Axiom Gateway
Join
Latest
Call for Papers: Vol. 42 closes 30 JuneNew: Quantum Security Summit registration openAxiom Standard 7042-2024 now ratifiedGrant cycle 2025 — $4.2M committedFellows election voting opens 15 JulyCall for Papers: Vol. 42 closes 30 JuneNew: Quantum Security Summit registration openAxiom Standard 7042-2024 now ratifiedGrant cycle 2025 — $4.2M committedFellows election voting opens 15 July
Digital Library

Research Archive

Search across 2.4 million peer-reviewed documents from journals, conferences, and standards.

Showing 8 of 2,418,902 results

Journal Article Open Access Software Engineering

Trunk-Based Development at Scale: Empirical Analysis of Branching Strategy Impact on Integration Frequency, Merge Conflict Rate, and Delivery Performance

Branching strategy is a foundational DevOps decision that determines the cadence of integration, the severity of merge conflicts, and the attainability of continuous integration as defined by its original proponents. Despite the strong advocacy in practitioner literature for trunk-based development (TBD) over long-lived branch strategies such as GitFlow, rigorous empirical evidence comparing their delivery performance consequences has been limited. This paper addresses this gap through a large-scale empirical study of 30 engineering organizations across six industries, combining pipeline telemetry analysis with practitioner surveys (n=529) and structured interviews. We operationalize six delivery performance metrics for comparison: integration frequency, merge conflict rate, build failure rate, time to green build, deployment frequency, and change failure rate. Organizations practicing TBD with feature flags exhibit statistically significantly higher integration frequency (mean 14.2 integrations per developer per week vs 1.8 for GitFlow), lower merge conflict rates (0.12 vs 0.89 conflicts per pull request), and 48% higher deployment frequency. Subgroup analysis reveals that TBD benefits are amplified in teams larger than 8 engineers and in systems with more than 40 microservices. We also identify four TBD adoption prerequisites — feature flag infrastructure, fast build pipelines, comprehensive automated test suites, and code review tooling maturity — and provide a readiness assessment instrument.

Chukwudi Eze, Anna Lindqvist, Hiroki Yamamoto, Catarina Sousa· Oct 2021· 421 citations
Journal Article Subscription Internet of Things

Digital Twin Architectures for Industrial IoT: Real-Time Synchronization, Predictive Maintenance Modeling, and Cybersecurity Threat Surfaces in Manufacturing Environments

Digital twins -- real-time virtual representations of physical assets synchronized through continuous IoT sensor data streams -- have emerged as a transformative paradigm in industrial manufacturing, enabling predictive maintenance, process optimization, and remote operations at a fidelity previously unattainable. This paper presents a comprehensive technical framework for industrial IoT digital twin architecture, addressing three interrelated engineering challenges: real-time synchronization fidelity under constrained industrial network conditions, predictive maintenance model accuracy for rotating machinery, and cybersecurity threat surface analysis specific to digital twin deployments. We evaluate three synchronization architectures -- push-based MQTT streaming, pull-based REST polling, and event-sourced CQRS -- across five industrial network scenarios including OPC-UA over Ethernet, PROFINET, and 4G LTE-M backhaul, measuring synchronization latency, data completeness, and bandwidth efficiency. For predictive maintenance, we compare physics-informed neural networks against purely data-driven LSTM models for bearing failure prediction, finding that physics-informed approaches achieve 94.1% prediction accuracy at 72-hour forecast horizons versus 87.3% for LSTM, with significantly lower training data requirements. The cybersecurity analysis identifies 14 attack vectors specific to digital twin architectures, including twin poisoning through sensor data spoofing and model inversion attacks targeting physical process parameters, and proposes a Digital Twin Security Framework with mitigation strategies for each.

Ifenna Okwu, Hanna Larsson, Ryo Inoue, Laila Hassan· Oct 2021· 367 citations
Journal Article Subscription Network Engineering

Programmable Networks at Scale: P4-Based Data Plane Programming, In-Network Computation, and Offloading Strategies for Stateful Network Functions in 400G Data Center Fabrics

Programmable data planes, enabled by the P4 domain-specific language and supporting hardware including Barefoot Tofino and Intel IPU platforms, have enabled a paradigm shift in network function implementation -- from software running on general-purpose servers to compiled programs executing at line rate within network switch ASICs. This paper presents a systematic investigation of in-network computation design patterns and their performance benefits for a representative set of stateful network functions in data center fabric environments. We design and evaluate P4 implementations of five network functions -- consistent hashing load balancer, stateful DDoS rate limiter, network telemetry collector with sketch-based traffic analytics, key-value cache for hot-object acceleration, and congestion control assistance with ECN marking -- on Barefoot Tofino and a software P4 emulation environment using the P4PI framework. In-network load balancing achieves 97 percent of hardware line rate throughput at 400 Gbps per port with sub-microsecond latency, versus 12 Gbps maximum throughput for the equivalent Linux kernel IPVS implementation. The in-network DDoS rate limiter enforces per-flow rate limits across 100,000 simultaneous flows with less than 0.3 percent false positive rate. We introduce the In-Network Offload Suitability Framework (INOSF) that characterizes which network function properties -- state size, update rate, operation complexity, and match-action fit -- determine feasibility and performance benefit of P4 offloading, providing data center network architects with principled offloading decision guidance.

Tochukwu Okafor, Lars Svensson, Kenji Inoue, Nour El-Din Benali· Jul 2021· 298 citations
Journal Article Open Access Software Engineering

Platform Engineering as an Organizational Capability: Internal Developer Platforms, Golden Paths, and Developer Experience Outcomes

As organizations scale their DevOps practices, the proliferation of tools, configurations, and operational responsibilities borne by individual development teams has created a phenomenon known as "cognitive overhead inflation" — a condition where the non-functional burden on developers impedes rather than enables delivery speed. Platform engineering has emerged as an organizational response to this challenge, centralizing infrastructure tooling into curated Internal Developer Platforms (IDPs) that provide development teams with self-service access to standardized golden paths. This paper presents a mixed-methods study of platform engineering adoption across 11 organizations, combining practitioner interviews (n=78) with pre/post quantitative measurement of developer experience (DevEx) metrics. We find that organizations with mature IDPs report 49% higher developer satisfaction scores, 41% reduction in environment provisioning time, and 34% decrease in on-call escalations attributable to infrastructure misconfiguration. We introduce the Platform Engineering Capability Model (PECM), which characterizes IDP maturity across five dimensions: Self-Service Coverage, Abstraction Quality, Observability Integration, Security Posture Automation, and Developer Feedback Loops. This work establishes platform engineering as a first-class organizational capability distinct from traditional DevOps tooling and provides empirically grounded design principles for IDP construction.

Olawale Adesanya, Miriam Schultz, Tadashi Inoue, Rebecca Fernandez-Cruz· Jul 2021· 376 citations
Journal Article Open Access Data Engineering

Lakehouse Architecture: Unifying Data Lake Flexibility and Data Warehouse Reliability Through Delta Lake, Apache Iceberg, and Apache Hudi Transaction Layers

The traditional separation of enterprise data platforms into analytical data warehouses and raw data lakes -- each optimized for different workload types and managed by distinct teams -- has created organizational and technical friction that impedes time-to-insight for analytical consumers. The Lakehouse architecture, which adds ACID transaction semantics, schema enforcement, and time travel capabilities to data lake storage through open table format layers, promises to unify these paradigms. This paper presents the first systematic academic evaluation of Lakehouse architectures, comparing three leading open table format implementations -- Delta Lake, Apache Iceberg, and Apache Hudi -- across six operational dimensions: ACID transaction correctness, concurrent write throughput, schema evolution flexibility, time travel query performance, storage efficiency, and ecosystem compatibility. Evaluations are conducted on a 50-node Spark cluster processing a 20TB synthetic dataset with real-world distribution characteristics derived from a financial institution data platform. Delta Lake achieves the highest concurrent write throughput (340 transactions/second) and strongest ecosystem compatibility. Iceberg demonstrates superior schema evolution flexibility and cross-engine portability. Hudi delivers the lowest storage overhead for change-heavy workloads through its record-level upsert optimization. We introduce the Lakehouse Platform Fitness Score (LPFS) and provide a selection framework based on workload mix, team expertise, and ecosystem lock-in tolerance.

Adaeze Okonjo, Erik Carlsson, Masahiro Fujita, Ana Lopes· Apr 2021· 436 citations
Journal Article Open Access Software Engineering

Zero-Downtime Deployment Architectures: Blue-Green, Rolling, and Canary Strategies Under Stateful Service Constraints

Zero-downtime deployment is a foundational requirement for high-availability systems, yet achieving it under real-world conditions — involving stateful services, database schema changes, distributed transactions, and session state management — is considerably more complex than the simplified presentations common in practitioner tooling documentation. This paper presents an empirical evaluation of three primary zero-downtime deployment patterns — Blue-Green, Rolling Update, and Canary — across stateful and stateless service categories, using a controlled experimental environment replicating production conditions at a mid-scale e-commerce platform. We measure six deployment outcome dimensions: user-perceived error rate during deployment, rollback latency, resource overhead, data consistency incident rate, deployment duration, and blast radius containment. Blue-Green deployments achieve the fastest rollback (mean 47 seconds) but incur the highest resource overhead (2× baseline). Rolling updates minimize resource overhead but exhibit the highest data consistency incident rate under concurrent schema migration scenarios. Canary deployments offer the best blast radius containment with moderate rollback speed, but require sophisticated traffic routing and observability instrumentation. We introduce a Deployment Pattern Selection Matrix that maps service statefulness, data migration complexity, rollback tolerance, and resource budget to optimal pattern selection. Real-world case evidence from three production deployments is used to validate the matrix.

Seun Adeyemo, Frida Carlsson, Kenji Ishida, Mariana Ferreira· Apr 2021· 369 citations
Journal Article Open Access Blockchain

Decentralized Finance Protocol Security: Formal Verification of Automated Market Maker Invariants, Flash Loan Attack Surfaces, and Governance Mechanism Vulnerabilities

Decentralized Finance (DeFi) protocols collectively managing hundreds of billions of dollars in on-chain value have suffered over 3.8 billion USD in losses to exploits between 2020 and 2022, with a significant proportion attributable to formally verifiable protocol invariant violations. This paper presents a formal verification framework for DeFi protocol security, applied to three core protocol categories: Automated Market Makers (AMMs), lending protocols, and governance systems. Using the K Framework for reachability logic verification and the Certora Prover for Solidity specification checking, we formalize and verify 34 safety properties across Uniswap V3 AMM invariants, Compound lending protocol solvency conditions, and Governor Bravo governance mechanism integrity. Formal verification identifies 7 previously undisclosed vulnerability classes, including a novel AMM sandwich attack surface arising from tick-boundary liquidity discontinuities and a governance quorum bypass exploitable through flash loan-amplified voting. We introduce the DeFi Protocol Security Score (DPSS), a composite metric aggregating formal property coverage, attack surface exposure, and economic incentive alignment, and apply it to rate 18 production DeFi protocols. We release formal specifications and verification toolchains as open-source artifacts to lower the barrier for security-rigorous DeFi protocol development.

Tunde Adesanya, Frida Lindberg, Takashi Okamoto, Mariam Khalil· Jan 2021· 509 citations
Journal Article Open Access Healthcare Informatics

DevOps in Regulated Industries: Reconciling Deployment Agility with Compliance Requirements in Healthcare IT Systems

Healthcare IT organizations face a unique tension: the operational benefits of DevOps demand deployment agility, while regulatory frameworks such as HIPAA, FDA 21 CFR Part 11, and SOX impose stringent change management, audit trail, and validation requirements that are difficult to reconcile with continuous delivery practices. This paper presents a systematic examination of this tension through a combination of regulatory analysis and a cross-sectional survey of 198 healthcare IT practitioners. We identify 23 specific regulatory requirements that conflict with or require adaptation of standard DevOps practices, and categorize them into four conflict types: Change Velocity Conflicts, Evidence Integrity Conflicts, Environment Separation Conflicts, and Accountability Attribution Conflicts. We then evaluate four regulatory-DevOps reconciliation strategies — Compliance-as-Code, Immutable Audit Pipelines, Policy-Gated Deployment Gates, and Automated Validation Evidence Generation — through case evidence from three healthcare organizations that have achieved both compliance and DevOps maturity. Our analysis demonstrates that all four conflict types are addressable through thoughtful toolchain design, and that compliance instrumentation can be largely automated without sacrificing delivery speed. We provide a compliance-aware DevOps implementation blueprint validated against the identified regulatory requirements.

Adaeze Obi, Patrick Steinmann, Lisa Johansson, Manish Gupta· Jan 2021· 412 citations