Axiom Gateway
Join
Latest
Call for Papers: Vol. 42 closes 30 JuneNew: Quantum Security Summit registration openAxiom Standard 7042-2024 now ratifiedGrant cycle 2025 — $4.2M committedFellows election voting opens 15 JulyCall for Papers: Vol. 42 closes 30 JuneNew: Quantum Security Summit registration openAxiom Standard 7042-2024 now ratifiedGrant cycle 2025 — $4.2M committedFellows election voting opens 15 July
Digital Library

Research Archive

Search across 2.4 million peer-reviewed documents from journals, conferences, and standards.

Showing 80 of 2,418,902 results

Journal Article Open Access Cybersecurity

Supply Chain Security in DevOps: Taxonomy, Risk Assessment, and Automated Mitigation Strategies for Software Dependency Vulnerabilities

High-profile software supply chain attacks — most notably the SolarWinds SUNBURST incident and the Log4Shell vulnerability — have exposed critical security gaps in DevOps pipelines that rely on third-party and open-source dependencies. This paper provides a comprehensive treatment of software supply chain security within the context of DevOps, presenting a threat taxonomy, a quantitative risk assessment methodology, and a suite of automated mitigation strategies. We analyze 1,240 software supply chain incidents reported between 2018 and 2022, categorizing attack vectors across six dimensions: dependency confusion, typosquatting, compromised maintainer accounts, malicious commit injection, build pipeline compromise, and artifact tampering. We introduce the Supply Chain Risk Score (SCRS), which aggregates dependency provenance, maintainer reputation, patch velocity, and transitive exposure into a single risk signal consumable by CI/CD gates. We evaluate the SCRS against a holdout dataset of 180 known malicious packages, achieving 87.4% detection precision at 92.1% recall. We further describe an SBOM-integrated DevSecOps reference architecture implementing SLSA Level 3 attestation and demonstrate its deployment in a Fortune 500 organization. This work provides both theoretical grounding and concrete engineering guidance for addressing supply chain threats in high-velocity delivery environments.

Ngozi Eze-Williams, Maximilian Bauer, Sora Kim, Abdul-Rahman Hassan· Oct 2022· 537 citations
Journal Article Open Access Natural Language Processing

Retrieval-Augmented Generation for Knowledge-Intensive Enterprise Tasks: Dense Retriever Design, Index Freshness Management, and Faithfulness Evaluation in Production RAG Systems

Retrieval-Augmented Generation (RAG) -- the combination of dense retrieval over a knowledge corpus with generative language model synthesis -- has emerged as the leading architectural pattern for grounding large language model outputs in verifiable factual sources, addressing the hallucination and knowledge staleness limitations of parametric LLM knowledge. Despite rapid practitioner adoption, the engineering design space of production RAG systems -- covering retriever architecture selection, embedding model choice, index freshness management, chunking strategy, context window utilization, and faithfulness evaluation -- lacks systematic empirical treatment. This paper presents the first comprehensive engineering study of production RAG systems, evaluating design decisions across 14 dimensions using a standardized enterprise question answering benchmark comprising 8,400 questions across legal, financial, and technical documentation corpora. We find that bi-encoder dense retrievers (DPR, E5-large) outperform BM25 sparse retrieval by 18.4 F1 points on complex multi-hop questions but underperform by 7.2 points on exact keyword lookup queries, motivating hybrid retrieval as the default architecture. Chunk size has the highest sensitivity of any single design parameter -- optimal chunk size varies by 4x across corpora depending on document structure. We introduce the RAG Faithfulness Score (RFS), a composite metric measuring citation accuracy, claim groundedness, and context utilization efficiency, and demonstrate its correlation with downstream user trust ratings (Pearson r=0.74). We release evaluation code, benchmark datasets, and optimal configuration templates for six enterprise RAG deployment profiles.

Obiora Chukwu, Maja Svensson, Yuki Matsumoto, Laila Benali· Jul 2022· 534 citations
Journal Article Open Access Cybersecurity

Policy as Code in DevOps: Automated Governance, Open Policy Agent Integration, and Compliance-as-Code Maturity in Cloud-Native Pipelines

As organizations scale their cloud-native DevOps operations, the manual enforcement of security, compliance, and operational policies becomes a significant bottleneck and audit risk. Policy as Code (PaC) — the expression of organizational policies in machine-readable, version-controlled formats that can be automatically evaluated within CI/CD pipelines — has emerged as a scalable alternative. This paper presents the first systematic academic treatment of Policy as Code in DevOps contexts, combining a systematic literature review, an evaluation of three leading PaC frameworks (Open Policy Agent/Rego, Kyverno, and AWS Config Rules), and an empirical study of four organizations that implemented PaC programs over 12–24 months. We define a Policy as Code Taxonomy covering eight policy domains — identity and access, network security, data classification, resource configuration, software supply chain, cost governance, operational thresholds, and regulatory mapping — and evaluate framework suitability across domains. Organizations with mature PaC implementations achieve 94% automated policy coverage (vs 41% baseline), reduce policy violation escape rate to production by 87%, and report audit preparation time reductions of 65%. We introduce the Policy Coverage Efficiency Score (PCES) as a standardized measure of PaC program maturity and provide a PaC implementation roadmap with phase-specific toolchain recommendations.

Isioma Nwofor, Björn Andersson, Shunsuke Nakajima, Marta Alves· Jul 2022· 344 citations
Journal Article Open Access Artificial Intelligence

Transformer Architecture Optimization for On-Device Inference: Knowledge Distillation, Quantization, and Pruning Strategies for Deploying Large Language Models on Edge Hardware

The deployment of transformer-based large language models on edge devices -- smartphones, embedded systems, and IoT endpoints -- requires model compression techniques that preserve task performance while meeting the memory, compute, and energy constraints of target hardware. This paper presents a systematic empirical study of three compression paradigms -- knowledge distillation, post-training and quantization-aware quantization, and structured and unstructured pruning -- applied to BERT-base, DistilBERT, and GPT-2-medium target models across NLP benchmarks (GLUE, SQuAD) and deployment on Qualcomm Snapdragon 888, Apple A15 Bionic, and STM32H7 microcontroller platforms. We characterize the accuracy-compression trade-off surface for each technique individually and in combination, finding that hybrid pipelines combining 4-bit quantization with structured pruning at 40% sparsity achieve 6.2x model size reduction and 4.1x inference speedup on Snapdragon 888 at less than 3% accuracy degradation on GLUE. On the STM32H7 microcontroller, task-specific distilled models achieve viable inference at 380ms per token under severe 256KB RAM constraints. We introduce the Edge Deployment Efficiency Index (EDEI) that normalizes accuracy retention against inference latency, memory footprint, and energy consumption, and release a reproducible compression pipeline toolkit supporting all three techniques. This work provides the most comprehensive empirical guide to LLM edge deployment to date.

Chukwuemeka Aneke, Sofia Bergqvist, Keiji Matsumoto, Salma Benali· Apr 2022· 478 citations
Journal Article Open Access Software Engineering

Chaos Engineering in Production: Systematic Fault Injection as a DevOps Reliability Practice — Evidence from Microservices Deployments at Scale

Chaos engineering — the discipline of deliberately injecting faults into production systems to uncover latent weaknesses before they cause customer-impacting failures — has matured from an experimental practice pioneered by Netflix into a mainstream reliability engineering methodology. Yet its systematic integration into DevOps workflows and its measured effects on system reliability at scale remain understudied in the academic literature. This paper presents findings from a three-year longitudinal study of chaos engineering adoption across five organizations operating microservices platforms at scale (ranging from 80 to 1,400 services). We analyze 2,847 chaos experiments conducted across these organizations, categorized by fault type, blast radius, hypothesis quality, and outcome. Our analysis shows that well-formulated chaos experiments with defined steady-state hypotheses uncovered actionable weaknesses in 67% of cases. Organizations with mature chaos programs (>50 experiments per quarter) exhibited 78% fewer severity-1 incidents per deployment compared to organizations without chaos programs. We introduce the Chaos Experiment Quality Score (CEQS), a composite metric for assessing experiment design rigor, and demonstrate its correlation with actionable outcome rate. We also identify the three most impactful fault categories — network partition, resource exhaustion, and dependency timeout — accounting for 71% of all discovered weaknesses.

Tunde Afolabi, Ingrid Petersen, Zhou Weiming, Catalina Iorga· Apr 2022· 481 citations
Journal Article Subscription Software Engineering

Event-Driven Architecture and DevOps: Operational Patterns for Kafka-Based Microservices Pipelines, Consumer Group Management, and Schema Registry Governance

Event-driven architectures (EDA) based on distributed streaming platforms such as Apache Kafka have become ubiquitous in high-throughput microservices deployments, yet the DevOps practices required to reliably build, deploy, and operate EDA systems remain poorly documented in the academic literature. This paper characterizes the DevOps operational patterns specific to Kafka-based EDA systems, drawing on case studies of five organizations operating Kafka clusters processing between 500 million and 12 billion events daily. We identify and systematize 19 EDA-specific DevOps patterns organized into four categories: Deployment Patterns (schema-compatible rolling upgrades, consumer lag-aware deployment gates), Observability Patterns (consumer group lag monitoring, dead letter queue alerting, schema compatibility drift detection), Governance Patterns (schema registry lifecycle management, topic naming conventions, retention policy automation), and Resilience Patterns (chaos-tested consumer rebalancing, idempotent consumer design, poison pill handling). We evaluate these patterns against three operational outcome dimensions — message delivery reliability, deployment-induced consumer lag, and schema evolution incident rate — using telemetry data from the case study organizations. Organizations implementing the full pattern set achieve 99.994% message delivery reliability and zero schema-induced consumer failures across 18 months of observation. We provide a Kafka DevOps Maturity Assessment and an open-source toolchain configuration reference.

Oluwatobi Akinola, Stefan Nordström, Yutaka Kimura, Sofia Costa· Feb 2022· 312 citations
Journal Article Open Access Autonomous Systems

Formal Safety Verification for Autonomous Vehicle Decision-Making Systems: Temporal Logic Specification, Model Checking, and Runtime Monitoring of Highway Merge and Intersection Scenarios

The deployment of autonomous vehicles in public road environments requires safety assurances that go beyond empirical testing-based approaches, whose coverage limitations are well-documented in the context of rare but catastrophic edge case scenarios. Formal verification methods -- which mathematically prove that system behavior satisfies specified safety properties for all possible inputs within a defined operating domain -- offer complementary guarantees, but their application to the complex, continuous, and probabilistic decision-making systems of autonomous vehicles presents significant scalability and modeling challenges. This paper presents a formal safety verification framework for autonomous vehicle decision-making, applied to two safety-critical scenarios: highway lane change and merge execution, and unprotected intersection crossing. We formalize safety properties in Signal Temporal Logic (STL) and Linear Temporal Logic (LTL), covering collision avoidance, traffic law compliance, progress guarantees, and passenger comfort bounds. Model checking is performed using Uppaal and SpaceEx for hybrid automaton models of the decision system, while runtime monitoring uses a custom STL monitor integrated into the Robot Operating System (ROS2) execution environment. The framework identifies 7 previously undetected safety violation scenarios in a production-candidate decision system, including a highway merge deadlock under specific sensor degradation and adversarial driver behavior combinations. We discuss the fundamental limitations of formal verification for open-world AV operation and propose a hybrid formal-statistical safety assurance methodology addressing these limitations.

Adaeze Nwosu, Emma Lindgren, Takashi Fujita, Yasmin Mansour· Jan 2022· 378 citations
Journal Article Open Access Software Engineering

Trunk-Based Development at Scale: Empirical Analysis of Branching Strategy Impact on Integration Frequency, Merge Conflict Rate, and Delivery Performance

Branching strategy is a foundational DevOps decision that determines the cadence of integration, the severity of merge conflicts, and the attainability of continuous integration as defined by its original proponents. Despite the strong advocacy in practitioner literature for trunk-based development (TBD) over long-lived branch strategies such as GitFlow, rigorous empirical evidence comparing their delivery performance consequences has been limited. This paper addresses this gap through a large-scale empirical study of 30 engineering organizations across six industries, combining pipeline telemetry analysis with practitioner surveys (n=529) and structured interviews. We operationalize six delivery performance metrics for comparison: integration frequency, merge conflict rate, build failure rate, time to green build, deployment frequency, and change failure rate. Organizations practicing TBD with feature flags exhibit statistically significantly higher integration frequency (mean 14.2 integrations per developer per week vs 1.8 for GitFlow), lower merge conflict rates (0.12 vs 0.89 conflicts per pull request), and 48% higher deployment frequency. Subgroup analysis reveals that TBD benefits are amplified in teams larger than 8 engineers and in systems with more than 40 microservices. We also identify four TBD adoption prerequisites — feature flag infrastructure, fast build pipelines, comprehensive automated test suites, and code review tooling maturity — and provide a readiness assessment instrument.

Chukwudi Eze, Anna Lindqvist, Hiroki Yamamoto, Catarina Sousa· Oct 2021· 421 citations
Journal Article Subscription Internet of Things

Digital Twin Architectures for Industrial IoT: Real-Time Synchronization, Predictive Maintenance Modeling, and Cybersecurity Threat Surfaces in Manufacturing Environments

Digital twins -- real-time virtual representations of physical assets synchronized through continuous IoT sensor data streams -- have emerged as a transformative paradigm in industrial manufacturing, enabling predictive maintenance, process optimization, and remote operations at a fidelity previously unattainable. This paper presents a comprehensive technical framework for industrial IoT digital twin architecture, addressing three interrelated engineering challenges: real-time synchronization fidelity under constrained industrial network conditions, predictive maintenance model accuracy for rotating machinery, and cybersecurity threat surface analysis specific to digital twin deployments. We evaluate three synchronization architectures -- push-based MQTT streaming, pull-based REST polling, and event-sourced CQRS -- across five industrial network scenarios including OPC-UA over Ethernet, PROFINET, and 4G LTE-M backhaul, measuring synchronization latency, data completeness, and bandwidth efficiency. For predictive maintenance, we compare physics-informed neural networks against purely data-driven LSTM models for bearing failure prediction, finding that physics-informed approaches achieve 94.1% prediction accuracy at 72-hour forecast horizons versus 87.3% for LSTM, with significantly lower training data requirements. The cybersecurity analysis identifies 14 attack vectors specific to digital twin architectures, including twin poisoning through sensor data spoofing and model inversion attacks targeting physical process parameters, and proposes a Digital Twin Security Framework with mitigation strategies for each.

Ifenna Okwu, Hanna Larsson, Ryo Inoue, Laila Hassan· Oct 2021· 367 citations
1234569