Distributed Access Control for Web and Business Processes

Middleware influenced the research community in developing a number of systems for controlling access to distributed resources. Nowadays a new paradigm for the lightweight integration of business resources from different partners is starting to take hold – Web Services and Business Processes for Web Services. Security and access control policies for Web Services protocols and distributed systems are well studied and almost standardized, but there is not yet a comprehensive proposal for an access control architecture for business processes. So, it is worth looking at the available approaches to distributed authorization as a starting point for a better understanding of what they already have and what they still need to address the security challenges for business processes

The benefits of virtualization across the software development pipeline

Abstract. The emergence of cloud computing and the evolution into service-based solutions across the software industry have influenced many changes in software development paradigms and methods. As a result, various forms of virtualization and container-based solutions have become more and more commonplace throughout the field, with technologies and frameworks such as Docker and Kubernetes becoming industry standard solutions to virtualization. This thesis is a literature review into existing research on virtualization and containers, and their use in various categories of the software industry. The aim of the thesis is to look at the reasons for the proliferation of virtual machines and containers, along with their benefits for the software development process, the continuous integration and delivery pipeline, and the different cloud platforms and providers. The benefits of virtualization are clearest in the cloud infrastructure, as cloud services are inherently built to utilize virtual machines. Containers and container orchestration systems allow container management and dynamic resource allocation, improving efficiency and reducing costs. In software development and testing, the modular and self-contained nature of containers allows for faster iteration and more problem-averse development. And finally, in the continuous integration and delivery pipelines, containers and container management tools allows automation, and lower overhead and complexity, enabling lower-threshold software deployment. Along with enabling cloud infrastructure as it exists today, the evolution of virtualization and containers in the software industry provide benefits across the board

Supporting incremental builds in a dynamic distributed build environment

Abstract. Incremental building in continuous integration is a rare sight and could be used more than it is in the present day. This master’s thesis aims to demonstrate how incremental building could be enabled in a continuous integration server environment, which is also dynamic and distributed by its traits. This study develops a solution called "workspace cache". Its design is based on existing literature and organizational experience. The technological components of the workspace cache are selected based on the existing production system of the client of this study. The produced solution is by its nature a proof-of-concept implementation, and a production implementation requires further work. Evaluating the solution in the production environment is not feasible, and therefore this study constructs a simulation environment for the workspace cache, where the efficiency of the solution can be measured. The solution is tested using two build systems, make and Gradle, and two popular open source software projects that are made with different programming languages. The solution is benchmarked against clean software builds. In addition to build times, source code cloning times and the correctness of the build outputs are measured. The resulting solution enables incremental builds in the target context. The build systems and software projects that the solution was tested with do not guarantee the generalizability of the solution. With make, the correctness of the build outputs produced by the workspace cache does not fully fulfill the set correctness criteria. Future research work should focus on getting the builds from workspace cache to be fully correct, and on making the workspace cache more efficient than a remote cache.Inkrementaalisten ohjelmistokoontien tukeminen dynaamisessa hajautetussa koontiympäristössä. Tiivistelmä. Inkrementaaliset ohjelmistokoonnit ovat vähän käytetty optimointitekniikka jatkuvassa integraatiossa, ja sitä voitaisiin hyödyntää nykyistä enemmän. Tässä diplomityössä demonstroidaan, miten inkrementaaliset ohjelmistokoonnit voidaan tuoda jatkuvan integraation palvelinympäristöön, joka on luonteeltaan dynaaminen ja hajautettu. Tässä tutkimuksessa kehitetään ratkaisu nimeltään "workspace cache". Ratkaisun suunnittelu perustuu aikaisempaan kirjallisuuteen ja asiakasorganisaation kokemukseen. Workspace cachen teknologiset komponenttivalinnat perustuvat asiakkaan olemassa olevaan tuotantoympäristöön. Työssä tuotettu ratkaisu on luonteeltaan konseptitoteutus, ja ratkaisun tuotantoympäristöön vieminen vaatii lisätyötä. Ratkaisun arvioiminen tuotantoympäristössä ei ole mahdollista, joten tässä tutkimuksessa rakennetaan ratkaisulle simulaatioympäristö, jossa ratkaisun tehokkuutta voidaan mitata. Ratkaisua testataan kahdella eri koontijärjestelmällä, Gradlella ja makella, sekä kahdella suositulla avoimen lähdekoodin ohjelmistoprojektilla, jotka käyttävät toisistaan eriäviä ohjelmointikieliä. Ratkaisun suorituskykyä mitataan tyhjästä muodostettua ohjelmistokoontia vastaan sekä nopeuden että oikeellisuuden osalta. Koontienluonnin lisäksi työssä mitataan lähdekoodin kloonaukseen ohjelmistovarastoista kuluvaa aikaa. Toteutettu ratkaisu mahdollistaa inkrementaaliset ohjelmistokoonnit kohdekontekstissa. Tutkimuksessa käytetyt koontijärjestelmät ja ohjelmistoprojektit eivät takaa ratkaisun yleistettävyyttä. Koontijärjestelmä makella ja workspace cachellä tuotetut ohjelmistokoonnit eivät täysin täyttäneet niille asetettuja oikeellisuusehtoja. Tulevaisuuden tutkimustyön tulisi pyrkiä saamaan workspace cachen koontiulostulot täysin oikeellisiksi sekä parantamaan sen suorituskykyä siten, että se olisi tehokkaampi kuin etävälimuistiratkaisut

Carbon Catcher Design Report

Overview. The design of the overall Carbon Catcher project can be separated into four distinct systems, each of which is assigned a specialized committee. The committee names and responsibilities are listed below: Air Mover The overall goal for the Air Mover committee is the design of the turbine assembly. As the overall goal of the project is to collect and separate carbon dioxide from the air, one of the most important parts is to actually get the air to pass through the carbon-catching membrane. Passive air would not give a significant enough yield rate to make the carbon dioxide collection rate impactful, thus air must be sucked through a vacuum/turbine. Membrane The goal of Membrain is to create a membrane that can filter out CO2 through various methods. These methods are limited, due to there being such variety, to certain techniques and membrane material types that have been decided, prior, by the committee. Most membranes will be geared towards utilizing temperature and pressure along with gaseous speed and flow rate. In addition, examining certain treatments, such as regeneration of material, and replacements will be looked into as well, to see how it fares in sustainability. Carbon Storer The Carbon Storer committee will design a store and transport system for fluid CO2 after it is extracted from the atmosphere. Primary considerations include geological solutions, cost-effective materials, and analysis methods to improve overall capacity and efficiency. Additionally, the committee will select an environmentally and economically sustainable method of recycling the captured CO2. PyControl The PyControl committee will design a series of sensors and actuators, which will primarily support the sequestration and pipeline systems present in the Carbon Storer Committee and direct air capture system in Air Mover. The design can be broken into four control layers: Input/Output, Field Controllers, Data, and Supervisory. Goal The overarching goal of Carbon Catcher is to design a cost-effective, scalable atmospheric carbon dioxide removal system that is capable of being deployed in a variety of urban environments and may fit a variety of different customer requirements or requests

An Edge-based Architecture for Phasor Measurements in Smart Grids

This paper investigates the application of Kubernetes and Edge computing technologies to operate IT services in the context of power systems and smart grids. Traditional services for grid monitoring such as Phasor Measurement Units (PMUs) and Phasor Data Concentrators (PDCs) require a centralized architecture and a rigid networking infrastructure in order to properly function, which today is only achieved at the High Voltage (HV) transmission level. Furthermore, manual intervention is often the only option for PMUs/PDCs maintenance. In this work, the traditional PMU/PDC services were deployed as docker-containers in a decentralized Kubernetes cluster, which can represent any kind of geographically dispersed TCP/IP network. By leveraging remote orchestration, several key benefits are achieved: (1) no manual reconfiguration of the PMU-PDC communications upon network reconfiguration, (2) automatic PMU traffic redirection in case of PDC service redeployment in a different location, and (3) reduced data-loss upon PDC failure and enhanced overall system resiliency due to minimized ICT services down-time

Multitenant Containers as a Service (CaaS) for Clouds and Edge Clouds

Cloud computing, offering on-demand access to computing resources through the Internet and the pay-as-you-go model, has marked the last decade with its three main service models; Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS). The lightweight nature of containers compared to virtual machines has led to the rapid uptake of another in recent years, called Containers as a Service (CaaS), which falls between IaaS and PaaS regarding control abstraction. However, when CaaS is offered to multiple independent users, or tenants, a multi-instance approach is used, in which each tenant receives its own separate cluster, which reimposes significant overhead due to employing virtual machines for isolation. If CaaS is to be offered not just at the cloud, but also at the edge cloud, where resources are limited, another solution is required. We introduce a native CaaS multitenancy framework, meaning that tenants share a cluster, which is more efficient than the one tenant per cluster model. Whenever there are shared resources, isolation of multitenant workloads is an issue. Such workloads can be isolated by Kata Containers today. Besides, our framework esteems the application requirements that compel complete isolation and a fully customized environment. Node-level slicing empowers tenants to programmatically reserve isolated subclusters where they can choose the container runtime that suits application needs. The framework is publicly available as liberally-licensed, free, open-source software that extends Kubernetes, the de facto standard container orchestration system. It is in production use within the EdgeNet testbed for researchers