Sebastian Werner

Fernando Castillo, Eduardo Brito, Pille Pullonen-Raudvere et al.

Enterprise software supply chains are increasingly vulnerable to infrastructure attacks, resulting in financial and reputational damage. Ensuring the integrity and provenance of software artifacts remains a significant challenge, where re-execution of the build and tests by every consumer to guarantee provenance produces a verification bottleneck and credibility reduction. This paper presents an evidence-driven protocol for trustworthy Continuous Integration (CI) pipelines that combines Deterministic Build Systems (DBS) with Trusted Execution Environments (TEEs). The approach provides cryptographically verifiable guarantees of integrity, authenticity, and attestation for CI artifacts in distributed environments, reducing implicit trust without requiring costly re-execution by consumers. We introduce a protocol that binds deterministic builds with TEE-based attestations, formalizing the evidence life cycle, together with a practical implementation using Nix and Intel TDX. Experimental results show that artifact verification is reduced from redundant computation to lightweight signature and policy checks. These findings demonstrate that evidence-driven CI pipelines establish scalable and verifiable trust in digital infrastructure, effectively amortizing the initial computational overhead introduced by TEEs.

Leo Wilhelm Lierse, Mahyar Tourchi Moghaddam, Sebastian Werner

As carbon pricing mechanisms like the EU Emissions Trading System are set to increase prices of energy consumption, software architects face growing pressure to design applications that operate within financially predictable emission constraints. Existing approaches typically enforce rigid per-interval emission rates, which prove unsuitable in electrical grids with highly dynamic carbon intensity, which is common in grids with growing renewable energy adoption. We propose the use of emissions budgets, an approach that replaces fixed emission rates with time-bound budgets, enabling applications to dynamically save unused emission allowances during low carbon intensity periods and expend them during high carbon intensity periods. We describe emissions-aware applications using a MAPE-K feedback loop that continuously monitors application power consumption and grid carbon intensity, then adapts resource allocation through vertical scaling or migration to maintain long-term emission limits while maximizing performance. Through simulation using six weeks of real-world carbon intensity data from Germany, France, and Poland, we demonstrate that budget-based management improves task fulfillment by up to 36% in variable grids compared to fixed rates. Crucially, budgets achieve parity with fixed rates in stable grids, making them a safe replacement. We show that emissions budgets are a practical mechanism to balance environmental constraints, operational costs, and service quality when emissions directly translate to financial penalties.

Julius Irion, Moritz Leugers, Paul Hartwig et al.

AI-assisted development tools enable rapid prototyping of services but often lack awareness of architectural constraints, infrastructure dependencies, and organizational standards required in production environments. Consequently, generated artifacts may exhibit brittle behavior and limited deployability. We propose a retrieval-augmented scaffolding approach that combines platform-based code generation with agentic clarification loops to expose and resolve architectural constraint ambiguities. By combining template retrieval with structured interaction, the method embeds production-relevant considerations during service scaffolding. Evaluation indicates improved architectural consistency and deployability compared to general-purpose AI code generation workflows, suggesting that constraint-aware retrieval is essential for aligning AI-assisted service development with production software engineering practices.

Marco Aiello, Mina Alipour, Antonio Brogi et al.

The sustainability impacts of ICT systems are difficult to assess and govern due to structural complexity, fragmented measurement practices, and unclear responsibilities across system layers. We argue that these challenges cannot be addressed solely by metrics and motivate the need for a shared Green ICT reference framework that integrates sustainability across multiple perspectives and domains, lifecycle phases, and governance contexts. We present an initial framework developed within the Informatics Europe Green ICT Working Group as a first step towards a comprehensive reference framework.

Sebastian Werner, Stefan Tai

"Application-platform co-design" refers to the phenomenon of new platforms being created in response to changing application needs, followed by application design and development changing due to the emergence (and the specifics, limitations) of the new platforms, therefore creating, again, new application and platform requirements. This continuous process of application and platform (re-)design describes an engineering and management responsibility to constantly evaluate any given platform for application fit and platform-specific application design, and to consider a new or evolutionary platform development project due to evolving and changing application needs. In this paper, we study this phenomenon in the context of serverless computing and (big) data processing needs, and thus, for application-platform co-design for serverless data processing (SDP). We present an analysis of the state-of-the-art of function-as-a-service (FaaS) platforms, which reveals several configuration, deployment, execution, and measurement differences between popular platforms happening at-speed. These differences indicate already ongoing platform (re-)design processes resulting in more specialized serverless platforms and new, platform-specific challenges for application design. We discuss data processing needs of applications using the serverless model and present common initial (and undesirable) workaround solutions on the application level, giving additional argument to the creation of new SDP platforms. We present critical SDP requirements and possible new platform augmentations, but identify the need for engineering methods and tooling to better guide application-platform co-design. We argue to pay appropriate attention to the phenomenon of continuous application-platform co-design to better anticipate and to control future platform and application developments.

Maria C. Borges, Sebastian Werner, Ahmet Kilic

Serverless applications can be particularly difficult to troubleshoot, as these applications are often composed of various managed and partly managed services. Faults are often unpredictable and can occur at multiple points, even in simple compositions. Each additional function or service in a serverless composition introduces a new possible fault source and a new layer to obfuscate faults. Currently, serverless platforms offer only limited support for identifying runtime faults. Developers looking to observe their serverless compositions often have to rely on scattered logs and ambiguous error messages to pinpoint root causes. In this paper, we investigate the use of distributed tracing for improving the observability of faults in serverless applications. To this end, we first introduce a model for characterizing fault observability, then provide a prototypical tracing implementation - specifically, a developer-driven and a platform-supported tracing approach. We compare both approaches with our model, measure associated trade-offs (execution latency, resource utilization), and contribute new insights for troubleshooting serverless compositions.

Sebastian Werner, Henrik Schäfer, Matthias Hullin

We introduce pulsed correlation time-of-flight (PC-ToF) sensing, a new operation mode for correlation time-of-flight range sensors that combines a sub-nanosecond laser pulse source with a rectangular demodulation at the sensor side. In contrast to previous work, our proposed measurement scheme attempts not to optimize depth accuracy over the full measurement: With PC-ToF we trade the global sensitivity of a standard C-ToF setup for measurements with strongly localized high sensitivity -- we greatly enhance the depth resolution for the acquisition of scene features around a desired depth of interest. Using real-world experiments, we show that our technique is capable of achieving depth resolutions down to 2mm using a modulation frequency as low as 10MHz and an optical power as low as 1mW. This makes PC-ToF especially viable for low-power applications.