@inproceedings {INPROC-2020-49,
author = {Vladimir Yussupov and Uwe Breitenb{\"u}cher and Christoph Krieger and Frank Leymann and Jacopo Soldani and Michael Wurster},
title = {{Pattern-based Modelling, Integration, and Deployment of Microservice Architectures}},
booktitle = {Proceedings of the 2020 IEEE 24th International Enterprise Distributed Object Computing Conference (EDOC 2020)},
publisher = {IEEE Computer Society},
institution = {Universit{\"a}t Stuttgart, Fakult{\"a}t Informatik, Elektrotechnik und Informationstechnik, Germany},
pages = {40--50},
type = {Konferenz-Beitrag},
month = {Oktober},
year = {2020},
doi = {10.1109/EDOC49727.2020.00015},
keywords = {Microservice Architecture; Service Composition; Enterprise Integration Pattern; Model-driven Engineering},
language = {Englisch},
cr-category = {D.2.2 Software Engineering Design Tools and Techniques,
D.2.11 Software Engineering Software Architectures},
ee = {https://is.ieis.tue.nl/edoc20/},
contact = {Vladimir Yussupov yussupov@iaas.uni-stuttgart.de},
department = {Universit{\"a}t Stuttgart, Institut f{\"u}r Architektur von Anwendungssystemen},
abstract = {Microservice-based architectures (MSAs) gained momentum in industrial and
research communities since finer-grained and more independent components foster
reuse and reduce time to market. However, to come from the design of MSAs to
running applications, substantial knowledge and technology-specific expertise
in the deployment and integration of microservices is needed. In this paper, we
propose a model-driven and pattern-based approach for composing microservices,
which facilitates the transition from architectural models to running
deployments. Using a unified modelling for MSAs, including both their
integration based on Enterprise Integration Patterns (EIPs) and deployment
aspects, our approach enables automatically generating the artefacts for
deploying microservice compositions. This helps abstracting away the underlying
infrastructure including container orchestration platforms and middleware layer
for service integration. To validate the feasibility of our approach, we
illustrate its prototypical implementation, with Kubernetes used as container
orchestration system and OpenFaaS used for managing integration logic, and we
present a case study.},
url = {http://www2.informatik.uni-stuttgart.de/cgi-bin/NCSTRL/NCSTRL_view.pl?id=INPROC-2020-49&engl=0}
}
@inproceedings {INPROC-2020-34,
author = {Christoph Krieger and Uwe Breitenb{\"u}cher and Michael Falkenthal and Frank Leymann and Vladimir Yussupov and Uwe Zdun},
title = {{Monitoring Behavioral Compliance with Architectural Patterns Based on Complex Event Processing}},
booktitle = {Proceedings of the 8th European Conference on Service-Oriented and Cloud Computing (ESOCC 2020)},
publisher = {Springer International Publishing},
institution = {Universit{\"a}t Stuttgart, Fakult{\"a}t Informatik, Elektrotechnik und Informationstechnik, Germany},
pages = {125--140},
type = {Konferenz-Beitrag},
month = {M{\"a}rz},
year = {2020},
doi = {10.1007/978-3-030-44769-4_10},
language = {Englisch},
cr-category = {D.2.11 Software Engineering Software Architectures},
department = {Universit{\"a}t Stuttgart, Institut f{\"u}r Architektur von Anwendungssystemen},
abstract = {Architectural patterns assist in the process of architectural decision making
as they capture architectural aspects of proven solutions. In many cases, the
chosen patterns have system-wide implications on non-functional requirements
such as availability, performance, and resilience. Ensuring compliance with the
selected patterns is of vital importance to avoid architectural drift between
the implementation and its desired architecture. Most of the patterns not only
capture structural but also significant behavioral architectural aspects that
need to be checked. In case all properties of the system are known before
runtime, static compliance checks of application code and configuration files
might be sufficient. However, in case aspects of the system dynamically evolve,
e.g., due to manual reconfiguration, compliance with the architectural patterns
also needs to be monitored during runtime. In this paper, we propose to link
compliance rules to architectural patterns that specify behavioral aspects of
the patterns based on runtime events using stream queries. These queries serve
as input for a complex event processing component to automatically monitor
architecture compliance of a running system. To validate the practical
feasibility, we applied the approach to a set of architectural patterns in the
domain of distributed systems and prototypically implemented a compliance
monitor.},
url = {http://www2.informatik.uni-stuttgart.de/cgi-bin/NCSTRL/NCSTRL_view.pl?id=INPROC-2020-34&engl=0}
}
@inproceedings {INPROC-2019-40,
author = {Karoline Saatkamp and Christoph Krieger and Frank Leymann and Julian Sudendorf and Michael Wurster},
title = {{Application Threat Modeling and Automated VNF Selection for Mitigation using TOSCA}},
booktitle = {2019 International Conference on Networked Systems (NetSys)},
publisher = {IEEE},
institution = {Universit{\"a}t Stuttgart, Fakult{\"a}t Informatik, Elektrotechnik und Informationstechnik, Germany},
pages = {1--6},
type = {Workshop-Beitrag},
month = {Oktober},
year = {2019},
isbn = {10.1109/NetSys.2019.8854524},
keywords = {Threat Modeling; VNF; STRIDE; TOSCA},
language = {Englisch},
cr-category = {D.2.2 Software Engineering Design Tools and Techniques},
department = {Universit{\"a}t Stuttgart, Institut f{\"u}r Architektur von Anwendungssystemen},
abstract = {In the era of Internet of Things (IoT) the interconnectedness of devices, and
thus the need to protect them against threats increased. The widely used threat
modeling method STRIDE can be used to identify the system's vulnerabilities and
to determine appropriate mitigation solutions. In connected environments,
especially the network layer plays a critical role in achieving security. Based
on the Network Functions Virtualization (NFV) concept, network functions can be
virtualized and provisioned on standard IT hardware. Virtualized Network
Functions (VNFs) increase the flexibility of the provisioning, and thus
security network functions, such as firewalls, can be easily deployed. However,
in a complex distributed system it is time-consuming, error-prone, and for
application architects even not possible to identify and provision the required
security functions. For the orchestration and management of applications the
TOSCA modeling language can be used to describe the application's components
and their relations in a deployment model. The standard was mainly developed
for cloud applications but was extended to the network layer. In this paper, we
present a TOSCA-based approach for threat modeling based on STRIDE that
facilitates the automated VNF selection and injection into TOSCA deployment
models. The feasibility of our approach is validated by an extension of the
TOSCA modeling tool Winery.},
url = {http://www2.informatik.uni-stuttgart.de/cgi-bin/NCSTRL/NCSTRL_view.pl?id=INPROC-2019-40&engl=0}
}
@inproceedings {INPROC-2019-30,
author = {Amirali Amiri and Christoph Krieger and Uwe Zdun and Frank Leymann},
title = {{Dynamic Data Routing Decisions for Compliant Data Handling in Service- and Cloud-Based Architectures: A Performance Analysis}},
booktitle = {Proceedings of the 2019 IEEE International Conference on Services Computing (SCC)},
publisher = {IEEE},
institution = {Universit{\"a}t Stuttgart, Fakult{\"a}t Informatik, Elektrotechnik und Informationstechnik, Germany},
pages = {215--219},
type = {Konferenz-Beitrag},
month = {Juli},
year = {2019},
doi = {10.1109/SCC.2019.00044},
language = {Englisch},
cr-category = {C.2.4 Distributed Systems,
D.2.11 Software Engineering Software Architectures},
department = {Universit{\"a}t Stuttgart, Institut f{\"u}r Architektur von Anwendungssystemen},
abstract = {In many service-based applications, decisions about data routing need to be
made at runtime, for instance to ensure compliant data handling. Different
service-and cloud-based architectures to make dynamic data routing decisions
exist including central entities, multiple dedicated dynamic router services,
or using a sidecar for each involved service. These archi-tectures differ in
various quality attributes including complexity, understandability, and
changeability of the decision logic. Choosing the wrong architecture for
decision-making at runtime may severely impact the performance of the software
system. In this paper, we have evaluated the performance of three
representative approaches for processing compliance rules concerned with data
routing in service-and cloud-based architectures. The results show that
distributed approaches for dynamic data routing have a better performance
compared to centralized solutions. On the other hand, centralized solutions are
easier to understand and change, but this strongly depends on the domain
problem.},
url = {http://www2.informatik.uni-stuttgart.de/cgi-bin/NCSTRL/NCSTRL_view.pl?id=INPROC-2019-30&engl=0}
}
@inproceedings {INPROC-2018-49,
author = {Lukas Harzenetter and Uwe Breitenb{\"u}cher and Michael Falkenthal and Jasmin Guth and Christoph Krieger and Frank Leymann},
title = {{Pattern-based Deployment Models and Their Automatic Execution}},
booktitle = {11th IEEE/ACM International Conference on Utility and Cloud Computing (UCC 2018)},
publisher = {IEEE Computer Society},
institution = {Universit{\"a}t Stuttgart, Fakult{\"a}t Informatik, Elektrotechnik und Informationstechnik, Germany},
pages = {41--52},
type = {Konferenz-Beitrag},
month = {Dezember},
year = {2018},
doi = {10.1109/UCC.2018.00013},
language = {Englisch},
cr-category = {D.2.9 Software Engineering Management},
department = {Universit{\"a}t Stuttgart, Institut f{\"u}r Architektur von Anwendungssystemen},
abstract = {The automated deployment of cloud applications is of vital importance.
Therefore, several deployment automation technologies have been developed that
enable automatically deploying applications by processing so-called deployment
models, which describe the components and relationships an application consists
of. However, the creation of such deployment models requires considerable
expertise about the technologies and cloud providers used—especially for the
technical realization of conceptual architectural decisions. Moreover,
deployment models have to be adapted manually if architectural decisions change
or technologies need to be replaced, which is time-consuming, error-prone, and
requires even more expertise. In this paper, we tackle this issue. We introduce
a meta-model for Pattern-based Deployment Models, which enables using cloud
patterns as generic, vendor-, and technology-agnostic modeling elements
directly in deployment models. Thus, instead of specifying concrete
technologies, providers, and their configurations, our approach enables
modeling only the abstract concepts represented by patterns that must be
adhered to during the deployment. Moreover, we present how these models can be
automatically refined to executable deployment models. To validate the
practical feasibility of our approach, we present a prototype based on the
TOSCA standard and a case study.},
url = {http://www2.informatik.uni-stuttgart.de/cgi-bin/NCSTRL/NCSTRL_view.pl?id=INPROC-2018-49&engl=0}
}
@inproceedings {INPROC-2018-42,
author = {Christoph Krieger and Uwe Breitenb{\"u}cher and K{\'a}lm{\'a}n K{\'e}pes and Frank Leymann},
title = {{An Approach to Automatically Check the Compliance of Declarative Deployment Models}},
booktitle = {Papers from the 12th Advanced Summer School on Service-Oriented Computing (SummerSoC 2018)},
publisher = {IBM Research Division},
institution = {Universit{\"a}t Stuttgart, Fakult{\"a}t Informatik, Elektrotechnik und Informationstechnik, Germany},
pages = {76--89},
type = {Konferenz-Beitrag},
month = {Oktober},
year = {2018},
keywords = {Cloud Computing; Compliance; Deployment Modeling},
language = {Englisch},
cr-category = {D.2.2 Software Engineering Design Tools and Techniques,
D.2.3 Software Engineering Coding Tools and Techniques},
contact = {Christoph Krieger christoph.krieger@iaas.uni-stuttgart.de},
department = {Universit{\"a}t Stuttgart, Institut f{\"u}r Architektur von Anwendungssystemen},
abstract = {The automation of application deployment has evolved into one of the most
important issues in modern enterprise IT. Therefore, many deployment systems
have been developed that process deployment models for automating the
installation of systems. Creating such deployment models becomes more and more
complex as compliance plays an increasingly important role. Not only external
laws and regulations must be considered, but also a company’s internal
requirements must be fulfilled. However, this is a very complex challenge for
the modelers as they require a firm knowledge of all the compliance rules that
must be observed. As a result, this often leads to deployment models that
violate compliance rules due to manual modeling mistakes or because of
unawareness. In this paper, we introduce an approach that enables modeling of
reusable Deployment Compliance Rules that can be executed automatically to
check such regulations in declarative deployment models at design time. We
validate our approach with a prototype based on the TOSCA standard and the
OpenTOSCA ecosystem.},
url = {http://www2.informatik.uni-stuttgart.de/cgi-bin/NCSTRL/NCSTRL_view.pl?id=INPROC-2018-42&engl=0}
}
@inproceedings {INPROC-2018-32,
author = {Michael Zimmermann and Uwe Breitenb{\"u}cher and Christoph Krieger and Frank Leymann},
title = {{Deployment Enforcement Rules for TOSCA-based Applications}},
booktitle = {Proceedings of The Twelfth International Conference on Emerging Security Information, Systems and Technologies (SECURWARE 2018)},
editor = {Georg Yee and Stefan Rass and Stefan Schauer and Martin Latzenhofer},
publisher = {Xpert Publishing Services},
institution = {Universit{\"a}t Stuttgart, Fakult{\"a}t Informatik, Elektrotechnik und Informationstechnik, Germany},
pages = {114--121},
type = {Konferenz-Beitrag},
month = {September},
year = {2018},
isbn = {9781612086613},
language = {Englisch},
cr-category = {D.2.11 Software Engineering Software Architectures,
D.4.6 Operating Systems Security and Protection},
department = {Universit{\"a}t Stuttgart, Institut f{\"u}r Architektur von Anwendungssystemen},
abstract = {In the context of Industry 4.0, gathering sensor dataand using data analysis
software can lead to actionable insights,for example, enabling predictive
maintenance. Since developingthese data analysis software requires some special
expert knowl-edge, often external data scientist are charged for that.
However,often the data to be analyzed is of vital importance and thus,must not
leave the company. Therefore, applications developedand modeled as deployment
models by third-parties have tobe enforced to be executed in the local
company’s network.However, manually adapting a lot of these deployment modelsin
order to meet the company’s requirements is cumbersome,time consuming and
error-prone. Furthermore, some kind ofenforcement mechanism is required to
really ensure that thesedata security and privacy requirements are fulfilled.
Thus, in thispaper, we present an approach considering these issues duringthe
deployment time of the application. The presented approachis based on the
Topology and Orchestration Specification forCloud Applications (TOSCA), an
OASIS standard enabling thedescription of cloud applications as well as their
deployment. Theapproach enables the specification as well as the enforcement
ofreoccurring and generic requirements and restrictions of TOSCA-based
declarative deployment models, without the need to adaptor modify these
deployment models. The practical feasibilityof the presented approach is
validated by extending our open-source prototype OpenTOSCA, which provides a
modeling tool,a TOSCA Runtime, as well as a self-service portal for TOSCA.},
url = {http://www2.informatik.uni-stuttgart.de/cgi-bin/NCSTRL/NCSTRL_view.pl?id=INPROC-2018-32&engl=0}
}
@article {ART-2019-17,
author = {Michael Wurster and Uwe Breitenb{\"u}cher and Michael Falkenthal and Christoph Krieger and Frank Leymann and Karoline Saatkamp and Jacopo Soldani},
title = {{The Essential Deployment Metamodel: A Systematic Review of Deployment Automation Technologies}},
journal = {SICS Software-Intensive Cyber-Physical Systems},
publisher = {Springer},
type = {Artikel in Zeitschrift},
month = {August},
year = {2019},
doi = {10.1007/s00450-019-00412-x},
language = {Englisch},
cr-category = {C.0 Computer Systems Organization, General,
C.2.4 Distributed Systems,
D.1 Programming Techniques,
D.2 Software Engineering},
contact = {Michael Wurster wurster@iaas.uni-stuttgart.de},
department = {Universit{\"a}t Stuttgart, Institut f{\"u}r Architektur von Anwendungssystemen},
abstract = {In recent years, a plethora of deployment technologies evolved, many following
a declarative approach to automate the delivery of software components. Even if
such technologies share the same purpose, they differ in features and supported
mechanisms. Thus, it is difficult to compare and select deployment automation
technologies as well as to migrate from one technology to another. Hence, we
present a systematic review of declarative deployment technologies and
introduce the essential deployment metamodel (EDMM) by extracting the essential
parts that are supported by all these technologies. Thereby, the EDMM enables a
common understanding of declarative deployment models by facilitating the
comparison, selection, and migration of technologies. Moreover, it provides a
technology-independent baseline for further deployment automation research.},
url = {http://www2.informatik.uni-stuttgart.de/cgi-bin/NCSTRL/NCSTRL_view.pl?id=ART-2019-17&engl=0}
}