CLOUD/ICWS/SCC/SERVICES 2010 Tutorials
Tutorial
1: Enterprise Architecture (EA)
Tutorial 2: Advanced
Transaction Models for e-Services
Tutorial 3: Risk Analysis on
Service Outsourcing
Tutorial
4: Services Computing in Biomedical Science
Tutorial
5: Security in Web Services: State-of-the-art and Research Opportunities
Tutorial 6: A3S: Accountability as a
Service
Tutorial
1: Enterprise Architecture (EA)
Min Luo, Ph.D.
Executive Architect, Strategy and Technology, IBM SWG, USA
Abstract:
One of the fundamental problems with
not-so-attractive IT Return of Investment (ROI) is that most enterprise
systems and applications have been built in an ad hoc way for the past
several decades, and that is also why those systems are very difficult
and expensive to enhance or integrate so they could never adapt to the
ever-changing business requirements. The proposed MS in Service
Computing will make a conscientious effort to introduce
“architecture” as the cornerstone for the program
that aims at helping students and practitioners fully understand the
importance of establishing a sound architectural foundation for
enterprise systems and applications, how to address concerns of various
key stakeholders of their specific perspectives or interests using
various architecture views, how Services Computing would become an
effective mechanism to facilitate an architecture-centric process for
the whole lifecycle of system development. This tutorial will overview
what is enterprise architecture, its scope and addressed issues, the
foundation, and several prevailing EA framework, the evolving
standardization and language to formalize EA, EA consulting best of
practice and some case studies.
About the
Speaker:
Dr. Min Luo is currently
an Executive Architect, Strategy
and Technology, IBM SWG. He served as Chief Architect of the Global
Business
Solution
Center
-GCG, IBM IGS, and also Executive Architect in IBM SWG’s
Industry solution
group. For more than 6 years as a Senior Certified Architect of the Center
of Excellence
– Enterprise Architecture and
also of SOA, he had led several large scale projects in social services
and
retail with budget over $100 Million with over 100 technical and
business team
members. He contributed to the development and adoption of SOA as one
of the
coauthors for an IBM book published in 2004, led the design and
development of
one of the first operational Enterprise Service Bus, and conducted many
IT/business consulting and alignment with SOA and Enterprise
Architecture. Before
IBM, he worked as Senior Operations Research Analyst, Manager, Sr.
Manager and
Director of several fortune 500 transportation companies. He has 18+
years of
industry experience with 12+ years of managing the whole life cycle of
software
application design, development and deployment.
As a senior member of
IEEE, he has been serving on the
organizing committee for IEEE’s ICWS and SCS/CC Conferences,
chaired sessions,
presented several tutorials on SOA and its best practice and gave
lectures at
the Service
University.
He has served as adjunct professors
in several US and Chinese universities since 1996.
Tutorial
2: Advanced Transaction Models for e-Services
Kamalakar Karlapalem
International Institute of Information Technology, Hyderabad, India
K. Vidyasankar
Department of Computer Science, Memorial University, St.
John’s, Canada
P. Radha Krishna
SET Labs, Infosys Technologies Limited, Hyderabad, India
Abstract:
The concept of transactions has been
fundamental for providing fault tolerance, reliability and robustness
for database applications. The idea then is to extend the same
transactional guarantees to new and evolving paradigms. A transaction
is an execution of a program. It is committed when the execution is
complete and successful. Otherwise, it is aborted and partial
execution, if any, is rolled back. Thus, a transaction is an atomic
unit. Each transaction, when executed alone, is assumed to be correct.
A concurrent execution of several transactions is taken to be correct
when the execution is equivalent to some serial execution of the same
transactions.
The advancements in database systems impacted transaction executions in
various ways. Some examples are the following.
(i) In distributed database systems, the
data and hence operations on them are distributed among different sites
and both site and network failures need to be taken into account.
(ii) In heterogeneous distributed
database systems, the sites are autonomous and so the rollback
mechanism needs to be changed from undo to compensation.
(iii) In mobile database systems, sites
are disconnected from the network often and hence the execution and
commitment strategies need to be changed.
(iv) Some transactions tend to be
long-running and the correctness criteria for concurrent executions
need to be refined allowing increased interleaving of the transaction
operations.
Advanced transaction models were designed to accommodate these
requirements.
Services Computing paradigm has different execution
characteristics.
(i) The (atomic database) operations are
replaced by (not necessarily atomic) activities and services.
(ii) Interdependencies develop among the
executions of the activities and they affect the commitment of the
transactions.
(iii) The activities and services span
multiple autonomous and heterogeneous organizations and they need
cross-organizational transaction support.
(iv) Very much like nested transactions,
multi-level hierarchical compositions of activities and services come
into picture.
These characteristics necessitate new transaction models that relax the
transactional properties differently.
This tutorial covers the necessary background on advanced transaction
models and Services Computing paradigm that includes Web services,
e-contracts and cloud computing. Various aspects of e-services such as
loose coupling, interaction, commitment and closure, composability,
orchestration, interoperability, and business objectives and their
influence on the design of transaction models will be discussed.
About the
Speakers:
Kamal Karlapalem is a Professor at International Institute of
Information Technology (IIIT), Hyderabad, India. He received his PhD
from College of Computing, Georgia Tech in 1992. Prior to joining IIIT,
he was an Associate Professor at Department of Computer Science, Hong
Kong University of Science and Technology. He has been working in the
area of workflow management systems (WFMS), dealing with frameworks for
building WFMSs, meta-modeling issues, support for handling exceptions
in WFMSs, and security aspects of WFMSs. Currently, his research
interest is to model and deploy electronic contracts derived from
contract documents.
Krishnamurthy Vidyasankar
is a Professor in the Department of Computer Science, Memorial
University, St. John's, Newfoundland, Canada. His research areas
include (i) transactional aspects in database and information systems
including services computing and e-contracts, (ii) transactional
memory, and (iii) shared variable constructions and mutual and group
mutual exclusion algorithms in distributed computing. Dr. Vidyasankar
has published several articles in reputed journals and conferences. He
serves in the program committees of several conferences and reviews
journal and conference submissions regularly.
Radha Krishna is a
Principal Research Scientist at Software Engineering and Technology
Labs, Infosys Technologies Limited, Hyderabad, India. He received his
Ph.D. from Osmania University in 1996. He is currently associated with
research projects leading to futuristic information management and
knowledge engineering solutions. Prior to joining Infosys, he was a
faculty member at Institute for Development and Research in Banking
Technology (IDRBT) and a scientist at National Informatics Centre,
India. His research interests include data
warehousing, data mining, and electronic contracts and services.
Tutorial
3: Risk Analysis on Service Outsourcing
Yudistira Asnar, Fabio Massacci, Wendy Hui, and Patrick C. K. Hung
Abstract:
Risk is a well-known security concept in any
business activity, and is considered a critical component in making
business decisions. In recent years, the trend of service
outsourcing introduces a new class of risk modelling and requirements.
This tutorial presents basic notions of risk and explains how
they are related to business-oriented Web services. Risk issues related
to service outsourcing are becoming the major focus of this tutorial.
This tutorial introduces the SI* Framework to analyze IT risks in an
outsourcing environment. Essentially, the framework is composed of a
modelling framework, analysis techniques and methodology. SI* is
developed to analyze security and trust issues in an organizational
setting. This tutorial presents how SI* assists business analysts in
analysing service outsourcing initiatives. The tutorial
begins by capturing business objectives from each stakeholder (actor)
in the organization, and relating uncertain events that might
compromise them. Relevant regulatory compliance and trust among actors
are critical aspects that need to be captured and analyzed. This
tutorial continues by analyzing the business objectives and services to
be outsourced using automated reasoner in the SI* tool. Business
analysts can assess the risk level and evaluate whether they need to
employ more countermeasures in such an environment. This tutorial also
covers several industry-specific scenarios to illustrate the usage of
the framework using SI* tools, and open to the possibility to work on
the case study proposed by attendees.
About the
Speakers:
Yudistira Asnar (http://yudis.asnar.net) received B. Eng. from Bandung
Institute of Technology (ITB) in 2002 and PhD in Computer Science and
Information Engineering at University of Trento, Italy in 2009. His
research interests include the areas of requirement engineering, agent
systems, security-dependability risk management, and information
assurance. The main focus of his research is on modeling and analyzing
governance, risk and compliance of IT services.
Fabio Massacci (http://www.massacci.org) received a M. Eng. in 1993 and
Ph.D. in Computer Science and Engineering at University of Rome La
Sapienza in 1998. He joined University of Siena as an Assistant
Professor in 1999, was a visiting researcher at IRIT Toulouse in 2000,
and joined Trento in 2001 where he is now a fulltime professor. His
research interests are in security requirements engineering, formal
methods and computer security. He is currently a scientific coordinator
of multimillion Euros industry R&D European projects on
security and compliance.
Wendy Hui (http://www.nottingham.edu.cn/staff.php?s=131) holds a Ph.D.
in Information Systems from the Hong Kong University of Science and
Technology (HKUST). She is currently a Lecturer at University of
Nottingham Ningbo China. Her research interests include Economics of
Information Systems, Information Security, and Technology-Assisted
Learning. Her work has been accepted by the Journal of Management
Information Systems (JMIS), Decision Support Systems (DSS), IEEE
Transactions on Systems, Man and Cybernetics, Part A (IEEE SMCA), and
Communication of the AIS (CAIS).
Patrick C. K. Hung (http://www.hrl.uoit.ca/~ckphung) is an Associate
Professor at the Faculty of Business and Information Technology from
the University of Ontario Institute of Technology and an Adjunct
Faculty Member at the Department of Electrical and Computer Engineering
in University of Waterloo, Canada. He is also a Guest Professor at the
Institute of Computer Science in University of Innsbruck, Austria.
Recently Patrick Hung has founded a startup company BeaconWall Limited
located at Hong Kong Science and Technology Park with Prof. Jay Tashiro
from Wolfsongs Informatics, USA.
Tutorial
4: Services Computing in Biomedical Science
Wei Tan, Ravi Madduri
Computation Institute, University of Chicago and Argonne National
Laboratory, USA
wtan@mcs.anl.gov, madduri@mcs.anl.gov
Abstract:
Service-oriented Science (SOS) represents a
SOA approach to federating data access and analysis across different
institutional and disciplinary sources, thus facilitating large scale
scientific collaboration. The US National Cancer Institute’s
Biomedical Information Grid (a.k.a., caBIG) program seeks to create
both a service computing infrastructure (caGrid) and a suite of data
and analytical services. Workflow tools in caGrid facilitate both the
use and creation of services by accelerating service discovery,
composition and orchestration tasks.
This tutorial uses caGrid
as a case of service computing in biomedical science and includes a
combination of research and engineering effort made by our team. The
following aspects are to be covered: 1) the motivation of SOS and an
overview of state-of-the-art; we will highlight some examples in
biomedical and bioinformatics field; 2) caGrid architecture, the
service creation and management tools it offers and the services it
hosts; 3) Taverna workbench as the workflow solution of caGrid, and how
we enhance it to fulfill the requirements from caGrid community; 4) the
challenges we are facing and the research opportunities.
About the
Speakers:
Dr. Wei Tan is a research
professional associate at the Computation Institute, University of
Chicago and Argonne National Laboratory. He is the core developer of
caBIG workflow system, and has received Teamwork Award and Outstanding
Poster Award from US National Institute of Health in recognition of his
contribution in this effort. His research interests include business
and scientific workflows, grid and service-oriented computing
(especially the applications in health-informatics), and Petri nets. He
is now involved in multiple health-informatics-related projects,
providing scientific workflow solutions for domain users. In 2007 he
was a graduate Co-op at IBM T. J. Watson Research Center, NY, USA. He
has published more than 20 papers in journals, conferences and book
chapters. He also serves as program committee member in multiple
international conferences and external reviewer for many international
journals. Find more from his homepage at http://www.mcs.anl.gov/~wtan/.
Ravi Madduri is a fellow at the Computation Institute, University of
Chicago. Ravi is one of three key contributors to the National
Institutes of Health $100M Cancer Bio-Informatics Grid (caBIG), which
links 60 NIH-funded cancer centers and clinical sites engaged in cancer
research. For his efforts in project management, tool development, and
collaboration, Ravi received several Outstanding Achievement Awards
from NIH in recognition of his work on caBIG project management, tool
development, and collaboration. Ravi is a lead architect on the
scientific workflow design and implementation project under the caGrid
toolkit.
Tutorial
5: Security in Web Services: State-of-the-art and Research Opportunities
Júlio Cezar
Estrella, Kalinka Castelo Branco
University of São Paulo, Brazil
Marco Vieira
University of Coimbra, Portugal
jcezar@icmc.usp.br,
kalinka@icmc.usp.br, mvieira@dei.uc.pt
Abstract:
Web services are the cornerstone of Service
Oriented Architectures (SOA). As business critical components, web
services must provide high security. However, deploying secure web
services is a difficult task. In fact, several studies show that a
large number of web services are deployed with security flaws that
range from code vulnerabilities (e.g., code injection vulnerabilities)
to the incorrect use of security standards and protocols. In this
tutorial we will present different techniques and tools for the
deployment of secure web services, including:
−Standards and
protocols to deploy secure services: standards such as XML, SOAP, UDDI,
WSDL approach the basic concepts of interoperable services, but for
secure web services other rules must be added. In this sense it is
essential to study the main security specifications for Web Services,
which include cryptographic algorithms and techniques that implement
digital signatures. In the tutorial we will identify and map the main
security requirements in Web Services aiming at defining ways to apply
security specifications such as: WS-Security, WS-Conversation,
XML-Signature, XML-Encryption, XACML, SAML, and others.
−Security
assessment techniques and tools: software defects are a major source of
vulnerabilities. Interface and communication faults, related to
problems in the interaction among software components/modules, are
particularly relevant in service-oriented environments, as services
must provide a secure interface to the client applications, even in the
presence of malicious inputs. In the tutorial we will overview
different security assessment approaches and experiment several tools
for vulnerability detection.
The tutorial will address
both current research topics and industry practice. Several case
studies will be presented and used to demonstrate the effectiveness of
existing tools and techniques. Future research opportunities will be
identified and discussed.
About the
Speakers:
Julio Cezar Estrella, MSc in
Computer Sciences, holds a PhD student position at the Computer Systems
Department of the University of São Paulo, and is about to
defend a thesis on QoS-Aware Service-Oriented Architectures. He has a
strong background on web services implementation and practitioner
experience in performance evaluation of SOA frameworks and tools and
also has been working in the following areas: distributed systems,
service oriented architectures, computer networks, security,
performance evaluation and processes scheduling. He is member
of IEEE, ACM and Brazilian Computer Society.
Kalinka Regina Lucas Jaquie Castelo Branco is an Assistant Professor of
the Institute of Mathematics and Computer Science - ICMC - USP, working
in the department of Computer Systems. She has experience in Computer
Science, with emphasis on Distributed Computing Systems and Parallel
Computer, working mainly in the following areas: distributed systems,
computer networks, security, performance evaluation and processes
scheduling. She is member of Brazilian Computer Society.
Marco Vieira is an Assistant Professor at the University of Coimbra,
Portugal, and an Adjunct Associate Teaching Professor at the Carnegie
Mellon University, USA. His research interests include dependability
benchmarking, security assessment, robustness assessment and
improvement, fault injection, and software quality assurance, subjects
in which he has authored or co-authored tens of papers in refereed
conferences and journals. Marco Vieira has served on program committees
of the major conferences of the dependability and databases areas and
acted as referee for many international conferences and journals.
Tutorial
6: A3S: Accountability as a Service
Chen Wang and Shiping Chen
Information Engineering Laboratory
CSIRO ICT Centre, Australia
chen.wang@csiro.au & shiping.chen@csiro.au
Abstract:
Accountability in Service Oriented
Architecture (SOA) is a capability of making business processes
across all participants (services, applications and people) accountable
in terms of both business logic
and Quality of Services (QoS). While accountability is a critical
mechanism to enhance trust between
collaborative services, there is the lack of standard accountability
support in the current SOA
infrastructure. For example, it is difficult with the existing
technologies/infrastructure to resolve a
dispute between two (web) services if some interactions between the two
services go wrong; there is
also little existing accountability support for a service consumer to
collect quantity evidences to
complain a service provider, who fails to meet its Service Level
Agreement (SLA). As the increasing
real-world activities are performed through the Internet connected
services, we envision that there will
be growing requirements for making the behaviors of both service
providers and consumers
accountable.
In the business world, one
may be reluctant to transact directly with a stranger. But a mutually
trusted
middleman can be used to facilitate transactions and resolve possible
disputes. In this tutorial, we will
share our observations and research results on building accountability
into SOA. First, we will review
related work on accountability in traditional distributed systems,
ranging from Internet protocols and
network file systems to outsourced database management systems. We will
examine what methods
embodied in these work can fit service computing in Internet scale and
what cannot. Then we will
present our research work on middleman-based approach to delivering
accountability as a service,
including our recent research results. This tutorial will focus on the
major technical challenges of
enabling SOA accountable and our solutions to these challenges.
Finally, we will demonstrate our
solutions using a collaborative services scenario deployed in Amazon
EC^2 cloud.
The goal of this tutorial
is to provide detailed understanding of accountability issues and
related
technologies in SOA with in-depth related work discussions, recent
research outcomes and a deployed
accountability service prototype.
About the
Speakers:
JDr Chen Wang received his PhD
from Nanjing University. He is a research scientist in CSIRO (The
Commonwealth Scientific and Industrial Research Organisation) ICT
Centre, Australia. His research
interest is primarily in distributed, parallel and trustworthy systems.
His current work focuses on
accountable distributed systems and smart grids. He publishes
extensively in his area, including top
journals and conferences. Dr. Chen Wang spent a few years in industry.
He ever developed a highthroughput
event system and a medical image archive system, which are used by many
hospitals and
medical centres. He also holds an honorary position in the University
of Sydney, Australia. His detailed
research information can be found at www.ict.csiro.au/staff/chen.wang
Dr. Shiping Chen is a senior research scientist of CSIRO ICT Centre,
Australia. He received his PhD
in Computer Science from University of New South Wales, Master in
Computer System Engineering
from Chinese Academy of Sciences, and Bachelor in Electrical
Engineering from Harbin University of
Technology China. From 1985 to 1999, he worked on real-time control,
parallel computing and
CORBA-based Internet gaming systems in research institutes and IT
industry. Since joining in CSIRO
in 1999, he has worked on a number of middleware-related research and
consultant projects. He
published over 30 research papers in the above research areas, and
co-authored a numbers of
middleware-related technical reports. He has been actively involved in
research community services as
an organizer and/or PC member (Middleware, ICSOC, ICWS, SCC, WWW etc.).
His current research
interests include web services and SOA, data storage and trust
computing. His detailed research
information can be found at www.ict.csiro.au/staff/shiping.chen
========================================================
Please join us at IEEE Services
Computing
Community (https://www.ieeecommunities.org/services).
Press the "JOIN" button to
apply for a
FREE membership. As a member, you will be permitted to login and
participate
in the community. This invitation allows you to join a community
designed to facilitate collaboration among a group while minimizing
e-mails to your inbox. As a registered member of the Services Computing
Community, you can also access IEEE Body of Knowledge on Services
Computing (http://www.servicescomputing.tv).
|
