Ensuring the dependability and security of mobile P2P systems is an intricate task due to the autonomous and decentralised nature of such systems. In this paper, we present a framework that provides increased support for security and dependability properties by monitoring the compliance of the operation of mobile P2P applications with them at runtime. The framework performs monitoring driven by policies specified for the individual peers in a P2P application and decouples the monitoring process from the operation of the application, to increase its resilience and avoid adverse effects on its performance.

Abstract — Trust in software services is a key prerequisite for the success and wide adoption of Services-Oriented Computing (SOC) in an open Internet world. However, trust is poorly assessed by existing methods and technologies, especially in dynamically composed and deployed SOC systems. In this paper, we discuss current methods for assessing trust in Service-Oriented Computing and identify gaps of current platforms, in particular with regards to runtime trust assessment. To address these gaps, we propose a model of runtime trust assessment of software services and introduce a framework for realizing the model. A key characteristic of our approach is the support that it offers for customizable assessment of trust based on evidence collected during the operation of software services and its ability to combine this evidence with subjective assessments coming from service clients.

Abstract—An increasing number of popular SOAP web services exhibit a stateful behavior, where a successful interaction is determined as much by the correct format of messages as by the sequence in which they are exchanged with a client. The set of such constraints forms a “message contract ” that needs to be enforced on both sides of the transaction; it often includes constraints referring to actual data elements inside messages. We present an algorithm for the runtime monitoring of such message contracts with data parameterization. Their properties are expressed in LTL-FO þ, an extension of Linear Temporal Logic that allows first-order quantification over the data inside a trace of XML messages. An implementation of this algorithm can transparently enforce an LTL-FO þ specification using a small and invisible Java applet. Violations of the specification are reported on-the-fly and prevent erroneous or out-of-sequence XML messages from being exchanged. Experiments on commercial web services from Amazon.com and Google indicate that LTL-FO þ is an appropriate language for expressing their message contracts, and that its processing overhead on sample traces is acceptable both for client-side and server-side enforcement architectures. Index Terms—Web services, runtime monitoring, temporal logic. Ç 1

Abstract—Service Level Agreements (SLAs) are used to specify the negotiated conditions between the provider and the consumer of services. In this paper we present a stepwise method to identify and categorize a set of test requirements that represent the potential situations that can be exercised regarding the specification of each isolated guarantee term of an SLA. This identification is addressed by means of devising a set of coverage levels that allow grading the thoroughness of the tests. The utilization of these test requirements would focus on twofold objectives: (1) the generation of a test suite that allows exercising the situations described in the test requirements and (2) the support for the derivation of a monitoring plan that checks the compliance of these requirements at runtime. The approach is illustrated over an eHealth case study.

Abstract. In the scope of Service Oriented Architectures (SOA), Service Level Agreements (SLAs) are used to specify the conditions that have to be fulfilled by both service provider and consumer. These stakeholders need checking whether the executions of the services fulfill the conditions or not, so the evaluation is an important and not trivial task within the testing process. This paper describes the current state of an ongoing PhD research that aims to define an SLA-aware testing method to test service-oriented systems. A model will represent relevant information associated to the terms of the SLA and, from this model, interesting situations will be identified and prioritized. The exercitation of these situations will be performed through a suited design and execution of test cases. In addition to this, the approach could be complemented with monitoring techniques, determining which situations have already been executed in an operation environment in order to select a set of situations that remain unexercised and need to be tested.