Andrew P. Martin

Using Propositional Logic for Requirements Verification of Service Workflow

This paper presents a requirement-oriented automated framework for formal verification of service workflows. It is based on our previous work describing the requirement-oriented service workflow specification language called SWSpec. This language has been developed to facilitate workflow composer as well as arbitrary services willing to participate in a workflow to formally and uniformly impose their own requirements. As such, SWSpec provides a formal way to regulate and control workflows. The key component of the to-be-proposed framework centers on verification algorithms that rely on propositional logic. We demonstrate that logic-based workflow verification can be applied to SWSpec which is capable of checking compliance and also detecting conflicts of the imposed requirements. By automating compliance checking process, this framework will support scalable services interoperation in the form of workflows in opened environments.

SWSpec: The Requirements Specification Language in Service Workflow Environments

Advanced technologies have changed the nature of business processes in the form of services. In coordinating services to achieve a particular objective, service workflow is used to control service composition, execution sequences as well as path selection. Since existing mechanisms are insufficient for addressing the diversity and dynamicity of the requirements in a large-scale distributed environment, developing formal requirements specification is necessary. In this paper, we propose a Service Workflow Specification language, called SWSpec, which allows arbitrary services in a workflow to formally and uniformly impose their requirements. As such, the solution will provide a formal way to regulate and control workflows as well as enrich the proliferation of service provisions and consumptions in opened environments.

Association of parameter, software, and hardware variation with large-scale behavior across 57,000 climate models

In complex spatial models, as used to predict the climate response to greenhouse gas emissions, parameter variation within plausible bounds has major effects on model behavior of interest. Here, we present an unprecedentedly large ensemble of >57,000 climate model runs in which 10 parameters, initial conditions, hardware, and software used to run the model all have been varied. We relate information about the model runs to large-scale model behavior (equilibrium sensitivity of global mean temperature to a doubling of carbon dioxide). We demonstrate that effects of parameter, hardware, and software variation are detectable, complex, and interacting. However, we find most of the effects of parameter variation are caused by a small subset of parameters. Notably, the entrainment coefficient in clouds is associated with 30% of the variation seen in climate sensitivity, although both low and high values can give high climate sensitivity. We demonstrate that the effect of hardware and software is small relative to the effect of parameter variation and, over the wide range of systems tested, may be treated as equivalent to that caused by changes in initial conditions. We discuss the significance of these results in relation to the design and interpretation of climate modeling experiments and large-scale modeling more generally.

A Set-Theoretic Model for Real-Time Specification and Reasoning

Timed-trace formalisms have emerged as a powerful method for specifying and reasoning about concurrent real-time systems. We present a simple variant which builds methodically on set theory, and is thus suitable for use by programmers with little formal methods experience.

Towards a secure, tamper-proof grid platform

Security concerns currently deter or prohibit many organisations from leveraging the benefits of the grid. When sensitive data is placed under the control of third-party infrastructure it is difficult to obtain assurances that it will be appropriately protected. We develop a grid platform architecture based on a secure root of trust. This component provides a tamper-resistant environment for grid job execution that resists attack even if the host itself is compromised. We use trusted computing, a security technology currently being integrated into an increasing number of mainstream PCs, for dynamic trust establishment within the grid. These elements are combined to create a novel and practical solution for the grid malicious host problem, ensuring that data integrity and confidentiality are appropriately protected for jobs that span multiple administrative domains.

A Survey of Trust in Workflows and Relevant Contexts

With the fast-growing Internet technology, several service-based interactions are prevalent and appear in several forms such as e-commerce, content provider, Virtual Organizations, Peer-to-Peer, Web Service, Grids, Cloud Computing, and individual interactions. This demands for an effective mechanism to establish trust among participants in a high-level abstract way, capturing relevant factors ranging on Service Level Agreement, security policies, requirements, regulations, constraints, Quality of Service, reputation, and recommendation. Trust is platform-independent and flexible to be seamlessly integrated into heterogeneous domains and interoperate with different security solutions in distributed environments. Establishing trust in a service workflow leads to the willingness of services to participate. Coordinating service workflows without trust consideration may pose higher risks, possibly results in poor performance, additional vulnerabilities, or failures. Although trust in service workflows and relevant contexts has been studied for a past decade, the standard development is still immature. Nowadays, trust approaches to service workflows comprise a large area of research where one can hardly classify into a comprehensive survey. This survey examines and explores the role of trust in service workflows and their contexts from a wide variety of literatures. Various mechanisms, architecture, techniques, standards, and frameworks are explained along the way with discussions. Working trust definition and classification are newly provided and supported with examples.

Towards an open, trusted digital rights management platform

Trusted computing has received criticism from those who fear it will be used by influential market forces to exert power over the software used on consumer platforms. This paper describes an open architecture for digital rights management (DRM) enforcement on trusted computing platforms that empowers the consumer to select their operating-system and applications, including open-source options, without weakening the strength of the security functions. A key component in the architecture is a security manager that enforces mandatory access controls on shared devices, restricted information flows between virtual machines, and DRM policy on protected objects. The paper describes two use-cases: a DRM scenario with protected media content and remote home-working on sensitive medical data.

A tactic calculus -- abridged version

We present a very general language for expressing tactic programs. The paper describes some essential tactic combinators (tacticals), and gives them a formal semantics. Those definitions are used to produce a complete calculus for reasoning about tactics written in this language. The language is extended to coverstructural combinators which enable the tactics to be precisely targeted upon particular sub-expressions.

Hardware Security for Device Authentication in the Smart Grid

Secure communication between devices is a key aspect of smart grid security. In the future smart home environment, various smart devices, appliances and energy management systems will communicate with each other via the home network. In order to achieve mutual authentication, each device will have a private cryptographic key which must be protected against theft or misuse. Current mechanisms for protecting such keys exist but generally require interaction with the user. This makes them unsuitable for the smart grid context due to the high degree of automation involved in the smart grid. To address this challenge, we have designed, implemented and tested a system that provides hardware security for device private keys using Trusted Computing technologies. Using DRTM late-launch functionality, our system ensures that the private key is only available within a protected trusted environment on a specific device. Preliminary implementation and testing has demonstrated that our system can operate successfully in unattended environments such as the smart grid.

ShibGrid: Shibboleth Access for the UK National Grid Service

This paper presents work undertaken to integrate the future UK national Shibboleth infrastructure with the UKs National Grid Service (NGS). Our work, ShibGrid, provides both transparent authentication for portal based Grid access and a credential transformation service for users of other Grid access methods. The ShibGrid support for portal-based transparent Grid authentication is provided as a set of standards-based drop-in modules which can be used with any project portal as well as the NGS project in which they are initially deployed. The ShibGrid architecture requires no changes to the UK national Shibboleth authentication infrastructure or the NGS security infrastructure and provides access for users both with and without UK e-Science certificates. In addition to presenting both the architecture of Shib- Grid and its implementation, we additionally place the ShibGrid project within the context of other efforts to integrate Shibboleth with Grids.