepts, Architectures and Applications , 2009 .

[22]  Mohsen Vakilian,et al.  Modeling Web Service Interactions Using the Coordination Language Reo , 2007, WS-FM.

[23]  A. W. Roscoe,et al.  Topology and category theory in computer science , 1991 .

[24]  Christel Baier,et al.  Modeling component connectors in Reo by constraint automata , 2004, Sci. Comput. Program..

[25]  Robin Milner,et al.  Communication and concurrency , 1989, PHI Series in computer science.

[26]  M. Klein A Primal Method for Minimal Cost Flows with Applications to the Assignment and Transportation Problems , 1966 .

[27]  S.-Y. Kuroda,et al.  Classes of Languages and Linear-Bounded Automata , 1964, Inf. Control..

[28]  Roberto Gorrieri,et al.  Choreography and Orchestration Conformance for System Design , 2006, COORDINATION.

[29]  Nobuko Yoshida,et al.  Multiparty Compatibility in Communicating Automata: Characterisation and Synthesis of Global Session Types , 2013, ICALP.

[30]  An algebraic theory for web service contracts , 2015, Formal Aspects of Computing.

[31]  P. Ramadge,et al.  Supervisory control of a class of discrete event processes , 1987 .

[32]  Simon J. Gay,et al.  Subtyping for session types in the pi calculus , 2005, Acta Informatica.

[33]  Massimo Bartoletti,et al.  A Logic for Contracts , 2009, ICTCS.

[34]  Lorenzo Clemente,et al.  Decidable Topologies for Communicating Automata with FIFO and Bag Channels , 2014, CONCUR.

[35]  Robin Milner,et al.  A Calculus of Mobile Processes, II , 1992, Inf. Comput..

[36]  Samik Basu,et al.  Deciding choreography realizability , 2012, POPL '12.

[37]  Alceste Scalas,et al.  Choreography Synthesis as Contract Agreement , 2013, ICE.

[38]  G. Michele Pinna,et al.  Models of Circular Causality , 2015, ICDCIT.

[39]  Gianluigi Zavattaro,et al.  Behavioural contracts with request-response operations , 2013, Sci. Comput. Program..

[40]  Emilio Tuosto,et al.  Synthesising Choreographies from Local Session Types , 2012, CONCUR.

[41]  Mark Lycett,et al.  Service-oriented architecture , 2003, 2003 Symposium on Applications and the Internet Workshops, 2003. Proceedings..

[42]  Oscar H. Ibarra,et al.  Two-Way Pushdown Automata , 1967, Inf. Control..

[43]  W. Murray Wonham,et al.  Supervisory Control of Discrete-Event Systems , 2018 .

[44]  Massimo Bartoletti,et al.  A Theory of Agreements and Protection , 2013, POST.

[45]  Mike P. Papazoglou,et al.  Introduction: Service-oriented computing , 2003, CACM.

[46]  Xiang Fu,et al.  Analysis of interacting BPEL web services , 2004, WWW '04.

[47]  Saul A. Kripke,et al.  Semantical Considerations on Modal Logic , 2012 .

[48]  Javier Esparza,et al.  Verification of Safety Properties Using Integer Programming: Beyond the State Equation , 2000, Formal Methods Syst. Des..

[49]  Marco Aurélio Gerosa,et al.  Service-oriented middleware for the Future Internet: state of the art and research directions , 2011, Journal of Internet Services and Applications.

[50]  Massimo Bartoletti,et al.  A Calculus of Contracting Processes , 2010, 2010 25th Annual IEEE Symposium on Logic in Computer Science.

[51]  Pearl Brereton,et al.  Turning Software into a Service , 2003, Computer.

[52]  Rocco De Nicola,et al.  Testing Equivalences for Processes , 1984, Theor. Comput. Sci..

[53]  Massimo Mecella,et al.  When are Two Web Services Compatible? , 2004, TES.

[54]  Thomas A. Henzinger,et al.  Interface automata , 2001, ESEC/FSE-9.

[55]  Massimo Bartoletti,et al.  LocUsT: a tool for checking usage policies , 2008 .

[56]  T. D. Fletcher,et al.  Web Services Choreography Description Language Version 1.0, W3C , 2004 .

[57]  Carl E. Landwehr,et al.  Basic concepts and taxonomy of dependable and secure computing , 2004, IEEE Transactions on Dependable and Secure Computing.

[58]  Dexter Kozen,et al.  RESULTS ON THE PROPOSITIONAL’p-CALCULUS , 2001 .

[59]  Nancy A. Lynch,et al.  An introduction to input/output automata , 1989 .

[60]  Philippe Darondeau,et al.  Supervisory Control for Opacity , 2010, IEEE Transactions on Automatic Control.

[61]  D. R. Fulkerson,et al.  Flows in Networks. , 1964 .

[62]  Matjaz B. Juric,et al.  Business Process Execution Language for Web Services BPEL and BPEL4WS 2nd Edition , 2006 .

[63]  Emilio Tuosto,et al.  From Communicating Machines to Graphical Choreographies , 2015, POPL.

[64]  Jay L. Gischer Shuffle languages, Petri nets, and context-sensitive grammars , 1981, CACM.

[65]  J. C. M. Baeten,et al.  Process Algebra: Bibliography , 1990 .

[66]  Frank Pfenning Structural Cut Elimination: I. Intuitionistic and Classical Logic , 2000, Inf. Comput..

[67]  Farhad Arbab,et al.  Reo: A Channel-based Coordination Model for Component Composition , 2005 .

[68]  G. Michele Pinna,et al.  Contracts as games on event structures , 2016, J. Log. Algebraic Methods Program..

[69]  Anish Karmarkar,et al.  Web Service Contract Design and Versioning for SOA , 2008, The Prentice Hall service-oriented computing series from Thomas Erl.

[70]  Chao Cai,et al.  Towards the theoretical foundation of choreography , 2007, WWW '07.

[71]  Dexter Kozen,et al.  Language-Based Security , 1999, MFCS.

[72]  David J. Weir,et al.  The convergence of mildly context-sensitive grammar formalisms , 1990 .

[73]  Nick Benton,et al.  A Mixed Linear and Non-Linear Logic: Proofs, Terms and Models (Extended Abstract) , 1994, CSL.

[74]  Massimo Bartoletti,et al.  Model checking usage policies , 2015, Math. Struct. Comput. Sci..

[75]  Frederick S. Hillier,et al.  Introduction of Operations Research , 1967 .

[76]  Thomas Wilke,et al.  Automata: from logics to algorithms , 2008, Logic and Automata.

[77]  Tevfik Bultan,et al.  Realizability analysis for message-based interactions using shared-state projections , 2010, FSE '10.

[78]  Paolo Traverso,et al.  Service-Oriented Computing: State of the Art and Research Challenges , 2007, Computer.

[79]  Pierre Wolper,et al.  An Automata-Theoretic Approach to Automatic Program Verification (Preliminary Report) , 1986, LICS.

[80]  Massimo Bartoletti,et al.  Contract agreements via logic , 2013, ICE.

[81]  Samik Basu,et al.  Choreography conformance via synchronizability , 2011, WWW.

[82]  Fred B. Schneider,et al.  Enforceable security policies , 2000, Foundations of Intrusion Tolerant Systems, 2003 [Organically Assured and Survivable Information Systems].

[83]  Ivan Lanese,et al.  Amending Choreographies , 2013, WWV.

[84]  Christel Baier,et al.  Principles of Model Checking (Representation and Mind Series) , 2008 .

[85]  Fred B. Schneider,et al.  A Language-Based Approach to Security , 2001, Informatics.

[86]  Jayadev Misra,et al.  Computation Orchestration , 2007, Software & Systems Modeling.

[87]  Alain Finkel,et al.  Verification of programs with half-duplex communication , 2005, Inf. Comput..

[88]  Martin Gilje Jaatun,et al.  Security SLAs for Federated Cloud Services , 2011, 2011 Sixth International Conference on Availability, Reliability and Security.

[89]  Erich J. Neuhold,et al.  Transforming BPEL into annotated deterministic finite state automata for service discovery , 2004, Proceedings. IEEE International Conference on Web Services, 2004..

[90]  Luís Ferreira Pires,et al.  WSCDL to WSBPEL: a Case Study of ATL-based Transformation , 2011, MtATL@TOOLS.

[91]  Gregorio Díaz,et al.  A centralized and a decentralized method to automatically derive choreography-conforming web service systems , 2012, J. Log. Algebraic Methods Program..

[92]  Raymond Hemmecke,et al.  Nonlinear Integer Programming , 2009, 50 Years of Integer Programming.

[93]  Chao Cai,et al.  Exploring the Connection of Choreography and Orchestration with Exception Handling and Finalization/Compensation , 2007, FORTE.

[94]  Emilio Tuosto,et al.  Contract-Oriented Computing in CO2 , 2012, Sci. Ann. Comput. Sci..

[95]  Remco M. Dijkman,et al.  Service-Oriented Design: A Multi-Viewpoint Approach , 2004, Int. J. Cooperative Inf. Syst..

[96]  Jean Bézivin,et al.  ATL: A model transformation tool , 2008, Sci. Comput. Program..

[97]  Massimo Bartoletti,et al.  Primitives for Contract-based Synchronization , 2010, ICE.

[98]  M. Brian Blake,et al.  Service-Oriented Computing and Cloud Computing: Challenges and Opportunities , 2010, IEEE Internet Computing.

[99]  C. Peltz,et al.  Web Services Orchestration and Choreography , 2003, Computer.

[100]  George S. Avrunin,et al.  Using integer programming to verify general safety and liveness properties , 1995, Formal Methods Syst. Des..

[101]  Christos G. Cassandras,et al.  Introduction to Discrete Event Systems , 1999, The Kluwer International Series on Discrete Event Dynamic Systems.

[102]  Luca Padovani Contract-based discovery of Web services modulo simple orchestrators , 2010, Theor. Comput. Sci..

[103]  Martin Wirsing,et al.  Rigorous Software Engineering for Service-Oriented Systems - Results of the SENSORIA Project on Software Engineering for Service-Oriented Computing , 2011, Results of the SENSORIA Project.

[104]  Rajkumar Buyya,et al.  Article in Press Future Generation Computer Systems ( ) – Future Generation Computer Systems Cloud Computing and Emerging It Platforms: Vision, Hype, and Reality for Delivering Computing as the 5th Utility , 2022 .

[105]  Mariangiola Dezani-Ciancaglini,et al.  Sessions and Session Types: An Overview , 2009, WS-FM.

[106]  G. Michele Pinna,et al.  Lending Petri nets , 2012, Sci. Comput. Program..

[107]  Gian Luigi Ferrari,et al.  Planning and verifying service composition , 2009, J. Comput. Secur..

[108]  Daniel Brand,et al.  On Communicating Finite-State Machines , 1983, JACM.