A Novel Approach to Generate the Property for Web Service Verification from Threat-Driven Model

Web service is considered as one of the most promising computing parad igms, which works as plugin mode to provide the value-added applications in Service-Oriented Computing (SOC) and Serv ice-Oriented Architecture (SOA). The general Web service verification focuses on functionality and its termination, such as deadlock o r livelock. However, it might not be able to help in accurately understanding service behaviours because it lacks interaction verifica tions, especially temporal behaviours. To this point, automatically generating proper temporal logic formulae of verification property is a p rimary and important task since the manual property generation is time-consuming and error-prone. Thus, this paper proposes an ap proach extending UML as service threat-driven model to generate the verification property, including the features of functionality, time constr aints and probability during service interactions. First, it introduces a scenario description tool, mainly Probabilistic Timed Live Seq uence Chart (PTLSC), on which kinds of implication threats are discussed, specifying the insecure behaviours which shou ld be prohibited from occurring in Web service. Second, it gives corresponding transformation methods to extract the verification prope rty from threat-driven model, in which the message coverage criterion and partial relation are employed. These formulae are in the for m of Probabilistic Timed Computation Tree Logic (PTCTL), which afford an underlying guideline to guarantee the correctness and r eliability of Web service since its threat-carried characteristics.

[1]  Xiaomeng Su,et al.  A Survey of Automated Web Service Composition Methods , 2004, SWSWPC.

[2]  Diego Calvanese,et al.  Automatic Service Composition Based on Behavioral Descriptions , 2005, Int. J. Cooperative Inf. Syst..

[3]  Xiang Fu,et al.  Analyzing conversations of Web services , 2006, IEEE Internet Computing.

[4]  Philippe Schnoebelen,et al.  Systems and Software Verification, Model-Checking Techniques and Tools , 2001 .

[5]  Rolf Drechsler,et al.  Automatic property generation for the formal verification of bus bridges , 2011, 14th IEEE International Symposium on Design and Diagnostics of Electronic Circuits and Systems.

[6]  Tao Xie,et al.  Property Verification for Generic Access Control Models , 2008, 2008 IEEE/IFIP International Conference on Embedded and Ubiquitous Computing.

[7]  Marta Z. Kwiatkowska,et al.  Automatic verification of real-time systems with discrete probability distributions , 1999, Theor. Comput. Sci..

[8]  Jianwen Su,et al.  Tools for composite web services: a short overview , 2005, SGMD.

[9]  Bernd Westphal,et al.  Check It Out: On the Efficient Formal Verification of Live Sequence Charts , 2006, CAV.

[10]  Rolf Drechsler,et al.  Advanced verification by automatic property generation , 2009, IET Comput. Digit. Tech..

[11]  W.M.P. van der Aalst,et al.  Analyzing BPEL processes using Petri nets , 2005 .

[12]  Rajeev Alur,et al.  A Theory of Timed Automata , 1994, Theor. Comput. Sci..

[13]  Gwen Salaün,et al.  Describing and reasoning on Web services using process algebra , 2004, Proceedings. IEEE International Conference on Web Services, 2004..

[14]  David Harel,et al.  LSCs: Breathing Life into Message Sequence Charts , 1999, Formal Methods Syst. Des..

[15]  Christine Hofmeister,et al.  Modeling and verification of adaptive navigation in web applications , 2006, ICWE '06.

[16]  Amir Pnueli,et al.  Temporal Logic for Scenario-Based Specifications , 2005, TACAS.

[17]  David Harel,et al.  LSC'S: BREATHING LIFE INTO MESSAGE SEQUENCE CHARTS , 2022 .