@baylor.edu
Associate Professor at Computer Science
Baylor University
Czech Technical University, FEE
Baylor University
Cloud-native, static analysis, microservices
Scopus Publications
Scholar Citations
Scholar h-index
Scholar i10-index
Ernesto Quevedo, Amr S. Abdelfattah, Alejandro Rodriguez, Jorge Yero, and Tomas Cerny
Springer Science and Business Media LLC
Tomas Cerny, Amr S. Abdelfattah, Jorge Yero, and Davide Taibi
Springer Science and Business Media LLC
Tomas Holek, Miroslav Bures, and Tomas Cerny
Springer Nature Switzerland
Tomás Cerný and Davide Taibi
Md Showkat Hossain Chy, Muhammad Ashfakur Rahman Arju, Sri Manjusha Tella, and Tomas Cerny
MDPI AG
Message Queue (MQ) services play a vital role in modern distributed systems as they enable asynchronous communication between services and facilitate the decoupling of various components of the system. Among the many MQ services available, Kafka, Apache Pulsar, Artemis, and RocketMQ are popular choices, each offering unique features and capabilities. As the adoption of MQ services continues to grow, choosing the appropriate service that can meet the requirements of the system has become increasingly challenging. Therefore, a comprehensive comparison of these services is crucial to determine the most suitable one for a specific use-case. This research paper presents a thorough evaluation of these MQ services based on critical metrics such as CPU utilization, memory usage, garbage collection, latency, and throughput. Based on our extensive review, no other research has delved into such a detailed evaluation, thereby establishing our work as a cornerstone in this field. The results of our study offer valuable insights into the strengths and limitations of each service. Our findings indicate that each message queue behaves differently inside the Java Virtual Machine (JVM). This work aims to assist developers and researchers in strategically deploying and optimizing MQ services based on specific system and use-case requirements. In addition to providing machine metrics, our results demonstrate the performance of each message queue under different load scenarios, making it a valuable resource for those seeking to ensure the effective functioning of their MQ services.
Tomas Cerny, Amr S. Abdelfattah, Abdullah Al Maruf, Andrea Janes, and Davide Taibi
Elsevier BV
Nabil El Ioini, Ayoub El Majjodi, David Hastbacka, Tomas Cerny, and Davide Taibi
ACM
While working in the cloud, the trend is to secure all the resources in order for the applications and systems to operate as efficiently as possible. Huge amounts of resources are wasted on unnecessary utilities and resource-consuming processes, which can rather have a negative effect. Unikernels are the last trend in this direction. We aim to shed light on the motivations, benefits, and issues in unikernels. Our goal is to systematically analyze what made this technology so attractive, identifying the benefits they have attained and the issues encountered in embracing this new technology. We surveyed academic and grey literature by means of the Multivocal Literature Review process, analyzing 590 sources, of which 62 reported motivations, benefits, and issues. The main motivations for adopting unikernels are performance and security, which are also reflected in the benefits reported. In terms of issues, the maturity of the existing frameworks as well as the tool support, are the main challenges that need to be addressed. Given the great potential that unikernels can bring in terms of performance and security, further research is needed to investigate the pros and cons, how to use them, and in which contexts they are beneficial.
Amr S. Abdelfattah, Alejandro Rodriguez, Andrew Walker, and Tomas Cerny
Springer Science and Business Media LLC
Rokin Maharjan, Md Showkat Hossain Chy, Muhammad Ashfakur Arju, and Tomas Cerny
MDPI AG
Message queues are a way for different software components or applications to communicate with each other asynchronously by passing messages through a shared buffer. This allows a sender to send a message without needing to wait for an immediate response from the receiver, which can help to improve the system’s performance, reduce latency, and allow components to operate independently. In this paper, we compared and evaluated the performance of four popular message queues: Redis, ActiveMQ Artemis, RabbitMQ, and Apache Kafka. The aim of this study was to provide insights into the strengths and weaknesses of each technology and to help practitioners choose the most appropriate solution for their use case. We primarily evaluated each technology in terms of latency and throughput. Our experiments were conducted using a diverse array of workloads to test the message queues under various scenarios. This enables practitioners to evaluate the performance of the systems and choose the one that best meets their needs. The results show that each technology has its own pros and cons. Specifically, Redis performed the best in terms of latency, whereas Kafka significantly outperformed the other three technologies in terms of throughput. The optimal choice depends on the specific requirements of the use case. This paper presents valuable insights for practitioners and researchers working with message queues. Furthermore, the results of our experiments are provided in JSON format as a supplement to this paper.
Md Shahidur Rahaman, Sadia Nasrin Tisha, Eunjee Song, and Tomas Cerny
MDPI AG
Protecting the resources of a cloud-native application is essential to meet an organization’s security goals. Cloud-native applications manage thousands of user requests, and an organization must employ a proper access control mechanism. However, unfortunately, developers sometimes grumble when designing and enforcing access decisions for a gigantic scalable application. It is sometimes complicated to choose the potential access control model for the system. Cloud-native software architecture has become an integral part of the industry to manage and maintain customer needs. A microservice is a combination of small independent services that might have hundreds of parts, where the developers must protect the individual services. An efficient access control model can defend the respective services and consistency. This study intends to comprehensively analyze the current access control mechanism and techniques utilized in cloud-native architecture. For this, we present a systematic mapping study that extracts current approaches, categorizes access control patterns, and provides developers guidance to meet security principles. In addition, we have gathered 234 essential articles, of which 29 have been chosen as primary studies. Our comprehensive analysis will guide practitioners to identify proper access control mechanisms applicable to ensuring security goals in cloud-native architectures.
Ernesto Quevedo Caballero, Michael Donahoo, and Tomas Cerny
ACM
Computing devices with multiple active network interfaces, such as cellular, wired, and WiFi, are becoming more and more common. Typically, such devices select a single interface for communication, but throughput and availability can increase by utilizing multipath protocols. Multipath TCP (MPTCP) is the predominant protocol in this space; however, Multipath QUIC (MPQUIC) provides several advantages over MPTCP and is increasing in adoption. Multipath protocols use a multipath scheduler to determine which packets use which interface. Legacy schedulers exhibit good performance but often poorly handle adjusting to dynamic changes in the network. Recent research includes the development of several Deep Reinforcement Learning (DRL) based schedulers that outperform legacy schedulers and improve adaptability to changing network conditions. Evaluation of any packet scheduling approach must include an assessment of fairness to concurrent TCP flows. Specifically, under congestion conditions, all flows (multipath or unipath) should tend toward an equal share of the bandwidth. Unfortunately, MPQUIC DRL-based scheduler research does not include a rigorous analysis of the fairness aspect under various network conditions, risking significant network problems as adoption increases. We present an efficiency and fairness comparison of MPQUIC using DRL-based schedulers with classic agents like DQN, Deep SARSA, and Double DQN. Experimental results over a bi-path network show that these schedulers are TCP-friendly in many cases on both paths and converge to link-centric fairness on one path. However, our work shows that they are not TCP-friendly or can be bullied under certain conditions, degrading TCP or MPQUIC performance.
Md Shahidur Rahaman, Agm Islam, Tomas Cerny, and Shaun Hutton
MDPI AG
Security is a significant priority for cloud-native systems, regardless of the system size and complexity. Therefore, one must utilize a set of defensive mechanisms or controls to protect the system from exploitation by potential adversaries. There is an expanding amount of research on security issues, including attacks against individual microservices or overall systems and their corresponding defense mechanism options. This study intends to provide a comprehensive overview of currently used defense mechanisms involving static analysis that can detect and react against associated attacks and vulnerabilities. We present a systematic literature review that extracts current approaches for the security analysis of microservices and the violation of security principles. We gathered 1049 relevant publications, of which 50 were selected as primary studies. We are providing practitioners and developers with a structured survey of the existing literature of defensive solutions for microservice architectures and cloud-native systems to aid them in identifying applicable solutions for their systems.
Amr S. Abdelfattah and Tomas Cerny
MDPI AG
Understanding software systems written by others is often challenging. When we want to assess systems to reason about them, i.e., to understand dependencies, analyze evolution trade-offs, or to verify conformance to the original blueprint, we must invest broad efforts. This becomes difficult when considering decentralized systems. Microservice-based systems are mainstream these days; however, to observe, understand, and manage these systems and their properties, we are missing fundamental tools that would derive various simplified system abstract perspectives. Microservices architecture characteristics yield many advantages to system operation; however, they bring challenges to their development and deployment lifecycles. Microservices urge a system-centric perspective to better reason about the system evolution and its quality attributes. This process review paper considers the current system analysis approaches and their possible alignment with automated system assessment or with human-centered approaches. We outline the necessary steps to accomplish holistic reasoning in decentralized microservice systems. As a contribution, we provide a roadmap for analysis and reasoning in microservice-based systems and suggest that various process phases can be decoupled through the introduction of system intermediate representation as the trajectory to provide various system-centered perspectives to analyze various system aspects. Furthermore, we cover different technical-based reasoning strategies and metrics in addition to the human-centered reasoning addressed through alternative visualization approaches. Finally, a system evolution is discussed from the perspective of such a reasoning process to illustrate the impact analysis evaluation over system changes.
Alejandro Rodriguez Perez, Korn Sooksatra, Pablo Rivas, Ernesto Quevedo, Javier Turek, Gisela Bichler, Tomas Cerny, Laurie Giddens, and Stacie Petter
IEEE
This paper investigates the limitations of transformer-based models in handling a fixed vocabulary, which can lead to poor generalization of out-of-vocabulary words and domains. To address this, we explore the use of transfer learning from a vocabulary-rigid transformer to a vocabulary-free one by aligning the word-embedding layer. Our approach trains a CNN to mimic the word embeddings layer of a BERT model, using a sequence of byte tokens as input. By replacing the word embeddings layer of the baseline BERT model with the aligned CNN network, we evaluate the model's generalization performance and ability to handle a broader range of linguistic inputs. Our results demonstrate the advantages of using cosine-based loss functions in the alignment process. Our approach makes important contributions toward developing more flexible and robust NLP models.
Ernesto Quevedo, Tomas Cerny, Alejandro Rodriguez, Pablo Rivas, Jorge Yero, Korn Sooksatra, Alibek Zhakubayev, and Davide Taibi
Institute of Electrical and Electronics Engineers (IEEE)
Dario Amoroso d’Aragona, Xiaozhou Li, Tomas Cerny, Andrea Janes, Valentina Lenarduzzi, and Davide Taibi
Springer Nature Switzerland
Amr S. Abdelfattah and Tomas Cerny
Springer Nature Switzerland
Amr S. Abdelfattah, Tomas Cerny, Jorge Yero Salazar, Austin Lehman, Joshua Hunter, Ashley Bickham, and Davide Taibi
Springer Nature Switzerland
Sheldon Smith, Ethan Robinson, Timmy Frederiksen, Trae Stevens, Tomas Cerny, Miroslav Bures, and Davide Taibi
IEEE
Testing microservice systems involves a large amount of planning and problem-solving. The difficulty of testing microservice systems increases as the size and structure of such systems become more complex. To help the microservice community and simplify experiments with testing and traffic simulation, we created a test benchmark containing full functional testing coverage for two well-established open-source microservice systems. Through our benchmark design, we aimed to demonstrate ways to overcome certain challenges and find effective strategies when testing microservices. In addition, to demonstrate our benchmark use, we conducted a case study to identify the best approaches to take to validate a full coverage of tests using service-dependency graph discovery and business process discovery using tracing.
Xiaozhou Li, Amr S. Abdelfattah, Jorge Yero, Dario Amoroso d'Aragona, Tomas Cerny, and Davide Taibi
IEEE
Software system quality is strongly affected by the organizational structure and collaboration across developers. Effective and loosely coupled organization structures reflect the high quality of the system architecture and the efficiency with which this system can evolve. Especially for microservice-based systems, as the notion of “one-microservice-per-team” is highly recommended and advocated as one of the best practices in the industry, it is crucial for the companies to be aware of the status of their organizational structure and the critical contributors therein. To such an end, this paper proposes an approach to analyze the organizational structure of microservice-based software projects in terms of contributor collaboration and to identify the core contributors therein. Furthermore, we can also monitor the evolution of the project's organizational structure via the growing collaboration activities through different releases. The proposed method shall help the companies and organizations adopting microservices better understand their organizational structure and make more effective decisions in maintaining the quality of microservice architectures.
Amr S. Abdelfattah, Tomas Cerny, Davide Taibi, and Sira Vegas
IEEE
Luka Lelovic, Michael Mathews, Amr Abdelfattah, and Tomas Cerny
SCITEPRESS - Science and Technology Publications
Amr Abdelfattah, Micah Schiewe, Jacob Curtis, Tomas Cerny, and Eunjee Song
SCITEPRESS - Science and Technology Publications