Hany F. El Yamany

Intelligent security and access control framework for service-oriented architecture

One of the most significant difficulties with developing Service-Oriented Architecture (SOA) involves meeting its security challenges, since the responsibilities of SOA security are based on both the service providers and the consumers. In recent years, many solutions to these challenges have been implemented, such as the Web Services Security Standards, including WS-Security and WS-Policy. However, those standards are insufficient for the new generation of Web technologies, including Web 2.0 applications. In this research, we propose an intelligent SOA security framework by introducing its two most promising services: the Authentication and Security Service (NSS), and the Authorization Service (AS). The suggested autonomic and reusable services are constructed as an extension of WS-* security standards, with the addition of intelligent mining techniques, in order to improve performance and effectiveness. In this research, we apply three different mining techniques: the Association Rules, which helps to predict attacks, the Online Analytical Processing (OLAP) Cube, for authorization, and clustering mining algorithms, which facilitate access control rights representation and automation. Furthermore, a case study is explored to depict the behavior of the proposed services inside an SOA business environment. We believe that this work is a significant step towards achieving dynamic SOA security that automatically controls the access to new versions of Web applications, including analyzing and dropping suspicious SOAP messages and automatically managing authorization roles.

A Multi-Agent Framework for Testing Distributed Systems

Software testing is a very expensive and time consuming process. It can account for up to 50% of the total cost of the software development. Distributed systems make software testing a daunting task. The research described in this paper investigates a novel multi-agent framework for testing 3-tier distributed systems. This paper describes the framework architecture as well as the communication mechanism among agents in the architecture. Web-based application is examined as a case study to validate the proposed framework. The framework is considered as a step forward to automate testing for distributed systems in order to enhance their reliability within an acceptable range of cost and time

Use of Data Mining to Enhance Security for SOA

Service-oriented architecture (SOA) is an architectural paradigm for developing distributed applications so that their design is structured on loosely coupled services such as Web services. One of the most significant difficulties with developing SOA concerns its security challenges, since the responsibilities of SOA security are based on both the servers and the clients. In recent years, a lot of solutions have been implemented, such as the Web services security standards, including WS-Security and WS-SecurityPolicy. However, those standards are completely insufficient for the promising new generations of Web applications, such as Web 2.0 and its upgraded edition, Web 3.0. In this work, we are proposing an intelligent security service for SOA using data mining to predict the attacks that could arise with SOAP (Simple Object Access Protocol) messages. Moreover, this service will validate the new security policies before deploying them on the service provider side by testing the probability of their vulnerability.

A Multi-Agent Framework for Building an Automatic Operational Profile

Since the early 1970s, researchers have proposed several models to improve software reliability. Among these, the operational profile approach is one of the most common. Operational profiles are a quantification of usage patterns for a software application. The research described in this paper investigates a novel multi-agent framework for automatically creating an operational profile for generic distributed systems after their release into the market. The operational profile in this paper is extended to comprise seven different profiles. Also, the criticality of operations is defined using a new composed metrics in order to organise the testing process as well as to decrease the time and cost involved in this process. The proposed framework is considered as a step towards making distributed systems intelligent and self-managing.

A Generalized Service Replication Process in Distributed Environments

Replication is one of the main techniques aiming to improve Web services’ (WS) quality of service (QoS) in distributed environments, including clouds and mobile devices. Service replication is a way of improving WS performance and availability by creating several copies or replicas of Web services which work in parallel or sequentially under defined circumstances. In this paper, a generalized replication process for distributed environments is discussed based on established replication studies. The generalized replication process consists of three main steps: sensing the environment characteristics, determining the replication strategy, and implementing the selected replication strategy. To demonstrate application of the generalized replication process, a case study in the telecommunication domain is presented. The adequacy of the selected replication strategy is demonstrated by comparing it to another replication strategy as well as to a non-replicated service. The authors believe that a generalized replication process will help service providers to enhance QoS and accordingly attract more customers.

QoSS Policies within SOA

In this work, we present a metadata for Quality of Security Service (QoSS) for Service-Oriented Architecture, which supports the description of authentication, authorization and privacy features. The metadata is encapsulated by a QoSS service in order to assist the service consumer and provider to achieve a QoSS contract meeting both of their security requirements. This contract performs as an enforced policy for managing the interactions between the parties.

Developing a RDB-RDF management framework for interoperable web environments

Recently, the mapping from Relational Databases (RDB) into Resource Description Framework (RDF) becomes an essential demand for most of the people who are consuming the Web in their daily activities and businesses due to the need for getting complete integrated, trustworthy and understandable data that achieving their requirements and wishes. However, management and controlling the RDB-RDF mapping process is a challengeable task because of the rapid change in the massive amount of data which is collected from a diverse huge number of providers and vendors. In this work, a RDB-RDF Management Framework is suggested to automatically manage and monitor the mapping process from relational to semantic data. The proposed framework includes a set of Data Handlers and Web services (WSs) in order to improve the Web environment interoperability and reliability. Specifically, three sets of services are established and consumed to handle and organize the mapping process. One set of the three suggested services is operating and acting like an intelligent agent to continuously sensing the change that might occur at the relational data storage side with respect to three different levels: schema, relation and data. Finally, the implementation and particular case study of the suggested framework are introduced and discussed.