Skip to main content

Automated and verifiable internet services and applications development

EDITORIAL

Marco Autili (Lead Guest Editor) & Massimo Tivoli
Department of Information Engineering, Computer Science and Mathematics - University of L’Aquila, L’Aquila, Italy
Federico Ciccozzi
Division of Computer Science and Software Engineering, Malardalen University, Malardalen, Sweden
Farhad Arbab
Department of Computer Security, CWI, Amsterdam, The Netherlands
Dimitra Giannakopoulou
Ames Research Center, NAS, Moffett Field, CA, USA
Pascal Poizat
Department of Math & CS, Sorbonne Université, Paris, France

Introduction

This thematic series of the Journal of Internet Services and Applications (JISA) presents a collection of articles around the topic of Automated and Verifiable Internet Services and Applications Development, including: analysis of service- and thing-based systems, run-time support for verifying and composing services and things, interconnected mobile Internet of Things (IoT) devices, safety-critical (SC) cyber-physical systems (CPS), adaptable service-based applications, crosscutting concerns, and related tools, case studies, and use cases.

During the last three decades, automation in internet services and applications development has gone mainstream. Software development teams strive to automate as much of the software development activities as possible. Automation helps, in fact, to reduce development time and cost, as well as to concentrate knowledge by bringing quality into every step of the development process. Realizing high-quality internet services and applications requires producing software that is efficient, error-free, cost-effective, and that satisfies customer requirements. Thus, one of the most crucial factors impacting software quality concerns not only the automation of the development process but also the ability to verify the outcomes of each process activity and the goodness of the resulting software product as well.

This JISA Thematic Series originates from the Workshop on Automated and Verifiable Internet Services and Applications Development (ASYDE) that was held in York, UK, on September 16, 2019, and which was affiliated with the 17th International Conference on Software Engineering and Formal Methods (SEFM 2019). The ASYDE workshop was organized by: Marco Autili, University of L’Aquila, Italy; Massimo Tivoli, University of L’Aquila, Italy; Federico Ciccozzi, Malardalen University, Sweden; Farhad Arbab, CWI, The Netherlands; Dimitra Giannakopoulou, NASA Ames Research Center, USA; Pascal Poizat, Sorbonne Université, France.

The ASYDE workshop series is the result of a follow-up action, thanks to the work of the Steering Committee members, bringing together and consolidating the following previous events: OrChor’14, SCFI’15, SCART’15, VeryComp’16. Specifically, all these events were devised for bringing together researchers and practitioners from various areas related to automated development and composition, analysis and verification. All of them aimed at providing innovative contributions in the research and development of novel formal methods and software engineering approaches to the design, development, analysis, validation, execution and deployment of software systems. In particular, the workshops provided the opportunity to discuss how the next-generation internet, with the high availability of ubiquitous communication, affects the traditional methods and tools, and how facing complexity in terms of scalability, heterogeneity, and dynamicity promotes the integration of FM within SE practices towards automating as much of the software development activities as possible. The goal is to seek answers on how the rigorousness of FM can practically assists engineers while designing, developing, validating, and operating systems that are built via correct-by-construction approaches, while exploiting automation for reducing development time and cost, as well as  elevating the productivity and the quality of each single step of the development process.

In this direction, this JISA Thematic Series aims at new automated software development methods and techniques, compositional verification theories, integration architectures, flexible and dynamic composition, and automated planning mechanisms, counteracting the specialization of traditional approaches in order to deal with heterogeneity, dynamicity, adaptation, large scale, mobility, security, etc. Spanning different domains, from mobile to IoT devices, from service-based applications to safety-critical cyber-physical systems, we received contributions at various levels: from foundational aspects to concrete application experiments; from design to verification and analysis; from composition to adaptation; and from deployment to execution.

Retaining the highly selective reviewing process of the two previous Thematic Series on service composition for the future internet, and on verification and composition for the internet of services and things [1,2], also this Thematic Series was conceived to be highly selective and demanding of high-quality research and technical contributions. The review procedure consisted of multiple rounds of peer review with 3 reviews per submission. We received six submissions concerning adaptale composition techniques for service-based systems, verification of safety-critical cyber-physical systems, and analysis of interconnected mobile IoT devices. Among the received submissions, we also had manuscripts on the impact of internet availability and daily intervention for patients supported by smartphones. The three submissions that were selected for publication and appear in this issue are summarized in the following section.

The papers

The three accepted papers address issues related to IoT systems interoperability via middleware connectors exploiting  bridging mechanisms to interconnect heterogeneous  IoT devices [3]; formal verification of  time properties for safety requirements in cyber-physical systems via Model-driven Development (MDD) to covers the life cycle of the system, from the specification of safety requirements to a formally verifiable abstract code [4]; Dynamic adaptation of service-based applications via continuous development and deployment to facilitate both the continuous integration of new services that can easily join the application, and the operation of applications under dynamic circumstances, to face the openness and dynamicity of the environment [5].

Bouloukakis et al. [3] study IoT [7] applications consisting of devices (i.e., Things) that, in order to interact with each other, employ a variety of middleware-layer protocols, such as MQTT, CoAP, and ZeroMQ [8]. The main purpose of this paper is to model and analyze the non-functional time semantics of mobile IoT interactions. Specifically, an enhanced version of the DeX [8] connector model is used to study IoT interactions. DeX is exploited to accurately model timing behavior through timed automata, which in turn permit to specify timing constraints for time-sensitive systems to ensure properties such as deadlock freeness and time-bounded liveness. The conditions of successful DeX interactions are verified in UPPAAL in conjunction with the specified timing guards. In [3], Bouloukakis et al. demonstrate that the success rate of DeX interactions is significantly affected by accurate setting of lifetime, timeout, time_on and serve_time periods. Thus, for designers of IoT applications, higher probability of successful interactions can be ensured by providing a fine-grained analysis of the related timing parameters. This constitutes an important aspect especially in the case of heterogeneous space-time coupled/decoupled DeX interactions with variable connectivity of IoT devices.  In [3], Bouloukakis et al. further demonstrate that it is possible to configure the response time vs. success rate trade off. An important finding of this paper is that the proposed timed modeling and analysis of IoT interactions may bring considerable advantages into the design of robust and efficient IoT systems. As future work, the authors plan to consider processing and transmission delays together with the effect of DeXM mediators in order to model the performance of realistic DeX interactions. The idea is to model publish/subsbribe protocols by adopting queueing network models, which enable both simulation and analytical models for estimating the performance of the system in terms of, e.g., response times and delivery success rates. The results can be then leveraged in heuristic and optimization techniques for tuning and reconfiguring the system at runtime.

Sirjani et al. [4] present a Model-driven Development (MDD) approach to formally verify time properties for safety requirements in cyber-physical systems (CPS). Specifically, an iterative verification-driven development approach is proposed for building safety-critical systems by using Timed Rebeca [9], which permits to model and formally verify distributed, concurrent and event-driven asynchronous systems with timing constraints. The novelty of the work by Sirjani et al. resides in proposing a light-weight and agile process that, from the specification of safety requirements to a formally verifiable abstract code, covers the life cycle of cyber-physical systems. The approach permits to improve the specification of safety requirements by helping with the identification of ambiguities and inconsistencies. In turn, this helps to achieve consistency, completeness and correctness. The authors leverage a structuring method based on GIVEN-WHEN-THEN syntax to bridge the gap between high-level requirements and the actor-based modeling language used by Rebeca. This allows for alleviating the ambiguity and facilitating the transition from requirements to the formal model. The structured requirements also help in one of the most challenging tasks in model checking which is deriving the required properties to check. The main motivation behind this work is that, in cyber-physical systems, timing is an important issue that may invalidate the safety requirements and, hence, the safety of the whole system. Moreover, industry needs to be able to verify the safety requirements to guarantee their completeness and correctness before they are implemented, since it is very much costly to fix a safety-critical system built on erroneous safety requirements. For that reason, the process proposed in the paper adopts methods, such as the syntax to specify safety requirements and the UML behavioral models, which are common practices in industry.

De Sanctis et al. [5] recognize the need of modern service-based applications for satisfying different requirements to deal with the features of modern execution environments, and identify the following research challenges: applicability in open environments, autonomy and heterogeneity of services, context-awareness, services interoperability, adaptivity and scalability, user centricity and personalization, and portability. In this direction, the authors propose an approach to the definition of the complete lifecycle for the continuous development and deployment of service-based applications, by facilitating (1) the continuous integration of new services, which can easily join the applications, and (2) the applications operation under dynamic circumstances, to face the openness and dynamicity of the environment. The proposed approach has been implemented and evaluated in a real-world case study in the mobility domain, and experimental results demonstrate the effectiveness of the approach and its practical applicability. In [5], the authors finally identify a number of interesting future research directions, among which (i) studying the usability of the approach by accounting for different levels of user experience; and, importantly for this Thematic Series, (ii) introducing automation in the initial activity of the design for adaptation process, by devising a technique to wrap-up services/things into domain objects.

Papers selection process

There were two independent cycles of submissions and the papers were published as soon as they became ready. Each manuscript went through several revisions before the final acceptance. We invited a number of leading experts in the area to form an editorial committee to thoroughly review the papers. All manuscripts were reviewed by at least three members of the editorial committee. For each review cycle, guest editors checked the new version of the papers produced after the review to establish whether the authors carefully and adequately addressed the reviewers comments. When the reviewer comments were not completely addressed, a further cycle of review was required. Thus, for each peer-reviewed paper, the final decision was always confirmed by the guest editors. The papers were reviewed by a total of 14 reviewers. The names of the editorial committee members are listed on the acknowledgements of this editorial.

Conclusion

During the last three decades, automation in internet services and applications development has been receiving extensive attention from the industry and research community. This JISA Thematic Series aimed at new automated software development methods and techniques, compositional verification theories, integration architectures, flexible and dynamic composition, and automated planning mechanisms, counteracting the specialization of traditional approaches in order to deal with heterogeneity, dynamicity, adaptation, large scale, mobility, security, etc.

This Thematic Series was conceived to be highly selective and demanding of high-quality research and technical contributions. Adopting a highly selective reviewing process, the following three papers were accepted [3,4,5].

As pointed out by Bouloukakis et al. [3], the emergence of the Internet of Things (IoT), application developers can rely on a variety of protocols and Application Programming Interfaces (APIs) to support data exchange between IoT devices. However, this may result in highly heterogeneous IoT interactions in terms of both functional and non-functional semantics. To map between heterogeneous functional semantics, middleware connectors can be utilized to interconnect IoT devices via bridging mechanisms.

According to Sirjani et al. [4], software systems are complicated, and the scientific and engineering methodologies for software development are relatively young. Cyber-physical systems are now in every corner of our lives, and we need robust methods for handling the ever-increasing complexity of their software systems. Model-Driven Development is a promising approach to tackle the complexity of systems through the concept of abstraction, enabling analysis at earlier phases of development.

Furthermore, as discussed by De Sanctis et al. [5], there are still major obstacles that hinder the development and potential realization of service computing in the real world. In fact, the latest Next Generation Internet vision further challenges the IoS paradigm. Service-oriented computing has to face the ultra large scale and heterogeneity of the Future Internet, which are orders of magnitude higher than those of today’s service-oriented systems.

The message that we want the readers of this editorial to take away is that, as digital transformation accelerates, IT organizations strive to progress at the same rate of the number and heterogeneity of technologies that must be supported. Cloud and virtualization services, edge computing, microservices and containers, just to mention a few, are now massively adopted and increasingly require automation to deal with the scale and complexity. As of today, a well known trade-off problem still remains unsolved: how can we deliver the best quality possible while keeping costs acceptable and competitive? Automatization is a promising way to go.

References

1. Autili, M., Giannakopoulou, D. & Tivoli, M. Thematic series on Verification and Composition for the Internet of Services and Things. J Internet Serv Appl 9, 10 (2018). https://doi.org/10.1186/s13174-018-0080-9
2. Autili, M., Tivoli, M. & Goldman, A. Thematic series on Service Composition for the Future Internet. J Internet Serv Appl 7, 3 (2016). https://doi.org/10.1186/s13174-016-0045-9
3. Bouloukakis, G., Georgantas, N., Kattepur, A. et al. Timed protocol analysis of interconnected mobile IoT devices. J Internet Serv Appl 12, 12 (2021). https://doi.org/10.1186/s13174-021-00143-w
4. Sirjani, M., Provenzano, L., Asadollah, S.A. et al. Towards a Verification-Driven Iterative Development of Software for Safety-Critical Cyber-Physical Systems. J Internet Serv Appl 12, 2 (2021). https://doi.org/10.1186/s13174-021-00132-z
5. De Sanctis, M., Bucchiarone, A. & Marconi, A. Dynamic adaptation of service-based applications: a design for adaptation approach. J Internet Serv Appl 11, 2 (2020). https://doi.org/10.1186/s13174-020-00123-6
6. Guinard D, Trifa V, Karnouskos S, Spiess P, Savio D. Interacting with the soa-based internet of things: discovery, query, selection, and on-demand provisioning of web services. IEEE Trans Serv Comput. 3(3):223–35 (2010). https://doi.org/10.1109/TSC.2010.3
7. Fysarakis K, Askoxylakis I, Soultatos O, Papaefstathiou I, Manifavas C, Katos V. Which IoT protocol? Comparing standardized approaches over a common M2M application. IEEE Global Communications Conference (2016). https://doi.org/10.1109/GLOCOM.2016.7842383
8. Bouloukakis G, Georgantas N, Ntumba P, Issarny V. Automated synthesis of mediators for middleware-layer protocol interoperability in the IoT. Future Generation Computing Systems 101:1271-94 (2019). https://doi.org/10.1016/j.future.2019.05.064
9. Reynisson AH, Sirjani M, Aceto L, Cimini M, Jafari A, Ingólfsdóttir A, Sigurdarson SH. Modelling and simulation of asynchronous real-time systems using timed Rebeca. Sci Comput Program. 89:41-6 (2014). https://doi.org/10.1016/j.scico.2014.01.008

Acknowledgements

We thank all the authors, reviewers, editors-in-chief, and staff for the great work, which supported this thematic series on this very important topic both for the research community and for industry. In particular, we thank all the anonymous editorial committee members. The voluntary work of these researchers and practitioners were crucial for this thematic series.

This Thematic Series has been supported by (i) the Ministry of Economy and Finance, Cipe resolution n. 135/2012 (project INCIPICT - INnovating CIty Planning through Information and Communication Technologies), and (ii) the GAUSS national research project, which has been funded by the MIUR under the PRIN 2015 program (Contract 2015KWREMX).


  1. With the emergence of the Internet of Things (IoT), application developers can rely on a variety of protocols and Application Programming Interfaces (APIs) to support data exchange between IoT devices. However, t...

    Authors: Georgios Bouloukakis, Nikolaos Georgantas, Ajay Kattepur and Valerie Issarny
    Citation: Journal of Internet Services and Applications 2021 12:12
  2. Software systems are complicated, and the scientific and engineering methodologies for software development are relatively young. Cyber-physical systems are now in every corner of our lives, and we need robust...

    Authors: Marjan Sirjani, Luciana Provenzano, Sara Abbaspour Asadollah, Mahshid Helali Moghadam and Mehrdad Saadatmand
    Citation: Journal of Internet Services and Applications 2021 12:2
  3. A key challenge posed by the Next Generation Internet landscape is that modern service-based applications need to cope with open and continuously evolving environments and to operate under dynamic circumstances (...

    Authors: Martina De Sanctis, Antonio Bucchiarone and Annapaola Marconi
    Citation: Journal of Internet Services and Applications 2020 11:2