The development of the HTTP protocol and web services have made it convenient to build large-scale systems out of loosely-coupled services. Key advantages of this approach include the ability to leverage existing applications in new contexts, the incremental evolution of systems, and better scalability/availability through replication of services.

Unfortunately, service-oriented architectures have a number of drawbacks. Implementations must account for differing data representations or protocols, remote system failures, and asynchronous processing. New failure modes are introduced, such as hangs, deadlocks, and data inconsistencies. Securing a service-oriented architecture is frequently more difficult than for a monolithic architecture due to the larger attack “surface area” and differing security frameworks across the individual services. Finally, testing and debugging service-oriented architectures is difficult due to the lack of a global perspective, non-determinism, and the challenge of building tools which work across heterogeneous systems.

This dissertation investigates new approaches to address these issues. I show that service-oriented architectures can be made more robust through better abstractions together with lightweight, compositional tools to automatically enforce the abstractions. Four specific problems are addressed: lost messages in asynchronous programs, the consistency of long running transactions, reconciliation of access control policies, and the trust by end users of composed applications. For each issue, I develop a operational model which captures the salient aspects of service-oriented systems. From the models, I define new abstractions, which accomplish the goals of the original system while avoiding the issues under consideration. Practical tools to enforce the abstractions are then derived from the models, either by construction or through the lightweight verification of developer artifacts. Finally, each tool is evaluated using performance tests and case studies.