Reducing Run-Time Adaptation Space via Analysis of Possible Utility Bounds

Self-adaptive systems often employ dynamic programming or similar techniques to select optimal adaptations at run-time. These techniques suffer from the “curse of dimensionality , increasing the cost of run-time adaptation decisions. We propose a novel approach that improves upon the state-of-the-art proactive self-adaptation techniques to reduce the number of possible adaptations that need be considered for each run-time adaptation decision. The approach, realized in a tool called Thallium, employs a combination of automated formal modeling techniques to (i) analyze a structural model of the system showing which configurations are reachable from other configurations and (ii) compute the utility that can be generated by the optimal adaptation over a bounded horizon in both the best- and worst-case scenarios. It then constructs triangular possibility values using those optimized bounds to automatically compare adjacent adaptations for each configuration, keeping only the alternatives with the best range of potential results. The experimental results corroborate Thallium’s ability to significantly reduce the number of states that need to be considered with each adaptation decision, freeing up vital resources at run-time

A software development framework for secure microservices

Abstract: The software development community has seen the proliferation of a new style of building applications based on small and specialized autonomous units of computation logic called microservices. Microservices collaborate by sending light-weight messages to automate a business task. These microservices are independently deployable with arbitrary schedules, allowing enterprises to quickly create new sets of business capabilities in response to changing business requirements. It is expected that the use of microservices will become the default style of building software applications by the year 2023, with the microservices’ market projected to reach thirtytwo billion United States of American dollars. The adoption of microservices presents new security challenges due to the way the units of computation logic are designed, deployed and maintained. The decomposition of an application into small independent units increases the attack surface, and makes it a challenge to secure and control network traffic for each unit. These new security challenges cannot be addressed by traditional security strategies. Software engineers developing microservices are facing growing pressure to build secure microservices to ensure the security of business information assets and guarantee business continuity. The research conducted in this thesis proposes a software development framework that software engineers can use to build secure microservices. The framework defines artefacts, development and maintenance activities together with methods and techniques that software engineers can use to ensure that microservices are developed from the ground up to be secure. The goal of the framework is to ensure that microservices are designed and built to be able to detect, react, respond and recover from attacks during day-to-day operations. To prove the capability of the framework, a microservices-based application is developed using the proposed software development framework as part of an experiment to determine its effectiveness. These results, together with a comparative and quality review of the framework indicate that the software development framework can be effectively used to develop secure microservices.Ph.D. (Computer Science