The e-Demand Project (A Demand-Led Service-Based Architecture for Dependable e-Science Applications) Jie Xu (Project PI) A joint 3-year EPSRC/DTI-funded.

Slides:

Advertisements

Similar presentations

웹 서비스 개요.

Advertisements

0 McLean, VA August 8, 2006 SOA, Semantics and Security.

A Workflow Engine with Multi-Level Parallelism Supports Qifeng Huang and Yan Huang School of Computer Science Cardiff University

Research Issues in Web Services CS 4244 Lecture Zaki Malik Department of Computer Science Virginia Tech

Tuesday, June 10, 2003 Web Services Brief Overview & Security Assertion Coordinator Pattern by Mohammad Abushadi & Riaz Ahmed for Security Group CSE -

E-Science Collaboration between the UK and China Paul Townend ( University of Leeds.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 12 Slide 1 Distributed Systems Design 2.

Reliability on Web Services Presented by Pat Chan 17/10/2005.

Connect. Communicate. Collaborate Click to edit Master title style MODULE 1: perfSONAR TECHNICAL OVERVIEW.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Distributed components

Latest techniques and Applications in Interprocess Communication and Coordination Xiaoou Zhang.

Web Services Andrea Miller Ryan Armstrong Alex. Web services are an emerging technology that offer a solution for providing a common collaborative architecture.

UK e-Science and the White Rose Grid Paul Townend Distributed Systems and Services Group Informatics Research Institute University of Leeds.

Ch 12 Distributed Systems Architectures

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 12 Slide 1 Distributed Systems Architectures.

Network Enabled Capability Through Innovative Systems Engineering Service Oriented Integration of Systems for Military Capability Duncan Russell, Nik Looker,

Web Service Architecture Part I- Overview and Models (based on W3C Working Group Note Frank.

SIMULATING ERRORS IN WEB SERVICES International Journal of Simulation: Systems, Sciences and Technology 2004 Nik Looker, Malcolm Munro and Jie Xu.

Course Instructor: Aisha Azeem

Generation of WEB SERVICES Using PROGRAM SLICING RAVINDRA KUMAR SUDIP AKURA AMIT KUMAR BALKARAN SINGH SIDHU

Secure Systems Research Group - FAU Web Services Standards Presented by Keiko Hashizume.

THE NEXT STEP IN WEB SERVICES By Francisco Curbera,… Memtimin MAHMUT 2012.

©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 12 Slide 1 Distributed Systems Architectures.

Web services: Why and How OOPSLA 2001 F. Curbera, W.Nagy, S.Weerawarana Nclab, Jungsook Kim.

Managing Service Metadata as Context The 2005 Istanbul International Computational Science & Engineering Conference (ICCSE2005) Mehmet S. Aktas

Security in Virtual Laboratory System Jan Meizner Supervisor: dr inż. Marian Bubak Consultancy: dr inż. Maciej Malawski Master of Science Thesis.

DISTRIBUTED COMPUTING

London e-Science Centre Imperial College London Making the Grid Pay Economic Services - Pricing and Payment William Lee.

Web Services Igor Wasinski Olumide Asojo Scott Hannan.

GT Components. Globus Toolkit A “toolkit” of services and packages for creating the basic grid computing infrastructure Higher level tools added to this.

International Telecommunication Union Geneva, 9(pm)-10 February 2009 ITU-T Security Standardization on Mobile Web Services Lee, Jae Seung Special Fellow,

Distributed Systems: Concepts and Design Chapter 1 Pages

Web Services based e-Commerce System Sandy Liu Jodrey School of Computer Science Acadia University July, 2002.

Advanced Techniques for Scheduling, Reservation, and Access Management for Remote Laboratories Wolfgang Ziegler, Oliver Wäldrich Fraunhofer Institute SCAI.

Authentication Mechanism for Port Control Protocol (PCP) draft-wasserman-pcp-authentication-01.txt Margaret Wasserman Sam Hartman Painless Security Dacheng.

XML Web Services Architecture Siddharth Ruchandani CS 6362 – SW Architecture & Design Summer /11/05.

Web Services BOF This is a proposed new working group coming out of the Grid Computing Environments Research Group, as an outgrowth of their investigations.

Grid Middleware Tutorial / Grid Technologies IntroSlide 1 /14 Grid Technologies Intro Ivan Degtyarenko ivan.degtyarenko dog csc dot fi CSC – The Finnish.

NA-MIC National Alliance for Medical Image Computing UCSD: Engineering Core 2 Portal and Grid Infrastructure.

Distribution and components. 2 What is the problem? Enterprise computing is Large scale & complex: It supports large scale and complex organisations Spanning.

GRID Overview Internet2 Member Meeting Spring 2003 Sandra Redman Information Technology and Systems Center and Information Technology Research Center National.

Scalable Grid system– VDHA_Grid: an e-Science Grid with virtual and dynamic hierarchical architecture Huang Lican College of Computer.

Copyright © 2003 Jorgen Thelin / Cape Clear Software 1 A Web Services Security Framework Jorgen Thelin Chief Scientist Cape Clear Software Inc.

Kemal Baykal Rasim Ismayilov

Security Patterns for Web Services 02/03/05 Nelly A. Delessy.

Course: COMS-E6125 Professor: Gail E. Kaiser Student: Shanghao Li (sl2967)

Networking: Applications and Services Antonia Ghiselli, INFN Stu Loken, LBNL Chairs.

Application of Fault Injection to Globus Grid Middleware Nik Looker & Jie Xu University of Leeds, Leeds. LS2 9JT, UK Tianyu Wo & Jinpeng Huai Beihang University,

Intro to Web Services Dr. John P. Abraham UTPA. What are Web Services? Applications execute across multiple computers on a network.  The machine on which.

GRID ANATOMY Advanced Computing Concepts – Dr. Emmanuel Pilli.

1 Developing Aerospace Applications with a Reliable Web Services Paradigm Pat. P. W. Chan and Michael R. Lyu Department of Computer Science and Engineering.

25-27/11/02 Pisa 1 SeT: Secure Service Technology for Dependable e-Business/Government Applications Jie Xu, Keith Bennett and Malcolm Munro The SeTech.

Web Services Blake Schernekau March 27 th, Learning Objectives Understand Web Services Understand Web Services Figure out SOAP and what it is used.

Web Services. Web Service: Simple definition : “ Service Offered On the Web “ Technically : “ A Web Service is a programmable application component that.

A service Oriented Architecture & Web Service Technology.

Distributed Systems Architectures. Topics covered l Client-server architectures l Distributed object architectures l Inter-organisational computing.

Unit – 5 JAVA Web Services

Distribution and components

The future of distributed systems architecture

Multi-party Authentication in Web Services

Grid Services B.Ramamurthy 12/28/2018 B.Ramamurthy.

Distributed System using Web Services

New Tools In Education Minjun Wang

Distributed System using Web Services

Presentation transcript:

The e-Demand Project (A Demand-Led Service-Based Architecture for Dependable e-Science Applications) Jie Xu (Project PI) A joint 3-year EPSRC/DTI-funded research project involving: Universities of Durham, Leeds and Newcastle

2 Project Summary Funding Sources: DTI/EPSRC (THBB/008/00112C) Industrial Partners (Sun, Sharp and Sparkle Computer Technology) Total Grant - £636,900 (managed by NEReSC) Duration: April April 2005 Investigators: Jie Xu (Distributed Systems & Dependability, Leeds) Keith Bennett (Service-Based Architecture, SoE, Durham) Malcolm Munro & Nick Holliman (Visualisation, CS, Durham) Research Staff: Paul Townend, Nik Looker, Erica Yang, and Stuart Charters Hardware Testbed: A Sun 32 CPU UltraGrid computer connected to a network of Sun servers and workstations (e-Demand Laboratory) and to the White Rose Grid

3 e-Demand: A Software-Based Solution The Demand-Led Service-Based Architecture - New service-based model for organising flexible Grid applications - An instance of the service-based test architecture Fault-Injection-Based Evaluation of Grid Middleware - The FITMVS tool, supported by clusters of workstations - Grid-FIT: Evaluation with respect to faults/attacks/performance (The White Rose Grid Booth, see Nik Looker, Binka Gwynne) Support for Dependable e-Science Applications - Instance-Level Authentication and Identity Management & Attack- Tolerant Information Service – ATIR (Dacheng Zhang & Dr. Erica Yang) - FT-Grid: Topologically-Aware Fault Tolerance (Paul Townend) - 3D visualisation service for e-Science Applications (Stuart Charters)

4 Service-based Architecture  The architecture that we started with: Service consumer Contractor/assembly service provider Catalogue/ontology provider Demand Provision Finding Service/solution provider Ultra-late binding Publishing e-Action service Attack-tolerance service 3D visualization service …

5 external WS architecture middleware internal service internal service internal WS architecture WS interface access to internal systems Web Services Architecture Web Services Architecture

6 Service Description, Discovery and Interactions DescriptionDiscoveryInteractions properties & semantics business protocols interface common base language middleware properties protocol infrastructure basic & secure messaging transport XML WSDL WSCL BPEL QoS cost Directories UDDI HTTP SOAP- messaging WS- coordination WS- transaction

7 Run-Time Checking & Monitoring Session Control & Management Security Enforcement Authorisation of actions Role/Task-based Access Control Policy Management Authentication Identity management Non-repudiation etc Execution Environment Workflow/Session Management Service Composition Information Integration Grid-based resources (Built on the UK NGS/ White Rose Grid) System Architecture for e-Demand Service 1Service 2Service 3 Service Instances Interactions Message Encrypt/Decrypt Traffic Monitoring & Filtering ATIR FT-Grid Grid-FIT

8 Testing Architecture: Grid-FIT  Our testing service currently implements network level fault injection. Fault/Attack Injector (testing service) Client Server Service Request (may contain faults) Response (may contain faults) Middleware boundary Intercepted request Intercepted response Potentially altered request Potentially altered response

9 Securing Instance-Level Interactions  A complex Web service business session may span diverse security domains and organisational boundaries  Independent authentication and authorisation mechanisms are often needed to protect Web service business sessions from malicious attacks  These authentication and authorization mechanisms must work at the service instance- level  Suppose that three instances, Consumer, Producer, Shipper, compose a session  Shipper is unknown to Consumer as it is selected by Producer at run time  Based on a certificate from the business authority, Consumer then accepts that Shipper is a legal corporation/entity  Consumer also wants to be sure that Shipper is the assigned instance processing the order  Potential solutions

10 Service Instance Identification  Two key technical issues to address: 1) The Web service instances within a session have to be identified ID-based solution  Using instance identifiers to explicitly identify Web service instances  Suitable for fine-grained management mechanisms which can exercise more precise control over a business session Token-based solution  Using correlation information to identify the conversation/interactions amongst service instances and then implicitly identify the instances involved  Suitable for coarse-grained management mechanisms with less implementation overload 2) How to generate, distribute, and manage the security keys for enforcing the security boundaries of a business session – s o as to achieve effective attack/damage confinement

11  Various key management solutions have been considered and examined  All participating instances within a given session share a security key  Group communication-based approaches  Public key-based solutions (can be combined with ID-based schemes for instance identification) Business Session Key Management Our Instance ID authenticator protocol is an ID-based scheme Using the Diffie-Hellman protocol to distribute authentication information amongst participating instances of a session Providing authentication to Web service instances of the same session by appending the MAC code to the sending messages

12 System Evaluation: Examples Token-based scheme ID-based scheme Scalability Model Scalability Model

13 Conclusions (1)  The e-Demand project is multi-faceted – it’s looking at service-based architectures, security, testing and fault tolerance.  The main focus of my talk has been to present some results from the e-Demand project in regard to architectures and instance-level interactions.  Important information about Grid-FIT, FT-Grid and ATIR etc can be found in the conf. proceedings.  Some Grid applications have been supported by the e-Demand architecture and services.  Experience with supporting interactions across organisational boundaries

14 Conclusions (2)  We have designed and implemented a fairly efficient system that supports dependable instance-level interactions, independent of the underlying Grid systems used  To further enhance the dependability of Grid applications, we have developed mechanisms and services for fault/attack detection and tolerance  We have focussed on assessing the dependability of Grid mechanisms and systems based on fault/attack injection techniques

15 The Way Forward  Continuous collaboration with NEReSC, the GOLD team, and the GT4 team etc  Wider range of Grid connections for larger scale experiments and assessments – the White Rose Grid, the CoLab Gird between UK and China etc  Grid applications in e-Social science domains (the MoSeS project)  Evaluation with a focus on performance and security