Scalability Assessment of Microservice Architecture Deployment Configurations: A Domain-based Approach Leveraging Operational Profiles and Load Tests

Abstract Microservices have emerged as an architectural style for developing distributed applications. Assessing the performance of architecture deployment configurations — e.g., with respect to deployment alternatives — is challenging and must be aligned with the system usage in the production environment. In this paper, we introduce an approach for using operational profiles to generate load tests to automatically assess scalability pass/fail criteria of microservice configuration alternatives. The approach provides a Domain-based metric for each alternative that can, for instance, be applied to make informed decisions about the selection of alternatives and to conduct production monitoring regarding performance-related system properties, e.g., anomaly detection. We have evaluated our approach using extensive experiments in a large bare metal host environment and a virtualized environment. First, the data presented in this paper supports the need to carefully evaluate the impact of increasing the level of computing resources on performance. Specifically, for the experiments presented in this paper, we observed that the evaluated Domain-based metric is a non-increasing function of the number of CPU resources for one of the environments under study. In a subsequent series of experiments, we investigate the application of the approach to assess the impact of security attacks on the performance of architecture deployment configurations

Unravelling Ariadne’s Thread: Exploring the Threats of Decentralised DNS

The current landscape of the core Internet technologies shows considerable centralisation with the big tech companies controlling the vast majority of traffic and services. This situation has sparked a wide range of decentralisation initiatives with blockchain technology being among the most prominent and successful innovations. At the same time, over the past years there have been considerable attempts to address the security and privacy issues affecting the Domain Name System (DNS). To this end, it is claimed that Blockchain-based DNS may solve many of the limitations of traditional DNS. However, such an alternative comes with its own security concerns and issues, as any introduction and adoption of a new technology typically does - let alone a disruptive one. In this work we present the emerging threat landscape of blockchain-based DNS and we empirically validate the threats with real-world data. Specifically, we explore a part of the blockchain DNS ecosystem in terms of the browser extensions using such technologies, the chain itself (Namecoin and Emercoin), the domains, and users who have been registered in these platforms. Our findings reveal several potential domain extortion attempts and possible phishing schemes. Finally, we suggest countermeasures to address the identified threats, and we identify emerging research themes

Hierarchical certificateless criptographic key agreement

Apresentamos um novo esquema de acordo de chaves criptográficas hierárquico, não Interativo e seguro contra comprometimento de múltiplos nós. Esquemas para Acordo de chaves criptográficas (KAS - Key Agreement Scheme), são usados quando duas ou mais entidades desejam compartilhar uma chave secreta única, afim de para realizar uma comunicação segura por meio de um protocolo de criptografia simétrico. O acordo de chaves proposto possui as seguintes características: Não interativo: Chaves compartilhadas são calculadas sem interação dos nós participantes; Chaves Públicas sem certificados (Certificateless): Para o cálculo da chave compartilhada o nó utiliza sua chave secreta e a chave pública do destinatário, que é certificada pela identidade do destinatário; Hierárquico: Permite que seja utilizado um gerenciamento hierárquico, para concessão, revogação e distribuição de chaves; e Resistente: Permite segurança do sistema mesmo quando nós dentro da hierarquia são comprometidos em qualquer ordem e quantidade. Este trabalho é uma nova abordagem do artigo \"Strongly-Resilent and Non-Interactive Hierarchical Key-Agreement in MANETs\" onde substituímos o uso de sistemas baseados na identidade por sistemas sem certificado, eliminando a custódia de chaves em todos os níveis hierárquicos, aumentando a segurança do sistema quanto ao comprometimento de nós. É apresentado ainda uma discussão sobre a segurança do esquema proposto e de acordos de chaves não interativos.This work presents a new resilient, hierarchical, non-interactive and certificateless key agreement scheme. Cryptographic key agreement schemes (KAS) are used when two or more entities want to share a secret key, in order to realize secure communication using a symmetric encryption protocol. The proposed key agreement has the following characteristics: Non-interactive: Any two nodes can compute a unique shared secret key without interaction; Certificateless: To compute the shared secret key, each node only needs its own secret key, the identity of its peer and his public key implicitly certified; Hierarchical: The scheme is decentralized through a hierarchy where all nodes in the hierarchy can derive the secret keys for each of its children without any limitations or prior knowledge on the number of such children or their identities; Resilient: The scheme is resilient against compromise of any number of nodes in the hierarchy. This work is a new approach about article ``Strongly-Resilient and Non-Interactive Hierarchical Key-Agreement in MANETs\" which replaces id based system for certificateless system, eliminating the key escrow on all levels, increasing system security against compromised nodes. It also presents a discussion on the security of the proposed scheme and non-interactive key agreement

Hierarchical certificateless criptographic key agreement

Apresentamos um novo esquema de acordo de chaves criptográficas hierárquico, não Interativo e seguro contra comprometimento de múltiplos nós. Esquemas para Acordo de chaves criptográficas (KAS - Key Agreement Scheme), são usados quando duas ou mais entidades desejam compartilhar uma chave secreta única, afim de para realizar uma comunicação segura por meio de um protocolo de criptografia simétrico. O acordo de chaves proposto possui as seguintes características: Não interativo: Chaves compartilhadas são calculadas sem interação dos nós participantes; Chaves Públicas sem certificados (Certificateless): Para o cálculo da chave compartilhada o nó utiliza sua chave secreta e a chave pública do destinatário, que é certificada pela identidade do destinatário; Hierárquico: Permite que seja utilizado um gerenciamento hierárquico, para concessão, revogação e distribuição de chaves; e Resistente: Permite segurança do sistema mesmo quando nós dentro da hierarquia são comprometidos em qualquer ordem e quantidade. Este trabalho é uma nova abordagem do artigo \"Strongly-Resilent and Non-Interactive Hierarchical Key-Agreement in MANETs\" onde substituímos o uso de sistemas baseados na identidade por sistemas sem certificado, eliminando a custódia de chaves em todos os níveis hierárquicos, aumentando a segurança do sistema quanto ao comprometimento de nós. É apresentado ainda uma discussão sobre a segurança do esquema proposto e de acordos de chaves não interativos.This work presents a new resilient, hierarchical, non-interactive and certificateless key agreement scheme. Cryptographic key agreement schemes (KAS) are used when two or more entities want to share a secret key, in order to realize secure communication using a symmetric encryption protocol. The proposed key agreement has the following characteristics: Non-interactive: Any two nodes can compute a unique shared secret key without interaction; Certificateless: To compute the shared secret key, each node only needs its own secret key, the identity of its peer and his public key implicitly certified; Hierarchical: The scheme is decentralized through a hierarchy where all nodes in the hierarchy can derive the secret keys for each of its children without any limitations or prior knowledge on the number of such children or their identities; Resilient: The scheme is resilient against compromise of any number of nodes in the hierarchy. This work is a new approach about article ``Strongly-Resilient and Non-Interactive Hierarchical Key-Agreement in MANETs\" which replaces id based system for certificateless system, eliminating the key escrow on all levels, increasing system security against compromised nodes. It also presents a discussion on the security of the proposed scheme and non-interactive key agreement