Hanen Ochi

Bio: Hanen Ochi is an academic researcher from University of Paris. The author has contributed to research in topics: Web service & Cloud computing. The author has an hindex of 4, co-authored 10 publications receiving 39 citations. Previous affiliations of Hanen Ochi include Sorbonne.

Formal Abstraction and Compatibility Checking of Web Services

Abstract: For automatically composing Web services in a correct manner, information about their behaviors (an abstract model) has to be published in a repository. This abstract model must be sufficient to decide whether two, or more, services are compatible (the composition is possible) is possible without including any additional information that can be used to disclose the privacy of these services. The compatibility property is defined by different variants of the well known soundness property on open workflow nets. These properties guarantee the absence of livelocks, deadlocks and other anomalies that can be formulated without domain knowledge. In this paper we address the automatic abstraction of Web services and the checking of their compatibility using their abstract models only. To abstract Web services, we use the symbolic observation graph (SOG) approach that preserves necessary information for service composition and hides private information. We show how the SOG can be adapted and used so that the verification of different variants of compatibility can be performed on the composition of the abstract models (SOGs) of Web services instead of the original composite service.

Model Checking of Composite Cloud Services

Abstract: Composition of Cloud services is necessary when a single component is unable to satisfy all the user's requirements. It is a complex task for Cloud managers which involves several operations such as discovery, compatibility checking, selection, and deployment. Similarly to a non Cloud environment, the service composition raises the need for design-time approaches to check the correct interaction between the different components of a composite service. However, for Cloud-based service composition, new specific constraints, such as resources management, elasticity and multi-tenancy have to be considered. In this work, we use Symbolic Observation Graphs (SOG) in order to abstract Cloud services and to check the correction of their composition with respect to event-and state-based LTL formulae (Hybrid LTL). The violation of such formulae can come either from the stakeholders' interaction or from the shared Cloud resources perspectives. In the former case, the involved services are considered as incompatible while, in the latter case, the problem can be solved by deploying additional resources. Using our approach, one can check then, if the resource provider service can supply sufficient Cloud resources w. r. t. the users' requests.

A counterexample-based incremental and modular verification approach

Abstract: Model checking is a powerful and widespread technique for the verification of finite state concurrent systems. However, the main hindrance for wider application of this technique is the well-known state explosion problem. In [16], we proposed an incremental and compositional verification approach where the system model is partitioned according to the actions occurring in the property to be verified and where the environment of a component is taken into account. But the verification at each increment might be costly. On the other hand, Symbolic Observation Graphs provide a compact analysis means for LTL∖X properties. We have shown a purely modular construction of these in [15]. Therefore, in this paper, we combine both techniques to benefit from their pros. Also, we propose a novel approach for incrementally checking the validity of the counter-example.

Checking Compatibility of Web Services Behaviorally

Abstract: Web services composition is an emerging paradigm for enabling application integration within and across organizational boundaries. In this context, we propose an approach based on Symbolic Observation Graphs (SOG) allowing to decide whether two (or more) web services can cooperate safely. The compatibility between two web services is defined by the well known soundness property on open workflow nets. This property guarantees the absence of anomalies (e.g. deadlock) that can appear after composition. We propose to abstract the concrete behavior of a web service using a SOG and show how composition of web services as well as the compatibility check can be achieved through the composition of their abstractions (i.e. SOGs). This approach allows to respect the privacy of the services since SOGs are based on collaborative activities only and hide the internal structure and behavior of the corresponding service.

Generic and Specific Compatibility Criteria for Web Service Composition: Formal Abstraction and Modular Verification Approach1

Abstract: For automatically composing Web services in a correct manner, information about their behaviors an abstract model has to be published in a repository. This abstract model must be sufficient to decide whether two, or more, services are compatible the composition is possible is possible without including any additional information that can be used to disclose the privacy of these services. The compatibility between two Web services can be based either on some generic properties e.g. deadlock freeness of the composite Web service or on a specific property expressed with a formal logic. In this paper, the authors address this problem by considering these two kinds of compatibility criteria. The first criterion is defined by different variants of the well-known soundness property on open workflow nets. These properties guarantee the absence of livelocks, deadlocks and other anomalies that can be formulated without domain knowledge. The second criterion is defined by the designer formally by using the Linear Temporal Logic. The proposed approach addresses the automatic abstraction of Web services and the checking of their compatibility using their abstract models only. To abstract Web services, the authors use the symbolic observation graph SOG approach that preserves necessary information for service composition and hides private information. The authors show how the SOG can be adapted and used so that the verification of generic and specific compatibility criteria can be performed on the composition of the abstract models of Web services instead of the original composite service.

Workflow-Net Based Service Composition Using Mobile Edge Nodes

Abstract: Content delivery through cloud networks has gained popularity due to the cloud’s ability to provide on-demand services. However, composite services, such as customized multimedia content, introduce both delays and resource limitations if traditional cloud solutions are used. With recent advances in mobile edge computing, customized media delivery can be achieved through compositions of service specific overlays (SSOs). This paper presents a workflow-net-based mechanism for mobile edge node cooperation in fog-cloud networks to form guaranteed SSOs. The proposed solution uses a mathematical cooperation operator to turn the SSO composition problem expressed as workflow nets into algebraic representations. In turn, the minimal cost cooperative path from the workflow net is determined such that it guarantees the delivery of the requested composite media services to clients. Experimental results show that the composition process can be adequately established and carried out in a timely manner.

On the Verification of Opacity in Web Services and Their Composition

Abstract: Web service (WS) providers need to restrain access to private information when cooperating with business partners. This need is translated in practice by an abstraction phase where inner data is withheld from public view. However, just like hiding encryption keys is not enough to prove the secrecy of information in a communication protocol, this procedure cannot prove the goal of secrecy is attained. Security related literature has turned in the past couple of decades to a new, formal, security property, i.e., opacity, to both hide and prove the privacy of secrets. Following our previous work on the use of the Symbolic Observation Graph (SOG), on one hand, to abstract and compose Web services, and to verify the opacity of systems on the other, we show in this paper how the verification of three different types of opacity in SOG-abstracted WSs is translated to the opacity of their composites. We hence establish that the SOG is a suitable abstraction that allows to check these opacity variants locally to each component of a composite WS, and preserves opacity by composition (i.e., each WS component is opaque iff the composite WS is).

Web Services Compositions Modelling and Choreographies Analysis

Abstract: In (Rouached, Godart and al. 2006; Rouached, Godart 2007), we have described the semantics of WSBPEL by way of mapping each of the WSBPEL (Arkin, Askary and al. 2004) constructs to the EC algebra and building a model of the process behaviour. With these mapping rules, we have described a modelling approach of a process defined for a single Web service composition. However, this modelling is limited to a local view and can only be used to model the behaviour of a single process. A series of compositions in Web service choreography need specific modelling activities that are not explicitly derived from an implementation. An elaboration of modelling is then required to represent the behaviour of interacting compositions across partnered processes. This elaboration provides a representation that enables us to perform analysis of service interaction for behaviour properties. The ability to perform verification and validation between execution and design, and within the process compositions themselves, is a key requirement of the Web services architecture specification. In this paper, we further the semantic mapping to include Web service composition interactions through modelling Web service conversations and their choreography. We describe this elaboration of models to support a view of interacting Web service compositions extending the mapping from WSBPEL to EC, and including Web service interfaces (WSDL) for use in modelling between services. The verification and validation techniques are also exposed. An automated induction-based theorem prover is used as verification back-end.

Weakest-congruence results for livelock-preserving equivalences

Abstract: A behavioural equivalence is a congruence, if a system is guaranteed to remain equivalent when any one of its component processes is replaced by an equivalent component processes. An equivalence is weaker than another equivalence if the latter makes at least the same distinctions between systems as the former. An equivalence preserves a property, if no equivalence class contains one system that has that property and another system that lacks the property. Congruences that preserve such properties as deadlocks or livelocks are important in automatic verification of systems, and knowledge of the weakest such congruences is useful for designing verification algorithms. A simple denotational characterisation of the weakest deadlock-preserving congruence has been published in 1995. In this article simple characterisations are given to the weakest livelock-preserving congruence, and to the weakest congruence that preserves all livelocking traces. The results are compared to Hoare's failures-divergences equivalence in the CSP theory.