Security and Telehealth System

Software Engineering can be applied in several fields, such as health. In this regard, there are many challenges that some health systems, such as Telehealth systems, promote in software development. Having said that, we investigated how Software Engineering helps to develop secure Telehealth systems. The findings of our research suggest that sophisticated requirements elicitation and the correct definition of software architectures are essential to satisfy security.

This work was published in IEEE Access.

Experts or novices in the software architectural design decision-making? An experimental study

Software engineering literature describes several decision-making techniques for architectural design. However, the impact of the experience of those who use these techniques on their efficacy has been little explored.

We experimented with 24 IT practitioners in order to evaluate the impact of the experience of software architecture decision-making team members on the efficacy of TaSPeR (Tactics Selection Poker), a technique that supports architectural design decisions (inspired in the Planning Poker technique).

This research, led by Juan P. Brito, reveal that for teams with more experienced members the use of TaSPeR turned out to be harmful for the selection of software architecture tactics, in contrast to the more experienced teams, for which the use of TaSPeR was quite beneficial. Other key findings are discussed in the article.

This article was accepted in the International Conference of the Chilean Computer Science Society (SCCC).

Migration from monolithic to microservices, What has been done so far?

Microservices architecture has become enormously popular because traditional monolithic architectures no longer meet the needs of scalability and rapid development cycle, and the success of some large companies in building and deploying services is a strong motivation for others to consider making the change.

However, performing the migration process is not trivial. Most systems acquire too many dependencies between their modules, and thus can’t be sensibly broken apart. It is for this reason that studies that provide information associated with the migration process to practitioners are necessary.

We have performed a rapid review to analyze the current state of the migration of monolith systems to microservices. In this investigation, led by Francisco Ponce, we discuss some key findings related to:

What techniques are used to migrate monolith systems to microservices?

What happens to databases during migration?

This article was accepted in the International Conference of the Chilean Computer Science Society (SCCC).

Security, availability, ‚Äčand microservices-based systems

There is no doubt that security is a constant concern for organizations. Furthermore, if these organizations use microservice architectures in their systems, security becomes an ongoing concern. To address security concerns, three critical quality attributes must be analyzed, which are integrity, confidentiality, and availability. Regarding this last one quality attribute, we conducted an empirical study where we identified design decisions (better known as architectural tactics) for availability with the aim of supporting security designs in microservices architectures (see the below Table).

tactics.png

This study will be presented in the 1st workshop on Designing and Measuring CyberSecurity in Software Architectures (DeMeSSA), held by the European Conference on Software Architecture (ECSA).

Security Mechanisms Used in Microservices-Based Systems

Microservices is an emerging architectural style that is being used by the industry. This style provides several advantages, but at the same time, challenges. One of the critical challenges is security. In order to understand the current scene regarding security, we performed a systematic literature mapping to illustrate the security mechanisms used in microservices-based applications. In summary: many proposals detect and/or mitigate attacks. However, there are very few proposals that react to attacks and, on the other hand, we do not find proposals to recover from attacks. The figure describes the mechanisms currently used (Y-axis) and the primary studies (letter “M”) sorted by year (X-axis).

 

Screen Shot 2019-06-20 at 11.41.34 PM.png

This article was accepted in XLV Latin American Computing Conference (CLEI 2019).

Architectural Technical Debt and Microservices-based Systems

Today, the microservices architectural style is an emerging trend in the industry. In order to develop microservices-based systems, architectural decisions are the first and fundamental steps to address quality goals. In this article, we described preliminary research about a content-based recommender system (CBRS) composed by microservices architecture patterns and architectural tactics as a basis for obtaining a recommendation of architectural decisions in microservices architectures to make more robust decisions to manage architectural technical debt.

Screen Shot 2019-05-08 at 12.26.13 PM.png

Scalability and Microservices-based Systems

Recently, we conducted an empirical study on open microservices-based systems and scalability. We used our pattern language in order to explore which frameworks (commonly used to develop microservices architectures) address the scalability dimensions. Results show that (1) 9 common frameworks satisfy the scalability dimensions (see the following figure, x-axis: frameworks, y-axis: microservices patterns); (2) frameworks produce trade-offs among scalability dimensions; and (3) few frameworks address several scalability dimensions at once. Finally, we identify five reusable design decisions to address scalability requirements and propose them as microservices architectural tactics.

Screen Shot 2019-05-07 at 11.06.40 PM.png

This study was presented at the 37th International Conference of the Chilean Computer Science Society (SCCC), 2018.