Updating service-based software systems in air-gapped environments

Abstract

Contemporary component-based systems often manifest themselves as service-based architectures, where a central activity is the management of their software updates. However, stringent security constraints in mission-critical settings often impose compulsory network isolation among systems, also known as an air gap; a prevalent choice in different sectors including private, public or governmental organizations. This raises several issues involving updates, stemming from the fact that controlling the update procedure of a distributed service-based system centrally and remotely is precluded by network isolation policies. A dedicated software architecture is thus required, where key themes are: dependability of the update process, interoperability with respect to the software supported and auditability regarding update actions previously performed.We adopt an architectural viewpoint and present a technical framework for updating service-based systems in air-gapped environments. We describe the particularities of the domain characterized by network isolation and provide suitable notations for service versions, whereupon satisfiability is leveraged for dependency resolution; those are situated within an overall architectural design. Finally, we evaluate the proposed framework over a real case study of an international organization, and assess the performance of the dependency resolution procedures for practical problem sizes.