Innovation Assets

KR1 - DevSecOps Modelling Language (DOML)

Model the different elements of the application, data of the application and infrastructure by making use of abstractions

  • Problem:

The problem that we are addressing is to improve the ability of (non-)expert DevSecOps teams to model provisioning, deployment and configuration needs in complex contexts by providing a set of abstractions of execution environments and composing them into machine-readable representations.

  • Solution:

DOML is the end-user language enabling the modelling of deployment and configuration of complex infrastructural software in a way that can then be transformed by ICG [KR3] in executable IaC. Such a language allows DevSecOps teams to select and combine abstractions with the purpose of creating a correct infrastructure provisioning, configuration management, deployment and self-healing model.

  • Value:

DOML language for expressing user-defined properties allows DevSecOps teams to select and combine the abstractions with the purpose of creating a proper infrastructure provisioning, configuration management, deployment and self-healing model.

More info on DOML: https://www.piacere-doml.deib.polimi.it/?p=1

 

BLOGS linked to KR1:

The evolvability of DOML to DOML-E: https://piacere-project.eu/blog/the-evolvability-of-doml-to-doml-e/

DOML Model Checker: https://piacere-project.eu/blog/doml-model-checker/

DOML development in progress: https://piacere-project.eu/blog/doml-development-in-progress/

KR2 - PIACERE Integrated Development Environment (IDE)

 A single window to access PIACERE’s innovative technology and to allow DevSecOps teams to better leverage all its benefits in an easy manner 

  • Problem:

It is usually hard to group all the tools for the customers to work more comfortably, ensuring efficiency through ease of use. 

  • Solution:

The PIACERE IDE is built with the purpose of creating a user-friendly environment to enable the creation of DOML models [KR1], their verification through AVT [KR5], the generation of the corresponding IaC through the ICG [KR3], the security code inspector [KR6], the security components inspector [KR7] and the DOML extension mechanisms [KR4]. The IDE will also incorporate the DOML Extension Mechanisms that will enable user experts in operation aspects to extend DOML to account for new technological evolutions. 

  • Value:

The IDE is an open-source integrated framework gathering key results of PIACERE in a unique environment extensible to new tools. 

BLOGS linked to KR2:

PIACERE IDE- A Single entry point for IaC tools: The IaC scanner example: https://piacere-project.eu/blog/piacere-ide-single-entry-point-iac-tools-iac-scanner-example/

ROLLBACK TO ECLIPSE IDE: https://piacere-project.eu/blog/rollback-to-eclipse-ide/

ANALYSIS OF POSSIBLE TECHNOLOGIES TO DEVELOP IDEs https://piacere-project.eu/blog/analysis-of-possible-technologies-to-develop-ides/

BEYOND MULTI-CLOUD DEVELOPMENT: https://piacere-project.eu/blog/beyond-multi-cloud-development/

KR3 - Infrastructural Code Generator (ICG)

You can generate infrastructural code from models written in DOML

  • Problem:

There are many IaC languages, and it is difficult to know them all. 

  • Solution:

The ICG is a code generator, built in the context of PIACERE, which will transform the models into infrastructural code from different IaC languages.

  • Value:

The ICG is versatile covering the more common IaC languages, and is extensible through new templates to support new primitives and new target platforms.

 

 Blogs linked to KR3:

 

Infrastructural Code Generator (ICG): https://piacere-project.eu/blog/infrastructural-code-generator-icg/

PIACERE ICG also generates Gaia-X Self-Description: https://piacere-project.eu/blog/piacere-icg-also-generates-gaia-x-self-description/

INFRASTRUCTURE CODE GENERATOR EXTENDS ITS LOW-CODE/NO-CODE FUNCTIONALITIES AND THE INTEGRATION WITH THE OTHER PIACERE COMPONENTS: https://piacere-project.eu/blog/infrastructure-code-generator-extends-its-low-code-no-code-functionalities-and-the-integration-with-the-other-piacere-components/

INFRASTRUCTURE CODE GENERATOR: NOW COMPLETE AND HIGHLY EXTENSIBLE: https://piacere-project.eu/blog/infrastructure-code-generator-now-complete-and-highly-extensible/

AUTOMATIC GENERATION OF ANSIBLE AND TERRAFORM CODE: https://piacere-project.eu/blog/title-automatic-generation-of-ansible-and-terraform-code/

KR4 - DOML Extension mechanism (DOML-E)

We provide you with the means for new IaC languages, protocols, elements and so on to be included in PIACERE so as to ensure the longevity of the solution 

  • Problem:

The fast evolution of the cloud computing state-of-the-art, including mechanisms to extend itself easily, adding more concepts and properties to existing ones.

  • Solution:

The DOML extension mechanisms (DOML-E) are setting up the basic elements that will allow creating new concepts and properties in the top layers. It is providing possibilities for end user to create new concepts that are currently not available in DOML to extend the functionalities. 

  • Value:

DOML-E supports extensions for future protocols, infrastructure and network elements, languages in an easier way. The provided extensibility mechanisms (DOML-E) shall ensure the sustainability and longevity of the PIACERE approach and tool-suite (new languages and protocols that can appear in the near future). 

 

Blogs linked to KR4:

The evolvability of DOML to DOML-E: https://piacere-project.eu/blog/the-evolvability-of-doml-to-doml-e/

DOML Model Checker: https://piacere-project.eu/blog/doml-model-checker/

DOML development in progress: https://piacere-project.eu/blog/doml-development-in-progress/

 

KR5 – Verification Tool (VT)

Apply static analysis to both the abstract model and the related infrastructural code, to execute

  • Problem:

It is sometimes difficult to identify incorrect models and code 

  • Solution:

VT is a suite of static analysis and model checking tools aiming at supporting verification of correctness, safety, performance and data transfer privacy of all application components 

  • Value:

The main advantages of VT translate into the safety, performance, and privacy properties related to the exchange of data 

 

Blogs linked to KR5:

Verification Tool: https://piacere-project.eu/blog/verification-tool/

PIACERE Verification Tool (VT): https://piacere-project.eu/blog/piacere-verification-tool-vt/

KR6 – IaC Code Security Inspector

Check the IaC code against known cybersecurity issues, consistency checks and other quality verifications according to identified best practices 

  • Problem:

Misconfigurations, insecure coding and configuration patterns are common and, as of now, there is little to no way of checking the correctness of deployment scripts done by users. As such the trust in the automated deployment systems is very limited, especially when approaching new users/customers that have no experience in automated or continuous deployment systems. The verification tool provides and automated solution for checking the integrity and applicability of IaC code that is to be deployed on an infrastructure. 

  • Solution:

The IaC Code Security Inspector is an analyser of the IaC and the application code (when available), using Static Analysis Security Testing (SAST) tools and checking the IaC code against the known cybersecurity issues (misconfigurations, use of non-secure libraries, non-secure configuration patterns) consistency checks and other quality verifications according to identified best practices. 

  • Value:

Automatic static code inspection is done by the verification of the IaC code for errors through the VT that reports back to the user with a set of error reports and also recommendations where inefficiencies are in his code. The main selling point of the solution is that this step in the deployment process can be fully automated and integrated into the deployment pipeline or done manually as a once off process for a selected part of the IaC code. 

     

Blogs linked to KR6:

Enabling 360 Cloud security compliance: From Security certification to Secure DevOps through MEDINA and PIACERE H2020 projects: https://piacere-project.eu/blog/enabling-360-cloud-security-compliance-from-security-certification-to-secure-devops-through-medina-and-piacere-h2020-projects/

KR7 – Component Security Inspector

Analysing also the IaC code, reports the potential vulnerabilities and proposeing potential fixes 

  • Problem:

The dependency of information from the IaC and application code, with the danger of having included infected programs and libraries with known vulnerabilities. 

  • Solution:

An analyser and ranker of components (libraries, middleware) from a security point of view, able to detect included programs and libraries with known vulnerabilities by querying public vulnerability databases, and produce a report to the PIACERE user. 

  • Value:

The insurance guaranteed by the analysis of dependencies of the target application to check for security vulnerabilities. 

 

Blogs linked to KR7:

SCANNING ANSIBLE PLAYBOOKS FOR IMPROVED SECURITY: https://piacere-project.eu/blog/scanning-ansible-playbooks-for-improved-security/

KR 8– Canary Sandbox Environment (CSE)

We allow unit testing of the behaviour of the infrastructural code on an isolated environment, which would enable the simulation of conditions for the production environment and identify some of the most common anti-patterns 

  • Problem:

Currently there is no out of the box solution to make a test deployment, with real infrastructure deployment, but in the sandbox (controlled) environment. 

  • Solution:

Canary Environment provides a controlled environment based on Open Stack which allows deploying a real application in a controlled way to make all of the tests (functional, security, performance, etc) in this environment before deploying to production. 

  • Value:

Currently, the only option is to deploy directly to the cloud, without any ability and verification that it is a similar environment to the production one. Canary Environment allows making controlled deployment and tests before deployment to the production environment, which will minimize the negative impact on production in case of bugs or misconfiguration. 

Blogs linked to KR8:

CANARY SANDBOX ENVIRONMENT MOCKLORD – ONE TOOL TO MOCK ‘EM ALL! AWS VALIDATION ENTERS THE SCENE: https://piacere-project.eu/blog/canary-sandbox-environment-mocklord-one-tool-to-mock-em-all-aws-validation-enters-the-scene/

CANARY SANDBOX ENVIRONMENT (CSE): https://piacere-project.eu/blog/canary-sandbox-environment-cse/

 

KR9 - IaC Optimized Platform (IOP)

The most appropriate deployment configurations that best meet their defined constraints out of DevSecOps catalogue of services, resources and infrastructural elements by means of optimization algorithms. 

  • Problem:

The main problem is to develop a tool flexible enough to be able to meet the different heterogeneous needs of the users. Each user has his/her own needs, and the IOP should provide solutions adapted to these needs. 

  • Solution:

The IOP provides to the user the posibility of obtaining optimized deployments based on his/her needs. The IOP is flexible enough to allow the user to define which objectives should be optimized (such as the cost and the performance), and which are the main requirements that should be met (such as a minimum availability or the use of the resources of a certain provider). The solutions are provided to the user in a ranked way, in order him/her can choose that one that fits better his/her needs. 

  • Value:

The IOP is an optimization tool which is capable of model and solve single-objective, multi-objective and many-objecive optimization problems depending on the user need. Also, the user is able to introduce its non-funcional requirements, requiring to the algorithm to build the optimization search space acordingly. 

 

Blogs linked to KR9:

OPTIMIZING CLOUD CONTINUUM APPLICATION DEPLOYMENT IN PIACERE:: https://piacere-project.eu/blog/optimizing-cloud-continuum-application-deployment-in-piacere/

KR10 - IaC Execution Manager (IEM)

Automatically plan, prepare, and provision the infrastructure and plan, prepare, and install the corresponding software elements needed for the application to seamlessly run 

  • Problem:

Develop and maintain infrastructure as code for heterogeneous infrastructures and different phases (configure, provision, deploy, orchestrate), supporting multilingualism with one tool. The IEM also allows to re-deploy new infrastructural code for a new configuration for the same application in an automatic way without manual intervention. 

  • Solution:

The IEM provides a common interface to deploy multilingual IaC projects from within a common environment. It provides means for the deployment, redeployment, and tearing down of the different infrastructural devices and applications of a given project. In addition, it supports the provisioning, configuration, and orchestration of the production deployments. 

  • Value:

The IEM provides a tool for automatic, parametrizable, and therefore faster and easier execution, orchestration and deployment of IaC code on heterogeneous (cloud) environments, with the unique feature of supporting partial re-deployments and reconfigurations. 

 

Blogs linked to KR10:

THE IAC EXECUTION MANAGER: A TOOL TO EXECUTE THEM ALL: https://piacere-project.eu/blog/the-iac-execution-manager-a-tool-to-execute-them-all/

KR11 - PIACERE Self-learning and self-healing mechanisms

Ensure that the conditions of the QoS are met at all times and that a failure or non-compliance of NFRs is not likely to occur 

Problem: 

When application is deployed, it used to be verified manually to see that everything is ok. Therefore it use to work right. But as the time goes by the infrastructure bellow use to suffer degradation due to many reasons: application use, attacks, changes in the provider, updates, … At some point this may cause a malfunction in the application that affects the users affecting the expected or promised QoS.

Solution: 

Piacere provides mechanism that allow to seamlessly embed monitoring mechanisms over the infrastructure that run the applications. This monitoring mechanisms continuously inspect some critical aspects that indicate situation in which the underlying infrastructure may fail to support the application. Besides, piacere apply I.A. techniques to allow some prediction capabilities for being able to foreseen these situations with some time to be able to perform some mitigation actions before the application is affected and thus the users. In that sense piacere provides some self-healing infrastructure that allows to apply short term strategies to minimize potential consequences of these infrastructure degradations.

Value: 

To seamlessly have an I.A. based monitoring framework to alert on infrastructure degradation with short term self-healing capabilities.

 

Blogs linked to KR11:

Self-Learning and Self-Healing: Custodians of the Quality of Service: https://piacere-project.eu/blog/self-learning-and-self-healing-custodians-of-the-quality-of-service/

KR12 - Runtime security monitoring

Verify any security violation at runtime 

  • Problem:

Need for monitoring stack for the run-time conditions so that the self- learning and self-healing mechanisms can be fed. 

  • Solution:

Monitoring system capable of detecting security-related events and incidents in the deployed application’s environment. It is (to the extent possible) deployable automatically and notifies users about security alerts. 

  • Value:

This monitoring system allows to create informative metrics/variables with significant discriminative power. 

 

Blogs linked to KR12:

Unmasking the Shadows: Harnessing the Power of Runtime Security Monitoring in a DevSecOps Context: https://piacere-project.eu/blog/unmasking-the-shadows-harnessing-the-power-of-runtime-security-monitoring-in-a-devsecops-context/

KR13 - PIACERE DevSecOps framework

Integrate into a single platform and in a comprehensive DevSecOps methodology for IaC all KRs

  • Problem:

Lack of robust and comprehensive DevSecOps methodology that can support developers in the implementation of workflows and technologies.

  • Solution:

An Integrated framework with all KRs in PIACERE DevSecOps methodology, supported by the state-of-the-art research and development.

  • Value:

To have a comprehensive DevSecOps framework based on a robust methodology in which to appropriately build technologies and workflows.

 

Blogs linked to KR13:

FRAMEWORK ARCHITECTURE OF “PIACERE”: https://piacere-project.eu/blog/framework-architecture-of-piacere/

PIACERE 2.0 FRAMEWORK ARCHITECTURE: https://piacere-project.eu/blog/piacere-2-0-framework-architecture/

KR14 - PIACERE Use cases

We offer PIACERE partners the possibility to assess the usefulness and suitability of the PIACERE approach and toolset in real industrial cases from important and challenging application domains 

  • Problem:

Due to the novelty of the DevSecOps paradigma, there is a lack of examples across industries where the efficiency could be evaluated and represent a vehicule for implementation. 

  • Solution:

The implementation of the above KRs in the distinct contexts of smart logistics, 5G telecommunication and public administration. 

  • Value:

The evaluation of efficiency from the implementation of the DevSecOps methodology, technologies and workflows, followed by success stories and best practices.  

 

Blogs linked to KR114:

OUTCOMES AFTER FIRST VALIDATION FOR THE MARITIME INFRASTRUCTURE USE CASE: https://piacere-project.eu/blog/outcomes-after-first-validation-for-the-maritime-infrastructure-use-case/

Y2 version of PIACERE components available and ready to be tested by the use cases.: https://piacere-project.eu/blog/y2-version-of-piacere-components-available-and-ready-to-be-tested-by-the-use-cases/