【作者】 朱锐；

【导师】 王怀民；

【作者基本信息】 国防科学技术大学 ， 计算机科学与技术， 2009， 博士

【摘要】 以Web服务为代表的软件服务及软件服务协同已成为一种典型的Internet应用形态。集成单一服务所提供的功能以形成新的、满足复杂需求的服务组合技术已成为提高软件重用性,构造Internet新应用的重要方式。然而,多样的服务资源缺乏可信的、专业的第三方认证实体对其相关属性提供担保,且服务实体通常分属于不同的自治域,服务的执行过程相对于使用者而言不可见且可以被提供者更改,导致服务资源具有很大的不确定性和不可控性,服务质量常常未知。因此,在服务协同场景下应用整体的可信问题,即可信服务组合问题显得尤为突出、复杂,已经成为制约服务组合技术发展的关键问题之一。针对以上问题,本文在分析服务组合技术在可信性方面的主要挑战基础上,主要从服务选择策略、服务组合方案选择、降低失效维护开销、服务组合演化机理以及服务访问控制等方面开展了相关研究。提出了以身份可信、能力可信、行为可信为一体的服务组合可信概念框架,并从重用性、共享性、可靠性、可用性、协同性等角度出发,提出了多种提高服务组合整体可信性的相关机制。综合这些研究成果,总体上形成了较为系统的可信服务组合技术支撑框架,能够为基于软件服务协同的网络应用提供有效的可信保障机制。本文的主要创新工作包括:(1)在可信服务选择方面:可信对用户而言是一种主观感受,因此可信服务选择既要满足服务质量信息的客观准确性又要考虑用户的偏好需求,但现有服务选择机制缺乏对用户偏好的支持。针对该问题,借鉴互联网推荐系统的思想,提出了基于偏好推荐的可信服务选择算法。通过用户的历史服务评价信息在一组推荐用户中筛选出与自己评价指标最相似的一组用户,并根据该组用户对服务的评价值加权计算服务的可信度,以此作为服务选择的依据。模拟实验结果表明,该方法能够为用户选取满足自身偏好需求的服务,并较好解决了推荐算法中冷启动、推荐信息不准确和不诚实评价等问题。与同类研究相比,本文提出的方法更注重用户间体验的类似,并考虑了用户的推荐等级和领域相关度,因此在满足用户偏好需求方面更适合,极大增强了用户对服务的信任程度。(2)服务组合方案选择方面:在面对众多的服务组合设计方案时,对组合方案的选择缺乏理论指导是导致容错开销过大的主要原因之一,从而很大程度上限制了容错手段的实施效果,造成容错机制的“弊大于利”。针对该问题,在分析服务冗余、流程重构等容错手段带来的高额容错代价后,提出了9条用于减少容错代价、提高容错效果的服务组合功能拆分原则。遵循这些原则有助于服务组合设计者选择合适的服务粒度并降低服务间的耦合度,增强了服务间的协同能力并降低失效容错代价。与同类研究相比,本文工作加强了在设计阶段对容错机制的支持,这是当前大多数研究中较少考虑而又不可忽略的一部分。(3)降低失效开销方面:组合服务的失效不可避免,因此可能带来高额的补偿代价,直接导致用户支出的增加或用户信誉度的降低,影响用户对服务组合系统的信任。针对该问题,本文以具有事务特征的服务组合为背景,在分析并定义事务补偿代价的基础上,提出一种子事务延迟提交算法,该算法允许某个全局事务的子事务在提交前根据自身的补偿代价和全局事务的运行状态动态确定提交时间,尽可能使补偿操作变更为回滚操作。算法的正确性被证明,模拟实验表明,在事务失败时该算法可有效减少补偿活动的数目,降低补偿代价。与同类研究相比较,本文的工作不仅对补偿操作进行准确的分类,更对补偿代价进行精确的定义,这与当前大部分把补偿操作代价刻画为二值的研究相比,更有利于描述补偿操作的个体差异,从而优化了以补偿代价为基准的调度算法。(4)服务组合演化机理方面:服务组合的可用性、可靠性等问题不可能在设计阶段就一劳永逸地解决,因此一条可行的技术途径为“监控与演化”。针对该需求,提出了一种QoS驱动的服务组合演化机制,在可演化组合服务模型的基础上,主要对组合服务演化机制的特殊性需求展开深入研究。针对通用的监控注入能力、多维的演化决策、提高演化过程的稳定性和预防抖动现象等需求,通过监控软件生产线、多维服务质量属性的决策模型、基于耦合模型的组合服务设计原则以及离散的演化操作触发机制等技术逐一加以解决。力求建立微观层次规约自主制导与宏观层次人机协同的组合服务演化模型,可以灵活的根据应用的性质提供所需质量的服务。模拟实验结果以及实验系统说明了演化机制的有效性,此外,通过合理的参数调整可以增强演化过程中系统的稳定性并减少抖动。(5)服务访问控制方面:从可信的角度出发,人们首先考虑服务提供者的可信度。在某些情况下,服务提供方同样不相信用户可以正确的使用服务,这些误用可能来自于恶意行为、无知或者一时操作的疏忽,最终用户将改变服务的状态,导致服务的共享性降低甚至破坏和扰乱服务的正常运行。针对该问题,结合经典案例本文引入语义拒绝服务攻击SDoS(Semantic Denial of Service)的概念用于描述用户非正常使用服务所导致的服务失效问题,并针对该类攻击提出基于用户可信度的访问控制策略:通过调整用户的资源持有时效和补偿强度两个参数对用户的行为进行隐性的控制。模拟实验表明该策略可有效地抑制语义拒绝服务攻击。更多还原

【Abstract】 Software service and software service coordination represented by Web service have become a typical Internet application style. Service composition which integrates the functionalities of individual services to fulfill new and complex requirement has become an important manner for improving reusability of software and developing new Internet applications. However, the current service resources lack of the trustworthy and professional third party entities to authenticate guarantee for relevant properties. Moreover, service resources always belong to different autonomic domains, the execution process of services cannot be transparent to the customers and can be modified by service providers. Therefore, service resources have the nature of nondeterminacy and uncontrollability, the quality of service is unknown at moments. It is very obvious that the trustworthiness problem of whole application, namely, the problem of trustworthy service composition, has become a challenging and critical problem of service composition.On the basis of analyzing the challenges of service composition at the aspect of trustworthiness, the dissertation have mainly studied on several key problems including service selection strategy, composition plan selection, reducing fault-tolerant cost, mechanism of evolution and service access control. We present trust concept framework of service composition which includes identity trustworthiness, capability trustworthiness and behavior trustworthiness, and then start from the point view of reusability, shareability, reliability, availability and collaboration, we present several relational mechanisms to increase service composition entire trustworthiness. Our contributions have become systematical trustworhty service composition supporting framework which is helpful for providing effective trust-guarantee mechanisms for network application based on software service coordination. The contributions of the dissertation are listed as follows:(1) On trustworthy services selection: Trustworthiness is user’s subjective feeling, and for this reason, it not only needs to meet the objective accuracy of QoS, but also needs to consider the users’individualized requirements, but existing service selection strategy lacks of preference support. Aiming at the problem, by borrowing some ideas of Internet recommendation system, we propose preference recommendation based trustworthy service selection algorithm. First, we find a group of recommenders which have similar rating levels according to the historical evaluating information; then, compute the trustworthiness of service by adding recommenders’evaluation of estimate weighting to provide grounds for choosing service. Our experimental results show that our method can find out proper services to meet user’s preference requirements effectively, and solve the weakness of recommender systems, such as cold start, inaccurate recommendations and dishonest evaluation. Compared with the similar works, our method focuses on the similarity of users’personal experience, and considers the recommending level and relative domain degrees as well. Therefore, it is more suitable for meeting the users’individual requirements, thus greatly increasing users’faith on service.(2) On composition plan selection: It is the main reason for increasing fault-tolerant cost that without theory guiding the choice while select an optimal one among large number of composition plans. So, to some extent, it restricts the effect of fault tolerance and makes fault tolerance unworthy. To this problem, we present nine pieces of functional split principles based on the analysis of high-cost bring from service redundancy and replanning, in order to reduce the cost of fault tolerance. Following these principles is helpful for the designer to select the proper service granularity and reduce the coupling degree of services, moreover, it will be beneficial to coordinate services as well as reduce the cost of fault tolerance. Compared with the similar works, our work emphasizes on the support to fault-tolerant mechanism in design time which is the most important but always ignored part by most researches.(3) On reducing failure cost: The failure of composite service is inevitable, which would bring high quota compensation cost, and result in increase of expenses and reduction of users’reputation. For that, based on analyzing and defining the cost of compensating transactions, we present a sub-transactions committing delay algorithm in the backgroup of service composition with transactional characteristic. Sub-transactions can determine the time of committing according to both the cost of compensation and the state of execution dynamically which can turn potential compensation into rollback. The correctness of proposed algorithm is proved, and simulations show that the algorithm can confine the compensation sphere and reduce the cost of compensation when the transaction fails. Compared with the similar works, our work not only classifies compensating operation accurately, but also defines the cost of compensation exactly, while current work largely considers the compensation as two-value which makes against the description the difference of compensation and reduces the effect of optimization on scheduling algorithm based on the cost of compensation.(4) On evolution of service composition: It is impossible to find out the method to get availability and reliability done once and for ever in design time, so a feasible technical way is monitor and evolution. To meet the requirement, we present QoS-driven service composition evolution. Based on the evolutionary model of service compositon, we analyze and summarize the specific challenges of service composition evolutionary mechanisms which include general capability of monitor implantation, multidimensional decision making model, increasing stability during the evolution and preventing from shaking of system. After that, we present several solutions based on monitoring software production line, multidimensional service’s QoS decision model, principle of design based on coupled model and discrete trigger mechanism of evolution effectively. We attempt to build the evolution model of service composition both in microscopic view and macroscopic view, and then provide necessary services flexibly according to the character of application. Simulation experiments and system indicate the validity of evolutionary mechanisms, moreover, by adjusting parameters appropriately, we can enhance stability and reduce shaking of the system during the process of evolution.(5) On servcie access control: From the trust point of view, people first consider the trustworthiness of service provider. However, under some circumstances, service providers may not trust that users can use their services correctly, whether this misuse happens through malice, stupidity, or oversight is unimportant. It may affect the state of the services which result in reducing the shareability and disturb proper operation even more. To solve this problem, we introduce the term SDOS (Semantic Denial of Service) combine with classical case to describe such problems and then we present a user trustworthiness based lightweight access control which recessively defines users’activities by adjusting two parameters: resources hold duration and compensation intensity. Through the experiments, we find that our proposed mechanism can restrain the SDoS attack effectively.更多还原