Francesco Pagliarecci

Model Checking Semantically Annotated Services

Model checking is a formal verification method widely accepted in the web service world because of its capability to reason about service behavior at process level. It has been used as a basic tool in several scenarios such as service selection, service validation, and service composition. The importance of semantics is also widely recognized. Indeed, there are several solutions to the problem of providing semantics to web services, most of them relying on some form of Description Logic. This paper presents an integration of model checking and semantic reasoning technologies in an efficient way. This can be considered the first step toward the use of semantic model checking in problems of selection, validation, and composition. The approach relies on a representation of services at process level that is based on semantically annotated state transition systems (asts) and a representation of specifications based on a semantically annotated version of computation tree logic (anctl). This paper proves that the semantic model checking algorithm is sound and complete and can be accomplished in polynomial time. This approach has been evaluated with several experiments.

Semantic Web Service Selection at the Process-Level: The eBay/Amazon/PayPal Case Study

Several approaches have been proposed to tackle the selection of distributed processes described as semantic Web services. However, their practical applicability in real composition scenarios is still an open question. Addressing this problem requires on the one hand to deal with services described as stateful business processes and, on the other hand, to consider complex selection requirements concerning both the service interface and its behavior. In fact, in most existing approaches the selection is performed on the basis of the ldquofunctionalrdquo description of a service, i.e. in terms of its inputs, outputs, preconditions and effects. In this paper, we present our approach for the process-level service selection and evaluate it on a real world scenario that entails a high level of complexity: the eBay Web Services,the Amazon E-Commerce Services and the e-payment service offered by PayPal. The approach is based on a representation of services at the process level that is based on BPEL and WSDL specifications and that extends these standard specifications with minimal semantic annotations that permit to perform an efficient and yet useful, semantic reasoning for the process-level selection of Web services.

IRSS: Incident Response Support System

Computer and network security can be improved by three kinds of tools: tools for intrusion prevention, tools for intrusion detection, and tools for incident response. Several systems have been proposed and developed for the first two kinds of tools. Concerning the third, as far as we know, the response is still left to the system administrator: no automatic tools have been developed. Indeed, even if forensic analysis and data recovery tools there exist, we do not yet have a comprehensive tool which includes log correlation, attack classification, and response plan generation. This paper presents IRSS, an Incident Response Support System that correlates events in order to classify attacks, looks in a knowledge base for past attacks similar to the current one (according to given similarity metrics), and reuses the past responses (adapted to the current attack) in order to restore the normal conditions and improve the network security.

Semantic model checking security requirements for web services

Model checking is a formal verification method widely accepted in the web service world because of its capability to reason about service behaviors, at their process-level. It has been used as basic tool in several scenarios as service selection, service validation, and service composition. Furthermore, it has been widely applied to problems of security verification. The importance of semantics is widely recognized, as well. Indeed, there exists several solutions to the problem of providing semantics to web services, most of them relies on some form of Description Logic. This paper presents an integration of model checking and semantic reasoning technologies in an efficient way. This can be considered the first step towards the usage of semantic model checking in problems of security verification. The approach relies on a representation of services at the process level that is based on semantically annotated state transition systems (ASTS) and a representation of specifications that is based on a semantically annotated version of the computation tree logic (AnCTL). The proposed approach permit to perform an efficient and yet useful, semantic reasoning at process-level about web services. Indeed, this paper proves thatmodel checking for ASTS and AnCTLis sound and complete and it can be accomplished in polynomial time.

Semantic Annotation for Web Service Processes in Pervasive Computing

In this chapter, we propose a new approach to the discovery, the selection and the automated composition of distributed processes in a pervasive computing environment, described as semantic web services through a new semantic annotation. In our approach, we map a process in a pervasive computing environment into a state transition system (STS) and semantically annotate it with a minimal set of ontological descriptions. This novel approach allows us to separate reasoning about processes and reasoning about ontologies. As a consequence, we can perform a limited, but efficient and still useful semantic reasoning for verifying, discovering, selecting and composing web services at the process level. The key idea is to keep separate the procedural and the ontological descriptions and link them through semantic annotations. We define the formal framework, and propose a technique that can exploit simple reasoning mechanisms at the ontological level, integrated with effective reasoning mechanisms devised for procedural descriptions of web services.

Business process design framework for B2B collaboration

The aim of this work was to show how the developed tools facilitate the using of our framework for interenterprise collaboration at the business process level. Indeed, while both requester and provider procedures could be considered complex and annoying tasks, the use of both DREAMs4SPEC and DREAMs4BPEL can make easy and natural these activities. In particular, concerning the first tool, the key aspect is represented by the chance to create and annotate a partial process (which represents the specification) in a integrated environment. Instead, regarding the second tool, the creation and the annotation procedure must be done in the same simple way as documentation generation for several programming languages (e.g. JavaDoc for Java, CppDoc for C++, NDoc for C# and VisualBasic).

From service identification to service selection: an interleaved perspective

Business process implementation can be fastened by identifying component services that can be used to implement one or more process tasks and by selecting them from a repository of already implemented services. In this paper, we provide an iterative procedure to address this issue, by combining the two macro-phases of service identification and service selection. Starting from a workflow-based specification of the business process, service identification is firstly executed. The result of this phase is a decomposition tree, where basic process tasks are progressively organized into sub-processes (the candidate services) by applying an agglomerative clustering algorithm, based on cohesion and coupling metrics. Within the decomposition tree, a set of candidate services that minimize the coupling/cohesion ratio for the overall process is chosen. The service selection phase works on this decomposition and looks for available services. If the service selection phase fails for some candidate services, a revised set of candidate services is selected by leveraging on the decomposition tree.

Formal Definition of an Agent-Object Programming Language

This paper presents a formal definition of Alan. Alan is a programming language that aims to integrate both the agent-oriented and the object-oriented programming. The end is to take advantages from both the paradigms. We want to explore how we can reason in terms of encapsulation, inheritance, polymorphism, and so on while we program in terms of the the beliefs, the desires, and the plans of an agent. We define the formal specification of Alan in the rewriting logic language Maude. In this respect, this paper represents the first step towards a complete formal definition of the operational semantics of Alan. This opens us the possibilty of using the wide-spectrum of formal modeling and reasoning supported by Maude: analyzing Alan programs by means of model checking, proving properties of particular Alan programs, and proving general properties of the Alan language.

An anomaly-based system for parental control

This work presents an anomaly-based system for parental control. This approach combined with traditional parental control systems can produce a number of false positives and false negatives less than traditional solutions. The proposed system is also able to update the anomaly model according to feedback received by parents. Finally, in our system the anomaly model has been specifically designed for web applications, chats, e-mails.

An IPS for Web Applications

This work presents an IPS for web applications that combines anomaly detection, misuse detection, and a prevention module. This approach provides us a solution that produce a number of false positives and false negatives less than traditional solutions. The proposed system is also able to update the misuse and anomaly model according to feedback received by the security manager. Finally, in our system the anomaly model has been specifically designed for web applications. We implemented and experimented our system in a real service company. From the results arises an improvement with respect to other state-of-the-art WEBIDSs.