Presented at: Software and Supply Chain Assurance Forum (McLean, Virginia, United States)
Abstract
One approach for reducing damage caused by software vulnerabilities is to take advantage of emerging systems architecture patterns to strategically improve assurance. Emerging systems architectures embody significant choices about where computation takes place (e.g., server, client, distributed), how intrinsic networking is to typical workloads (always/sometimes required), the resources available in execution environments (e.g., virtual machine, middleware, process, web browser, microcontroller), the degree of inter-component coupling (e.g., monolithic application, microservices), and policies for system updating (e.g., manual vs periodic vs continuous). These choices have potential to significantly increase whole-system complexity, but they also may support architecting systems with high levels of component isolation and independence (e.g., via VMs, containers, language-based separation, microservices). This presentation discusses resilience as a system-level property, illustrates the use of two emerging architecture patterns (OS containers and microservices), and identifies a small number of "idea sketches" describing possible future research opportunities.
Keywords
computer security; resiliency; vulnerabilities; software assurance; virtualization; containers; micro services
