Performant, Secure and Optimized Microservice-based Distributed Systems

  • Author / Creator
    Lin, Changyuan
  • Microservices have gained substantial importance over the past decades and matured into one of the fundamental techniques to build performant, cloud-native, and cost-efficient distributed systems that are scalable and highly available. However, like any other type of distributed system, there are inherited pain points related to performance, cost, and security pertaining to microservice-based distributed systems. For applications based on serverless microservices, there is no analytical or experimental tool to enable what-if analysis between performance and cost in a systematic manner. Moreover, production-ready microservice-based systems, e.g., Internet of Things (IoT), are typically large-scale systems for which we require autonomic management to enforce the quality attributes such as security and performance.
    In this thesis, we address the challenges mentioned above by targeting four research objectives. More specifically, we propose a solution to help build performant, secure and optimized microservice-based distributed systems, particularly systems based on serverless microservices and IoT systems, from three aspects, including service level agreement (SLA) adherence, performance/cost modeling and optimization, and autonomic security management.
    In the first part of the thesis, we initially formulate the function placement problem in which function containers are placed on virtual machines (VMs) optimally to avoid performance degradation due to resource contention. To solve this problem, we design and evaluate a machine learning-based adaptive function placement algorithm that Function as a Service (FaaS) platforms can leverage to improve the throughput of functions and thus enhance SLA adherence without incurring significant overhead. The proposed algorithm can predict the performance of the function based on the workload profile of functions and performance metrics of VMs. As verified by experimental evaluation, the proposed adaptive function placement algorithm could improve the throughput of serverless functions by 10.35% - 44.89% with negligible overhead.
    For performance and cost modeling of applications based on serverless microservices, we first propose a new construct to formally define a serverless application workflow and then implement analytical models to predict the serverless application workflow's average end-to-end response time and cost. Also, we propose a heuristic algorithm with four greedy strategies to answer two fundamental optimization questions regarding performance and cost. The proposed models and algorithms are extensively evaluated by conducting experimentation on Amazon Web Services (AWS). Our analytical models can predict the performance and cost of serverless applications with more than 98% accuracy. Furthermore, the optimization algorithm can achieve the optimal configurations of serverless applications with 97% accuracy on average.
    To address security management for microservice-based distributed IoT systems, we strive to build an autonomic manager that can: 1) Monitor the smart space continuously. 2) Analyze the context. 3) Plan and execute countermeasures to maintain the desired level of security. 4) Reduce liability and risks of security breaches. We follow the microservice architecture pattern and propose a generic ontology named Secure Smart Space Ontology (SSSO) for describing dynamic contextual information in security-enhanced smart spaces. Based on SSSO, we build an autonomic security manager with four layers that continuously monitor the managed spaces, analyze contextual information and events, and automatically plan and implement adaptive security policies. As the evaluation, focusing on a current BlackBerry customer problem, we deploy the proposed autonomic security manager to maintain the security of a smart conference room with 32 IoT devices and 66 services encapsulated as microservices. Also, the high performance of the proposed solution is evaluated on a large-scale deployment with over 1.8 million triples.

  • Subjects / Keywords
  • Graduation date
    Fall 2021
  • Type of Item
  • Degree
    Master of Science
  • DOI
  • License
    This thesis is made available by the University of Alberta Libraries with permission of the copyright owner solely for non-commercial purposes. This thesis, or any portion thereof, may not otherwise be copied or reproduced without the written consent of the copyright owner, except to the extent permitted by Canadian copyright law.