Abstract
Deciding on the optimal architecture of a software system is difficult, as the number of design alternatives and component interactions can be overwhelmingly large. Adding security considerations can make architecture evaluation even more challenging. Existing model-based approaches for architecture optimisation usually focus on performance and cost constraints. This paper proposes a model-based architecture optimisation approach that advances the state-of-the-art by adding security constraints. The proposed approach is implemented in a prototype tool, by extending Palladio Component Model (PCM) and PerOpteryx. Through a laboratory-based evaluation study of a multi-party confidential data analytics system, we show how our tool discovers secure architectural design options on the Pareto frontier of cost and performance.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Aleti, A., Buhnova, B., Grunske, L., Koziolek, A., Meedeniya, I.: Software architecture optimization methods: a systematic literature review. IEEE Trans. Softw. Eng. 39(5), 658–683 (2013)
Ardagna, D., Casale, G., Ciavotta, M., Pérez, J.F., Wang, W.: Quality-of-service in cloud computing: modeling techniques and their applications. J. Internet Serv. Appl. 5, 5–11 (2014)
Balsamo, S., Di Marco, A., Inverardi, P., Simeoni, M.: Model-based performance prediction in software development: a survey. IEEE Trans. Softw. Eng. 30(5), 295–310 (2004)
Becker, S., Koziolek, H., Reussner, R.: The Palladio component model for model-driven performance prediction. J. Syst. Softw. 82(1), 3–22 (2009)
Brunnert, A., et al.: Performance-oriented DevOps: a research agenda. arXiv preprint arXiv:1508.04752 (2015)
Busch, A., Strittmatter, M., Koziolek, A.: Assessing security to compare architecture alternatives of component-based systems. In: International Conference on Software Quality, Reliability and Security. IEEE (2015)
Colbert, E., Boehm, B.: Cost estimation for secure software & systems. In: ISPA/SCEA 2008 Joint International Conference (2008)
De Gooijer, T., Jansen, A., Koziolek, H., Koziolek, A.: An industrial case study of performance and cost design space exploration. In: International Conference on Performance Engineering. ACM (2012)
Djatmiko, M., et al.: Privacy-preserving entity resolution and logistic regression on encrypted data. In: Private and Secure Machine Learning (PSML) (2017)
Kang, E.: Design space exploration for security. In: 2016 IEEE Cybersecurity Development (SecDev), pp. 30–36. IEEE (2016)
Klein, G., et al.: seL4: formal verification of an OS kernel. In: Symposium on Operating Systems Principles. ACM (2009)
Kounev, S., Brosig, F., Huber, N.: The Descartes modeling language. Department of Computer Science, University of Wuerzburg, Technical report (2014)
Koziolek, A., Koziolek, H., Reussner, R.: PerOpteryx: automated application of tactics in multi-objective software architecture optimization. In: Proceedings of the QoSA & ISARCS. ACM (2011)
Krichene, J., Boudriga, N., Fatmi, S.: SECOMO: an estimation cost model for risk management projects. In: International Conference on Telecommunications, ConTEL 2003, vol. 2. IEEE (2003)
Madan, B.B., Goševa-Popstojanova, K., Vaidyanathan, K., Trivedi, K.S.: A method for modeling and quantifying the security attributes of intrusion tolerant systems. Perform. Eval. 56(1–4), 167–186 (2004)
Martens, A., Koziolek, H., Becker, S., Reussner, R.: Automatically improve software architecture models for performance, reliability, and cost using evolutionary algorithms. In: International Conference on Performance Engineering (ICPE) (2010)
Newsome, J., Song, D.X.: Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software. In: NDSS, vol. 5. Internet Society (2005)
Reussner, R.H., et al.: Modeling and Simulating Software Architectures: The Palladio Approach. MIT Press, Cambridge (2016)
Safwat, A., Senousy, M.: Addressing challenges of ultra large scale system on requirements engineering. Procedia Comput. Sci. 65, 442–449 (2015)
Sharma, V.S., Trivedi, K.S.: Architecture based analysis of performance, reliability and security of software systems. In: International Workshop on Software and Performance. ACM (2005)
Willnecker, F., Brunnert, A., Krcmar, H.: Predicting energy consumption by extending the Palladio component model. In: Symposium on Software Performance (2014)
Yang, Z., Yang, M.: LeakMiner: detect information leakage on android with static taint analysis. In: 2012 Third World Congress on Software Engineering (WCSE). IEEE (2012)
Yasaweerasinghelage, R., Staples, M., Weber, I.: Predicting latency of blockchain-based systems using architectural modelling and simulation. In: International Conference on Software Architecture (ICSA) (2017)
Yasaweerasinghelage, R., Staples, M., Weber, I., Paik, H.Y.: Predicting the performance of privacy-preserving data analytics using architecture modelling and simulation. In: International Conference on Software Architecture (ICSA) (2018)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Yasaweerasinghelage, R., Staples, M., Paik, HY., Weber, I. (2019). Optimising Architectures for Performance, Cost, and Security. In: Bures, T., Duchien, L., Inverardi, P. (eds) Software Architecture. ECSA 2019. Lecture Notes in Computer Science(), vol 11681. Springer, Cham. https://doi.org/10.1007/978-3-030-29983-5_11
Download citation
DOI: https://doi.org/10.1007/978-3-030-29983-5_11
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-29982-8
Online ISBN: 978-3-030-29983-5
eBook Packages: Computer ScienceComputer Science (R0)