Jacopo Soldani- PhD
- Associate Professor at University of Pisa
Jacopo Soldani
- PhD
- Associate Professor at University of Pisa
About
147
Publications
51,601
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
2,314
Citations
Introduction
Jacopo Soldani received his PhD in Computer Science in 2017 from the University of Pisa (Italy). His research interests include, but are not limited to, service-oriented and cloud computing, microservices, and formal methods. He has been involved in research projects on the orchestration of service-based applications on cloud and fog platforms (both at local and EU level). He has also helped organising the various research events, e.g., FOCLASA 2019 and FOCLASA 2018 (as program co-chair).
Current institution
Additional affiliations
April 2022 - present
November 2020 - present
April 2017 - October 2020
Education
November 2013 - April 2017
October 2011 - July 2013
September 2008 - October 2011
Publications
Publications (147)
The ICT sector, responsible for 2% of global carbon emissions, is under scrutiny calling for methodologies and tools to design and develop software in an environmentally sustainable-by-design manner. However, the software engineering solutions for designing and developing carbon-efficient software are currently scattered over multiple different pie...
The use of AI in microservices (MSs) is an emerging field as indicated by a substantial number of surveys. However these surveys focus on a specific problem using specific AI techniques, therefore not fully capturing the growth of research and the rise and disappearance of trends. In our systematic mapping study, we take an exhaustive approach to r...
Context
Identifying the possible root causes of observed failures is crucial in microservice applications, as much as explaining how such possible root failures propagated across the microservices forming an application. This can indeed help pick countermeasures avoiding observed failures to happen again, e.g., by introducing circuit breakers or bu...
Architecture recovery tools help software engineers obtain an overview of the structure of their software systems during all phases of the software development life cycle. This is especially important for microservice applications because they consist of multiple interacting microservices, which makes it more challenging to oversee the architecture...
Microservice security smells denote possible symptoms of bad design decisions that may compromise the security of an application. Therefore, security smells should be carefully checked and possibly resolved by applying some refactorings. In this paper, we introduce SST (Security Smell Triager) an open-source tool that automates the triage of the po...
The ICT sector, responsible for 2% of global carbon emissions and significant energy consumption, is under scrutiny calling for methodologies and tools to design and develop software in an environmentally sustainable-by-design manner. However, the software engineering solutions for designing and developing sustainable software are currently scatter...
Microservices gained momentum in enterprise IT, as they enable building cloud-native applications. At the same time, they come with new security challenges, including security smells, viz., symptoms of bad (though often unintentional) design decisions that might affect application security. This study aims to explore the impacts of microservice sec...
Massimiliano Di Penta received the 2024 SIGSOFT Early Career Researcher Award for outstanding service to the software engineering community, including serving as program co-chair for all premier software engineering conferences and several other events. Massimiliano received a Ph.D. in Computer Engineering at the University of Sannio (Italy) in 200...
The significant carbon footprint of the ICT sector calls for methodologies to contain carbon emissions of running software. This article proposes a novel framework for implementing, configuring and assessing carbon-aware interactive software services. First, we propose a methodology to implement carbon-aware services leveraging the Strategy design...
Microservices are pervading enterprise IT, and securing microservices hence became crucial. KubeHound is an open-source tool devised for this purpose, as it enables detecting instances of so-called security smells in microservice applications deployed with Kubernetes. KubeHound features a plugin-based extensibility, meaning that its smell detection...
Gail Murphy received the 2023 SIGSOFT Outstanding Research Award for pioneering contributions to recommenders for software engineering and program comprehension that have impacted both theory and practice. She received a Ph.D. in computer science from the University of Washington in 1996 (USA), and she is now a Professor in the Department of Comput...
This book constitutes the refereed proceedings of the 10th IFIP WG 6.12 European Conference on Service-Oriented and Cloud Computing , ESOCC 2023, held in Larnaca, Cyprus, during October 24–26, 2023.
The 12 full papers and 4 short papers included in this book were carefully reviewed and selected from 40 submissions. They were organized in topical...
Various tools have been developed to reconstruct the mi-croservice system architecture. Some of the main reasons to build yet another architectural reconstruction tool are lacking features to satisfy the current needs or often that researchers are unaware of the existing tools. To shed light on the available tools, we performed a review of the lite...
The microservice architectural style is widespread in enterprise IT, making the securing of microservices a crucial issue. Many bad practices in securing microservices have been identified by researchers and practitioners, along with security good practices that, if adopted, allow to avoid the corresponding security issues. However, this knowledge...
Resolving security issues in microservice applications is crucial, as many IT companies rely on microservices to deliver their core businesses.
Security smells denote possible symptoms of such security issues.
However, detecting security smells and reasoning on how to resolve them through refactoring is complex and costly, mainly because of the int...
John Grundy received the 2023 SIGSOFT Distinguished Service Award for continued outstanding service to the software engineering community, including the repeated successful organization of flagship conferences, and leadership in the Australasian research and education community. He received a Ph.D. in computer science from the University of Aucklan...
Chunyang Chen received the 2023 SIGSOFT Early Career Researcher Award for outstanding contributions to the study of intelligent software development automation including automated mobile application development, software testing, migration, and accessibility. He received a Ph.D. in computer science from School of Computer Science and Engineering, N...
![Architecture of KubeHound, modelled as a UML component diagram [35].](publication/371922884/figure/fig2/AS:11431281431407875@1746800429490/Architecture-of-KubeHound-modelled-as-a-UML-component-diagram-35_Q320.jpg)
As microservice-based architectures are increasingly adopted, microservices security has become a crucial aspect to consider for IT businesses. Starting from a set of “security smells” for microservice applications that were recently proposed in the literature, we enable the automatic detection of such smells in microservice applications deployed w...
Microservices is a popular architectural style for the development of distributed software, with an emphasis on modularity, scalability, and flexibility. Indeed, in microservice systems, functionalities are provided by loosely coupled, small services, each focusing on a specific business capability. Building a system according to the microservices...
The microservice architectural style is widespread in enterprise IT, making the securing of microservices a crucial issue.
Many bad practices in securing microservices have been identified by researchers and practitioners, along with security good practices that, if adopted, allow to avoid the corresponding security issues.
However, this knowledge...
![An example of μ\documentclass[12pt]{minimal} \usepackage{amsmath}...](publication/369742128/figure/fig2/AS:11431281154580000@1682906571127/An-example-of-mdocumentclass12ptminimal-usepackageamsmath-usepackagewasysym_Q320.jpg)
Designing applications adhering to the key design principles of microservice-based architectures (MSAs) enables fully exploiting the potentials of cloud computing platforms. A specification of an application’s MSA can help determining whether it adheres to such principles, and reasoning on how to refactor it when this is not the case. However, manu...
Most of existing production-ready deployment automation technologies enable declaratively specifying the target deployment for a multi-service application, which can then be automatically enforced. Each technology however relies on a different deployment modelling language, hence hampering the portability of an application deployment from one techn...
Various cloud service models with different management requirements can be used for hosting a certain application component. For instance, more consumer-managed serverful options can be preferred if a component has special requirements related to deployment stack or scaling configuration management, whereas more provider-managed serverless alternat...
Miryung Kim received the 2022 SIGSOFT Influential Educator Award for outstanding achievements in undergraduate and graduate mentoring with emphasis on research excellence in software engineering, diversity, and inclusion. She received a Ph.D. in computer science from the University of Washington, Seattle (USA), and she is a Professor and a Vice Cha...
Software Engineering (SE) has evolved over many decades and has led to many proven and well-established methods and tools that support the efficient development of software and IT systems in general. Although software development had often been performed by distributed teams even before the pandemic, the COVID-19 outbreak exacerbated the physical s...
Infrastructure as Code (IaC) is an IT practice that facilitates the management of the underlying infrastructure as software. It enables developers or operations teams to automatically manage, monitor, and provision resources rather than organize them manually. In many industries, this practice is widespread and has already been fully adopted. Howev...
Securing microservice-based applications is crucial, as many IT companies are delivering their businesses through microservices. Security smells, i.e. possible symptoms of (often unintentional) bad design decisions, can occur in microservice-based applications, resulting in violations of key security properties as well as design soundness (i.e. adh...
Determining the root causes of observed failures is a main issue in microservice-based applications. Unfortunately, available root cause analysis techniques do not focus on explaining how root failures actually caused the observed failure. On the other hand, the availability of such explanations would greatly help to pick adequate countermeasures,...
Modern enterprise applications integrate multiple interdependent software components, whose management must be suitably coordinated. This must be done by taking into account all inter-component dependencies, the faults potentially affecting them, and the fact that each component can be horizontally scaled, i.e., that multiple instances of each comp...
The management of modern enterprise applications is automated by coordinating the deployment, configuration, enactment, and termination of their components. Choosing among different candidate implementations for a specified application component requires such implementations to conform to the specified management behaviour. This holds especially if...
Xin Xia received the 2022 SIGSOFT Early Career Researcher Award for his contributions to AI and SE, mining software repositories, and empirical software engineering. He is the Director of the Software Engineering Application Technology Lab at Huawei, China. He received the Ph.D. degree in Computer Science in 2014 from the College of Computer Scienc...
Software Engineering (SE) is evolving to make the best out of the constantly changing technological trends, ranging from development to deployment to management and decommissioning of software systems. In this new column Trending Topics in Software Engineering, we aim at providing insights, reports, and outlooks on how researchers and practitioners...
Context
Securing microservices is crucial, as many IT companies are delivering their businesses through microservices. If security “smells” affect microservice-based applications, they can possibly suffer from security leaks and need to be refactored to mitigate the effects of security smells therein.
Objective
As the available knowledge on securi...
Trans-cloud applications consist of multiple interacting components deployed across different cloud providers and at different service layers (IaaS and PaaS). In such complex deployment scenarios, fault handling and recovery need to deal with heterogeneous cloud offerings and to take into account inter-component dependencies. We propose a methodolo...
Modern applications integrate various heterogeneous software services, typically based on Enterprise Integration Patterns (EIPs). At the same time, such applications can include hundreds of interacting components, being these services or EIPs. This makes it complex to manually check whether the typed messages sent by a component to another are such...
The proliferation of services and service interactions within microservices and cloud-native applications, makes it harder to detect failures and to identify their possible root causes, which is, on the other hand crucial to promptly recover and fix applications. Various techniques have been proposed to promptly detect failures based on their sympt...
Function‐as‐a‐Service (FaaS) is a cloud service model enabling to implement serverless applications for a variety of use cases. These range from scheduled calls of single functions to complex function orchestrations executed using orchestration services such as AWS step functions. However, since the available function orchestration technologies var...
Cascading failures can severely affect the correct functioning of large enterprise applications consisting of hundreds of interacting microservices. As a consequence, the ability to effectively analyse the causes of occurred cascading failures is crucial for managing complex applications. In this paper, we present a model-based methodology to autom...
We propose Chaos Echo, a framework for automatically generating configurable testbeds that can be exploited to assess techniques enhancing cloud-native applications with fault resilience mechanisms, like orchestrators recovering failed services, or failure detection and root cause analysis techniques. The testbeds generated by Chaos Echo feature ch...
ACM SIGSOFT SEN's column on "Pains and Gains of Peer-Reviewing in Software Engineering" aims at fostering an open, constructive, and lively discussion on the peer-reviewing currently adopted by SE venues, e.g., how to further enhance them and make them sustainable on the long run. This fifth editorial introduces a new contribution to the column, wh...
The momentum gained by microservices and cloud-native software architecture pushed nowadays enterprise IT towards multi-service applications. The proliferation of services and service interactions within applications, often consisting of hundreds of interacting services, makes it harder to detect failures and to identify their possible root causes,...
Function-as-a-Service (FaaS) is a cloud service model enabling developers to offload event-driven executable snippets of code. The execution and management of such functions becomes a FaaS providerâs responsibility, therein included their on-demand provisioning and automatic scaling. Key enablers for this cloud service model are FaaS platforms, e.g...
Context: Securing microservice-based applications is crucial, as many IT companies are delivering their businesses through microservices. If security smells affect microservice-based applications, they can possibly suffer from security leaks and need to be refactored to mitigate the effects of security smells therein. Objective: As the currently av...
Exploiting microservices to architect enterprise applications is becoming commonplace. This makes it crucial to provide some support for designing and analyzing microservice‐based applications, for example, for understanding whether a microservice‐based application adheres to the main design principles of microservices and for choosing how to refac...
Microservice-based applications can include hundreds of interacting software components. This makes their design, implementation, and operation complex, costly, and error-prone. While the availability of a description of the software architecture of microservice-based applications can help to analyse and maintain them, manually generating an archit...
Edge computing brings the service and utilities of cloud computing closer to end users. At the same time, the devices forming edge clusters are limited in featured computing resources, e.g., memory and storage. Running multi-component applications on edge clusters hence requires suitably selecting the nodes where to deploy the software stacks formi...
The "Pains and Gains of Peer-Reviewing in Software Engineering" column of SEN aims at fostering a constructive and stimulating discussion on peer-reviewing in software engineering venues. This fourth editorial introduces a new contribution to the column, which reports on the recently released ACM SIGSOFT Empirical Standards for evaluating specific...
Function-as-a-Service (FaaS) is a cloud service model enabling developers to offload event-driven executable snippets of code. The execution and management of such functions becomes a FaaS provider’s responsibility, therein included their on-demand provisioning and automatic scaling. Key enablers for this cloud service model are FaaS platforms, e.g...
This volume contains the technical papers presented in the workshops, PhD Symposium and EU Projects Track which took place at the 8th European Conference on Service-Oriented and Cloud Computing, ESOCC 2020, held in Heraklion, Crete, Greece, in September 2020: 1st International Workshop on Edge Adoption and Migration, EdgeWays 2020, 16th Internation...
After introducing Docker containers in a nutshell, we discuss the benefits that can be obtained by supporting enhanced descriptions of multi-container Docker applications. We illustrate how such applications can be naturally modelled in TOSCA, and how this permits automating their management and reducing the time and cost needed to develop such app...
The 'Pains and Gains of Peer-Reviewing in Software Engineering' column of SEN aims at fostering a constructive and stimulating discussion on peer-reviewing in software engineering venues. This third editorial introduces two new contributions to the column, providing the positions and perspectives by the Editors-in-Chief of two internationally renow...
![Fig. 4. Visualisation in µFreshener of the architecture of Sock Shop [6].](profile/Giuseppe-Muntoni-2/publication/344494377/figure/fig4/AS:943643288420353@1601993500901/sualisation-in-Freshener-of-the-architecture-of-Sock-Shop-6_Q320.jpg)
Microservice-based applications can include hundreds of interacting software components. This makes their design, implementation, and operation complex, costly, and error-prone. While the availability of a description of the software architecture of microservice-based applications can help to analyse and maintain them, manually generating an archit...
Microservice-based architectures (MSAs) gained momentum in industrial and research communities since finer-grained and more independent components foster reuse and reduce time to market. However, to come from the design of MSAs to running applications, substantial knowledge and technology-specific expertise in the deployment and integration of micr...
Understanding and resolving failure causalities in modern enterprise applications is one of the main challenges daily faced by application administrators. Such applications indeed integrate multiple heterogeneous components, and identifying which components are causing the failure of which other components requires to delve through distributed appl...
The OASIS standard TOSCA provides a portable means for specifying multi-service applications and automating their deployment. Despite TOSCA is widely used in research, it is currently not supported by the production-ready deployment technologies daily used by practitioners, hence resulting in a gap between the state-of-the-art in research and the s...
In recent years, a plethora of deployment technologies evolved, many following a declarative approach to automate the delivery of software components. Even if such technologies share the same purpose, they differ in features and supported mechanisms. Thus, it is difficult to compare and select deployment automation technologies as well as to migrat...
Potential benefits such as agile service delivery have led many companies to deliver their business capabilities through microservices. Bad smells are however always around the corner, as witnessed by the considerable body of literature discussing architectural smells that possibly violate the design principles of microservices. In this paper, we s...
The OASIS standard TOSCA provides a portable means for specifying multi-service applications and automating their deployment. Despite TOSCA is widely used in research, it is currently not supported by the production-ready deployment technologies daily used by practitioners, hence resulting in a gap between the state-of-the-art in research and the s...
Software engineering is a key discipline in computer science. Its purpose is to develop software products and services of high quality within economic constraints that meet customer requirements and create value. Considerable shares of the societal and industrial infrastructure depend on software, and software has become a key driver for innovation...
The standard approach for evaluating scientific contributions by software engineering venues is peer-reviewing. Papers submitted for consideration by a venue are sent to peers (i.e., expert colleagues in the field), who carefully read them and provide corresponding evaluation reports, i.e., the peer reviews. Peer-reviewing comes in various alternat...
Containers and container‐based orchestrators allow deploying and managing multiservice applications over cloud platforms, by coupling the lifecycle of each application service to that of its hosting container. In this use case letter, we demonstrate how the OASIS standard TOSCA and TOSKOSE allow overcoming such a coupling by enabling to exploit Doc...
Enterprise IT is currently facing the challenge of coordinating the management of complex, multicomponent applications across heterogeneous cloud platforms. Containers and container orchestrators provide a valuable solution to deploy multicomponent applications over cloud platforms, by coupling the lifecycle of each application component to that of...
The adoption of cloud computing combined with DevOps enables companies to react to new market requirements more rapidly and fosters the use of automation technologies. This influences the way software solutions are built, which is why the concept of cloud-native applications has emerged over the last few years to build highly scalable applications,...
The automation of application deployment is critical because manually deploying applications is time-consuming, tedious, and error-prone. Several deployment automation technologies have been developed in recent years employing tool-specific deployment modeling languages. At the same time, the OASIS standard Topology Orchestration Specification for...
Peer-reviewing constitutes the reference mechanism for assuring the quality of scientific contributions in software engineering. In the teaser of this column series (i.e., [1]) we provided an overview of the current trends for peer reviewing in software engineering, including experienced pains and gains.
Since deployment automation technologies are heterogeneous regarding their supported features and modeling languages, selecting a concrete technology is difficult and can result in a lock-in. Therefore, we presented the Essential Deployment Metamodel (EDMM) in previous work that abstracts from concrete technologies and provides a normalized metamod...
The adoption of microservice-based architectures is becoming common practice for enterprise applications. Checking whether an application adheres to the main design principles of microservices, and —if not— understanding how to refactor it, are two key issues in that context. In this paper, we present a methodology to systematically identify the ar...
Function-as-a-Service (FaaS) is a cloud service model enabling developers to offload event-driven executable snippets of code. The execution and management of such functions becomes a FaaS provider's responsibility, hereby included their on-demand provisioning and automatic scaling. Key enablers for this cloud service model are FaaS platforms, e.g....
Modern enterprise applications integrate various heterogeneous components, which management has to be suitably coordinated. Being able to check whether the management allowed by the implementation of an application component conforms to a given specification hence becomes crucial. One may indeed wish to replace component specifications with conform...
Declarative approaches for automating the deployment and configuration management of multi-component applications are on the rise. Many deployment technologies exist, sharing the same baselines for enacting declarative deployments, even if based on different languages for specifying multi-component applications. The Essential Deployment Metamodel (...
Declarative approaches for automating the deployment and configuration management of multi-component applications are on the rise. Many deployment technologies exist, sharing the same baselines for enacting declarative deployments, even if based on different languages for specifying multi-component applications. The Essential Deployment Metamodel (...
While building microservice-based applications, architects need to choose among different frameworks to provide generic functionalities to address quality attribute concerns, such as high-availability. Although using frameworks brings various benefits, it is not clear how they actually impact on the properties characterizing the high-availability o...
Enterprise IT is currently facing the challenge of coordinating the management of complex, multi-component applications across heterogeneous cloud platforms. Containers and container orchestrators provide a valuable solution to deploy multi-component applications over cloud platforms, by coupling the lifecycle of each application component to that...
Standard Reviewing Procedures The final acceptance decision for a paper can be taken by following different alternative peer-reviewing processes (these review processes are implemented for both conferences and journals). The standard setup can be described as follows: while authors are usually not aware of the reviewers' identity (so-called blind r...
