Cybersecurity issues in software architectures for innovative services

The recent advances in data center development have been at the basis of the widespread success of the cloud computing paradigm, which is at the basis of models for software based applications and services, which is the "Everything as a Service" (XaaS) model. According to the XaaS model, service of any kind are deployed on demand as cloud based applications, with a great degree of flexibility and a limited need for investments in dedicated hardware and or software components. This approach opens up a lot of opportunities, for instance providing access to complex and widely distributed applications, whose cost and complexity represented in the past a significant entry barrier, also to small or emerging businesses. Unfortunately, networking is now embedded in every service and application, raising several cybersecurity issues related to corruption and leakage of data, unauthorized access, etc. However, new service-oriented architectures are emerging in this context, the so-called services enabler architecture. The aim of these architectures is not only to expose and give the resources to these types of services, but it is also to validate them. The validation includes numerous aspects, from the legal to the infrastructural ones e.g., but above all the cybersecurity threats. A solid threat analysis of the aforementioned architecture is therefore necessary, and this is the main goal of this thesis. This work investigate the security threats of the emerging service enabler architectures, providing proof of concepts for these issues and the solutions too, based on several use-cases implemented in real world scenarios

Development and Evaluation of a Holistic, Cloud-driven and Microservices-based Architecture for Automated Semantic Annotation of Web Documents

The Semantic Web is based on the concept of representing information on the web such that computers can both understand and process them. This implies defining context for web information to give them a well-defined meaning. Semantic Annotation defines the process of adding annotation data to web information for the much-needed context. However, despite several solutions and techniques for semantic annotation, it is still faced with challenges which have hindered the growth of the semantic web. With recent significant technological innovations such as Cloud Computing, Internet of Things as well as Mobile Computing and their various integrations with semantic technologies to proffer solutions in IT, little has been done towards leveraging these technologies to address semantic annotation challenges. Hence, this research investigates leveraging cloud computing paradigm to address some semantic annotation challenges, with focus on an automated system for providing semantic annotation as a service. Firstly, considering the current disparate nature observable with most semantic annotation solutions, a holistic perspective to semantic annotation is proposed based on a set of requirements. Then, a capability assessment towards the feasibility of leveraging cloud computing is conducted which produces a Cloud Computing Capability Model for Holistic Semantic Annotation. Furthermore, an investigation into application deployment patterns in the cloud and how they relate to holistic semantic annotation was conducted. A set of determinant factors that define different patterns for application deployment in the cloud were identified and these resulted into the development of a Cloud Computing Maturity Model and the conceptualisation of a “Cloud-Driven” development methodology for holistic semantic annotation in the cloud. Some key components of the “Cloud-Driven” concept include Microservices, Operating System-Level Virtualisation and Orchestration. With the role Microservices Software Architectural Patterns play towards developing solutions that can fully maximise cloud computing benefits; CloudSea: a holistic, cloud-driven and microservices-based architecture for automated semantic annotation of web documents is proposed as a novel approach to semantic annotation. The architecture draws from the theory of “Design Patterns” in Software Engineering towards its design and development which subsequently resulted into the development of twelve Design Patterns and a Pattern Language for Holistic Semantic Annotation, based on the CloudSea architectural design. As proof-of-concept, a prototype implementation for CloudSea was developed and deployed in the cloud based on the “Cloud-Driven” methodology and a functionality evaluation was carried out on it. A comparative evaluation of the CloudSea architecture was also conducted in relation to current semantic annotation solutions; both proposed in academic literature and existing as industry solutions. In addition, to evaluate the proposed Cloud Computing Maturity Model for Holistic Semantic Annotation, an experimental evaluation of the model was conducted by developing and deploying six instances of the prototype and deploying them differently, based on the patterns described in the model. This empirical investigation was implemented by testing the instances for performance through series of API load tests and results obtained confirmed the validity of both the “Cloud-Driven” methodology and the entire model

Development and Evaluation of a Holistic, Cloud-driven and Microservices-based Architecture for Automated Semantic Annotation of Web Documents

The Semantic Web is based on the concept of representing information on the web such that computers can both understand and process them. This implies defining context for web information to give them a well-defined meaning. Semantic Annotation defines the process of adding annotation data to web information for the much-needed context. However, despite several solutions and techniques for semantic annotation, it is still faced with challenges which have hindered the growth of the semantic web. With recent significant technological innovations such as Cloud Computing, Internet of Things as well as Mobile Computing and their various integrations with semantic technologies to proffer solutions in IT, little has been done towards leveraging these technologies to address semantic annotation challenges. Hence, this research investigates leveraging cloud computing paradigm to address some semantic annotation challenges, with focus on an automated system for providing semantic annotation as a service. Firstly, considering the current disparate nature observable with most semantic annotation solutions, a holistic perspective to semantic annotation is proposed based on a set of requirements. Then, a capability assessment towards the feasibility of leveraging cloud computing is conducted which produces a Cloud Computing Capability Model for Holistic Semantic Annotation. Furthermore, an investigation into application deployment patterns in the cloud and how they relate to holistic semantic annotation was conducted. A set of determinant factors that define different patterns for application deployment in the cloud were identified and these resulted into the development of a Cloud Computing Maturity Model and the conceptualisation of a “Cloud-Driven” development methodology for holistic semantic annotation in the cloud. Some key components of the “Cloud-Driven” concept include Microservices, Operating System-Level Virtualisation and Orchestration. With the role Microservices Software Architectural Patterns play towards developing solutions that can fully maximise cloud computing benefits; CloudSea: a holistic, cloud-driven and microservices-based architecture for automated semantic annotation of web documents is proposed as a novel approach to semantic annotation. The architecture draws from the theory of “Design Patterns” in Software Engineering towards its design and development which subsequently resulted into the development of twelve Design Patterns and a Pattern Language for Holistic Semantic Annotation, based on the CloudSea architectural design. As proof-of-concept, a prototype implementation for CloudSea was developed and deployed in the cloud based on the “Cloud-Driven” methodology and a functionality evaluation was carried out on it. A comparative evaluation of the CloudSea architecture was also conducted in relation to current semantic annotation solutions; both proposed in academic literature and existing as industry solutions. In addition, to evaluate the proposed Cloud Computing Maturity Model for Holistic Semantic Annotation, an experimental evaluation of the model was conducted by developing and deploying six instances of the prototype and deploying them differently, based on the patterns described in the model. This empirical investigation was implemented by testing the instances for performance through series of API load tests and results obtained confirmed the validity of both the “Cloud-Driven” methodology and the entire model

Performance Evaluation of Serverless Applications and Infrastructures

Context. Cloud computing has become the de facto standard for deploying modern web-based software systems, which makes its performance crucial to the efficient functioning of many applications. However, the unabated growth of established cloud services, such as Infrastructure-as-a-Service (IaaS), and the emergence of new serverless services, such as Function-as-a-Service (FaaS), has led to an unprecedented diversity of cloud services with different performance characteristics. Measuring these characteristics is difficult in dynamic cloud environments due to performance variability in large-scale distributed systems with limited observability.Objective. This thesis aims to enable reproducible performance evaluation of serverless applications and their underlying cloud infrastructure.Method. A combination of literature review and empirical research established a consolidated view on serverless applications and their performance. New solutions were developed through engineering research and used to conduct performance benchmarking field experiments in cloud environments.Findings. The review of 112 FaaS performance studies from academic and industrial sources found a strong focus on a single cloud platform using artificial micro-benchmarks and discovered that most studies do not follow reproducibility principles on cloud experimentation. Characterizing 89 serverless applications revealed that they are most commonly used for short-running tasks with low data volume and bursty workloads. A novel trace-based serverless application benchmark shows that external service calls often dominate the median end-to-end latency and cause long tail latency. The latency breakdown analysis further identifies performance challenges of serverless applications, such as long delays through asynchronous function triggers, substantial runtime initialization for coldstarts, increased performance variability under bursty workloads, and heavily provider-dependent performance characteristics. The evaluation of different cloud benchmarking methodologies has shown that only selected micro-benchmarks are suitable for estimating application performance, performance variability depends on the resource type, and batch testing on the same instance with repetitions should be used for reliable performance testing.Conclusions. The insights of this thesis can guide practitioners in building performance-optimized serverless applications and researchers in reproducibly evaluating cloud performance using suitable execution methodologies and different benchmark types

Dynamical Modeling of Cloud Applications for Runtime Performance Management

Cloud computing has quickly grown to become an essential component in many modern-day software applications. It allows consumers, such as a provider of some web service, to quickly and on demand obtain the necessary computational resources to run their applications. It is desirable for these service providers to keep the running cost of their cloud application low while adhering to various performance constraints. This is made difficult due to the dynamics imposed by, e.g., resource contentions or changing arrival rate of users, and the fact that there exist multiple ways of influencing the performance of a running cloud application. To facilitate decision making in this environment, performance models can be introduced that relate the workload and different actions to important performance metrics.In this thesis, such performance models of cloud applications are studied. In particular, we focus on modeling using queueing theory and on the fluid model for approximating the often intractable dynamics of the queue lengths. First, existing results on how the fluid model can be obtained from the mean-field approximation of a closed queueing network are simplified and extended to allow for mixed networks. The queues are allowed to follow the processor sharing or delay disciplines, and can have multiple classes with phase-type service times. An improvement to this fluid model is then presented to increase accuracy when the \emph{system size}, i.e., number of servers, initial population, and arrival rate, is small. Furthermore, a closed-form approximation of the response time CDF is presented. The methods are tested in a series of simulation experiments and shown to be accurate. This mean-field fluid model is then used to derive a general fluid model for microservices with interservice delays. The model is shown to be completely extractable at runtime in a distributed fashion. It is further evaluated on a simple microservice application and found to accurately predict important performance metrics in most cases. Furthermore, a method is devised to reduce the cost of a running application by tuning load balancing parameters between replicas. The method is built on gradient stepping by applying automatic differentiation to the fluid model. This allows for arbitrarily defined cost functions and constraints, most notably including different response time percentiles. The method is tested on a simple application distributed over multiple computing clusters and is shown to reduce costs while adhering to percentile constraints. Finally, modeling of request cloning is studied using the novel concept of synchronized service. This allows certain forms of cloning over servers, each modeled with a single queue, to be equivalently expressed as one single queue. The concept is very general regarding the involved queueing discipline and distributions, but instead introduces new, less realistic assumptions. How the equivalent queue model is affected by relaxing these assumptions is studied considering the processor sharing discipline, and an extension to enable modeling of speculative execution is made. In a simulation campaign, it is shown that these relaxations only has a minor effect in certain cases

Vers une description évolutive et une exploration efficace des concepts et des artefacts d'architecture microservices

RÉSUMÉ : L'adoption de l'architecture Microservices (MSA) pour la conception de systèmes logiciels est une tendance en industrie et en recherche. De nature compositionnelle et distribuée, les systèmes basés sur l'architecture Microservices sont composés de services ayant une responsabilité restreinte et bien définie, visant un isolement complet dans une perspective de non-partage de ressources. Les systèmes basés sur des microservices sont souvent classés comme de systèmes « Cloud-Native ». L'adoption de l'architecture Microservices représente un changement de paradigme technologique et managérial comportant des défis, notamment : la taille, la portée et le nombre de services, et leurs interopérabilité et réutilisation. Outre ces défis, la compréhension, l'adoption et l'implémentation des principes fondamentaux de ce style architectural sont des challenges qui impactent la conception d'architectures microservices efficaces et cohérentes. En effet, l'absence d'un large consensus sur certains principes et termes clés de cette architecture mènent à sa mauvaise compréhension et par conséquent à des implémentations incorrectes. Cette absence de consensus est une manifestation concrète de l'immaturité de cette architecture qui mène à des défis lors de la formalisation des connaissances. Également, il manque une méthode uniforme capable de supporter les concepteurs lors de la modélisation des microservices, notamment dans l'agencement des différentes composantes. À cela s'ajoute l'absence de modèles conceptuels pouvant guider les ingénieurs dans les premières phases de conception de ces systèmes. Plusieurs approches ont été utilisées pour la modélisation d'architectures microservices, tels que : formelle et informelle, manuelle et automatique et toutes les combinaisons de ces quatre, mais ces approches ne répondent pas à tous les défis rencontrés par les concepteurs. Pour faciliter la modélisation des microservices et rendre le processus plus efficace, il est nécessaire de développer des approches de conception et de représentation alternatives. Dans cette perspective, nous proposons une approche ontologique capable de répondre autant aux défis de conception que de représentation des architectures microservices. Dans ce mémoire, nous vous présentons nos résultats de recherche dont la principale contribution est une ontologie du domaine des architectures Microservices définie en suivant les principes de logique de description et formalisée en utilisant le langage « Web Ontology Language » (OWL), une technologie clé du Web sémantique. À cette ontologie nous avons donné le nom d'« Ontology of Microservices Architecture Concepts » (OMSAC). OMSAC contient suffisamment de vocabulaire pour décrire les concepts qui définissent l'architecture Microservices et pour représenter les différents artefacts composant ces architectures. Sa structure permet une évolution rapide et est capable de prendre en charge les enjeux liés à l'immaturité actuelle de ces architectures. En tant que technologie d'intelligence artificielle (IA), les ontologies possèdent des capacités de raisonnement avancées auxquelles il est possible d'ajouter d'autres technologies pour les étendre et ainsi répondre à différents besoins. Avec cet objectif, nous avons utilisé OMSAC conjointement avec des techniques d'apprentissage machine pour modéliser et analyser des architectures microservices afin de calculer le degré de similitude entre différents microservices appartenant à différents systèmes. Ce cas d'utilisation d'OMSAC constitue une contribution supplémentaire de notre recherche et renforce les perspectives de recherche dans l'assistance, l'outillage et l'automatisation de la modélisation des architectures microservices. Cette contribution montre également la pertinence de la recherche de mécanismes permettant de faire de l'analytique avancée sur les modèles d'architectures. Dans des travaux de recherche futurs, nous nous intéresserons au développent de ces mécanismes, et planifions la conception d'un assistant intelligent capable de projeter des architectures microservices basées sur les meilleures pratiques et favorisant la réutilisation de microservices existants. Également, nous souhaitons développer un langage dédié afin d'abstraire les syntaxes d'OWL et du langage de requête SPARQL pour faciliter l'utilisation d'OMSAC par les concepteurs, ingénieurs et programmeurs qui ne sont pas familiers avec ces technologies du Web sémantique. -- Mot(s) clé(s) en français : Architectures microservices, ontologies, modélisation de systèmes logiciels, apprentissage automatique. -- ABSTRACT : The use of Microservices Architecture (MSA) for designing software systems has become a trend in industry and research. Adopting MSA represents a technological and managerial shift with challenges including the size, scope, number, interoperability and reuse of microservices, modelling using multi-viewpoints, as well as the adequate understanding, adoption, and implementation of fundamental principles of the Microservices Architecture. Adequately undertaking these challenges is mandatory for designing effective MSA-based systems. In this thesis, we explored an ontological representation of the knowledge concerning the Microservices Architecture domain. This representation is capable of addressing MSA understanding and modelling challenges. As a result of this research, we propose the Ontology of Microservices Architecture Concepts (OMSAC), which is a domain ontology containing enough vocabulary to describe MSA concepts and artifacts and in a form to allow fast evolution and advanced analytical capabilities. -- Mot(s) clé(s) en anglais : Microservices Architecture, Ontologies, Conceptual modelling, machine learning

Big Data and Artificial Intelligence in Digital Finance

This open access book presents how cutting-edge digital technologies like Big Data, Machine Learning, Artificial Intelligence (AI), and Blockchain are set to disrupt the financial sector. The book illustrates how recent advances in these technologies facilitate banks, FinTech, and financial institutions to collect, process, analyze, and fully leverage the very large amounts of data that are nowadays produced and exchanged in the sector. To this end, the book also describes some more the most popular Big Data, AI and Blockchain applications in the sector, including novel applications in the areas of Know Your Customer (KYC), Personalized Wealth Management and Asset Management, Portfolio Risk Assessment, as well as variety of novel Usage-based Insurance applications based on Internet-of-Things data. Most of the presented applications have been developed, deployed and validated in real-life digital finance settings in the context of the European Commission funded INFINITECH project, which is a flagship innovation initiative for Big Data and AI in digital finance. This book is ideal for researchers and practitioners in Big Data, AI, banking and digital finance

Big Data and Artificial Intelligence in Digital Finance

This open access book presents how cutting-edge digital technologies like Big Data, Machine Learning, Artificial Intelligence (AI), and Blockchain are set to disrupt the financial sector. The book illustrates how recent advances in these technologies facilitate banks, FinTech, and financial institutions to collect, process, analyze, and fully leverage the very large amounts of data that are nowadays produced and exchanged in the sector. To this end, the book also describes some more the most popular Big Data, AI and Blockchain applications in the sector, including novel applications in the areas of Know Your Customer (KYC), Personalized Wealth Management and Asset Management, Portfolio Risk Assessment, as well as variety of novel Usage-based Insurance applications based on Internet-of-Things data. Most of the presented applications have been developed, deployed and validated in real-life digital finance settings in the context of the European Commission funded INFINITECH project, which is a flagship innovation initiative for Big Data and AI in digital finance. This book is ideal for researchers and practitioners in Big Data, AI, banking and digital finance