SenecaSoftware Engineering in Enterprise Cloud Applications
Research Lines
SENECA is an European Industrial Doctorate project,
which provides the opportunity to nine early-stage
researchers to pursue their PhD in the area of
software engineering of cloud-based systems. This
project has received funding from the European
Union’s Horizon 2020 research and innovation
programme under the Marie Sklodowska-Curie grant
agreement No 642954. The research is organized in
three streams: A) Product quality in cloud-related
software development projects B) Process quality in
cloud-related software development C) Operations'
quality in cloud systems.
Product Quality
Quality in cloud-related software development
Impact of code review in cloud computing development
Improving cloud-related testing practices
Data driven development software in cloud-related software development projects
In International Conference on Software Engineering (ICSE) 2018, Gothenburg, Sweden.
Detecting and Managing Code Smells: Research and Practice
Tushar Sharma
Technical briefing in International Conference on Software Engineering (ICSE) 2018, Gothenburg, Sweden.
Vulinoss: A Dataset of Vulnerabilities in Open-source Projects.
Antonios Gkortzis, Dimitris Mitropoulos and Diomidis Spinellis
In Mining Software Repositories (MSR) 2018, Gothenburg, Sweden in May 2018.
Analyzing Programming Languages' Energy Consumption: An Empirical Study
Georgiou, S., Kechagia, M. and Spinellis, D
In Proceedings of the 21st Pan-Hellenic Conference on Informatics (2017, September)
What are your programming language’s energy-delay implications?
Stefanos Georgiou, Maria Kechagia, Panos Louridas, and Diomidis Spinellis
In 15th International Conference on Mining Software Repositories: Technical Track, MSR '18. Sweden, May 2018. ACM.
Analyzing Programming Languages’ Energy Consumption: An Empirical Study.
Stefanos Georgiou, Maria Kechagia, Panos Louridas, and Diomidis Spinellis
In Pan-Hellenic Conference on Informatics 2017
Investigating Type Declaration Mismatches in Python
Luca Pascarella, Achyudh Ram, Azqa Nadeem, Dinesh Bisesser, Norman Knyazev, and Alberto Bacchelli
In Proceedings of MaLTeSQuE 2018 (Workshop on Machine Learning Techniques for Software Quality Evaluation), 2018
Re-evaluating Method-Level Bug Prediction
Luca Pascarella, Fabio Palomba, and Alberto Bacchelli
In Proceedings of SANER 2018 (25th International Conference on Software Analysis, Evolution, and Reengineering), 2018
Self-Reported Activities of Android Developers
Luca Pascarella, Franz-Xaver Geiger, Fabio Palomba, Dario Di Nucci, Ivano Malavolta, and Alberto Bacchelli
Proceedings of MOBILESoft 2018 (5th IEEE/ACM International Conference on Mobile Software Engineering and Systems), May 27-28 2018 | Gothenburg, Sweden
A Graph-based Dataset of Commit History of Real-World Android apps
Franz-Xaver Geiger, Ivano Malavolta, Luca Pascarella, Fabio Palomba, Dario Di Nucci, and Alberto Bacchelli,
In Proceedings of MSR 2018 (15th International Conference on Mining Software Repositories), May 27-28 2018 | Gothenburg, Sweden
How Is Video Game Development Different from Software Development in Open Source?
Luca Pascarella, Fabio Palomba, Massimiliano Di Penta, and Alberto Bacchelli
In Proceedings of MSR 2018 (15th International Conference on Mining Software Repositories), May 27-28 2018 | Gothenburg, Sweden
Characterization of the Xen project code review process: An experience report
Daniel Izquierdo-Cortazar, Lars Kurth, Jesus M. Gonzalez-Barahona, Santiago Duenas, Nelson Sekitoleko
13th International Conference on Mining Software Repositories May 14-15, 2016. Austin, Texas.
A Quantitative Analysis of Performance in the Key Parameter in Code Review – Individuation of Defects
Dorealda Dalipaj
Doctoral Consortium of the International Conference on Open Source Systems (OSS), 2016
An empirical analysis of vulnerabilities in virtualization technologies
A. Gkortzis, S. Rizou, and D. Spinellis
8th IEEE International Conference on Cloud Computing Technology and Science
Classifying code comments in Java open-source software systems
Luca Pascarella, Alberto Bacchelli
Proceedings of MSR 2017 (14th International Conference on Mining Software Repositories), forthcoming. 2017
Software Engineering Artifact in Software Development Process - Linkage Between Issues and Code Review Processes
Dorealda Dalipaj, Jesus M. Gonzalez-Barahona, Daniel Izquierdo-Cortazar
In SOMET 2016 (International Conference on Intelligent Software Methodologies, Tools and Techniques)
House of cards: code smells in open-source C# repositories
Tushar Sharma, Marios Fragkoulis, and Diomidis Spinellis
In ESEM 2017.
Designite: A Customizable Tool for Smell Mining in C# Repositories
Tushar Sharma
In SATToSE 2017 (Seminar Series on Advanced Techniques and Tools for Software Evolution)
When Testing Meets Code Review: How and Why Developers Review Tests
Davide Spadini, Mauricio Aniche, Margaret-Anne Storey, Magiel Bruntink, Alberto Bacchelli
In ICSE 2018 (International Conference on Software Engineering)
Classifying code comments in Java Mobile Applications
Luca Pascarella
In Proceedings of MOBILESoft 2018 (5th IEEE/ACM International Conference on Mobile Software Engineering and Systems). Student Research Competition, May 27-28 2018 | Gothenburg, Sweden
Information Needs in Contemporary Code Review
Luca Pascarella, Davide Spadini, Fabio Palomba, Magiel Bruntink, and Alberto Bacchelli
In Proceedings of CSCW 2018 (The 21st ACM Conference on Computer-Supported Cooperative Work and Social Computing). November 3-7 2018 | Jersey City, USA
Software analytics in continuous delivery: a case study on success factors
Huijgens, H., Spadini, D., Stevens, D., Visser, N., and van Deursen, A.
In Proceedings of the 12th ACM/IEEE International Symposium on Empirical Software Engineering and Measurement (p. 25).
Mock objects for testing java systems
Spadini, D., Aniche, M., Bruntink, M., and Bacchelli, A.
Empirical Software Engineering.
Practices and tools for better software testing
Spadini, D.
Proceedings of the 2018 26th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering - ESEC/FSE 2018, 928–931.
PyDriller: Python framework for mining software repositories
Spadini, D., Aniche, M., and Bacchelli, A.
Proceedings of the 2018 26th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering - ESEC/FSE 2018, 908–911.
An Empirical Analysis of Technical Lag in npm Package Dependency Updates
Ahmed Zerouali, Eleni Constantinou, Tom Mens, Gregorio Roble and Jesus M. Gonzalez-Barahona
The 17th International Conference on Software Reuse 2018.
Graal: The Quest for Source Code Knowledge
V. Cosentino, S. Duenas, A. Zerouali, G. Robles, J.M. González-Barahona
in SCAM'18, colocated with ICSME18
On The Relation Between Outdated Docker Containers, Severity Vulnerabilities and Bugs
Ahmed Zerouali, Tom Mens, Gregorio Robles and Jesus M. Gonzalez-Barahona
IEEE International Conference on Software Analysis, Evolution and Reengineering. SANER 2019.
SortingHat: Wizardry on Software Project Members
David Moreno, Santiago Dueñas, Valerio Cosentino, Miguel Angel Fernandez, Ahmed Zerouali, Gregorio Robles and Jesus M. Gonzalez-Barahona
Demonstrations track in ICSE 2019, Montreal, CANADA.
Working Group
TU Delft
Delft University of Technology, aka TU Delft, is a top research and
academic center for engineering and applied sciences. TU Delft is
considered to be among the world's most prestigious universities of
engineering and technology by high-reputation ranking systems. It
hosts more than 19,000 students and 3,300 scientists, in eight
faculties.
URJC
Universidad Rey Juan Carlos is the youngest public University in the
Madrid region. It is one of the Universities in Spain recognized as
“Campus de Excelencia Internacional” by the Spanish
Government. The University has a PhD School, in which the LibreSoft
research team participates, in the line of ITC, which has about 10
PhD graduations per year.
AUEB
The Athens University of Economics and Business (AUEB) is one of the
top business schools in SE Europe. The Doctoral Program of the
Department of Management Science and Technology, where the students
will be enrolled, is committed to fostering and cultivating high
impact academic research.
Software Improvement Group
Leading IT management advisory firm, operating an ISO/IEC 17025
certified software analysis lab, advising customers on application
portfolio rationalization, software migration, and all aspects of
software quality, including maintainability, security, reliability,
transferability. SME based in Amsterdam with offices in Denmark,
Germany, Switzerland, Belgium.
Bitergia
Bitergia is start-up specialized in helping companies to understand
the software development process with special focus on open source
projects. Bitergia uses data analytics techniques to produce
dashboards, reports and other types of specialized information.
Bitergia also provides tools and means to track all of these aspects
and to help in the decision making process.
Singular Logic
Leading Software and Integrated IT Solutions Group in Greece. The
European Projects Department of Singular Logic works on the design
and implementation of innovative applications and platforms targeting
different business sectors (with a special focus on innovative
e-Health solutions) as well as on the engineering and management of
business services. Products: ERP, CRM, BI tools.
Workshops
Cloud security and infrastructure management workshop
AUEB and Singularlogic, two of the SENECA consortium
partners organize a two-day workshop with the goal to
introduce to young scientists and professionals in the
field of software-engineering, some of the current
trends and technologies for the security and operational
management of cloud services.
Seminar Series on Advanced Techniques and Tools for Software Evolution
SATToSE is a three-day academic workshop. It is a very hands-on event, particularly targetted to PhD students, which
usually attend with their advisors. SENECA fellows had the opportunity to
present their work in the context of this workshop, and to benefit from its
environment, and talks targeted to young researchers. The 11th edition
was organized by URJC, specifically by researchers participating in SENECA.
The activity was structured as four talks and one 2-hour tutorial.
The activity was organized by URJC and Bitergia, two of the SENECA
consortium partners, and aimed to let young scientists and professionals learn
about future careers in the field of software engineering, and into how to
increase their success with publications and dissemination of results.
The activity was organized by SIG and TU Delft, two of the SENECA
consortium partners. The activity was planned such that participants could
also benefit from other international conferences taking place in Amsterdam
during the same week, such as ISSTA, ECOOP
and Curry On.
Marco di Biase
Impact of code review in cloud computing development
m.dibiase@sig.eu
Bio
Marco di Biase is a Researcher at Software Improvement Group in Amsterdam, working with Delft University of Technology in the context of the European SENECA project focusing on software product quality.
Current Research
Software development is all about the product, people, and processes. In this scenario, most projects use code review as a way to improve the final quality of their codebases. Although been proven to be useful, research still lacks knowledge on how it can be effectively applied in real-world scenarios, and how this affects other important parameters in the development phase. By analyzing software products and mining both their review data and linked information about development, the aim is to get a better insight on how code review can affect the product, the people, and the process. Furthermore, the target is to assess if and where the review process has some issues, which are its causes and to what extent this impacts different software metrics.
Publications
Marco di Biase, Magiel Bruntink, Alberto Bacchelli. A security perspective on code review: The case of Chromium. In Proceedings of SCAM 2016 (16th IEEE International Working Conference on Source Code Analysis and Manipulation), pp. 21-30. 2016
Davide Spadini
Improving cloud-related testing practices
d.spadini@sig.eu
Bio
My name is Davide Spadini and I am 26 years old. I am an Italian PhD student at the University of Technology of Delft and I am currently working as a researcher at SIG in Amsterdam. During my master at Trento and my bachelor in Verona, two beautiful cities in north Italy, I specialized on Distributed Systems and Algorithms. During my master thesis I collaborated with the Hive-Streaming company located in Stocholm, developing a peer-to-peer Peer Sampling Service (PSS). Now, with this project, I am working in the cloud field to understand what can be improved in terms of testing.
Current Research
Mock or Not to Mock In general software testers need to test classes that include a lot of dependencies. To not rely on these dependencies, which slow down the testing process, devs use mock objects. We want to present a qualitative and quantitave study that investigate how mocks are currently used in open-source projects. We analyze how the usage of mocking frameworks affect test quality and conduct qualitative research to understand why/what/when developers use mocks.
Qualitative study on "Collaborative Testing"
With this research I want to investigate what can be improved in terms of testing in the cloud, especially taking in consideration the aspect of collaboration. I am doing a qualitative research study interviewing developers from various companies, asking how they test in the cloud and which tool they use to collaborate withing their team.
Publications/Events
- Testdag: introduction on "collaborative testing"
- BENEVOL: "Studying the co-evolution of production and testing code in open-source projects that use Mockito"
Luca Pascarella
Data driven development software in cloud-related software development projects
lpascarella@tudelft.nl
Bio
Luca Pascarella is a PhD candidate of the European SENECA project. He started his PhD at University Delft University of Technology (TU Delft) in The Netherlands in January 2016. The main focus of his research is how data can help the development of software, especially in the cloud.
Current Research
Researchers are investigating a large number of approaches to support quality of software products. One of the latest deep improvements comes with the practice of Modern Code Review. It is systematic examination aimed to discover mistakes, improve the overall quality of software, and enhance transfer knowledge. Although code review has been proven to be useful in its base nature, some improvements may be applied to enhance the quality of the software and obtain better benefits from that process. In this track, we tackle aspects of the code review and connected topics to improve this process.
Publications
Classifying code comments in Java open-source software systems
Luca Pascarella and Alberto Bacchelli
In Proceedings of MSR 2017 (14th International Conference on Mining Software Repositories), 2017 ACM SIGSOFT Distinguished Paper Award
Investigating Type Declaration Mismatches in Python
Luca Pascarella, Achyudh Ram, Azqa Nadeem, Dinesh Bisesser, Norman Knyazev, and Alberto Bacchelli
In Proceedings of MaLTeSQuE 2018 (Workshop on Machine Learning Techniques for Software Quality Evaluation), 2018
Re-evaluating Method-Level Bug Prediction
Luca Pascarella, Fabio Palomba, and Alberto Bacchelli
In Proceedings of SANER 2018 (25th International Conference on Software Analysis, Evolution and Reengineering), 2018
Self-Reported Activities of Android Developers
Luca Pascarella, Franz-Xaver Geiger, Fabio Palomba, Dario Di Nucci, Ivano Malavolta, and Alberto Bacchelli
In Proceedings of MOBILESoft 2018 (5th IEEE/ACM International Conference on Mobile Software Engineering and Systems), May 27-28 2018 | Gothenburg, Sweden
A Graph-based Dataset of Commit History of Real-World Android apps
Franz-Xaver Geiger, Ivano Malavolta, Luca Pascarella, Fabio Palomba, Dario Di Nucci, and Alberto Bacchelli
In Proceedings of MSR 2018 (15th International Conference on Mining Software Repositories), May 27-28 2018 | Gothenburg, Sweden
How Is Video Game Development Different from Software Development in Open Source?
Luca Pascarella, Fabio Palomba, Massimiliano Di Penta, and Alberto Bacchelli
In Proceedings of MSR 2018 (15th International Conference on Mining Software Repositories), May 27-28 2018 | Gothenburg, Sweden
Classifying code comments in Java Mobile Applications
Luca Pascarella
In Proceedings of MOBILESoft 2018 (5th IEEE/ACM International Conference on Mobile Software Engineering and Systems). Student Research Competition, May 27-28 2018 | Gothenburg, Sweden
Not Assigned
Bad process smells in software development repositories
TBD
Bio
TBD
Current Research
TBD
Publications
TBD
Not assigned
Quality assurance of software-defined cloud infrastructure
TBD
Bio
TBD
Current Research
TBD
Publications
TBD
Ahmed Zerouali
Quality assurance of software-defined cloud infrastructuret
ahmed.zerouali@umons.ac.be, ahmed@bitergia.com
Bio
Ahmed Zerouali is currently working within the European SENECA project as a Software Researcher at Bitergia. He is a PhD candidate at the University of Mons/Universidad Rey Juan Carlos.
Current Research
Software development practices have evolved quite a lot since the early days of
programming. Most software projects today, especially in the open source software
community, are using distributed and agile development practices. In addition, heavily
rely on reusing external software libraries to realise part of their functionality,
rather than needing to implement these functionalities themselves. The goal of this
research is to empirically study how software library are used in open source projects,
and to recommend improvements in such library usage by providing automated tools
to support developers of software projects and software libraries.
Publications
SATToSE2017: Zerouali, A. Analysis And Observations Of The Evolution Of Testing Library Usage.
Zerouali, A., and Mens, T. (2017, February). Analyzing the evolution of testing library usage in open source Java projects. In Software Analysis, Evolution and Reengineering (SANER), 2017 IEEE 24th International Conference on (pp. 417-421). IEEE.
Zerouali, A., and Mens, T. (2017, July). An empirical comparison of the development history of cloudstack and eucalyptus. In Proceedings of the 2017 International Conference on Smart Digital Environment (pp. 116-121). ACM.
Dorealda Dalipaj
Characterization of performance in key parameters of software development
dorealda.dalipaj@urjc.es
Bio
Dorealda Dalipaj is a Researcher and PHD candidate, working within the European SENECA project, at Universidad Rey Juan Carlos, Madrid. For more than 8 years she has been working for ICT companies designing and managing infrastructure projects and ICT solutions, both in Italy and Albania. Her latest position was Lecturer in a private university of Albania, where she collaborated with a NGO ICT institution as Board Member. Her expertise concerns Aplication Development/Support and Technology Planning/Management. Various carried out projects included CMS, LMS and LCMS Systems.
Current Research
When looking at the performance in software development, several parameters are of relevance like effort in development and maintenance, effort in code review, time in fixing errors, time to design and implement new specifications, etc. In the case of a cloud software, where continuous deployment and continuous development are common, time-to-deployment is usually a very important metric. It involves changes to the source code that fix bugs or implement new features. In this research line, we are interested in exploring those metrics, and what impacts them, with the scope of to raising specific indicators that characterize performance in these processes. The reasons that guided the choice is that software product line development is still a time and effort consuming activity, partly due to the complicated mapping between model and implementation.
Publications
Dorealda Dalipaj, Jesus M. Gonzalez-Barahona, Daniel Izquierdo-Cortazar. Software engineering artifact in software development process – linkage between issues and code review processes. In the Proceedings of the 15th International Conference on Intelligent Software Methodologies, Tools and Techniques (SOMET), 2016. Volume 286 of the series Frontiers in Artificial Intelligence and Applications, pp 115-122.
Dorealda Dalipaj. A Quantitative Analysis of Performance in the Key Parameter in Code Review – Individuation of Defects. In the Proceedings of the Doctoral Consortium at the 12th International Conference on Open Source Systems (OSS), 2016. In the series Skövde University Studies in Informatics, ISSN ISSN 1653-2325 ; 2016:1, pp 14-24.
Gema Rodriguez-Perez , Jesus M. Gonzalez-Barahona, Gregorio Robles, Dorealda Dalipaj, Nelson Sekitoleko. BugTracking: A Tool to Assist in the Identification of Bug Reports. In the Proceedings of the 12th International Conference on Open Source Systems - Integrating Communities. Volume 472 of the series IFIP Advances in Information and Communication Technology, pp 192-198.
Tushar Sharma
Configuration management and administration of cloud computing systems
tushar@aueb.gr
Bio
Tushar Sharma is currently a researcher and PhD candidate, within the SENECA project, at Athens University of Economics and Business, Athens, Greece. Earlier, he worked with Siemens Research and Technology Center, Bangalore, India for more than 7 years. The topics related to software design, refactoring, code and design quality, technical debt, change impact analysis, and infrastructure as code (IaC) define his career interests. He has co-authored three books including "Refactoring for Software Design Smells: Managing Technical Debt". He is an IEEE senior member.
Current Research
An increasing number of artifacts are now being produced in digital form. Apart from software code, examples include books, ledgers, microchips, 3D printed objects, and films. The quality of an artifact's digital representation can affect both its external quality and the efficiency of associated processes, especially if it is frequently used, reused, or edited. Towards this goal, the fellow is exploring diverse alternatives to propose an internal quality assessment models. Developing a quality model for diverse digital artifacts presents a unique challenge as the model must be applicable to heterogeneous domains yet must handle the intricate domain details affecting the quality of the artifact. Initial exploration has revealed a few alternatives; specifically, quality analysis approach based on cognition, the theory of "order", and statistical inference. The fellow plans to carry out a deep dive comparative study into each of the alternative approaches. Based on the results of the comparison, the fellow plans to focus on one approach, implement corresponding tool support, and perform a detailed evaluation.
Publications
Tushar Sharma, Marios Fragkoulis, and Diomidis Spinellis. Does your configuration code smell?. In Proceedings of the 13th International Workshop on Mining Software Repositories (MSR '16). ACM, New York, NY, USA, 189-200. DOI=http://dx.doi.org/10.1145/2901739.2901761
Stefanos Georgiou
Energy-efficiency of cloud computing systems
sgeorgiou@aueb.gr
Bio
Stefanos Georgiou is a PhD Candidate in SENECA (Software ENineering in Enterprise Cloud Applications) project.
In the context of his European Industrial Doctorate (EID) he is expected to conduct his research at
AUEB (Athens University of Economics and Business) and TU Deflt (Delft University) as academic partners
and with SLG (Singular Logic) as industrial partner.
He holds a BSc in Networks and Systems Programming from University of Cyprus and a MSc in PERCCOM
(PERvasive Computing and COMmunications for sustainable development), a joint Master Degree from four
different Universities (i.e., University of Lorraine, Lappeenranta University of Technology, Lulea University of Technology,
and ITMO University of Saint Petersburg).
His research interests lie at Green IT, Cloud Computing, Distributed Applications,Big Data Transfer,
and IoT (Internet of Things)
Current Research
Nowadays, Cloud Computing is increasingly adopted by many organizations and scientific domains, following the rising demand for internet services. Its evolution is undoubtedly at its peak and
many researchers focus on the study and improvement of cloud technologies from different perspectives. However, the data-centers, which are the primary hosts of Cloud systems and applications,
are energy hogs and major drivers for IT’s carbon footprint in the atmosphere.
In this line, providing energy-efficient development for Cloud systems is of paramount importance to ensure sustainability in terms of their economic and environmental impact.
We aim to provide SE (Software Engineering) patterns and techniques in order to reduce energy dissipation of Cloud-based Systems.
The researcher has initially conducted an extensive research and literature review in the field of energy efficient software development in order to identify in more detail the research gap to be addressed during this PhD project.
The study showed that the problem of code-level optimization techniques to improve energy efficiency is already extensively covered in the literature, due to its relevance with code-level optimization techniques for performance
improvement, which is a problem investigated widely by software engineering researchers in the last years. In this line, the PhD student will focus on investigating SAS (Software Architecture Styles) such as: pipeline, map-reduce,
micro-services, OOP, SOA, etc., as a means to improve energy consumption of cloud-based software. Each of the SAS choices has its own benefits, although, their trade-offs can vary significantly over energy consumption.
To the best of our knowledge, this topic is poorly covered by the literature and there is significant potential on the expected research outcomes.
Publications
TBD
Antonios Gkortzis
Secure systems on cloud computing infrastructures
antoniosgkortzis@aueb.gr
Bio
Antonios Gkortzis is a PhD Candidate at the SENECA (http://senecaproject.github.io/) project.
The reasearch topic of this industrial PhD position is "Secure Systems on Cloud Computing Infrastructures"
and is offered by the Athens University of Economics and Bussiness, Singular Logic and the King Juan Carlos
University. He holds a BSc in Information Technology Engineering from the Alexandreio Technological Educational
Institute of Thessaloniki and a Master Degree in Computing Science (Software Engineering and Distributed Systems)
from the University of Gronignen.
His main research interests are: Cloud Computing, Security, Software Engineering, Software Quality Assurance
and Code Analysis.
Current Research
Virtualization is the main software technology used to support the cloud computing model. Its goal is to manipulate
a shared pool of configurable computing resources and allow the coexistence of several isolated systems on a single
physical machine1. However, virtualization comes with a number of considerations with respect to security.
Compared to the bare metal servers, the use of Virtual Machines (VMs) and light-weight Linux containers
increases the attack surface of the system since virtualization technologies provide access for multiple
services to the same physical resources. A vulnerability exploited in virtualized/contained multi-tenant systems
can cause data-leakage, denial-of-service or violation of privacy3 issues to more than one entities. According
to a 2015 survey, conducted by the Cloud Security Alliance, Data Security was the highest rated concerns for
businesses that were considering to adopt cloud computing services. Several practical and theoretical techniques
have been introduced for mitigating the risks, with most of them focusing on securing the traditional virtual
machine host and guest environments, however, there is little evidence in the literature on the security
characteristics of both hypervisor and container technologies.
In this line, this PhD work focuses on the study and analysis of security characteristics of cloud-based
systems utilizing hypervisor and container technologies. In particular, the fellow will investigate the
security properties of modern micro-services architectures, running in containerized environments and will
analyze their operation and security vulnerabilities in complex service ecosystems, where legacy systems
and micro-services co-exist.
Publications
A. Gkortzis, S. Rizou, and D. Spinellis. An empirical analysis of vulnerabilities in virtualization technologies.
To be published in the proceedings of the 8th IEEE International Conference on Cloud Computing Technology and Science.
Process Quality
Process quality in cloud-related software development projects
With so many enterprises having an increasingly large fraction of
their business dependent on cloud-related applications, in many
cases using continuous deployment techniques, the quality of the
development processes producing those applications becomes of
paramount importance. Not only classical approaches to quality
need to be adapted to the cloud development environments (such as
process quality assurance), but also new approaches should be
developed (such as the detection of bad process smells, which
allows for taking preemptive actions, or the characterization of
development performance, which allows to detect good practices).
To be of practical use, these quality-improving and
quality-assuring techniques have to be reflected in adequate
tooling, that can be of use in current development environments.
Research Topics
Bad process smells in software development repositories
Similar to how "code smells" help to find constructs in
source code that could be more error-prone, "process smells"
help to detect patterns in software development processes
that could lead to errors. To detect them, information is
extracted from software development repositories (source code
management systems, issues tracking system, code review
system, etc.), and analyzed with statistical and other
techniques. The detection of these patterns can lead to take
early corrective actions, which are very important specially
in systems with high time-to- deploy constraints, such as
those related to cloud computing.
Quality assurance of software-defined cloud infrastructure
A driving objective within the cloud computing domain is the
full automation of the process of deploying software
components onto the underlying computing infrastructure. For
example, the "software-defined data center" is a vision where
all IT infrastructure components are virtualized and
available as services. The deployment of software systems is
then a fully automated process, defined in software that
brings together the necessary virtual infrastructure
components as well as the application components to provision
a complete IT system. New tools and languages are under
active development to support this vision. The aim of this
research is to extend quality assurance techniques available
for "traditional" software components to software-defined
infrastructure components. For example, techniques for
reviewing, testing, and measurement must be rethought,
redeveloped, and revalidated to allow assurance of
reliability, maintainability, security, portability, etc.
specifically on the software that defines cloud
infrastructure components and deployment processes.
Characterization of performance in key parameters of software development
Key performance indicators are used by the industry to make
decisions. In the specific case of software development, it
is also necessary to have this type of indicators to help
third parties interested in investing resources/participating
or fostering the use of specific technologies, to fully
understand the risks associated to that product. This is even
more marked in the case of open source projects, where
development may be community or company driven and third
parties contribute to the source code. Thus, the raise of
specific indicators for software development and more
specifically in open source projects, will help to facilitate
the decision process for stakeholders and improve the
attractiveness of those projects offering such information to
those stakeholders.
Process Quality
Quality in cloud-related software development
Cloud applications are usually complex pieces of software, build
by loosely coupled, geographically distributed, large teams of
developers. These developers work in many different domain areas
and have to keep-up with the pressing needs of a quickly-evolving
industry, while at the same time keeping quality and performance
under control. In this environment, casual information obtained
by just “keeping an eye“ on the project quality is
less than enough. Methodical approaches, supported by tools that
deal with the rich information obtained from software
repositories, are needed to have a complete view of how a project
is behaving, evolving and performing. This work package will
address these needs by looking at specific aspects of the
problem, and providing comprehensive solutions.
Research Topics
Impact of code review in cloud computing development
Most large software development projects use code review to
improve the quality of the code changes merged to the main
code base. Yet, little is known on how this process affects
to important parameters of development and deployment
processes. By analyzing code review repositories, and other
repositories with information about development and
deployment, we expect to better understand how code review
affects to the whole development and deployment process, when
bottlenecks are caused, when unnecessary delays are found,
how expensive code review is in terms of impact on different
metrics, and to which extent it has an overall positive
impact.
Improving cloud-related testing practices
Software engineering is a team effort: Sometimes even
hundreds of professionals collaborate to devise, build,
evaluate, and modify a software system. To support teamwork
in software development, industry is creating new integrated
development environments (IDEs) in the cloud, which offers a
better platform for synchronous development. The current
state of the practice is to have a sort of “Google Docs
for code.” The aim of this research is to investigate
how to use cloud-based IDEs to improve testing practices.
Specifically, it will qualitatively and quantitatively
investigate how testing is currently performed in cloud-based
IDEs. Then it will investigate how to reuse test run
information across developers, to better link tests and
program components. This will help, for example, to
eliminate the unnecessary time spent in the same tests on the
same code, thus reducing the time to check the quality of
software systems, and—consequently—the
development life cycle.
Data driven development software in cloud-related software development projects
The main goal of this line is to define a method to help
developers to obtain indicators about how the software
development is being undertaken. Typical methods are focused
on the quality of the product and its evolution, but not in
the community around the product and how developers interact
among them. This method should specifically help open source
projects to understand, measure and improve their software
development process. Once this process will be driven by
metrics, it will help, for example, to avoid issues, to
detect specific deviations from the arranged issue tracking
system policy, and to check the health of the demographics of
the community among other facts. This data driven development
can lead to faster decision-making process especially in
continuous deployment contexts, such as in industries related
to cloud computing.
Operations Quality
Operations' quality in cloud systems
Progress in the IT industry is no longer guided by
Moore's law (now at 50) regarding the number of transistors that can
fit on a chip, but by how computers can be efficiently and securely
managed in cloud data centers.
Achieving this goal requires the combination of interesting theory with
practical, systems-level implementation effort.
This work stream examines how cloud systems can be configured
using sound software engineering principles to achieve
appropriate levels of functionality, reliability, usability,
efficiency, maintainability, and portability, and, in particular,
how two extremely important and challenging emergent properties,
those of energy efficiency and security, can be attained.
Research Topics
Configuration management and administration of cloud computing systems
Currently cloud computing systems are in the Cambrian
explosion phase programming languages and processor
architectures were at the dawn of computing. Tens of cloud
providers offer services under a variety of models, with
their systems requiring configuration and administration in
disparate ways. This is the expected outcome of rapid
innovation in a new era, but it has costs. Systems and skills
built associated with each provider lack portability tying
them to a specific one, while the market's fragmentation
increases costs and undermines the ability to innovate at
higher levels of the infrastructure stack. The aim of the
proposed research is to identify the high-level portable
building blocks that can be used for building and managing
computing systems on the cloud in a way that satisfies sound
software engineering principles. These blocks include
processes, tools, and techniques for achieving appropriate
levels of functionality, reliability, usability, efficiency,
maintainability, and portability.
Energy-efficiency of cloud computing systems
Energy consumption attributable to IT systems is significant
and increasing at an alarming rate. Decades of
resource-agnostic development of software systems have
contributed to this trend. Ongoing improvements of
energy-efficiency at the hardware and data center level
threaten to be canceled out by wasteful software. Cloud
computing has been identified as a development that may help
to curb this trend, but naive use of cloud infrastructures
may actually have the opposite effect, for instance due to
increased data traffic, insufficient elasticity, or
additional virtualization layers. The aim of this research is
to provide software engineers with techniques to measure
energy consumption, identify energy leaks, and optimize
consumption without compromising competing quality attributes
such as performance and reliability. These techniques enable
the cloud to realize its energy-saving potential.
Secure systems on cloud computing infrastructures
A basic tenet of IT security is that if an attacker has
access to the physical assets of a computing system all bets
are off regarding the confidentiality, integrity, and
availability associated with the services it provides. This
need not be so. It has been for decades a theoretical
possibility and a practical reality to communicate reliably
over noisy channels, and to perform accurate computations
with unreliable building blocks. Recent theoretical advances
suggest that performing secure computations on insecure
infrastructures is also possible. The aim of this research is
to develop and combine theory and practice that will allow
the construction of secure systems on top on an inherently
insecure cloud computing infrastructure. On the theoretical
front the research will explore the limits of what levels of
security guarantees can be provided given specific adversary
capabilities, while on the practical front the research will
examine how these guarantees can be implemented in the form
of useful building blocks.