Skip to main content
SpringerLink
Log in

Updating Service-Based Software Systems in Air-Gapped Environments

  • Conference paper
  • First Online:
Software Architecture (ECSA 2021)

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 12857))

Included in the following conference series:

  • 1472 Accesses

Abstract

Contemporary component-based systems often manifest themselves as service-based architectures, where a central activity is management of their software updates. However, stringent security constraints in mission-critical settings often impose compulsory network isolation among systems, also known as air-gap; a prevalent choice in different sectors including private, public or governmental organizations. This raises several issues involving updates, stemming from the fact that controlling the update procedure of a distributed service-based system centrally and remotely is precluded by network isolation policies. A dedicated software architecture is thus required, where key themes are dependability of the update process, interoperability with respect to the software supported and auditability regarding update actions previously performed. We adopt an architectural viewpoint and present a technical framework for updating service-based systems in air-gapped environments. We describe the particularities of the domain characterized by network isolation and provide suitable notations for service versions, whereupon satisfiability is leveraged for dependency resolution; those are situated within an overall architectural design. Finally, we evaluate the proposed framework over a realistic case study of an international organization, and assess the performance of the dependency resolution procedures for practical problem sizes.

Research partially supported by Austrian Science Foundation (FWF) project M 2778-N “EDENSPACE”.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 79.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 99.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    CTBTO Preparatory Commission, http://www.ctbto.org/.

References

  1. Lehman, M.M.: Programs, life cycles, and laws of software evolution. Proc. IEEE 68(9), 1060–1076 (1980)

    Article  Google Scholar 

  2. Byres, E.: The air gap: Scada’s enduring security myth. Commun. ACM 56(8), 29–31 (2013)

    Article  Google Scholar 

  3. Guri, M., Kedma, G., Kachlon, A., Elovici, Y.: Airhopper: bridging the air-gap between isolated networks and mobile phones using radio frequencies. In: 2014 9th International Conference on Malicious and Unwanted Software: The Americas (MALWARE), pp. 58–67. IEEE (2014)

    Google Scholar 

  4. Guri, M., Zadov, B., Elovici, Y.: ODINI: escaping sensitive data from faraday-caged, air-gapped computers via magnetic fields. IEEE Trans. Inf. Forensics Secur. 15, 1190–1203 (2019)

    Article  Google Scholar 

  5. Morales, J.A., Yasar, H., Volkmann, A.: Implementing devops practices in highly regulated environments. In: Proceedings of 19th International Conference on Agile Software Development (XP 2018), Companion (2018)

    Google Scholar 

  6. Wong, S., Woepse, A.: Software development challenges with air-gap isolation. In: Proceedings of the 2018 26th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering, ESEC/FSE 2018, pp. 815–820. Association for Computing Machinery, New York (2018)

    Google Scholar 

  7. Mancinelli, F., et al.: Managing the complexity of large free and open source package-based software distributions. In: Proceedings of 21st IEEE/ACM International Conference on Automated Software Engineering (ASE 2006) (2006)

    Google Scholar 

  8. Abate, P., Di Cosmo, R., Boender, J., Zacchiroli, S.: Strong dependencies between software components. In: 2009 3rd International Symposium on Empirical Software Engineering and Measurement, pp. 89–99. IEEE (2009)

    Google Scholar 

  9. Abate, P., Di Cosmo, R., Treinen, R., Zacchiroli, S.: Dependency solving: a separate concern in component evolution management. J. Syst. Softw. 85(10), 2228–2240 (2012)

    Article  Google Scholar 

  10. Abate, P., Cosmo, R.D., Gousios, G., Zacchiroli, S.: Dependency solving is still hard, but we are getting better at it. In: Proceedings of 27th IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER 2020) (2020)

    Google Scholar 

  11. Tsigkanos, C., Pasquale, L., Ghezzi, C., Nuseibeh, B.: On the interplay between cyber and physical spaces for adaptive security. IEEE Trans. Dependable Sec. Comput. 15(3), 466–480 (2018)

    Article  Google Scholar 

  12. Russ, C.: Version sat (2016). http://research.swtch.com/version-sat. Accessed 22 Oct 2020

  13. Preston-Werner, T.: Semantic versioning 2.0.0. 2013 (2019). http://semver.org

  14. Dietrich, J., Pearce, D., Stringer, J., Tahir, A., Blincoe, K.: Dependency versioning in the wild. In: 2019 IEEE/ACM 16th International Conference on Mining Software Repositories (MSR), pp. 349–359. IEEE (2019)

    Google Scholar 

  15. Le Berre, D., Parrain, A.: On sat technologies for dependency management and beyond (2008)

    Google Scholar 

  16. Lonsing, F., Biere, A.: DepQBF: a dependency-aware QBF solver. J. Satisfiability Boolean Model. Comput. 7(2–3), 71–76 (2010)

    Article  Google Scholar 

  17. Barrett, C., Tinelli, C.: Satisfiability modulo theories. In: Handbook of Model Checking, pp. 305–343. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-10575-8_11

    Chapter  Google Scholar 

  18. Baresi, L., Ghezzi, C., Ma, X., La Manna, V.P.: Efficient dynamic updates of distributed components through version consistency. IEEE Trans. Software Eng. 43(4), 340–358 (2016)

    Article  Google Scholar 

  19. Panzica La Manna, V.: Local dynamic update for component-based distributed systems. In: Proceedings of the 15th ACM SIGSOFT Symposium on Component Based Software Engineering, pp. 167–176 (2012)

    Google Scholar 

  20. Ajmani, S., Liskov, B., Shrira, L.: Modular software upgrades for distributed systems. In: Thomas, D. (ed.) ECOOP 2006. LNCS, vol. 4067, pp. 452–476. Springer, Heidelberg (2006). https://doi.org/10.1007/11785477_26

    Chapter  Google Scholar 

  21. Bettini, L., De Nicola, R., Loreti, M.: Software update via mobile agent based programming. In: Proceedings of the 2002 ACM Symposium on Applied Computing, pp. 32–36 (2002)

    Google Scholar 

  22. Lange, D.B.: Mobile objects and mobile agents: the future of distributed computing? In: Jul, E. (ed.) ECOOP 1998. LNCS, vol. 1445, pp. 1–12. Springer, Heidelberg (1998). https://doi.org/10.1007/BFb0054084

    Chapter  Google Scholar 

  23. Marin, J.: Deploying applications into air gapped environments (2019). http://goteleport.com/blog/airgap-deployment. Accessed 24 Mar 2021

  24. Azab, A., Domanska, D.: Software provisioning inside a secure environment as docker containers using stroll file-system. In: 2016 16th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing (CCGrid), pp. 674–683. IEEE (2016)

    Google Scholar 

  25. Martin, A., Raponi, S., Combe, T., Pietro, R.D.: Docker ecosystem - vulnerability analysis. Comput. Commun. 122, 30–43 (2018)

    Article  Google Scholar 

  26. Xu, Q., Jin, C., Rasid, M.F.B.M., Veeravalli, B., Aung, K.M.M.: Blockchain-based decentralized content trust for docker images. Multimedia Tools Appl. 77(14), 18223–18248 (2017). https://doi.org/10.1007/s11042-017-5224-6

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Preparatory Commission for the Comprehensive Nuclear-Test-Ban Treaty Organization, Vienna, Austria

    Oleksandr Shabelnyk

  2. Distributed Systems Group, TU Wien, Vienna, Austria

    Oleksandr Shabelnyk, Pantelis A. Frangoudis, Schahram Dustdar & Christos Tsigkanos

Authors
  1. Oleksandr Shabelnyk
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Pantelis A. Frangoudis
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Schahram Dustdar
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Christos Tsigkanos
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Institute of Information Systems Engineering, Technische Universität Wien, Vienna, Austria

    Stefan Biffl

  2. University of Castilla-La Mancha, Albacete, Spain

    Elena Navarro

  3. Department of Computer Science, Linnaeus University, Växjö, Sweden

    Welf Löwe

  4. Design and Engineering, Mälardalen University, Västerås, Sweden

    Marjan Sirjani

  5. Politecnico di Milano, Milano, Italy

    Raffaela Mirandola

  6. KU Leuven, Leuven, Belgium

    Danny Weyns

Ethics declarations

The views expressed herein are those of the authors and do not necessarily reflect the views of the CTBTO Preparatory Commission.

Rights and permissions

Reprints and permissions

Copyright information

© 2021 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Shabelnyk, O., Frangoudis, P.A., Dustdar, S., Tsigkanos, C. (2021). Updating Service-Based Software Systems in Air-Gapped Environments. In: Biffl, S., Navarro, E., Löwe, W., Sirjani, M., Mirandola, R., Weyns, D. (eds) Software Architecture. ECSA 2021. Lecture Notes in Computer Science(), vol 12857. Springer, Cham. https://doi.org/10.1007/978-3-030-86044-8_10

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-86044-8_10

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-86043-1

  • Online ISBN: 978-3-030-86044-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation