Andrea Margheri

The SCEL Language: Design, Implementation, Verification

SCEL (Service Component Ensemble Language) is a new language specifically designed to rigorously model and program autonomic components and their interaction, while supporting formal reasoning on their behaviors. SCEL brings together various programming abstractions that allow one to directly represent aggregations, behaviors and knowledge according to specific policies. It also naturally supports programming interaction, self-awareness, context-awareness, and adaptation. The solid semantic grounds of the language is exploited for developing logics, tools and methodologies for formal reasoning on system behavior to establish qualitative and quantitative properties of both the individual components and the overall systems.

Linguistic Abstractions for Programming and Policing Autonomic Computing Systems

We introduce PSCEL, a new language for developing autonomic software components capable of adapting their behaviour to react to external stimuli and environment changes. The application logic generating the computational behaviour of systems components is defined in a procedural style, by the programming constructs, while the adaptation logic is defined in a declarative style, by the policing constructs. The interplay between these two kinds of constructs permits to dynamically produce and enforce adaptation actions. To show PSCEL practical applicability and effectiveness, we employ it in a Cloud Computing case study.

Correctness of Service Components and Service Component Ensembles

Nowadays, cyber-physical systems consist of a large and possibly unbounded number of nodes operating in a partially unknown environment to which they need to adapt. They also have strong requirements in terms of performances, resource usage, reliability, or security. To face this inherent complexity it is crucial to develop adequate tools and underlying models to analyze these properties at design time. Proposed models must be able to capture essential aspects of the behavior (e.g. interactions between the components, adaptive behavior, uncertain or changing environments), and the corresponding analysis techniques can only succeed if they exploit as much as possible the specific structure of the considered systems (e.g. large replication of the same component, hierarchical compositions). We consider qualitative analyses targeting boolean properties stating that the system behaves without any flaw, as well as quantitative analyses that evaluate expected performances according to predefined metrics (energy/memory consumption, average/maximum time to accomplish a task, probability to fulfil a goal, etc.). We also address security specific issues such as control policies and information flow.

A Rigorous Framework for Specification, Analysis and Enforcement of Access Control Policies

Access control systems are widely used means for the protection of computing systems. They are defined in terms of access control policies regulating the access to system resources. In this paper, we introduce a formally-defined, fully-implemented framework for specification, analysis and enforcement of attribute-based access control policies. The framework rests on FACPL, a language with a compact, yet expressive, syntax for specification of real-world access control policies and with a rigorously defined denotational semantics. The framework enables the automated verification of properties regarding both the authorisations enforced by single policies and the relationships among multiple policies. Effectiveness and performance of the analysis rely on a semantic-preserving representation of FACPL policies in terms of SMT formulae and on the use of efficient SMT solvers. Our analysis approach explicitly addresses some crucial aspects of policy evaluation, such as missing attributes, erroneous values and obligations, which are instead overlooked in other proposals. The framework is supported by Java-based tools, among which an Eclipse-based IDE offering a tailored development and analysis environment for FACPL policies and a Java library for policy enforcement. We illustrate the framework and its formal ingredients by means of an e-Health case study, while its effectiveness is assessed by means of performance stress tests and experiments on a well-established benchmark.

On Programming and Policing Autonomic Computing Systems

To tackle the complexity of autonomic computing systems it is crucial to provide methods supporting their systematic and principled development. Using the PSCEL language, autonomic systems can be described in terms of the constituent components and their reciprocal interactions. The computational behaviour of components is defined in a procedural style, by the programming constructs, while the adaptation logic is defined in a declarative style, by the policing constructs. In this paper we introduce a suite of practical software tools for programming and policing autonomic computing systems in PSCEL. Specifically, we integrate a Java-based runtime environment, supporting the execution of programming constructs, with the code corresponding to the policing ones. The integrated, semantic-driven framework also permits simulating and analysing PSCEL programs. Usability and potentialities of the approach are illustrated by means of a robot swarm case study.

On a Formal and User-friendly Linguistic Approach to Access Control of Electronic Health Data

The importance of the exchange of Electronic Health Records (EHRs) between hospitals has been recognized by governments and institutions. Due to the sensitivity of data exchanged, only mature standards and implementations can be chosen to operate. This exchange process is of course under the control of the patient, who decides who has the rights to access her personal healthcare data and who has not, by giving her personal privacy consent. Patients’ privacy consent is regulated by local legislations, which can vary frequently from region to region. The technology implementing such privacy aspects must be highly adaptable, often resulting in complex security scenarios that cannot be easily managed by patients and software designers. To overcome such security problems, we advocate the use of a linguistic approach that relies on languages for expressing policies with solid mathematical foundations. Our approach bases on FACPL, a policy language we have intentionally designed by taking inspiration from OASIS XACML, the de-facto standard used in all projects covering secure EHRs transmission protected by patients’ privacy consent. FACPL can express policies similar to those expressible by XACML but, differently from XACML, it has an intuitive syntax, a formal semantics and easy to use software tools supporting policy development and enforcement. In this paper, we present the potentialities of our approach and outline ongoing work.

A Prototype Evaluation of a Tamper-Resistant High Performance Blockchain-Based Transaction Log for a Distributed Database

As data is having an increasingly relevant role in di erent business fields, ensuring integrity has become fundamental. Modern databases rely on transaction history written on redo logs to allow for data restore. However, if redo logs are (maliciously) forged, data can actually be lost or altered. Due its strong data integrity guarantees, blockchain technology can be employed to ensure log integrity, but its current performance limitations hinder actual exploitations.In previous work, we proposed a layered blockchain-based architecture for distributed (federated) database redo logs: a fast first layer blockchain, anchored to a secure second layer blockchain, based on proof-of-work to achieve strong integrity. Here, we present an implementation and an experimental evaluation of a prototype of that architecture, which employs a total consensus algorithm on the first layer blockchain. Finally, to improve availability and scalability, we refine our solution by investigating, respectively, a Byzantine Fault Tolerant consensus and a Distributed Hash Table solution to shard the first layer blockchain ledger among available nodes.

Decentralised Runtime Monitoring for Access Control Systems in Cloud Federations

Cloud federation is an emergent cloud-computing paradigm where partner organisations share data and services hosted on their own cloud platforms. In this context, it is crucial to enforce access control policies that satisfy data protection and privacy requirements of partner organisations. However, due to the distributed nature of cloud federations, the access control system alone does not guarantee that its deployed components cannot be circumvented while processing access requests. In order to promote accountability and reliability of a distributed access control system, we present a decentralised runtime monitoring architecture based on blockchain technology.

Developing and Enforcing Policies for Access Control, Resource Usage, and Adaptation - A Practical Approach

Policy-based software architectures are nowadays widely exploited to regulate different aspects of systems’ behavior, such as access control, resource usage, and adaptation. Several languages and technologies have been proposed as, e.g., the standard XACML. However, developing real-world systems using such approaches is still a tricky task, being them complex and error-prone. To overcome such difficulties, we advocate the use of FACPL, a formal policy language inspired to but simpler than XACML. FACPL has an intuitive syntax, a mathematical semantics and easy-to-use software tools supporting policy development and enforcement. We illustrate potentialities and effectiveness of our approach through a case study from the Cloud computing domain.

Tools for Ensemble Design and Runtime

The ASCENS project deals with designing systems as ensembles of adaptive components. Among the outputs of the ASCENS project are multiple tools that address particular issues in designing the ensembles, ranging from support for early stage formal modeling to runtime environment for executing and monitoring ensemble implementations. The goal of this chapter is to provide a compact description of the individual tools, which is supplemented by additional downloadable material on the project website.