Uwe Zdun

Uwe Zdun
University of Vienna | UniWien · Software Architecture Research Group

About

362
Publications
75,687
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
4,741
Citations

Publications

Publications (362)
Article
Infrastructure as Code (IaC) automates IT infrastructure deployment, which is particularly beneficial for continuous releases, for instance, in the context of microservices and cloud systems. Despite its flexibility in application architecture, neglecting security can lead to vulnerabilities. The lack of comprehensive architectural security guideli...
Chapter
Full-text available
Microservices have gained popularity for isolating service functionality and mitigating issues such as architectural erosion and technical debt. However, their decentralized nature and rapid development often obscure the holistic view of the system and lead developers to lose sight of the overarching architecture. Our work addresses this challenge...
Article
Full-text available
Machine Learning Operations (MLOps) is the practice of streamlining and optimising the machine learning (ML) workflow, from development to deployment, using DevOps (software development and IT operations) principles and ML-specific activities. Architectural descriptions of MLOps systems often consist of informal textual descriptions and informal gr...
Chapter
Cyber-Physical Systems (CPS) design is a complex challenge involving physical and digital components working together to accomplish a specific goal. Integrating such systems involves combining data from various distributed Internet of Things (IoT) devices and cloud services to create meaningful insights and actions. Service-based IoT data integrati...
Chapter
The polyglot nature of microservice architectures and the need for high reliability in security analyses pose unique challenges that existing approaches to automatic architecture recovery often fail to address. This article proposes an approach for extracting detailed architecture models from polyglot microservice source code focusing on explainabi...
Chapter
Dynamic routing is an essential part of service- and cloud-based applications. Routing architectures are based on vastly different implementation concepts, such as API Gateways, Enterprise Service Buses, Message Brokers, or Service Proxies. However, their basic operation is that these technologies dynamically route or block incoming requests. This...
Conference Paper
Full-text available
The API Rate Limit pattern controls the rate at which clients make API requests by counting the number of requests in a specified time interval and reacting against abusive clients, in order to protect the limited resources of the API from exhaustion and denial of service attacks. This practice helps service providers to prevent abuse and ensure fa...
Preprint
Full-text available
ACCEPTED as long paper at:20TH IEEE INTERNATIONAL CONFERENCE ON SOFTWARE ARCHITECTURE (ICSA 2023) https://icsa-conferences.org/2023/call-for-papers/technical-papers/ The Digital Twin (DT) concept has overcome its initial definition based on a purely descriptive approach focusing on modelling physical objects, often using CAD. Today DT often descri...
Conference Paper
The Digital Twin (DT) concept has overcome its initial definition based on a purely descriptive approach focusing on modelling physical objects, often using CAD. Today DT often describes a behavioural approach that can simulate an object’s dynamics, monitor its state, and control or predict its behaviour. Although DTs are attracting significant att...
Book
Proven Patterns for Designing Evolvable High-Quality APIs--For Any Domain, Technology, or Platform APIs enable breakthrough innovation and digital transformation in organizations and ecosystems of all kinds. To create user-friendly, reliable and well-performing APIs, architects, designers, and developers need expert design guidance. This practical...
Chapter
Full-text available
Data transfer and exchange of information through APIs are essential for each microservice architecture. Since these transfers often include private or sensitive data, potential data leaks, either accidentally or through malicious attacks, provide a high-security risk. While there are different techniques, like using data encryption or authenticati...
Chapter
Infrastructure as Code (IaC) is an IT practice that facilitates the management of the underlying infrastructure as software. It enables developers or operations teams to automatically manage, monitor, and provision resources rather than organize them manually. In many industries, this practice is widespread and has already been fully adopted. Howev...
Conference Paper
Full-text available
Composing Web APIs is a widely adopted practice by developers to speed up the development process of complex Web applications, mashups, and data processing pipelines. However, since most publicly available APIs are built independently of each other, developers often need to invest their efforts in solving incompatibility issues by writing ad-hoc gl...
Article
Context Domain-driven design (DDD) is commonly used to design microservices. A crucial aspect of microservice design is API design, which includes the design of API endpoints. Objective Our objective is to automate the assessment of conformance to Architectural Design Decisions (ADDs) on the interrelation of DDD and APIs. In particular, we studied...
Article
Microservice architectures are increasingly being used to develop application systems. Despite many guidelines and best practices being published, architecting microservice systems for security is challenging. Reasons are the size and complexity of microservice systems, their polyglot nature, and the demand for the continuous evolution of these sys...
Conference Paper
Infrastructure-as-Code (IaC) technologies are used to automate the deployment of cloud applications. They promote the usage of code to define and configure the IT infrastructure of cloud applications allowing them to benefit from conventional software development practices, which facilitates the rapid deployment of new versions of application infra...
Book
Infrastructure-as-Code (IaC) technologies are used to automate the deployment of cloud applications. They promote the usage of code to define and configure the IT infrastructure of cloud applications allowing them to benefit from conventional software development practices, which facilitates the rapid deployment of new versions of application infra...
Chapter
Microservices are a commonly used architectural style targeting independent development, deployment, and release of services, as well as supporting polyglot capabilities and rapid release strategies. This depends on the presence of certain software architecture qualities. A number of architecture patterns and best practices that support the require...
Article
Full-text available
One of the chief problems in software architecture is avoiding architecture model drift and erosion in all kinds of complex software systems. Microservice-based systems introduce new challenges in this context, as they often use a large variety of technologies in their latest iteration, and are changed and released very frequently. Existing solutio...
Chapter
Full-text available
Isolation, autonomy, and loose coupling are critical success factors of microservice architectures. Unfortunately, systems tend to become strongly coupled over time, sometimes even exhibiting cyclic communication chains, making the individual deployment of services challenging. Such chains are highly problematic when strongly coupled communication...
Article
italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">Context: Various patterns of dynamic routing architectures are used in service- and cloud-based environments, including sidecar-based routing, routing through a central entity such as an event store, or architectures with multiple dynamic routers. Obj...
Article
State Machine (ASM) theory is a well-known state-based formal method. As in other state-based formal methods, the proposed specification languages for ASMs still lack easy-to-comprehend abstractions to express structural and behavioral aspects of specifications. Our goal is to investigate object-oriented abstractions such as interfaces and traits f...
Chapter
State Machines (ASMs) are a well-known state based formal method to describe systems at a very high level and can be executed either through a concrete or symbolic interpretation. By symbolically executing an ASM specification, certain properties can be checked by transforming the described ASM into a suitable input for model checkers or Automated...
Article
State Machine (ASM) theory is a well-known state-based formal method to analyze and specify software and hardware systems. As in other state-based formal methods, the proposed modeling languages for ASMs still lack easy-to-comprehend abstractions to structure state and behavior aspects of specifications. Modern object-oriented languages offer a var...
Article
Full-text available
Context Code and design smells, such as the coupling smells examined in this article, are widely studied. Existing empirical studies reveal gaps between the scientific theory and practice, not yet explained by the scientific literature. Only basic coupling smell detection approaches and metrics seem to have been transferred to practice so far. Obj...
Chapter
Many contemporary service-based systems follow the microservice approach, particularly in DevOps or continuous delivery contexts. They share a set of important tenets such as independent development and deployment, high releasability, polyglot technology support, and loose coupling. A number of best practices for microservice architectures have bee...
Chapter
Various kinds of dynamic routing architectures are used in today’s service- and cloud-based architectures, including sidecar-based routing, routing through a central entity such as an event store, or architectures with multiple dynamic routers. We propose an analytical model of request loss during router and service crashes, as well as an empirical...
Chapter
Microservices are the go-to architectural style for building applications that are polyglot, support high scalability, independent development and deployment, and are rapidly adaptable to changes. Among the core tenets for a successful microservice architecture is high independence of the individual microservices, i.e. loose coupling. A number of p...
Conference Paper
State Machine (ASM) theory is a well-known state-based formal method to analyze, verify, and specify software and hardware systems. Nowadays, as in other state-based formal methods, the proposed specification languages for ASMs still lack easy-to-comprehend language constructs for type abstractions to describe reusable and maintainable specificatio...
Chapter
Architectural patterns assist in the process of architectural decision making as they capture architectural aspects of proven solutions. In many cases, the chosen patterns have system-wide implications on non-functional requirements such as availability, performance, and resilience. Ensuring compliance with the selected patterns is of vital importa...
Book
Architectural patterns assist in the process of architectural decision making as they capture architectural aspects of proven solutions. In many cases, the chosen patterns have system-wide implications on non-functional requirements such as availability, performance, and resilience. Ensuring compliance with the selected patterns is of vital importa...
Article
Full-text available
The Microservice API Patterns (MAP) language and supporting website premiered under this name at Microservices 2019. MAP distills proven, platform-and technology-independent solutions to recurring (micro-)service design and interface specification problems such as finding well-fitting service granularities, rightsizing message representations, and...
Article
Full-text available
Over the past 10 years software architecture has been perceived as the result of a set of architecture design decisions rather than the elements that form part of the software design. As quality attributes are considered major drivers of the design process to achieve high quality systems, the design decisions that drive the selection and use of spe...
Article
In August 2019, we organized the second Vienna Software Seminar (VSS) with the topic "DevOps and Microservice APIs."<sup>1</sup> Embracing the positive reception of its first iteration in 2017,<sup>2</sup> VSS is an opportunity for attendees to discuss recent software technologies, practices, and related research. The seminar's 34 participants incl...
Book
This book constitutes the refereed proceedings of the tracks and workshops which complemented the 14th European Conference on Software Architecture, ECSA 2020, held in L'Aquila, Italy*, in September 2020. The 30 full papers and 9 short papers presented in this volume were carefully reviewed and selected from 72 submissions. Papers presented were a...
Article
Full-text available
Mature verification and monitoring approaches, such as complex event processing and model checking, can be applied for checking compliance specifications at design time and runtime. Little is known about the understandability of the different formal and technical languages associated with these approaches. This uncertainty regarding understandabili...
Chapter
Microservices are becoming the de-facto standard way for software development in the cloud and in service-oriented computing. Service meshes have been introduced as a dedicated infrastructure for managing a network of containerized microservices, in order to cope with the complexity, manageability, and interoperability challenges in especially larg...
Chapter
Full-text available
Today many service-based systems follow the microservice architecture style. As microservices are used to build distributed systems and promote architecture properties such as independent service development, polyglot technology stacks including polyglot persistence, and loosely coupled dependencies, architecting data management is crucial in most...
Conference Paper
Full-text available
Remote Application Programming Interfaces (APIs) are technology enablers for distributed systems and cloud-native application development. API providers find it hard to design their remote APIs so that they can be evolved easily; refactoring and extending an API while preserving backward compatibility is particularly challenging. If APIs are evolve...
Book
In many service-based applications, decisions about data routing need to be made at runtime, for instance to ensure compliant data handling. Different service-and cloud-based architectures to make dynamic data routing decisions exist including central entities, multiple dedicated dynamic router services, or using a sidecar for each involved service...
Conference Paper
Models describe a software system on an abstraction level higher than its actual implementation. Recent research results show that bringing models and a running system closer together by establishing traceability links between recorded runtime events and corresponding model elements improves the analysis performance of human observers when assessin...
Article
Full-text available
Models are extensively used in many areas of software engineering to represent the behaviour of software systems at different levels of abstraction. Because of the involvement of different stakeholders in constructing these models and their independent evolution, inconsistencies might occur between the models. It is thus crucial to detect these inc...
Article
This article reports a controlled experiment with 116 participants on the understandability of representative graphical and textual pattern-based behavioral constraint representations from the viewpoint of novice software designers. Particularly, graphical and textual behavioral constraint patterns present in the declarative business process langua...
Book
The Transactions on Pattern Languages of Programming subline aims to publish papers on patterns and pattern languages as applied to software design, development, and use, throughout all phases of the software life cycle, from requirements and design to implementation, maintenance and evolution. The primary focus of this LNCS Transactions subline is...
Article
Full-text available
This article discusses the understandability of component models that are frequently used as central views in architectural descriptions of software systems. We empirically examine how different component level metrics and the participants’ experience and expertise can be used to predict the understandability of those models. In addition, we develo...
Chapter
Microservice APIs represent the client perspective on microservice-based software architecture design and related practices. Major issues in API design concern the quality aspects of the API. However, it is not well understood today what the established practices related to those quality aspects are, how these practices are related, and what the ma...
Conference Paper
In the process of software-intensive systems engineering, architectures need to be designed that are compliant to the requirements. For this, architects need to examine those requirements with regard to their architectural impact. Accessing and interpreting the requirements is however not always possible, for instance if custom requirements are yet...
Conference Paper
Full-text available
Design decision support for software architects in complex industrial software systems, such as software ecosystems and systems-of-systems, which feature extensive reuse of third-party solutions and a variety of deployment options, is still an open challenge. We describe three industrial use cases involving considerable re-architecting, where on-pr...
Chapter
The software industry increasingly needs to consider architecture evolution in the context of industrial ecosystem platforms. These environments feature a large number third-party offerings with a high variety and complexity of design and technology options. The software architects working on platform migration and in-platform evolution scenarios i...
Article
There is a growing interest on context-aware systems in recent years. Context-aware systems are able to change their behaviour depending on new conditions regarding the user, the platform and the environment. These systems are evolving towards interacting with the user in a transparent and ubiquitous manner, especially by means of different types o...
Article
Temporal properties are important in a wide variety of domains for different purposes. For example, they can be used to avoid architectural drift in software engineering or to support the regulatory compliance of business processes. In this work, we study the understandability of three major temporal property representations: (1) Linear Temporal Lo...
Conference Paper
Full-text available
The design and evolution of Application Programming Interfaces (APIs) in microservices architectures is challenging. General design issues in integration and programming have been covered in great detail in many pattern languages since the beginnings of the patterns movement, and service-oriented infrastructure design patterns have also been publis...
Conference Paper
Modeling is an important activity in the software development process whose output are design artefacts that describe the resulting software from a high-level perspective. Recent research investigates the role of models at runtime and the results indicate that analysts perform better at observing the behaviour of a running system if they can utiliz...
Conference Paper
The Abstract State Machine (ASM) theory is a well-known formal method, which can be used to specify arbitrary algorithms, applications or even whole systems. Over the past years, there have been many approaches to implement concrete ASM-based modeling and specification languages. All of those approaches define their type systems and operator semant...
Article
Context The components of an event-driven service-oriented architecture (EDSOA) are composed in a highly decoupled way, facilitating high flexibility, scalability and concurrency in SOA systems. Evolving an EDSOA is challenging because the absence of explicit dependencies among constituent components makes understanding and analysing the overall sy...
Article
Context Continuous experimentation guides development activities based on data collected on a subset of online users on a new experimental version of the software. It includes practices such as canary releases, gradual rollouts, dark launches, or A/B testing. Objective Unfortunately, our knowledge of continuous experimentation is currently primari...
Article
Today's software systems must accommodate a wide range of usage and deployment scenarios. The increasing size and heterogeneity of software-intensive systems, dynamic and critical operating conditions, fast moving and highly competitive markets, and increasingly powerful and versatile hardware makes it more and more difficult to handle the addition...
Chapter
Situation faced: Insurance case work can follow established procedures only to a certain degree, as the work depends upon experienced knowledge workers who decide the best solutions for their clients. To produce quality documents in such a knowledge-intensive environment, business users of Die Mobiliar, the oldest private insurance company in Switz...
Book
Full-text available
Microservice-based software architecture design has been widely discussed, and best practices have been published as architecture design patterns. However, conformance to those patterns is hard to ensure and assess automatically, leading to problems such as architectural drift and erosion, especially in the context of continued software evolution o...