The academic site of Saverio Giallorenzo
Assistant Professor at Università di Bologna
Department of Computer Science and Engineering

Projects

Utilities:

  • DBLP Rank: a script to add the ranking of conferences (from GII-GRIN-SCIE) and journals (from SCIMAGO) to a DBLP researcher’s page

Choral

Choral is a language for the programming of choreographies. A choreography is a multiparty protocol that defines how some roles (the proverbial Alice, Bob, etc.) should coordinate with each other to do something together.

Choral is designed to help developers program distributed authentication protocols, cryptographic protocols, business processes, parallel algorithms, or any other protocol for concurrent and distributed systems. At the press of a button, the Choral compiler translates a choreography into a library for each role. Developers can use the generated libraries to make sure that their programs (like a client, or a service) follow your choreography correctly. Choral makes sure that the generated libraries are compliant implementations of the source choreography, making programmers more productive, and preventing them from writing incompatible implementations of communications.

Choral is currently interoperable with Java (and it is planned to support also other programming languages). Choral is compatible with Java in three ways: 1) its syntax is a direct extension of Java (if you know Java, Choral is just a step away); 2) Choral code can reuse Java libraries; 3) the libraries generated by Choral are in pure Java with APIs that the programmer controls, and that can be used inside of other Java projects directly.

My contribution

I am part of the Choral team, working on the theory behind the language and its development.

Ranflood

Ransomware is one of the most infamous kinds of malware, particularly the “crypto” subclass, which encrypts users’ files, asking for some monetary ransom in exchange for the decryption key. Recently, crypto-ransomware has grown into a scourge for enterprises and governmental institutions, threatening hospitals, institutional services, and firms. Ranflood is an open-source anti-ransomware tool developed within the Data-Flooding-against-Ransomware family of solutions and able to mix honeypots, resource contention, and moving target defence to effectively contrast ransomware attacks.

At its core, Ranflood buys time for the user to counteract an ongoing attack, e.g., to access an unresponsive, attacked server and shut it down manually. Ranflood implements a dynamic honeypot approach, which consists in generating decoy files and confusing the genuine files of the user with bait ones that the ransomware is lured into encrypting (making it waste time on them rather than on the actual files of the user). This confusion constitutes the moving-target-defence part of the approach. The third prong, that of resource contention, happens over IO access (e.g., for reading and writing on disk), which the ransomware must share with the (IO-heavy) Ranflood flooding routines.

My contribution

I am one of the main contributors in the design of the Data-Flooding-against-Ransomware family and the main developer of Ranflood.

APP

Serverless is a Cloud service that lets users deploy distributed applications as compositions of stateless functions, delegating all system administration tasks to the Cloud platform. Serverless offers users two main benefits: 1) save time by delegating resource allocation, maintenance, and scaling to the platform; 2) pay only for the resources that perform work, avoiding the costs of running idle servers. The industry standard is to let the platform manage the allocation of function execution over the available computing resources, also called workers. However, not all workers are equal when allocating functions, and some workers can be better suited for certain tasks, e.g., equipping hardware accelerators or enduring lower latencies.

APP (Allocation Priority Policies) is a declarative language that supports a scheduling model where users/providers can define function-specific allocation policies so that the scheduler applies the scheduling policy that implements their functional requirements (e.g., prevent trusted and untrusted functions from running on the same workers) and optimise their performance (also considering the ongoing load status of workers).

APP is currently implemented as an open-source prototype extension of the Serverless Apache OpenWhisk platform freely available. The deployment of the prototype is highly automatised, thanks to the provided companion Infrastructure-as-Code scripts, Kubernetes clusters, and the provision of its components as containers.

My contribution

I am one of the main contributors in the design of the APP language and in the supervision of its development.

JoT

JoT is a testing framework for Microservice Architectures based on technology agnosticism, a core principle of microservices.

The main advantage of JoT is that it reduces the amount of work for a) testing microservices that use different technology stacks, b) writing tests that involve multiple services, and c) reusing tests under different deployment configurations or after changing some of its components (e.g., when, for performance, one reimplements a service with a different technology).

In JoT, tests are orchestrators that can both consume or offer operations from/to the MSA under test. The language for writing JoT tests is Jolie, which provides constructs that support technology agnosticism and the definition of terse test behaviours.

My contribution

I am one of the contributors in the design of the JoT framework and one of its developers/maintainers.

VTMark

It is complex to predict how the usage of a given Virtualisation Technology (VT) implementation (e.g., specific virtual machines, containers, etc.) can impact on the performance of a deployed Cloud application.

VTMark is a semi-automatic open-source benchmarking suite that DevOps can use to orient when looking for the best-performing VT w.r.t their application profile.

VTmark assembles off-the-shelf tools for benchmarking the different resources used by applications (CPU, RAM, etc.); for example, we used VTmark to report the benchmarks of 6 of the most widely-adopted VTs in the Cloud market.

My contribution

I worked on the inception of the project and contributed to the supervision of its development.

AIOCJ

AIOCJ is a choreographic programming language for developing adaptive systems. Distributed programs specified in AIOCJ are programmed from a global point of view and projected to singular entities that, distributed and run in parallel, enact the global behaviour.

Programs written in AIOCJ are deadlock-free by construction and can adapt at runtime. A developer can specify which fragments of the global interaction can change. At runtime the projected entities can substitute (update) marked fragments with new ones provided by compliant repositories. AIOCJ programs always update in a coherent way, which preserves deadlock freedom.

Since AIOCJ choreographies are projected to Jolie programs they can also make use of functions provided by external services.

My contribution

I am one of the main researchers on the formal model behind the AIOCJ language and its main developer.

Jolie

Jolie is a general-purpose service-oriented programming language. It brings elegance, simplicity, and pragmatism in the development of modular, integrated, distributed, and concurrent applications.

The development of the Jolie language is based on a positive loop between formal theory and practical requirements. One of the strongest values of Jolie is the freedom it gives when designing distributed solutions. Depending on the requirements and the constraints of a specific problem, a programmer can choose whether to build a basic, immediate, yet lightweight solution to integrate applications from different domains or to model the solution by exploiting the language’s advanced composition primitives, forging an highly modular distributed system.

The language is continuously maintained and enhanced, with the contribution of researchers from many universities (UniBo, SDU, ITU, DTU, Innopolis University).

Jolie programs strive for minimality, the same minimality advocated by the microservices architectural style.

My contribution

I am part of the Jolie team, working on the theory behind the language and its development. I am also one of the administrators of the official website and a maintainer of the official documentation.

JIoT

The JIoT project aims at integrating IoT-related technologies into the Jolie language.

The Internet of Things (IoT) promotes the communication among heterogeneous entities, from small sensors to Cloud systems. However, this is realized using a wide range of communication media and data protocols, usually incompatible with each other. Thus, IoT systems tend to grow as homogeneous isolated platforms—usually referred as “IoT islands”—, which hardly interact.

To achieve a higher degree of interoperability among disparate IoT platforms, the JIoT project investigates how abstractions suitable for service-oriented and microservice architectures can aid integrating disparate IoT islands.

Jolie supports the main technologies from Service-Oriented Computing, such as TCP/IP, Bluetooth, and RMI at transport level, and HTTP and SOAP at application level. As first technical result of the project, we integrated in Jolie the two most adopted protocols for IoT communication, i.e., CoAP and MQTT.

The integration of IoT-specific protocols into the service-oriented setting of Jolie poses some interesting challenges, the two main being i) the integration of unreliable channels (UDP/CoAP) and ii) bridging the simple request-response communication style of Jolie with the peculiarities of the Publish/Subscribe communication pattern.

My contribution

I am one of the main contributors both in the design and development of the project.

Tquery

The Tquery project is a query framework integrated in the Jolie language for the data handling/querying of Jolie trees.

Tquery is based on a tree-based instantiation (language and semantics) of MQuery, a sound variant of the Aggregation Framework, the query language of the most popular document-oriented database: MongoDB.

Tree-shaped documents are the main format in which data flows within modern digital systems—e.g., eHealth, the Internet-of-Things, and Edge Computing.

Tquery is particularly suited to develop real-time, ephemeral scenarios, where data shall not persist in the system.

My contribution

I am one of the main contributors both in the formalisation and the development of the project.

SMAll

Key element of Mobility as a Service (MaaS) is that MaaS operators can aggregate solutions of multiple transport companies to deliver dynamic, transparent multi-modal travels to their users, who experience transportation as managed directly by a single operator. To enable MaaS, within the Smart Mobility for All EIT Project, we created SMAll, a platform (and its related wiki) where providers of transport solutions can trade their information as well as other services for mobility, like booking, payment, and travel assistance, on demand. SMAll includes the latests technologies in terms of provision, deployment, scaling, and maintenance of applications: microservices and containerisation. In addition, SMAll supports the creation of a federation-based MaaS market, where a SMAll instance is a hub for local (e.g., city-wide) transport operators and geographically sparse SMAll instances can federate to form a global market for MaaS.

To test SMAll, we also implemented pilots within the platform, collaborating with the Department of Transportation of Emilia-Romagna region, Lepida S.c.p.A., and Foundazione Bruno Kessler.

My contribution

I am both one of the designers of the SMAll platform and one of the main developers of its prototype.