SlideShare a Scribd company logo
A policy-based evaluation framework
     for Quality and Security in
   Service Oriented Architectures

        V. Casola
        A.R. Fasolino
        N. Mazzocca
        P. Tramontana

        Dipartimento di Informatica e Sistemistica
        Universita' degli Studi di Napoli, Federico II
        Naples, Italy

        {casolav, fasolino, n.mazzocca, ptramont}@unina.it

                                                   1
Current Web Service Scenarios:

• Customers ask for Web Services providing with specified Quality levels;

• Providers are interested to publish both functional and quality characteristics of the
  Web Services they provide;

• Service Level Agreements (SLAs) are contracts between a Customer and a
Provider; they specify the characteristics in terms of performance and security of the
provided services; they are usually expressed by means of free text documents, i.e.
in natural language;

•All these factors represent a wide limit in the formal definition and automatic
evaluation of SLA.




   Models are needed to formally express the Quality of Web
     Services (software quality, QoS, security and so on)
      requested by Customers and offered by 2  Providers
Our Proposal: define a Quality Meta-
                             Model
     Quality Model                       • Quality Characteristic: any quality requirements,
                                         such as Performance, Security, Cost,
            1..n                         Maintainability
     Characteristic +SubCharacteristic
                     0..n
                                         •Characteristics may be arranged in a hierarchy
                0..1                     (Measurable Characteristics are the leaves)
Measurable Characteristic
                                         • Measurable Characteristic: a Quality
             1..n
                                         Characteristic that can directly be measured
       Component

             1..n
                            Quality Characteristic: Efficiency
           1                     oQuality Characteristic: Time Behaviour
   Measurement Unit                  Quality Characteristic: Response Time
                                          •Measurable Quality Characteristic: Average
                                          Response Time
                                               oComponent: Average Response Time Value
                                                Measurement Unit: Seconds
                                               oComponent: Samples Number
                                                Measurement Unit: Natural Number

                                                                         3
Open problem: How a Customer can choose the Web
     Service that better fits his quality requirements?
                                      Service
                                     Provider1


                                                        Quality
             Service                                    Offer 1
            Customer             ?      …

                       Quality        Service
                       Request       Provider n


                                                         Quality
                                                         Offer n




•We propose to formally express Quality as an istance of the
meta-model;
•We adopt a decision framework for Quality evaluation;
•The framework is based on AHP (Analytic Hierarchy
Process) proposed by Saaty.
                                         T.L. Saaty. How to make a decision: the analytic
                                                           4
                                         hierarchy process, European Journal of Operational
                                         Research, 1990. Vol. 48, n.1, Elsevier, pp. 9-26.
The Analytical Hierarchy Process
1.    The decision framework design activity:
     1. Weight Assignment step: the relative importance of the
         characteristics is rated;
     2. Clustering step: for each measurable characteristic, the sets
         of values that will be considered equivalent for the aims of the
         evaluation are defined;
     3. Rating Step: each set is associated to a rating value;

1.    The decision making activity: to compare the quality of an
      offered service (formalised in a Quality Offer Model) against
      requestor needs (formalised in a Quality Request Model)




                                                        5
Step 1: Weight Assignment
     Intensity of Importance and its
                                                                                          Average    Standard    Maximum
              interpretation
                                                                                          Response   Deviation   of Response
   Intensity of             Interpretation                                                Time       Response    Time
                                                                                                     Time
   Importance
                                                                         Average          1          3           7
        1                   Equal Importance                             Response Time
                                                          1. Build the
        3                   Moderate                                     Standard         1/3        1           5
                                                          Comparison
                            Importance                                   Deviation
                                                          matrix         Response Time
        5                   Strong Importance
                                                                         Maximum          1/7        1/5         1
        7                   Very strong                                  Response Time
                            Importance
                                                                                 2. Normalize
        9                   Extreme Importance
                                                                                 The matrix


                                                              Average    Standard        Maximum     Weights
                                                              Response   Deviation       Response
                                                              Time       Response        Time
Characteristic Weights                                                   Time
are assigned by                           Average Response    21/31      15/21           7/13        0.64
comparing their relative                  Time
importance:                               Standard            7/31       5/21            5/13        0.28
        n
                                          Deviation
            m' (i, k )
w(i ) = ∑
                                          Response Time
                       ∀i
       k =1     n                         Maximum             3/31       1/21            1/13        0.07
                                          Response Time                                         6
Step 2: Clustering
Let’s consider the Average Response Time characteristic

 R = Offered_value / Requested_value

                                                    R < 0.5 (very fast response);
     Possible Solutions are                         0.5≤ R <1 (sufficiently fast
     clustered in three levels:                   response);
                                                    1≤ R <2 (quite slow response).

                                   Step 3: Rating
 Intensity of Goodness and its           Ratings are assigned to clusters by
         interpretation                  comparing their relative Goodness
Intensity of    Interpretation
 Goodness                                                 R<0.5      0.5≤R<1        1≤R<2      Rating

     1          Equivalent              R < 0.5              1             3               5    0.63

     3          Moderately              0.5≤R<1             1/3            1               3    0.26
                better                  1≤ R<2              1/5           1/3              1    0.11
     5          Strongly better
     7          Very strongly
                better                                              0.63 if    R < 0.5
                                      Satisfaction                  
     9          Extremely better                           S (R ) = 0.26 if 0.5 ≤ R < 1
                                      Function S(R)                  0.11 if7 1 ≤ R < 2
                                                                    
The Decision Making Activity

The Quality of different Web Services is compared by evaluating:
    1. a Satisfaction Function for each Measurable Characteristic.
    2. a Satisfaction Function for each non-Measurable Characteristic

         S c (request , offer ) =     ∑w
                                    sc∈C ( c )
                                                 sc   S sc (request , offer )



3. the Overall Satisfaction Function:

         S (request , offer ) =          ∑ w S (request, offer )
                                               c c
                                  c∈Characteristic




    The Web Service with the greater
   Satisfaction Function value is chosen
                                                                                8

More Related Content

Viewers also liked

2010-02 Building Security Architecture Framework
2010-02 Building Security Architecture Framework 2010-02 Building Security Architecture Framework
2010-02 Building Security Architecture Framework
Raleigh ISSA
 
Cybersecurity Priorities and Roadmap: Recommendations to DHS
Cybersecurity Priorities and Roadmap: Recommendations to DHSCybersecurity Priorities and Roadmap: Recommendations to DHS
Cybersecurity Priorities and Roadmap: Recommendations to DHS
John Gilligan
 
Cyber security: A roadmap to secure solutions
Cyber security: A roadmap to secure solutionsCyber security: A roadmap to secure solutions
Cyber security: A roadmap to secure solutions
Schneider Electric
 
The National Cyber Security Strategy 2016 to 2021 sets out the government's p...
The National Cyber Security Strategy 2016 to 2021 sets out the government's p...The National Cyber Security Strategy 2016 to 2021 sets out the government's p...
The National Cyber Security Strategy 2016 to 2021 sets out the government's p...
at MicroFocus Italy ❖✔
 
Roadmap to security operations excellence
Roadmap to security operations excellenceRoadmap to security operations excellence
Roadmap to security operations excellence
Erik Taavila
 
Automated Penetration Testing With The Metasploit Framework
Automated Penetration Testing With The Metasploit FrameworkAutomated Penetration Testing With The Metasploit Framework
Automated Penetration Testing With The Metasploit Framework
Tom Eston
 
National Cybersecurity - Roadmap and Action Plan
National Cybersecurity - Roadmap and Action PlanNational Cybersecurity - Roadmap and Action Plan
National Cybersecurity - Roadmap and Action Plan
Dr David Probert
 
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
Priyanka Aash
 
Chapter 3: Information Security Framework
Chapter 3: Information Security FrameworkChapter 3: Information Security Framework
Chapter 3: Information Security Framework
Nada G.Youssef
 
NISTs Cybersecurity Framework -- Comparison with Best Practice
NISTs Cybersecurity Framework -- Comparison with Best PracticeNISTs Cybersecurity Framework -- Comparison with Best Practice
NISTs Cybersecurity Framework -- Comparison with Best Practice
David Ochel
 
From Business Architecture to Security Architecture
From Business Architecture to Security ArchitectureFrom Business Architecture to Security Architecture
From Business Architecture to Security Architecture
Priyanka Aash
 
Security Maturity Assessment
Security Maturity AssessmentSecurity Maturity Assessment
Security Maturity Assessment
Claude Baudoin
 
Network Forensics and Practical Packet Analysis
Network Forensics and Practical Packet AnalysisNetwork Forensics and Practical Packet Analysis
Network Forensics and Practical Packet Analysis
Priyanka Aash
 
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
WAJAHAT IQBAL
 
Security Maturity Models.
Security Maturity Models.Security Maturity Models.
Security Maturity Models.
Priyanka Aash
 
NIST Cybersecurity Framework - Mindmap
NIST Cybersecurity Framework - MindmapNIST Cybersecurity Framework - Mindmap
NIST Cybersecurity Framework - Mindmap
WAJAHAT IQBAL
 
PuppetConf 2016: Security Roadmap: How We Are Helping You When Everything is ...
PuppetConf 2016: Security Roadmap: How We Are Helping You When Everything is ...PuppetConf 2016: Security Roadmap: How We Are Helping You When Everything is ...
PuppetConf 2016: Security Roadmap: How We Are Helping You When Everything is ...
Puppet
 
NIST Critical Security Framework (CSF)
NIST Critical Security Framework (CSF) NIST Critical Security Framework (CSF)
NIST Critical Security Framework (CSF)
Priyanka Aash
 
Introduction to NIST Cybersecurity Framework
Introduction to NIST Cybersecurity FrameworkIntroduction to NIST Cybersecurity Framework
Introduction to NIST Cybersecurity Framework
Tuan Phan
 
Practical Applications of Block Chain Technologies
Practical Applications of Block Chain Technologies Practical Applications of Block Chain Technologies
Practical Applications of Block Chain Technologies
Priyanka Aash
 

Viewers also liked (20)

2010-02 Building Security Architecture Framework
2010-02 Building Security Architecture Framework 2010-02 Building Security Architecture Framework
2010-02 Building Security Architecture Framework
 
Cybersecurity Priorities and Roadmap: Recommendations to DHS
Cybersecurity Priorities and Roadmap: Recommendations to DHSCybersecurity Priorities and Roadmap: Recommendations to DHS
Cybersecurity Priorities and Roadmap: Recommendations to DHS
 
Cyber security: A roadmap to secure solutions
Cyber security: A roadmap to secure solutionsCyber security: A roadmap to secure solutions
Cyber security: A roadmap to secure solutions
 
The National Cyber Security Strategy 2016 to 2021 sets out the government's p...
The National Cyber Security Strategy 2016 to 2021 sets out the government's p...The National Cyber Security Strategy 2016 to 2021 sets out the government's p...
The National Cyber Security Strategy 2016 to 2021 sets out the government's p...
 
Roadmap to security operations excellence
Roadmap to security operations excellenceRoadmap to security operations excellence
Roadmap to security operations excellence
 
Automated Penetration Testing With The Metasploit Framework
Automated Penetration Testing With The Metasploit FrameworkAutomated Penetration Testing With The Metasploit Framework
Automated Penetration Testing With The Metasploit Framework
 
National Cybersecurity - Roadmap and Action Plan
National Cybersecurity - Roadmap and Action PlanNational Cybersecurity - Roadmap and Action Plan
National Cybersecurity - Roadmap and Action Plan
 
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
 
Chapter 3: Information Security Framework
Chapter 3: Information Security FrameworkChapter 3: Information Security Framework
Chapter 3: Information Security Framework
 
NISTs Cybersecurity Framework -- Comparison with Best Practice
NISTs Cybersecurity Framework -- Comparison with Best PracticeNISTs Cybersecurity Framework -- Comparison with Best Practice
NISTs Cybersecurity Framework -- Comparison with Best Practice
 
From Business Architecture to Security Architecture
From Business Architecture to Security ArchitectureFrom Business Architecture to Security Architecture
From Business Architecture to Security Architecture
 
Security Maturity Assessment
Security Maturity AssessmentSecurity Maturity Assessment
Security Maturity Assessment
 
Network Forensics and Practical Packet Analysis
Network Forensics and Practical Packet AnalysisNetwork Forensics and Practical Packet Analysis
Network Forensics and Practical Packet Analysis
 
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
 
Security Maturity Models.
Security Maturity Models.Security Maturity Models.
Security Maturity Models.
 
NIST Cybersecurity Framework - Mindmap
NIST Cybersecurity Framework - MindmapNIST Cybersecurity Framework - Mindmap
NIST Cybersecurity Framework - Mindmap
 
PuppetConf 2016: Security Roadmap: How We Are Helping You When Everything is ...
PuppetConf 2016: Security Roadmap: How We Are Helping You When Everything is ...PuppetConf 2016: Security Roadmap: How We Are Helping You When Everything is ...
PuppetConf 2016: Security Roadmap: How We Are Helping You When Everything is ...
 
NIST Critical Security Framework (CSF)
NIST Critical Security Framework (CSF) NIST Critical Security Framework (CSF)
NIST Critical Security Framework (CSF)
 
Introduction to NIST Cybersecurity Framework
Introduction to NIST Cybersecurity FrameworkIntroduction to NIST Cybersecurity Framework
Introduction to NIST Cybersecurity Framework
 
Practical Applications of Block Chain Technologies
Practical Applications of Block Chain Technologies Practical Applications of Block Chain Technologies
Practical Applications of Block Chain Technologies
 

Similar to A policy-based evaluation framework for Quality and Security in Service Oriented Architectures

Ahmad measuremenr reliability and validity
Ahmad measuremenr reliability and validityAhmad measuremenr reliability and validity
Ahmad measuremenr reliability and validity
Ahd Ryn
 
Measurement terms
Measurement termsMeasurement terms
Measurement terms
steadyfalcon
 
Cost of poor quality presentation5
Cost of poor quality presentation5Cost of poor quality presentation5
Cost of poor quality presentation5
Imran Jamil
 
Conjoint Analysis
Conjoint AnalysisConjoint Analysis
Conjoint Analysis
Madhusudan Partani
 
Software Quality
Software QualitySoftware Quality
Software Quality
sjavaad
 
The service minded tester
The service minded testerThe service minded tester
The service minded tester
Johan Hoberg
 
Outcomes in Occupational Therapy (& Assistive Technology)
Outcomes in Occupational Therapy (& Assistive Technology)Outcomes in Occupational Therapy (& Assistive Technology)
Outcomes in Occupational Therapy (& Assistive Technology)
will wade
 
Validity
ValidityValidity
Validity
Roi Xcel
 
Gage R&amp;R Measurement Systems Analysis Sample Slides
Gage R&amp;R Measurement Systems Analysis Sample SlidesGage R&amp;R Measurement Systems Analysis Sample Slides
Gage R&amp;R Measurement Systems Analysis Sample Slides
Scott Munger
 
Adressing requirements with agile practices
Adressing requirements with agile practicesAdressing requirements with agile practices
Adressing requirements with agile practices
fboisvert
 
Deependra pal, amul ppt , factor analysis
Deependra pal, amul ppt , factor analysis Deependra pal, amul ppt , factor analysis
Deependra pal, amul ppt , factor analysis
Deependra Pal
 
The Incompleteness Theorem of Performance Measurement in Service Quality
The Incompleteness Theorem of Performance Measurement in Service QualityThe Incompleteness Theorem of Performance Measurement in Service Quality
The Incompleteness Theorem of Performance Measurement in Service Quality
Coliban Water
 
Flevy.com - Cost Drivers Analysis
Flevy.com - Cost Drivers AnalysisFlevy.com - Cost Drivers Analysis
Flevy.com - Cost Drivers Analysis
David Tracy
 
How a Great QA Team can make a Disproportionate Contribution to Project Success
How a Great QA Team can make a Disproportionate Contribution to Project SuccessHow a Great QA Team can make a Disproportionate Contribution to Project Success
How a Great QA Team can make a Disproportionate Contribution to Project Success
Iosif Itkin
 
Extent 2013 Obninsk How a Great QA Team Can Make a Disproportionate Contribut...
Extent 2013 Obninsk How a Great QA Team Can Make a Disproportionate Contribut...Extent 2013 Obninsk How a Great QA Team Can Make a Disproportionate Contribut...
Extent 2013 Obninsk How a Great QA Team Can Make a Disproportionate Contribut...
extentconf Tsoy
 
Back Up QA - Session 3
Back Up QA - Session 3Back Up QA - Session 3
Back Up QA - Session 3
megha G
 
Acedp november 2010 beijing workshop bond
Acedp november 2010 beijing workshop bondAcedp november 2010 beijing workshop bond
Acedp november 2010 beijing workshop bond
International WaterCentre
 
Measurement and scales
Measurement and scalesMeasurement and scales
Measurement and scales
Karan Khaneja
 
Service recovery
Service recoveryService recovery
Service recovery
gkiyoto
 
Delivering service quality and satisfying library customers in a changing env...
Delivering service quality and satisfying library customers in a changing env...Delivering service quality and satisfying library customers in a changing env...
Delivering service quality and satisfying library customers in a changing env...
Fe Angela Verzosa
 

Similar to A policy-based evaluation framework for Quality and Security in Service Oriented Architectures (20)

Ahmad measuremenr reliability and validity
Ahmad measuremenr reliability and validityAhmad measuremenr reliability and validity
Ahmad measuremenr reliability and validity
 
Measurement terms
Measurement termsMeasurement terms
Measurement terms
 
Cost of poor quality presentation5
Cost of poor quality presentation5Cost of poor quality presentation5
Cost of poor quality presentation5
 
Conjoint Analysis
Conjoint AnalysisConjoint Analysis
Conjoint Analysis
 
Software Quality
Software QualitySoftware Quality
Software Quality
 
The service minded tester
The service minded testerThe service minded tester
The service minded tester
 
Outcomes in Occupational Therapy (& Assistive Technology)
Outcomes in Occupational Therapy (& Assistive Technology)Outcomes in Occupational Therapy (& Assistive Technology)
Outcomes in Occupational Therapy (& Assistive Technology)
 
Validity
ValidityValidity
Validity
 
Gage R&amp;R Measurement Systems Analysis Sample Slides
Gage R&amp;R Measurement Systems Analysis Sample SlidesGage R&amp;R Measurement Systems Analysis Sample Slides
Gage R&amp;R Measurement Systems Analysis Sample Slides
 
Adressing requirements with agile practices
Adressing requirements with agile practicesAdressing requirements with agile practices
Adressing requirements with agile practices
 
Deependra pal, amul ppt , factor analysis
Deependra pal, amul ppt , factor analysis Deependra pal, amul ppt , factor analysis
Deependra pal, amul ppt , factor analysis
 
The Incompleteness Theorem of Performance Measurement in Service Quality
The Incompleteness Theorem of Performance Measurement in Service QualityThe Incompleteness Theorem of Performance Measurement in Service Quality
The Incompleteness Theorem of Performance Measurement in Service Quality
 
Flevy.com - Cost Drivers Analysis
Flevy.com - Cost Drivers AnalysisFlevy.com - Cost Drivers Analysis
Flevy.com - Cost Drivers Analysis
 
How a Great QA Team can make a Disproportionate Contribution to Project Success
How a Great QA Team can make a Disproportionate Contribution to Project SuccessHow a Great QA Team can make a Disproportionate Contribution to Project Success
How a Great QA Team can make a Disproportionate Contribution to Project Success
 
Extent 2013 Obninsk How a Great QA Team Can Make a Disproportionate Contribut...
Extent 2013 Obninsk How a Great QA Team Can Make a Disproportionate Contribut...Extent 2013 Obninsk How a Great QA Team Can Make a Disproportionate Contribut...
Extent 2013 Obninsk How a Great QA Team Can Make a Disproportionate Contribut...
 
Back Up QA - Session 3
Back Up QA - Session 3Back Up QA - Session 3
Back Up QA - Session 3
 
Acedp november 2010 beijing workshop bond
Acedp november 2010 beijing workshop bondAcedp november 2010 beijing workshop bond
Acedp november 2010 beijing workshop bond
 
Measurement and scales
Measurement and scalesMeasurement and scales
Measurement and scales
 
Service recovery
Service recoveryService recovery
Service recovery
 
Delivering service quality and satisfying library customers in a changing env...
Delivering service quality and satisfying library customers in a changing env...Delivering service quality and satisfying library customers in a changing env...
Delivering service quality and satisfying library customers in a changing env...
 

More from Porfirio Tramontana

An Approach for Model Based Testing of Augmented Reality Applications.pdf
An Approach for Model Based Testing of Augmented Reality Applications.pdfAn Approach for Model Based Testing of Augmented Reality Applications.pdf
An Approach for Model Based Testing of Augmented Reality Applications.pdf
Porfirio Tramontana
 
Towards the Generation of Robust E2E Test Cases in Template-based Web Applica...
Towards the Generation of Robust E2E Test Cases in Template-based Web Applica...Towards the Generation of Robust E2E Test Cases in Template-based Web Applica...
Towards the Generation of Robust E2E Test Cases in Template-based Web Applica...
Porfirio Tramontana
 
Techniques and Tools for Mobile Testing Automation
Techniques and Tools for Mobile Testing AutomationTechniques and Tools for Mobile Testing Automation
Techniques and Tools for Mobile Testing Automation
Porfirio Tramontana
 
A technique for parallel gui testing of android applications
A technique for parallel gui testing of android applicationsA technique for parallel gui testing of android applications
A technique for parallel gui testing of android applications
Porfirio Tramontana
 
Reverse Engineering of Data Models from Legacy Spreadsheets-Based Systems: An...
Reverse Engineering of Data Models from Legacy Spreadsheets-Based Systems: An...Reverse Engineering of Data Models from Legacy Spreadsheets-Based Systems: An...
Reverse Engineering of Data Models from Legacy Spreadsheets-Based Systems: An...
Porfirio Tramontana
 
Reverse Engineering Techniques: from Web Applications to Rich Internet Applic...
Reverse Engineering Techniques: from Web Applications to Rich Internet Applic...Reverse Engineering Techniques: from Web Applications to Rich Internet Applic...
Reverse Engineering Techniques: from Web Applications to Rich Internet Applic...
Porfirio Tramontana
 
Web Application Testing in Fifteen Years of WSE
Web Application Testing in Fifteen Years of WSEWeb Application Testing in Fifteen Years of WSE
Web Application Testing in Fifteen Years of WSE
Porfirio Tramontana
 
Towards a Better Comprehensibility of Web Applications: Lessons Learned from ...
Towards a Better Comprehensibility of Web Applications: Lessons Learned from ...Towards a Better Comprehensibility of Web Applications: Lessons Learned from ...
Towards a Better Comprehensibility of Web Applications: Lessons Learned from ...
Porfirio Tramontana
 
Comprehending Web Applications by a Clustering Based Approach
Comprehending Web Applications by a Clustering Based Approach Comprehending Web Applications by a Clustering Based Approach
Comprehending Web Applications by a Clustering Based Approach
Porfirio Tramontana
 
Reverse Engineering Web Applications
Reverse Engineering Web ApplicationsReverse Engineering Web Applications
Reverse Engineering Web Applications
Porfirio Tramontana
 
Recovering Interaction Design Patterns in Web Applications
Recovering Interaction Design Patterns in Web Applications Recovering Interaction Design Patterns in Web Applications
Recovering Interaction Design Patterns in Web Applications
Porfirio Tramontana
 
Improving Usability of Web Pages for Blind
Improving Usability of Web Pages for BlindImproving Usability of Web Pages for Blind
Improving Usability of Web Pages for Blind
Porfirio Tramontana
 
Techniques and Tools for Rich Internet Applications Testing
Techniques and Tools for Rich Internet Applications TestingTechniques and Tools for Rich Internet Applications Testing
Techniques and Tools for Rich Internet Applications Testing
Porfirio Tramontana
 
Comprehending Ajax Web Applications by the DynaRIA Tool
Comprehending Ajax Web Applications by the DynaRIA ToolComprehending Ajax Web Applications by the DynaRIA Tool
Comprehending Ajax Web Applications by the DynaRIA Tool
Porfirio Tramontana
 
A GUI Crawling-based Technique for Android Mobile Application Testing
A GUI Crawling-based Technique for Android Mobile Application TestingA GUI Crawling-based Technique for Android Mobile Application Testing
A GUI Crawling-based Technique for Android Mobile Application Testing
Porfirio Tramontana
 
Using Dynamic Analysis for Generating End User Documentation for Web 2.0 Appl...
Using Dynamic Analysis for Generating End User Documentation for Web 2.0 Appl...Using Dynamic Analysis for Generating End User Documentation for Web 2.0 Appl...
Using Dynamic Analysis for Generating End User Documentation for Web 2.0 Appl...
Porfirio Tramontana
 
Considering Context Events in Event-Based Testing of Mobile Applications
Considering Context Events in Event-Based Testing of Mobile Applications Considering Context Events in Event-Based Testing of Mobile Applications
Considering Context Events in Event-Based Testing of Mobile Applications
Porfirio Tramontana
 
Using GUI Ripping for Automated Testing of Android Apps
Using GUI Ripping for Automated Testing of Android AppsUsing GUI Ripping for Automated Testing of Android Apps
Using GUI Ripping for Automated Testing of Android Apps
Porfirio Tramontana
 
A Toolset for GUI Testing of Android Applications
A Toolset for GUI Testing of Android ApplicationsA Toolset for GUI Testing of Android Applications
A Toolset for GUI Testing of Android Applications
Porfirio Tramontana
 
DynaRIA: a Tool for Ajax Web Application Comprehension
DynaRIA: a Tool for Ajax Web Application ComprehensionDynaRIA: a Tool for Ajax Web Application Comprehension
DynaRIA: a Tool for Ajax Web Application Comprehension
Porfirio Tramontana
 

More from Porfirio Tramontana (20)

An Approach for Model Based Testing of Augmented Reality Applications.pdf
An Approach for Model Based Testing of Augmented Reality Applications.pdfAn Approach for Model Based Testing of Augmented Reality Applications.pdf
An Approach for Model Based Testing of Augmented Reality Applications.pdf
 
Towards the Generation of Robust E2E Test Cases in Template-based Web Applica...
Towards the Generation of Robust E2E Test Cases in Template-based Web Applica...Towards the Generation of Robust E2E Test Cases in Template-based Web Applica...
Towards the Generation of Robust E2E Test Cases in Template-based Web Applica...
 
Techniques and Tools for Mobile Testing Automation
Techniques and Tools for Mobile Testing AutomationTechniques and Tools for Mobile Testing Automation
Techniques and Tools for Mobile Testing Automation
 
A technique for parallel gui testing of android applications
A technique for parallel gui testing of android applicationsA technique for parallel gui testing of android applications
A technique for parallel gui testing of android applications
 
Reverse Engineering of Data Models from Legacy Spreadsheets-Based Systems: An...
Reverse Engineering of Data Models from Legacy Spreadsheets-Based Systems: An...Reverse Engineering of Data Models from Legacy Spreadsheets-Based Systems: An...
Reverse Engineering of Data Models from Legacy Spreadsheets-Based Systems: An...
 
Reverse Engineering Techniques: from Web Applications to Rich Internet Applic...
Reverse Engineering Techniques: from Web Applications to Rich Internet Applic...Reverse Engineering Techniques: from Web Applications to Rich Internet Applic...
Reverse Engineering Techniques: from Web Applications to Rich Internet Applic...
 
Web Application Testing in Fifteen Years of WSE
Web Application Testing in Fifteen Years of WSEWeb Application Testing in Fifteen Years of WSE
Web Application Testing in Fifteen Years of WSE
 
Towards a Better Comprehensibility of Web Applications: Lessons Learned from ...
Towards a Better Comprehensibility of Web Applications: Lessons Learned from ...Towards a Better Comprehensibility of Web Applications: Lessons Learned from ...
Towards a Better Comprehensibility of Web Applications: Lessons Learned from ...
 
Comprehending Web Applications by a Clustering Based Approach
Comprehending Web Applications by a Clustering Based Approach Comprehending Web Applications by a Clustering Based Approach
Comprehending Web Applications by a Clustering Based Approach
 
Reverse Engineering Web Applications
Reverse Engineering Web ApplicationsReverse Engineering Web Applications
Reverse Engineering Web Applications
 
Recovering Interaction Design Patterns in Web Applications
Recovering Interaction Design Patterns in Web Applications Recovering Interaction Design Patterns in Web Applications
Recovering Interaction Design Patterns in Web Applications
 
Improving Usability of Web Pages for Blind
Improving Usability of Web Pages for BlindImproving Usability of Web Pages for Blind
Improving Usability of Web Pages for Blind
 
Techniques and Tools for Rich Internet Applications Testing
Techniques and Tools for Rich Internet Applications TestingTechniques and Tools for Rich Internet Applications Testing
Techniques and Tools for Rich Internet Applications Testing
 
Comprehending Ajax Web Applications by the DynaRIA Tool
Comprehending Ajax Web Applications by the DynaRIA ToolComprehending Ajax Web Applications by the DynaRIA Tool
Comprehending Ajax Web Applications by the DynaRIA Tool
 
A GUI Crawling-based Technique for Android Mobile Application Testing
A GUI Crawling-based Technique for Android Mobile Application TestingA GUI Crawling-based Technique for Android Mobile Application Testing
A GUI Crawling-based Technique for Android Mobile Application Testing
 
Using Dynamic Analysis for Generating End User Documentation for Web 2.0 Appl...
Using Dynamic Analysis for Generating End User Documentation for Web 2.0 Appl...Using Dynamic Analysis for Generating End User Documentation for Web 2.0 Appl...
Using Dynamic Analysis for Generating End User Documentation for Web 2.0 Appl...
 
Considering Context Events in Event-Based Testing of Mobile Applications
Considering Context Events in Event-Based Testing of Mobile Applications Considering Context Events in Event-Based Testing of Mobile Applications
Considering Context Events in Event-Based Testing of Mobile Applications
 
Using GUI Ripping for Automated Testing of Android Apps
Using GUI Ripping for Automated Testing of Android AppsUsing GUI Ripping for Automated Testing of Android Apps
Using GUI Ripping for Automated Testing of Android Apps
 
A Toolset for GUI Testing of Android Applications
A Toolset for GUI Testing of Android ApplicationsA Toolset for GUI Testing of Android Applications
A Toolset for GUI Testing of Android Applications
 
DynaRIA: a Tool for Ajax Web Application Comprehension
DynaRIA: a Tool for Ajax Web Application ComprehensionDynaRIA: a Tool for Ajax Web Application Comprehension
DynaRIA: a Tool for Ajax Web Application Comprehension
 

Recently uploaded

Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024
Jason Packer
 
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Safe Software
 
Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |
AstuteBusiness
 
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge GraphGraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
Neo4j
 
Fueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte WebinarFueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte Webinar
Zilliz
 
What is an RPA CoE? Session 1 – CoE Vision
What is an RPA CoE?  Session 1 – CoE VisionWhat is an RPA CoE?  Session 1 – CoE Vision
What is an RPA CoE? Session 1 – CoE Vision
DianaGray10
 
"Choosing proper type of scaling", Olena Syrota
"Choosing proper type of scaling", Olena Syrota"Choosing proper type of scaling", Olena Syrota
"Choosing proper type of scaling", Olena Syrota
Fwdays
 
5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides
DanBrown980551
 
Principle of conventional tomography-Bibash Shahi ppt..pptx
Principle of conventional tomography-Bibash Shahi ppt..pptxPrinciple of conventional tomography-Bibash Shahi ppt..pptx
Principle of conventional tomography-Bibash Shahi ppt..pptx
BibashShahi
 
Essentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation ParametersEssentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation Parameters
Safe Software
 
Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptxChoosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
Brandon Minnick, MBA
 
Biomedical Knowledge Graphs for Data Scientists and Bioinformaticians
Biomedical Knowledge Graphs for Data Scientists and BioinformaticiansBiomedical Knowledge Graphs for Data Scientists and Bioinformaticians
Biomedical Knowledge Graphs for Data Scientists and Bioinformaticians
Neo4j
 
June Patch Tuesday
June Patch TuesdayJune Patch Tuesday
June Patch Tuesday
Ivanti
 
Dandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity serverDandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity server
Antonios Katsarakis
 
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
Jason Yip
 
Digital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Digital Banking in the Cloud: How Citizens Bank Unlocked Their MainframeDigital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Digital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Precisely
 
Mutation Testing for Task-Oriented Chatbots
Mutation Testing for Task-Oriented ChatbotsMutation Testing for Task-Oriented Chatbots
Mutation Testing for Task-Oriented Chatbots
Pablo Gómez Abajo
 
Taking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdfTaking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdf
ssuserfac0301
 
Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS  at Code Europe 2024Introduction of Cybersecurity with OSS  at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024
Hiroshi SHIBATA
 

Recently uploaded (20)

Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024
 
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
 
Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |
 
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge GraphGraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
 
Artificial Intelligence and Electronic Warfare
Artificial Intelligence and Electronic WarfareArtificial Intelligence and Electronic Warfare
Artificial Intelligence and Electronic Warfare
 
Fueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte WebinarFueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte Webinar
 
What is an RPA CoE? Session 1 – CoE Vision
What is an RPA CoE?  Session 1 – CoE VisionWhat is an RPA CoE?  Session 1 – CoE Vision
What is an RPA CoE? Session 1 – CoE Vision
 
"Choosing proper type of scaling", Olena Syrota
"Choosing proper type of scaling", Olena Syrota"Choosing proper type of scaling", Olena Syrota
"Choosing proper type of scaling", Olena Syrota
 
5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides
 
Principle of conventional tomography-Bibash Shahi ppt..pptx
Principle of conventional tomography-Bibash Shahi ppt..pptxPrinciple of conventional tomography-Bibash Shahi ppt..pptx
Principle of conventional tomography-Bibash Shahi ppt..pptx
 
Essentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation ParametersEssentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation Parameters
 
Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptxChoosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
 
Biomedical Knowledge Graphs for Data Scientists and Bioinformaticians
Biomedical Knowledge Graphs for Data Scientists and BioinformaticiansBiomedical Knowledge Graphs for Data Scientists and Bioinformaticians
Biomedical Knowledge Graphs for Data Scientists and Bioinformaticians
 
June Patch Tuesday
June Patch TuesdayJune Patch Tuesday
June Patch Tuesday
 
Dandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity serverDandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity server
 
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
 
Digital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Digital Banking in the Cloud: How Citizens Bank Unlocked Their MainframeDigital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Digital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
 
Mutation Testing for Task-Oriented Chatbots
Mutation Testing for Task-Oriented ChatbotsMutation Testing for Task-Oriented Chatbots
Mutation Testing for Task-Oriented Chatbots
 
Taking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdfTaking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdf
 
Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS  at Code Europe 2024Introduction of Cybersecurity with OSS  at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024
 

A policy-based evaluation framework for Quality and Security in Service Oriented Architectures

  • 1. A policy-based evaluation framework for Quality and Security in Service Oriented Architectures V. Casola A.R. Fasolino N. Mazzocca P. Tramontana Dipartimento di Informatica e Sistemistica Universita' degli Studi di Napoli, Federico II Naples, Italy {casolav, fasolino, n.mazzocca, ptramont}@unina.it 1
  • 2. Current Web Service Scenarios: • Customers ask for Web Services providing with specified Quality levels; • Providers are interested to publish both functional and quality characteristics of the Web Services they provide; • Service Level Agreements (SLAs) are contracts between a Customer and a Provider; they specify the characteristics in terms of performance and security of the provided services; they are usually expressed by means of free text documents, i.e. in natural language; •All these factors represent a wide limit in the formal definition and automatic evaluation of SLA.  Models are needed to formally express the Quality of Web Services (software quality, QoS, security and so on) requested by Customers and offered by 2 Providers
  • 3. Our Proposal: define a Quality Meta- Model Quality Model • Quality Characteristic: any quality requirements, such as Performance, Security, Cost, 1..n Maintainability Characteristic +SubCharacteristic 0..n •Characteristics may be arranged in a hierarchy 0..1 (Measurable Characteristics are the leaves) Measurable Characteristic • Measurable Characteristic: a Quality 1..n Characteristic that can directly be measured Component 1..n Quality Characteristic: Efficiency 1 oQuality Characteristic: Time Behaviour Measurement Unit Quality Characteristic: Response Time •Measurable Quality Characteristic: Average Response Time oComponent: Average Response Time Value  Measurement Unit: Seconds oComponent: Samples Number  Measurement Unit: Natural Number 3
  • 4. Open problem: How a Customer can choose the Web Service that better fits his quality requirements? Service Provider1 Quality Service Offer 1 Customer ? … Quality Service Request Provider n Quality Offer n •We propose to formally express Quality as an istance of the meta-model; •We adopt a decision framework for Quality evaluation; •The framework is based on AHP (Analytic Hierarchy Process) proposed by Saaty. T.L. Saaty. How to make a decision: the analytic 4 hierarchy process, European Journal of Operational Research, 1990. Vol. 48, n.1, Elsevier, pp. 9-26.
  • 5. The Analytical Hierarchy Process 1. The decision framework design activity: 1. Weight Assignment step: the relative importance of the characteristics is rated; 2. Clustering step: for each measurable characteristic, the sets of values that will be considered equivalent for the aims of the evaluation are defined; 3. Rating Step: each set is associated to a rating value; 1. The decision making activity: to compare the quality of an offered service (formalised in a Quality Offer Model) against requestor needs (formalised in a Quality Request Model) 5
  • 6. Step 1: Weight Assignment Intensity of Importance and its Average Standard Maximum interpretation Response Deviation of Response Intensity of Interpretation Time Response Time Time Importance Average 1 3 7 1 Equal Importance Response Time 1. Build the 3 Moderate Standard 1/3 1 5 Comparison Importance Deviation matrix Response Time 5 Strong Importance Maximum 1/7 1/5 1 7 Very strong Response Time Importance 2. Normalize 9 Extreme Importance The matrix Average Standard Maximum Weights Response Deviation Response Time Response Time Characteristic Weights Time are assigned by Average Response 21/31 15/21 7/13 0.64 comparing their relative Time importance: Standard 7/31 5/21 5/13 0.28 n Deviation m' (i, k ) w(i ) = ∑ Response Time ∀i k =1 n Maximum 3/31 1/21 1/13 0.07 Response Time 6
  • 7. Step 2: Clustering Let’s consider the Average Response Time characteristic R = Offered_value / Requested_value R < 0.5 (very fast response); Possible Solutions are 0.5≤ R <1 (sufficiently fast clustered in three levels: response); 1≤ R <2 (quite slow response). Step 3: Rating Intensity of Goodness and its Ratings are assigned to clusters by interpretation comparing their relative Goodness Intensity of Interpretation Goodness R<0.5 0.5≤R<1 1≤R<2 Rating 1 Equivalent R < 0.5 1 3 5 0.63 3 Moderately 0.5≤R<1 1/3 1 3 0.26 better 1≤ R<2 1/5 1/3 1 0.11 5 Strongly better 7 Very strongly better 0.63 if R < 0.5 Satisfaction  9 Extremely better S (R ) = 0.26 if 0.5 ≤ R < 1 Function S(R)  0.11 if7 1 ≤ R < 2 
  • 8. The Decision Making Activity The Quality of different Web Services is compared by evaluating: 1. a Satisfaction Function for each Measurable Characteristic. 2. a Satisfaction Function for each non-Measurable Characteristic S c (request , offer ) = ∑w sc∈C ( c ) sc S sc (request , offer ) 3. the Overall Satisfaction Function: S (request , offer ) = ∑ w S (request, offer ) c c c∈Characteristic The Web Service with the greater Satisfaction Function value is chosen 8