Editorial: Reliable and secure system software in emerging cloud and distributed environments

1 Introduction

The growing reliance on cloud and distributed computing systems has redefined the landscape of modern computing. These systems offer scalability, flexibility, and high availability, but they also introduce new challenges in terms of reliability and security. From cloud-edge integration and container orchestration to real-time scheduling and communication protocols, system software must now be designed to withstand complex attack surfaces while maintaining dependable performance.

This Research Topic, Reliable and Secure System Software in Emerging Cloud and Distributed Environment, brings together recent advances that address these challenges. The contributing works explore new techniques in secure computation, authentication, system reliability, and integrity verification. Together, they provide a cross-layer view of how reliability and security can be co-designed in next-generation distributed infrastructures.

1.1 SmartNIC-accelerated homomorphic encryption for federated learning

Choi et al. present FedNIC, a system that enhances privacy-preserving federated learning (FL) by offloading homomorphic encryption (HE) operations onto SmartNICs—programmable smart network interface cards. Federated learning enables distributed model training without sharing raw data, but incorporating HE to protect model weights introduces heavy computational overhead on client devices. FedNIC addresses this bottleneck by leveraging SmartNICs as dedicated hardware accelerators for encryption and decryption, thereby freeing up host CPU cycles for the learning task itself. Furthermore, by isolating the encryption engine in a separate security domain, FedNIC strengthens the overall threat model: even if the host is compromised, the encryption keys and methods remain protected on the SmartNIC. Experimental results demonstrate a reduction of up to 25% in host CPU utilization with no loss in model accuracy, establishing a promising paradigm for making privacy-preserving FL practical in resource-constrained edge and cloud environments.

1.2 A multi-attribute risk assessment framework for cloud-native infrastructures

Hafiz Hersyah et al. proposes Fuzzyfortify, a multi-attribute risk assessment framework tailored to cloud-native infrastructures that integrates FIDO2-based multi-factor authentication (MFA) with Kubernetes and Docker container orchestration. The framework combines three methodological pillars: a modified Fuzzy Analytical Hierarchy Process (Fuzzy AHP), which aggregates expert judgments to prioritize the six CIA-AAN security criteria (Confidentiality, Integrity, Availability, Authentication, Authorization, and Non-repudiation), a Domain Mapping Matrix (DMM) enhanced with Singular Value Decomposition to quantify structural complexity across components, interfaces, and architectural layers, and a fuzzy logic system, which incorporates real-world CVE-derived threat intelligence to produce context-aware risk scores. When applied to five adversarial techniques drawn from MITRE ATT&CK, the framework differentiated risk levels with actionable granularity, identifying data destruction and resource hijacking as high-level risks while classifying denial-of-service variants as medium-level, thereby bridging the gap between technical risk modeling and operational defense planning.

1.3 Unsupervised alarm analysis and root cause localization in networks

Li et al. addresses the challenge of managing massive alarm volumes in large-scale communication networks. As 5G networks expand, millions of alarms are generated daily, many of which are redundant or correlated, overwhelming operations and maintenance (O&M) teams. The authors propose an unsupervised alarm analysis framework that operates in two stages: an offline learning procedure that mines historical alarm associations through co-occurrence probability models and content similarity analysis to build a probabilistic directed acyclic graph of alarm relationships; and an online analysis procedure that compresses real-time alarms by matching them against learned association patterns and infers root causes using a PageRank-based heuristic. When evaluated on real telecom operator data, the method achieved over 91% accuracy in alarm association, reduced redundant alarms by over 62%, and attained 95% accuracy in root cause localization for microservice fault data, demonstrating the viability of Artificial Intelligence for IT Operations (AIOps) approaches for maintaining the reliability of complex distributed communication infrastructures.

1.4 Formally verified authentication for SOAP-based services

Saeed investigates authentication vulnerabilities in SOAP-based cloud web services, focusing on XML-based attack vectors including XML injection, XML external entity (XXE), XML signature wrapping (XSW), and XML-based distributed denial-of-service (DDoS) attacks. The study presents a formally verified authentication framework developed using TulaFale, a proprietary security protocol specification language, integrated with ProVerif for automated verification. The framework models the entire SOAP authentication flow (client message construction, server-side validation, session management, and mutual authentication) using security components such as username tokens, timestamps, and X.509 digital certificates. By translating these specifications into applied pi-calculus and subjecting them to resolution-based protocol verification, the approach provides provable guarantees of authentication, confidentiality, and message integrity. Controlled testbed evaluations confirm the framework's effectiveness in identifying attack patterns and verifying secure message exchanges, offering developers a rigorous methodology for validating SOAP security before deployment.

2 Cross-cutting themes for reliable and secure distributed systems

Several recurring themes emerge across these contributions, reflecting broader challenges in the field.

2.1 Security at the system level

A common theme is the realization that security cannot be an afterthought bolted onto application logic; it must be engineered into the system architecture. FedNIC embeds encryption into the network hardware layer (Choi et al.), Fuzzyfortify models security properties across the full stack of cloud-native components (Hafiz Hersyah et al.), and Saeed's work enforces authentication guarantees through formal protocol verification. Each contribution demonstrates that robust security requires reasoning about the system holistically, from hardware accelerators and network interfaces to container orchestration platforms and web-service protocols.

2.2 Balancing performance and protection

The tension between security overhead and system performance surfaces repeatedly. FedNIC explicitly addresses the computational cost of homomorphic encryption by offloading it to specialized hardware (Choi et al.). Li et al.'s alarm framework addresses the operational burden of security monitoring in large networks by compressing redundant information. Saeed's formal verification approach aims to ensure security without degrading the performance of SOAP-based services. These works collectively underscore that practical security solutions must be performance-aware.

2.3 Leveraging intelligence and formal methods

The contributions span the methodological spectrum, from data-driven intelligence to formal reasoning. Li et al.s employ unsupervised machine learning and probabilistic graph models for alarm analysis, Hafiz Hersyah et al. combine fuzzy logic with expert judgment and threat intelligence, and Saeed applies formal verification through pi-calculus and automated provers. This diversity highlights the fact that no single methodology is sufficient for the breadth of reliability and security challenges in modern distributed systems; instead, practitioners must draw on complementary approaches suited to each problem's characteristics.

3 Future directions

Future research in distributed systems points toward the convergence of hardware-level security, intelligent automation, and formal rigor. Key areas for exploration include scaling up hardware-assisted privacy solutions (such as SmartNIC-based designs) for broader confidential cloud computing and multi-party analytics while also evolving risk assessment frameworks into dynamic, closed-loop systems. By integrating real-time monitoring with automated remediation and leveraging advanced AI, researchers can better manage the topological complexity and alarm volumes inherent in 5G/6G networks and modern service meshes.

Furthermore, the scope of formal verification must expand beyond legacy protocols to provide provable security for the sprawling ecosystem of microservices and zero-trust architectures. Ultimately, the path toward truly reliable distributed systems lies in cross-cutting synthesis: uniting hardware security primitives, AI-driven risk quantification, and formal assurance into a single, cohesive framework. This holistic approach will bridge the gap between isolated technical optimizations and a unified vision for secure, next-generation infrastructure.

4 Closing remarks

This Research Topic illustrates both the breadth and the depth of the challenges involved in building reliable and secure system software for emerging cloud and distributed environments. From offloading cryptographic operations onto smart network hardware to formally verifying authentication protocols, and from mining alarm associations in vast communication networks to quantifying security risks in containerized cloud platforms, the four contributions demonstrate that progress requires innovation across multiple layers of the system stack. We hope that the articles collected here provide a valuable foundation for researchers and practitioners working to advance the state of the art in this critical area and that they inspire continued collaboration across communities of systems, security, networking, and artificial intelligence.