Exploring Maintainability Assurance Research for Service- and Microservice-Based Systems: Directions and Differences

To ensure sustainable software maintenance and evolution, a diverse set of activities and concepts like metrics, change impact analysis, or antipattern detection can be used. Special maintainability assurance techniques have been proposed for service- and microservice-based systems, but it is difficult to get a comprehensive overview of this publication landscape. We therefore conducted a systematic literature review (SLR) to collect and categorize maintainability assurance approaches for service-oriented architecture (SOA) and microservices. Our search strategy led to the selection of 223 primary studies from 2007 to 2018 which we categorized with a threefold taxonomy: a) architectural (SOA, microservices, both), b) methodical (method or contribution of the study), and c) thematic (maintainability assurance subfield). We discuss the distribution among these categories and present different research directions as well as exemplary studies per thematic category. The primary finding of our SLR is that, while very few approaches have been suggested for microservices so far (24 of 223, ?11%), we identified several thematic categories where existing SOA techniques could be adapted for the maintainability assurance of microservices

Dynamic Access Control in Industry 4.0 Systems

Industry 4.0 enacts ad-hoc cooperation between machines, humans, and organizations in supply and production chains. The cooperation goes beyond rigid hierarchical process structures and increases the levels of efficiency, customization, and individualisation of end-products. Efficient processing and cooperation requires exploiting various sensor and process data and sharing them across various entities including computer systems, machines, mobile devices, humans, and organisations. Access control is a common security mechanism to control data sharing between involved parties. However, access control to virtual resources is not sufficient in presence of Industry 4.0 because physical access has a considerable effect on the protection of information and systems. In addition, access control mechanisms have to become capable of handling dynamically changing situations arising from ad-hoc horizontal cooperation or changes in the environment of Industry 4.0 systems. Established access control mechanisms do not consider dynamic changes and the combination with physical access control yet. Approaches trying to address these shortcomings exist but often do not consider how to get information such as the sensitivity of exchanged information. This chapter proposes a novel approach to control physical and virtual access tied to the dynamics of custom product engineering, hence, establishing confidentiality in ad-hoc horizontal processes. The approach combines static design-time analyses to discover data properties with a dynamic runtime access control approach that evaluates policies protecting virtual and physical assets. The runtime part uses data properties derived from the static design-time analysis, as well as the environment or system status to decide about access

Model-based resource analysis and synthesis of service-oriented automotive software architectures

Context Automotive software architectures describe distributed functionality by an interaction of software components. One drawback of today\u27s architectures is their strong integration into the onboard communication network based on predefined dependencies at design time. The idea is to reduce this rigid integration and technological dependencies. To this end, service-oriented architecture offers a suitable methodology since network communication is dynamically established at run-time. Aim We target to provide a methodology for analysing hardware resources and synthesising automotive service-oriented architectures based on platform-independent service models. Subsequently, we focus on transforming these models into a platform-specific architecture realisation process following AUTOSAR Adaptive. Approach For the platform-independent part, we apply the concepts of design space exploration and simulation to analyse and synthesise deployment configurations, i. e., mapping services to hardware resources at an early development stage. We refine these configurations to AUTOSAR Adaptive software architecture models representing the necessary input for a subsequent implementation process for the platform-specific part. Result We present deployment configurations that are optimal for the usage of a given set of computing resources currently under consideration for our next generation of E/E architecture. We also provide simulation results that demonstrate the ability of these configurations to meet the run time requirements. Both results helped us to decide whether a particular configuration can be implemented. As a possible software toolchain for this purpose, we finally provide a prototype. Conclusion The use of models and their analysis are proper means to get there, but the quality and speed of development must also be considered

A Flashback on Control Logic Injection Attacks against Programmable Logic Controllers

Programmable logic controllers (PLCs) make up a substantial part of critical infrastructures (CIs) and industrial control systems (ICSs). They are programmed with a control logic that defines how to drive and operate critical processes such as nuclear power plants, petrochemical factories, water treatment systems, and other facilities. Unfortunately, these devices are not fully secure and are prone to malicious threats, especially those exploiting vulnerabilities in the control logic of PLCs. Such threats are known as control logic injection attacks. They mainly aim at sabotaging physical processes controlled by exposed PLCs, causing catastrophic damage to target systems as shown by Stuxnet. Looking back over the last decade, many research endeavors exploring and discussing these threats have been published. In this article, we present a flashback on the recent works related to control logic injection attacks against PLCs. To this end, we provide the security research community with a new systematization based on the attacker techniques under three main attack scenarios. For each study presented in this work, we overview the attack strategies, tools, security goals, infected devices, and underlying vulnerabilities. Based on our analysis, we highlight the current security challenges in protecting PLCs from such severe attacks and suggest security recommendations for future research directions

Envisioning Model-Based Performance Engineering Frameworks.

Abstract Our daily activities depend on complex software systems that must guarantee certain performance. Several approaches have been devised in the last decade to validate software systems against performance requirements. However, software designers still encounter problems in the interpretation of performance analysis results (e.g., mean values, probability distribution functions) and in the definition of design alternatives (e.g., to split a software component in two and redeploy one of them) aimed at fulfilling performance requirements. This paper describes a general model-based performance engineering framework to support designers in dealing with such problems aimed at enhancing the system. The framework relies on a formalization of the knowledge needed in order to characterize performance flaws and provide alternative system design. Such knowledge can be instantiated based on the techniques devised for interpreting performance analysis results and providing feedback to designers. Three techniques are considered in this paper for instantiating the framework and the main challenges to face during such process are pointed out and discussed

Studying Software Engineering Patterns for Designing Machine Learning Systems

Machine-learning (ML) techniques have become popular in the recent years. ML techniques rely on mathematics and on software engineering. Researchers and practitioners studying best practices for designing ML application systems and software to address the software complexity and quality of ML techniques. Such design practices are often formalized as architecture patterns and design patterns by encapsulating reusable solutions to commonly occurring problems within given contexts. However, to the best of our knowledge, there has been no work collecting, classifying, and discussing these software-engineering (SE) design patterns for ML techniques systematically. Thus, we set out to collect good/bad SE design patterns for ML techniques to provide developers with a comprehensive and ordered classification of such patterns. We report here preliminary results of a systematic-literature review (SLR) of good/bad design patterns for ML

Introducing Interactions in Multi-Objective Optimization of Software Architectures

Software architecture optimization aims to enhance non-functional attributes like performance and reliability while meeting functional requirements. Multi-objective optimization employs metaheuristic search techniques, such as genetic algorithms, to explore feasible architectural changes and propose alternatives to designers. However, the resource-intensive process may not always align with practical constraints. This study investigates the impact of designer interactions on multi-objective software architecture optimization. Designers can intervene at intermediate points in the fully automated optimization process, making choices that guide exploration towards more desirable solutions. We compare this interactive approach with the fully automated optimization process, which serves as the baseline. The findings demonstrate that designer interactions lead to a more focused solution space, resulting in improved architectural quality. By directing the search towards regions of interest, the interaction uncovers architectures that remain unexplored in the fully automated process

Audio for Virtual, Augmented and Mixed Realities: Proceedings of ICSA 2019 ; 5th International Conference on Spatial Audio ; September 26th to 28th, 2019, Ilmenau, Germany

The ICSA 2019 focuses on a multidisciplinary bringing together of developers, scientists, users, and content creators of and for spatial audio systems and services. A special focus is on audio for so-called virtual, augmented, and mixed realities. The fields of ICSA 2019 are: - Development and scientific investigation of technical systems and services for spatial audio recording, processing and reproduction / - Creation of content for reproduction via spatial audio systems and services / - Use and application of spatial audio systems and content presentation services / - Media impact of content and spatial audio systems and services from the point of view of media science. The ICSA 2019 is organized by VDT and TU Ilmenau with support of Fraunhofer Institute for Digital Media Technology IDMT

Outlier Detection Mechanism for Ensuring Availability in Wireless Mobile Networks Anomaly Detection

Finding things that are significantly different from, incomparable with, and inconsistent with the majority of data in many domains is the focus of the important research problem of anomaly detection. A noteworthy research problem has recently been illuminated by the explosion of data that has been gathered. This offers brand-new opportunities as well as difficulties for anomaly detection research. The analysis and monitoring of data connected to network traffic, weblogs, medical domains, financial transactions, transportation domains, and many more are just a few of the areas in which anomaly detection is useful. An important part of assessing the effectiveness of mobile ad hoc networks (MANET) is anomaly detection. Due to difficulties in the associated protocols, MANET has become a popular study topic in recent years. No matter where they are geographically located, users can connect to a dynamic infrastructure using MANETs. Small, powerful, and affordable devices enable MANETs to self-organize and expand quickly. By an outlier detection approach, the proposed work provides cryptographic property and availability for an RFID-WSN integrated network with node counts ranging from 500 to 5000. The detection ratio and anomaly scores are used to measure the system's resistance to outliers. The suggested method uses anomaly scores to identify outliers and provide defence against DoS attacks. The suggested method uses anomaly scores to identify outliers and provide protection from DoS attacks. The proposed method has been shown to detect intruders in a matter of milliseconds without interfering with authorised users' privileges. Throughput is improved by at least 6.8% using the suggested protocol, while Packet Delivery Ratio (PDR) is improved by at least 9.2% and by as much as 21.5%

Architectural Support for Software Performance in Continuous Software Engineering: A Systematic Mapping Study

The continuous software engineering paradigm is gaining popularity in modern development practices, where the interleaving of design and runtime activities is induced by the continuous evolution of software systems. In this context, performance assessment is not easy, but recent studies have shown that architectural models evolving with the software can support this goal. In this paper, we present a mapping study aimed at classifying existing scientific contributions that deal with the architectural support for performance-targeted continuous software engineering. We have applied the systematic mapping methodology to an initial set of 215 potentially relevant papers and selected 66 primary studies that we have analyzed to characterize and classify the current state of research. This classification helps to focus on the main aspects that are being considered in this domain and, mostly, on the emerging findings and implications for future researc