Static analysis traditionally provides early feedback to developers on code quality and potential issues in their program. However, in the context of Microservices, it must cope with decentralization and heterogeneity across codebases. Conventional low-level static analysis tools fail to address emerging needs for multi-codebase operability, which is common for microservices. To bridge such gaps, static analysis approaches could adapt and recognize the microservice development practice and use it to determine the system’s intermediate representation (IR). This talk illustrates our static analysis prototypes using a component-based graph as the system IR for technical reasoning about the overall system. Our system IR has been adopted for various tasks. For instance, it is possible to detect microservice bad smells to improve the evolution of these systems, check consistency across microservices, or improve the detection of semantic clones. It is also possible to perform conformance checking toward the originally intended architecture design using a visualization of the reconstructed system architecture. Various practical examples will be given throughout this talk.

Cryptographic hardware and software is often certified under security certification standards like the Common Criteria or FIPS 140 . The certification process involves a vendor submitting the product under evaluation to an independent evaluation facility, which evaluates the vendor’s claims on the security of the product and its development. This certification process produces several publicly available documents: the certification report, the security target, and sometimes a protection profile. These documents contain valuable information for the certification system stakeholders, researchers, and for vulnerability assessment. With the high level of secrecy in the secure hardware development space, these documents are often the best source of information on some devices as demonstrated by their use for vulnerability impact assessment. However, the security certification ecosystem contains thousands of certificates and associated documents, which were not made to be machine readable and vary in their format and structure.

In this talk, we propose an automated way of mining these documents for information valuable to system stakeholders. We also use this information ourselves to analyze temporal trends in the security certifications landscape as well as the references between certificates and demonstrate their helpfulness for vulnerability impact assessment.

The scope of this talk is twofold. Firstly, to provide an overview of globally identified 6G candidate technology areas and suggest a roadmap for leveraging public-private partnership research testbeds to influence the 6G vision and accelerate the full lifecycle of research and development, manufacturing, standardization, and market readiness for 6G. Secondly, to present an end-to-end programmable virtualized cloud native B5G architecture built on Red Hat Openshift leveraging 3GPP and O-RAN interfaces.

Do you find providing SSH to a large number of users tiresome? So did we! Creating VMs, applications filling up disks, runaway processes, regular system upgrades, and user management are only a few of the problems a system administrator runs into when building a jump host or an access server. In contrast, ContainerSSH uses webhooks or now also Kerberos to provide SSH access independently from the underlying operating system, and drops users into individual containers. When the user disconnects, ContainerSSH deletes the container.

At CERN, ContainerSSH is being tested as a pilot for the LxPlus Service, which provides access to roughly 2000 concurrent users for code writing, job submission, and file operations on various network file systems. Using their Kerberos ticket, users have their own folders automatically mounted and can work in their container in isolation.

Community wisdom tells us that while the cloud early vision promised economy of scale, in practice, renting cloud resources is an expensive business. There are many reasons for this unfortunate state of affairs, some of which can be attributed to non-utilized opportunities. SpotOS is an effort which is aimed to use state of the art tools to help cloud users make better rental choices. In particular, SpotOS enables wider, easier, and better use of spot instances, which are “empty” resources sold at a high discount with the pitfall that they may have to be evacuated in short notice. SpotOS can be viewed as a new kind of a distributed “operating system” which extends the OS traditional tasks by optimizing task allocation to resources, optimizing batch resource rental from the provider, and supporting failover mechanisms. To achieve these goals SpotOS uses advanced modern tools such as optimization algorithms, predictive machine learning, efficient external storage, and stateful task management in distributed environments. The talk will survey the challenges and opportunities in SpotOS.

The Internet of Everything (IoT, IIoT, Vehicular Networks, Smart *), requires applications to deal with a large amount of data – streamed, processed and stored from small devices to analytical systems. Cloud computing offers a solution to this issue, providing on-demand resources to process this data. New applications such as Tactile Internet, VR/AR, need low latency, geo-data storing and processing, and privacy & security protection, thus requiring new hybrid public and private edge/fog/cloud architectures. In this talk, we present ways to rapidly program and prototype FaaS-based distributed dataflow applications, allowing an easy redeployment according to dynamic change in the environment and preventing single points of failure. Finally, we discuss ongoing work to formalize and check the correctness of such service orchestrations.

Complex software and Internet of Things systems are challenged by several issues related to reliability. One of them is the dynamic behavior of the system owing to the limited and often unstable network connectivity. A number of ad-hoc approaches to test this behavior can be taken intuitively; however, a special technique is needed to make the tests really effective. This presentation introduces a new specialized technique to test processes of a system in situations when parts of these processes are affected by limited or disrupted network connectivity. The technique is explained in a practical example – a sensor network system for combat casualty care, developed by the Czech Technical University in Prague in cooperation with the Czech Armed Forces, the University of Defence, and other partners.

Dynamic analysis, such as testing and runtime verification, is an integral part of quality control and nicely complements static code analysis. Runtime verification is useful when the execution of the system under test is not staged but correct or incorrect behaviour is well specified. It often requires code injection and formally specified properties which prevents wider acceptance of the method. We focus on closing the gap between runtime verification and software development by exploiting the logs of the system under test. Log messages express the events in the system and software developers know exactly what they mean and what are the expected and the unexpected sequences. One of the main problems of log analysis is interleaving of log messages related to different sessions, resources, and purpose-specific objects; logs are parametric.

The talk will provide a way to monitor a system and to determine whether it is working correctly, based on the system’s log messages and the provided specification. The talk will be supplied with examples of our prototype monitoring tool applied on several different systems.