Antonio Brogi

Paolo Bernardi, Antonio Brogi, Gian-Luigi Ferrari et al.

Quantum computing is a disruptive technology that is expected to offer significant advantages in many critical fields (e.g. drug discovery and cryptography). The security of information processed by such machines is therefore paramount. Currently, modest Noisy Intermediate-Scale Quantum (NISQ) devices are available. The goal of this work is to identify a practical, heuristic methodology to evaluate security properties, such as secrecy and integrity, while using quantum processors owned by potentially untrustworthy providers.

Jacopo Massa, Stefano Forti, Federica Paganelli et al.

Cloud-Edge applications like industrial control systems and connected vehicles demand stringent end-to-end latency guarantees. Among existing data plane candidate solutions for bounded latency networking, the guaranteed Latency-Based Forwarding (gLBF) approach ensures punctual delivery of traffic flows by managing per-hop delays to meet specific latency targets, while not requiring that per-flow states are maintained at each hop. However, as a forwarding plane mechanism, gLBF does not define the control mechanisms for determining feasible forwarding paths and per-hop latency budgets for packets to fulfil end-to-end latency objectives. In this work, we propose such a control mechanism implemented in Prolog that complies with gLBF specifications, called declarative gLBF (dgLBF). The declarative nature of Prolog allows our prototype to be concise (~120 lines of code) and easy to extend. We show how the core dgLBF implementation is extended to add reliability mechanisms, path protection, and fate-sharing avoidance to enhance fault tolerance and robustness. Finally, we evaluate the system's performance through simulative experiments under different network topologies and with increasing traffic load to simulate saturated network conditions, scaling up to 6000 flows. Our results show a quasi-linear degradation in placement times and system resilience under heavy traffic.

Giuseppe Bisicchia, Stefano Forti, Antonio Brogi

Smart environments powered by the Internet of Things aim at improving our daily lives by automatically tuning ambient parameters (e.g. temperature, interior light) and by achieving energy savings through self-managing cyber-physical systems. Commercial solutions, however, only permit setting simple target goals on those parameters and do not consider mediating conflicting goals among different users and/or system administrators, and feature limited compatibility across different IoT verticals. In this article, we propose a declarative framework to represent smart environments, user-set goals and customisable mediation policies to reconcile contrasting goals encompassing multiple IoT systems. An open-source Prolog prototype of the framework is showcased over two lifelike motivating examples.

Marco Aiello, Mina Alipour, Antonio Brogi et al.

The sustainability impacts of ICT systems are difficult to assess and govern due to structural complexity, fragmented measurement practices, and unclear responsibilities across system layers. We argue that these challenges cannot be addressed solely by metrics and motivate the need for a shared Green ICT reference framework that integrates sustainability across multiple perspectives and domains, lifecycle phases, and governance contexts. We present an initial framework developed within the Informatics Europe Green ICT Working Group as a first step towards a comprehensive reference framework.

Stefano Forti, Antonio Brogi

Green software engineering aims at reducing the environmental impact due to developing, deploying, and managing software systems. Meanwhile, Cloud-IoT paradigms can contribute to improving energy and carbon efficiency of application deployments by (i) reducing the amount of data and the distance they must travel across the network, (ii) by exploiting idle edge devices to support application deployment. In this article, we propose a declarative methodology and its Prolog prototype for determining placements of application services onto Cloud-IoT infrastructures so to optimise energy and carbon efficiency, also considering different infrastructure power sources and operational costs. The proposal is assessed over a motivating example.

Jacopo Soldani, Antonio Brogi

The momentum gained by microservices and cloud-native software architecture pushed nowadays enterprise IT towards multi-service applications. The proliferation of services and service interactions within applications, often consisting of hundreds of interacting services, makes it harder to detect failures and to identify their possible root causes, which is on the other hand crucial to promptly recover and fix applications. Various techniques have been proposed to promptly detect failures based on their symptoms, viz., observing anomalous behaviour in one or more application services, as well as to analyse logs or monitored performance of such services to determine the possible root causes for observed anomalies. The objective of this survey is to provide a structured overview and a qualitative analysis of currently available techniques for anomaly detection and root cause analysis in modern multi-service applications. Some open challenges and research directions stemming out from the analysis are also discussed.

Francisco Ponce, Jacopo Soldani, Hernán Astudillo et al.

Context: Securing microservice-based applications is crucial, as many IT companies are delivering their businesses through microservices. If security smells affect microservice-based applications, they can possibly suffer from security leaks and need to be refactored to mitigate the effects of security smells therein. Objective: As the currently available knowledge on securing microservices is scattered across different pieces of white and grey literature, our objective here is to distill well-known smells for securing microservices, together with the refactorings enabling to mitigate the effects of such smells. Method: To capture the state of the art and practice in securing microservices, we conducted a multivocal review of the existing white and grey literature on the topic. We systematically analyzed 58 studies published from 2014 until the end of 2020. Results: Ten bad smells for securing microservices are identified, which we organized in a taxonomy, associating each smell with the security properties it may violate and the refactorings enabling to mitigate its effects. Conclusions: The security smells and the corresponding refactorings have pragmatic value for practitioners, who can exploit them in their daily work on securing microservices. They also serve as a starting point for researchers wishing to establish new research directions on securing microservices.

Stefano Forti, Antonio Brogi

Continuous reasoning has proven effective in incrementally analysing changes in application codebases within Continuous Integration/Continuous Deployment (CI/CD) software release pipelines. In this article, we present a novel declarative continuous reasoning approach to support the management of multi-service applications over the Cloud-IoT continuum, in particular when infrastructure variations impede meeting application's hardware, software, IoT or network QoS requirements. We show how such an approach brings considerable speed-ups compared to non-incremental reasoning.

Vladimir Yussupov, Jacopo Soldani, Uwe Breitenbücher et al.

Function-as-a-Service (FaaS) is a cloud service model enabling developers to offload event-driven executable snippets of code. The execution and management of such functions becomes a FaaS provider's responsibility, hereby included their on-demand provisioning and automatic scaling. Key enablers for this cloud service model are FaaS platforms, e.g., AWS Lambda, Microsoft Azure Functions or OpenFaaS. At the same time, the choice of the most appropriate FaaS platform for deploying and running a serverless application is not trivial, as various organizational and technical aspects have to be taken into account. In this work, we present (i) a FaaS platform classification framework derived using a mixed method study and (ii) a systematic technology review of the ten most prominent FaaS platforms, based on the proposed classification framework. Moreover, we present (iii) a FaaS platform selection support system, called \faastener, which helps researchers and practitioners to choose the FaaS platform most suited for their requirements.

Matteo Bogo, Jacopo Soldani, Davide Neri et al.

Enterprise IT is currently facing the challenge of coordinating the management of complex, multi-component applications across heterogeneous cloud platforms. Containers and container orchestrators provide a valuable solution to deploy multi-component applications over cloud platforms, by coupling the lifecycle of each application component to that of its hosting container. We hereby propose a solution for going beyond such a coupling, based on the OASIS standard TOSCA and on Docker. We indeed propose a novel approach for deploying multi-component applications on top of existing container orchestrators, which allows to manage each component independently from the container used to run it. We also present prototype tools implementing our approach, and we show how we effectively exploited them to carry out a concrete case study.

Antonio Brogi, Davide Neri, Jacopo Soldani et al.

Potential benefits such as agile service delivery have led many companies to deliver their business capabilities through microservices. Bad smells are however always around the corner, as witnessed by the considerable body of literature discussing architectural smells that possibly violate the design principles of microservices. In this paper, we systematically review the white and grey literature on the topic, in order to identify the most recognised architectural smells for microservices and to discuss the architectural refactorings allowing to resolve them.

Stefano Forti, Gian-Luigi Ferrari, Antonio Brogi

Assessing the security level of IoT applications to be deployed to heterogeneous Cloud-Edge infrastructures operated by different providers is a non-trivial task. In this article, we present a methodology that permits to express security requirements for IoT applications, as well as infrastructure security capabilities, in a simple and declarative manner, and to automatically obtain an explainable assessment of the security level of the possible application deployments. The methodology also considers the impact of trust relations among different stakeholders using or managing Cloud-Edge infrastructures. A lifelike example is used to showcase the prototyped implementation of the methodology.