Axiom Gateway
Join
Latest
Call for Papers: Vol. 42 closes 30 JuneNew: Quantum Security Summit registration openAxiom Standard 7042-2024 now ratifiedGrant cycle 2025 — $4.2M committedFellows election voting opens 15 JulyCall for Papers: Vol. 42 closes 30 JuneNew: Quantum Security Summit registration openAxiom Standard 7042-2024 now ratifiedGrant cycle 2025 — $4.2M committedFellows election voting opens 15 July
Digital Library

Research Archive

Search across 2.4 million peer-reviewed documents from journals, conferences, and standards.

Showing 80 of 2,418,902 results

Journal Article Open Access Blockchain

Smart Contract Vulnerability Analysis: Automated Detection of Reentrancy, Integer Overflow, and Access Control Flaws in Ethereum Solidity Codebases

Smart contracts deployed on public blockchain platforms such as Ethereum execute autonomously and immutably, meaning that security vulnerabilities discovered post-deployment cannot be patched without costly migration procedures -- a constraint that elevates pre-deployment security analysis to critical importance. This paper presents SmartGuard, a hybrid static-symbolic analysis framework for automated detection of smart contract vulnerabilities, evaluated against a dataset of 48,000 verified Solidity contracts drawn from the Ethereum mainnet. SmartGuard combines abstract syntax tree analysis, control flow graph construction, and bounded symbolic execution to detect six vulnerability classes: reentrancy, integer overflow and underflow, timestamp dependence, unprotected self-destruct, access control misconfigurations, and front-running susceptibility. On a labeled benchmark of 2,400 contracts with ground-truth vulnerability annotations, SmartGuard achieves 91.2% precision and 87.6% recall for reentrancy detection and 88.4% precision and 83.1% recall averaged across all six vulnerability classes, outperforming Mythril, Slither, and Oyente on four of six categories. We analyze the 48,000 mainnet contracts and find that 23.4% contain at least one high-severity vulnerability, with integer overflow (14.1%) and access control misconfiguration (9.3%) being the most prevalent. We release SmartGuard as an open-source tool and discuss implications for smart contract audit workflows and DeFi protocol governance.

Obiora Okeke, Sofia Lindqvist, Kenji Nakamura, Yasmin Hassan· May 2018· 498 citations
Journal Article Open Access Software Engineering

Site Reliability Engineering Practices in DevOps Organizations: Service Level Objectives, Error Budgets, and the Reliability-Velocity Trade-off

Site Reliability Engineering (SRE), as formalized by Google, proposes a principled framework for managing the tension between system reliability and deployment velocity through the use of Service Level Objectives (SLOs) and error budgets. Despite widespread adoption of SRE terminology, rigorous empirical investigation of how organizations operationalize SRE principles — and with what outcomes — remains limited. This paper presents findings from a cross-sectional study of 22 organizations that have formally adopted SRE practices, using surveys (n=341), pipeline instrumentation data analysis, and structured interviews with SRE team leads. We find significant heterogeneity in SRE implementation: only 38% of organizations claiming SRE adoption have defined SLOs with error budget enforcement mechanisms; the remainder use SLO-like metrics purely for dashboarding without consequential decision-making authority. Organizations with enforced error budgets exhibit statistically significant reductions in both critical incident frequency (–44%) and deployment-related rollbacks (–39%) compared to SRE-nominal organizations. We introduce the SRE Implementation Fidelity Score (SIFS) to characterize the gap between claimed and operational SRE maturity, and demonstrate its predictive validity against reliability outcomes. We also examine the organizational design question of embedded versus centralized SRE teams, finding that embedded models achieve faster incident response but higher knowledge fragmentation.

Chiamaka Eze, Lars Eriksson, Yosuke Fujita, Beatriz Almeida· Feb 2018· 487 citations
Journal Article Subscription Distributed Systems

Consensus Algorithm Performance in Byzantine Fault-Tolerant Distributed Systems: Comparative Analysis of PBFT, HotStuff, and Tendermint Under Adversarial Network Conditions

Byzantine Fault Tolerant (BFT) consensus algorithms are foundational to the correctness of distributed ledger systems, permissioned blockchain networks, and replicated state machines in adversarial environments. The theoretical properties of leading BFT protocols are well-established, yet their comparative performance under realistic network adversary models -- including network partitions, message delays, and active Byzantine behavior -- remains undercharacterized in empirical literature. This paper presents a controlled experimental evaluation of three BFT consensus protocols -- Practical BFT (PBFT), HotStuff, and Tendermint -- across five adversary scenario categories: crash failures only, Byzantine equivocation, network partition (minority and majority), variable message delay (50ms-2000ms), and compound adversarial conditions. Experiments are conducted on a 100-node WAN testbed spanning AWS regions in three continents. HotStuff achieves the highest throughput (12,400 TPS) under benign conditions and the most graceful throughput degradation under Byzantine equivocation attacks (47% throughput retention at f=10 faulty nodes). PBFT exhibits the lowest latency at low node counts (4-node median finality 98ms) but degrades superlinearly with cluster size. Tendermint demonstrates the best liveness under network partition conditions due to its timeout-based leader rotation. We introduce the BFT Protocol Resilience Score (BPRS) and provide a protocol selection matrix mapping deployment scenario characteristics to optimal protocol choice.

Obinna Eze, Marcus Bergstrom, Kenji Yoshida, Leila El-Amin· Feb 2018· 412 citations
Journal Article Open Access Internet of Things

Lightweight Cryptographic Protocols for Resource-Constrained IoT Devices: Performance Benchmarking of PRESENT, SIMON, SPECK, and ChaCha20 on ARM Cortex-M Microcontrollers

The deployment of cryptographic security protocols on resource-constrained IoT devices -- characterized by limited CPU clock speeds (typically 8-120 MHz), kilobytes of RAM, and stringent energy budgets -- demands careful selection of cryptographic primitives that balance security assurance with computational and energy overhead. This paper presents a rigorous benchmarking study of four lightweight cryptographic algorithms -- PRESENT (block cipher), SIMON and SPECK (NSA lightweight cipher family), and ChaCha20 (stream cipher) -- implemented on four representative ARM Cortex-M microcontroller platforms: STM32L0, STM32F4, nRF52832, and SAMD21. Each implementation is evaluated across six performance dimensions: encryption throughput (bytes per second), energy consumption per kilobyte encrypted (microjoules), code size (bytes), RAM footprint, side-channel attack resistance profile, and implementation complexity. ChaCha20 achieves the highest throughput on 32-bit Cortex-M4 platforms (4.2 MB/s at 3.3V), while PRESENT demonstrates the lowest energy consumption on 8-bit equivalent Cortex-M0 platforms. We introduce a Cryptographic Suitability Index (CSI) that aggregates performance dimensions weighted by IoT deployment profile (battery life vs throughput vs security assurance priority) and provide a deployment decision matrix covering 12 common IoT use case categories. This work provides IoT architects with empirically grounded primitives selection guidance calibrated to production hardware constraints.

Emeka Eze, Linnea Karlsson, Taro Yamashita, Nour El-Din Mansour· Dec 2017· 334 citations
Journal Article Open Access Computer Vision

Real-Time Object Detection for Embedded Vision Systems: Architectural Comparison of YOLO, SSD, and MobileNet-SSD on NVIDIA Jetson and Raspberry Pi Platforms

Real-time object detection on embedded vision platforms -- required for applications including autonomous mobile robots, industrial quality inspection, and smart camera systems -- demands neural network architectures that balance detection accuracy, inference latency, and power consumption within the constraints of embedded hardware. This paper presents a comprehensive empirical evaluation of three real-time detection architecture families -- YOLOv3, Single Shot Detector (SSD), and MobileNet-SSD -- on two representative embedded platforms: NVIDIA Jetson Nano and Raspberry Pi 4B with Coral USB Accelerator. Each architecture is evaluated under five optimization conditions: FP32 baseline, FP16 mixed precision, INT8 post-training quantization, INT8 quantization-aware training, and TensorRT engine optimization. On Jetson Nano, YOLOv3-Tiny with TensorRT INT8 optimization achieves 47.3 FPS at 58.4 mAP on COCO, versus 28.1 FPS at 71.2 mAP for full YOLOv3. MobileNet-SSD with Coral USB acceleration achieves 89 FPS on Raspberry Pi 4B at 53.7 mAP, making it the preferred choice for power-constrained mobile deployments. We introduce the Embedded Vision Deployment Score (EVDS) that weights accuracy, throughput, power draw, and memory footprint according to four deployment profile templates, and provide a model selection decision tree for common embedded vision scenarios. Quantitative energy profiling data for all configurations is released to support green computing analysis in edge vision system design.

Ifeanyi Okonkwo, Sofia Holm, Yutaka Tanaka, Nour Mansour· Sep 2017· 445 citations
Journal Article Subscription Cloud Computing

Container Orchestration at Scale: A Comparative Analysis of Kubernetes, Docker Swarm, and Apache Mesos in Production DevOps Workflows

Container orchestration platforms have become the operational backbone of cloud-native DevOps pipelines, yet rigorous comparative evaluations under realistic production conditions remain scarce in the literature. This paper presents a controlled experimental evaluation of three leading orchestration platforms — Kubernetes, Docker Swarm, and Apache Mesos — across five operational dimensions: resource utilization efficiency, fault recovery latency, horizontal scaling responsiveness, network throughput under load, and operational complexity. Experiments were conducted using a standardized microservices benchmark suite deployed on identical cloud infrastructure across AWS, GCP, and Azure. We additionally surveyed 215 DevOps practitioners to assess real-world operational complexity perceptions. Kubernetes demonstrated superior fault recovery and scaling capabilities, achieving 99.97% uptime across 72-hour stress tests, but incurred the highest operational complexity score. Docker Swarm offered the fastest onboarding profile for small teams. Mesos excelled in heterogeneous workload co-location. We provide a decision matrix to guide platform selection based on organizational size, workload profile, and engineering maturity, and discuss emerging patterns such as service mesh integration and GitOps-driven cluster management.

Jerome Fontaine, Aisha Nakamura, Stefan Gruber, Kwabena Asante-Mensah· Sep 2017· 389 citations
Journal Article Subscription Software Engineering

Feature Flags and Progressive Delivery: Architecture, Risk Management, and Operational Patterns for Controlled Software Rollouts in DevOps

Feature flags — runtime configuration mechanisms that enable or disable application functionality without code deployment — have emerged as a cornerstone of progressive delivery strategies in mature DevOps organizations. This paper presents a comprehensive treatment of feature flag architectures, operational patterns, and risk management considerations, grounded in a practitioner survey (n=298) and seven in-depth organizational case studies. We propose a Feature Flag Classification Taxonomy distinguishing five flag types — Release Flags, Experiment Flags, Operational Flags, Permission Flags, and Kill Switches — and characterize appropriate lifecycle management for each. A central empirical contribution is our analysis of feature flag technical debt: 74% of organizations in our survey reported accumulating stale flags that degraded codebase clarity, with a mean flag retirement lag of 47 days beyond intended expiry. We quantify the cognitive overhead of unmanaged flag proliferation and introduce the Feature Flag Debt Index (FFDI) as a measurable proxy for this risk. Case studies examine progressive delivery patterns including canary releases, dark launches, A/B deployments, and ring-based rollouts, evaluating their risk profiles and organizational prerequisites. We provide an architectural reference for feature flag management systems and evaluate leading platforms — LaunchDarkly, Unleash, and Flagsmith — against a standardized capability matrix.

Ifeanyi Obasi, Petra Kowalczyk, Hiromi Tanaka, Gabriel Santos· May 2017· 318 citations
Journal Article Open Access Privacy Engineering

Differential Privacy in Practice: Implementation Patterns, Utility-Privacy Trade-off Characterization, and Deployment Lessons from Production Analytics Systems

Differential privacy (DP) provides mathematically rigorous guarantees against individual-level inference from aggregate statistical releases, yet the gap between its theoretical formulation and its practical deployment in production analytics systems involves a set of engineering decisions -- epsilon budget management, sensitivity calibration, composition accounting, and post-processing strategies -- that are poorly characterized in the academic literature. This paper reports implementation and deployment experience from three production DP deployments: a national population health analytics system, a financial behavioral segmentation pipeline, and a mobility pattern analysis platform. Each deployment is analyzed through the lens of five DP engineering concerns: epsilon budget policy governance, local versus central DP architecture selection, mechanism selection for different query types (Laplace for numeric, Randomized Response for categorical, Gaussian for ML gradient aggregation), composition theorem selection (basic, advanced, zero-concentrated), and utility measurement under operational query distributions. We find that production epsilon budgets cluster between 1.0 and 10.0 across all three deployments despite theoretical guidance suggesting epsilon below 1.0, driven by utility constraints that render lower epsilon settings unacceptable to data consumers. We introduce the DP Deployment Readiness Framework (DDRF) comprising 22 engineering decisions with empirically-grounded guidance for each, and quantify the utility cost of DP adoption as a function of dataset size, query complexity, and epsilon budget across representative analytical workload types.

Chidinma Okafor, Lars Bergqvist, Hiroshi Ito, Yasmin El-Masri· Feb 2017· 398 citations
Journal Article Open Access Software Engineering

Measuring DevOps Effectiveness: Toward a Unified Key Performance Indicator Framework for Software Delivery Organizations

Despite the widespread adoption of DevOps practices, organizations continue to struggle with quantifying the business value of their DevOps investments. Existing measurement frameworks tend to conflate process metrics with outcome metrics, leading to misleading assessments of organizational performance. This paper proposes a Unified DevOps KPI Framework (UDKF) that distinguishes between four measurement tiers: delivery throughput, system reliability, team effectiveness, and business impact. The framework is grounded in a Delphi study involving 52 industry experts and validated through application at seven mid-to-large software organizations over a period of nine months. We demonstrate that organizations leveraging UDKF achieve statistically significant improvements in stakeholder alignment, with a 38% reduction in disagreement between engineering leads and product owners regarding performance assessments. The paper also introduces a composite DevOps Performance Index (DPI) that aggregates tier-level signals into a single interpretable score, enabling longitudinal benchmarking. Our work directly addresses the measurement gap that undermines executive confidence in DevOps transformation programs.

Yvonne Adler, Rajesh Krishnamurthy, Paul Nkemdirim, Fiona Castellan· Feb 2017· 445 citations
16789