Abstract
Contemporary component-based systems often manifest themselves as service-based architectures, where a central activity is management of their software updates. However, stringent security constraints in mission-critical settings often impose compulsory network isolation among systems, also known as air-gap; a prevalent choice in different sectors including private, public or governmental organizations. This raises several issues involving updates, stemming from the fact that controlling the update procedure of a distributed service-based system centrally and remotely is precluded by network isolation policies. A dedicated software architecture is thus required, where key themes are dependability of the update process, interoperability with respect to the software supported and auditability regarding update actions previously performed. We adopt an architectural viewpoint and present a technical framework for updating service-based systems in air-gapped environments. We describe the particularities of the domain characterized by network isolation and provide suitable notations for service versions, whereupon satisfiability is leveraged for dependency resolution; those are situated within an overall architectural design. Finally, we evaluate the proposed framework over a realistic case study of an international organization, and assess the performance of the dependency resolution procedures for practical problem sizes.
Research partially supported by Austrian Science Foundation (FWF) project M 2778-N “EDENSPACE”.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
CTBTO Preparatory Commission, http://www.ctbto.org/.
References
Lehman, M.M.: Programs, life cycles, and laws of software evolution. Proc. IEEE 68(9), 1060–1076 (1980)
Byres, E.: The air gap: Scada’s enduring security myth. Commun. ACM 56(8), 29–31 (2013)
Guri, M., Kedma, G., Kachlon, A., Elovici, Y.: Airhopper: bridging the air-gap between isolated networks and mobile phones using radio frequencies. In: 2014 9th International Conference on Malicious and Unwanted Software: The Americas (MALWARE), pp. 58–67. IEEE (2014)
Guri, M., Zadov, B., Elovici, Y.: ODINI: escaping sensitive data from faraday-caged, air-gapped computers via magnetic fields. IEEE Trans. Inf. Forensics Secur. 15, 1190–1203 (2019)
Morales, J.A., Yasar, H., Volkmann, A.: Implementing devops practices in highly regulated environments. In: Proceedings of 19th International Conference on Agile Software Development (XP 2018), Companion (2018)
Wong, S., Woepse, A.: Software development challenges with air-gap isolation. In: Proceedings of the 2018 26th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering, ESEC/FSE 2018, pp. 815–820. Association for Computing Machinery, New York (2018)
Mancinelli, F., et al.: Managing the complexity of large free and open source package-based software distributions. In: Proceedings of 21st IEEE/ACM International Conference on Automated Software Engineering (ASE 2006) (2006)
Abate, P., Di Cosmo, R., Boender, J., Zacchiroli, S.: Strong dependencies between software components. In: 2009 3rd International Symposium on Empirical Software Engineering and Measurement, pp. 89–99. IEEE (2009)
Abate, P., Di Cosmo, R., Treinen, R., Zacchiroli, S.: Dependency solving: a separate concern in component evolution management. J. Syst. Softw. 85(10), 2228–2240 (2012)
Abate, P., Cosmo, R.D., Gousios, G., Zacchiroli, S.: Dependency solving is still hard, but we are getting better at it. In: Proceedings of 27th IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER 2020) (2020)
Tsigkanos, C., Pasquale, L., Ghezzi, C., Nuseibeh, B.: On the interplay between cyber and physical spaces for adaptive security. IEEE Trans. Dependable Sec. Comput. 15(3), 466–480 (2018)
Russ, C.: Version sat (2016). http://research.swtch.com/version-sat. Accessed 22 Oct 2020
Preston-Werner, T.: Semantic versioning 2.0.0. 2013 (2019). http://semver.org
Dietrich, J., Pearce, D., Stringer, J., Tahir, A., Blincoe, K.: Dependency versioning in the wild. In: 2019 IEEE/ACM 16th International Conference on Mining Software Repositories (MSR), pp. 349–359. IEEE (2019)
Le Berre, D., Parrain, A.: On sat technologies for dependency management and beyond (2008)
Lonsing, F., Biere, A.: DepQBF: a dependency-aware QBF solver. J. Satisfiability Boolean Model. Comput. 7(2–3), 71–76 (2010)
Barrett, C., Tinelli, C.: Satisfiability modulo theories. In: Handbook of Model Checking, pp. 305–343. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-10575-8_11
Baresi, L., Ghezzi, C., Ma, X., La Manna, V.P.: Efficient dynamic updates of distributed components through version consistency. IEEE Trans. Software Eng. 43(4), 340–358 (2016)
Panzica La Manna, V.: Local dynamic update for component-based distributed systems. In: Proceedings of the 15th ACM SIGSOFT Symposium on Component Based Software Engineering, pp. 167–176 (2012)
Ajmani, S., Liskov, B., Shrira, L.: Modular software upgrades for distributed systems. In: Thomas, D. (ed.) ECOOP 2006. LNCS, vol. 4067, pp. 452–476. Springer, Heidelberg (2006). https://doi.org/10.1007/11785477_26
Bettini, L., De Nicola, R., Loreti, M.: Software update via mobile agent based programming. In: Proceedings of the 2002 ACM Symposium on Applied Computing, pp. 32–36 (2002)
Lange, D.B.: Mobile objects and mobile agents: the future of distributed computing? In: Jul, E. (ed.) ECOOP 1998. LNCS, vol. 1445, pp. 1–12. Springer, Heidelberg (1998). https://doi.org/10.1007/BFb0054084
Marin, J.: Deploying applications into air gapped environments (2019). http://goteleport.com/blog/airgap-deployment. Accessed 24 Mar 2021
Azab, A., Domanska, D.: Software provisioning inside a secure environment as docker containers using stroll file-system. In: 2016 16th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing (CCGrid), pp. 674–683. IEEE (2016)
Martin, A., Raponi, S., Combe, T., Pietro, R.D.: Docker ecosystem - vulnerability analysis. Comput. Commun. 122, 30–43 (2018)
Xu, Q., Jin, C., Rasid, M.F.B.M., Veeravalli, B., Aung, K.M.M.: Blockchain-based decentralized content trust for docker images. Multimedia Tools Appl. 77(14), 18223–18248 (2017). https://doi.org/10.1007/s11042-017-5224-6
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Ethics declarations
The views expressed herein are those of the authors and do not necessarily reflect the views of the CTBTO Preparatory Commission.
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
Shabelnyk, O., Frangoudis, P.A., Dustdar, S., Tsigkanos, C. (2021). Updating Service-Based Software Systems in Air-Gapped Environments. In: Biffl, S., Navarro, E., Löwe, W., Sirjani, M., Mirandola, R., Weyns, D. (eds) Software Architecture. ECSA 2021. Lecture Notes in Computer Science(), vol 12857. Springer, Cham. https://doi.org/10.1007/978-3-030-86044-8_10
Download citation
DOI: https://doi.org/10.1007/978-3-030-86044-8_10
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-86043-1
Online ISBN: 978-3-030-86044-8
eBook Packages: Computer ScienceComputer Science (R0)