The theme of this edition is the interplay between microservices and the cyber security.
- On the one hand, the adoption of microservices is fostering the adoption of new architectural patterns and software construction practices; understanding the security properties (or the emerging vulnerabilities) of the resulting constructs calls for the development of a fresh mindset in analysts, designers and testers alike. In addition, the additional middleware and infrastructure typically proposed for the management of microservice-based architectures could expand the attack surface of the systems.
- On the other hand, the same frameworks could instead prove valuable allies to collect security-relevant information and to coordinate defenses. The above considerations concern the intrinsic interplay between the fields of microservices and security. The broader application context is peculiarly sensitive to them: microservices are often adopted as an accelerator of digital transformations as the successful past edition(s) of the conference have shown. In this light, security issues should be a primary concern for microservices researchers and practitioners, as they provide an opportunity to integrate security-by-design into the recent advances in software development - triggered and amplified by microservices principles, patterns, and technologies.
Topics of interest are not limited to our cyber security theme. We are interested in all aspects and phases of the design and implementation of microservice architectures:
- Software engineering methods for microservices, specifically (but not limited to) agile service design practices, behavior- and domain-driven design
- Identification, specification, and realization of candidate services
- Patterns for IDEAL cloud-native application architectures; service API design and management
- Microservices infrastructure components: API gateways, side cars, and service meshes; reactive messaging brokers; service registries; service containers and cluster managers; infrastructure as code
- Function-as-a-service and serverless cloud offerings; service-based event sourcing and data streaming architectures
- Security and other service quality concerns (consistency, availability, recoverability) in microservices; dealing with General Data Protection Regulation (GDPR) compliance and other data privacy requirements
- Testing for microservices: unit tests, system tests, acceptance and regression tests, test-driven service development
- Formal models for microservices
- Verification (both static and runtime) of microservice systems
- DevOps for microservices, in particular (but not limited to) continuous deployment and distributed monitoring
- Microservice management: fault, configuration, accounting, performance, security
- Discovery/recovery and reverse engineering of microservices solutions
- Microservice evolution
- Programming languages, notations, and techniques for microservices
- Empirical studies of microservices adoption
We solicit contributed talks based work in progress, scientific work published or submitted for publication, or practical experience reports. Authors wishing to present their work are invited to submit extended abstracts following the submission guidelines.. Abstracts and presentations must be in English.