The virtualization revolution that has taken place in the last years along with the advent of the cloud computing continuum (combination of cloud and edge), has allowed for an increase in the use of software to build, control and configure entire virtual data centers and the entire infrastructure layer. The use of such tools and APIs has only stressed the importance of software in the infrastructure arena. Moreover, the significance of software has recently grown to the nEvelop-O point of merging the role of software developers with that of infrastructure operators, whose main focus is the automation of infrastructure-related activities through the use of software, giving birth to the Infrastructure as Code trend, the engine of the DevSecOps [ 1, 2, 2 ] movement, which is an organizational change that consists of using software engineering tactics that reduce the technical and organizational distance between development and operation, leading to the creation of a single, well-coordinated team of people.

Infrastructure-as-Code (IaC) [ 3 ], enables the automation of several deployment, configuration and management tasks that otherwise would have to be performed manually. IaC has a lot of potential in a cloud computing context as it results in a significant saving of time when an application needs to be redeployed on a diferent set of resources or needs to be extended with new components, even possibly running on diferent cloud infrastructures. In these cases, the infrastructural code can be reused, adapted, if needed, and then run for recreating very quickly the new or extended software instance. As such, IaC has represented a very important progress that has dramatically changed the work organization of many IT-intensive organizations (e.g. Netflix 1).

Unfortunately, IaC still sufers from these five main issues: 1. a large variety of competing tools requiring the adoption of diferent programming languages for writing infrastructural code, 2. the fact that all these tools and languages are focusing on a single or a small set of automation steps and of types of resources (e.g. VMs), 3. they mostly focus on cloud computing leaving aside other computational resources such as the edge; 4. they focus on certain phases of the lifecycle of the IaC such as provisioning, configuration or deployment but there is not really an end-to-end solution covering the Devs and the Ops; 5. trustworthiness and security aspects of the IaC are often left for the end of the cycle, for once the code is already in operation, when it is already too late, the errors and vulnerabilities are expensive to correct and can afect the business continuity of the application.

As an example of the problems just mentioned, software configuration can be performed by writing Chef recipes or Puppet code, just to name two well-known languages, while deployment orchestration can be defined by relying on TOSCA [ 4 ], Terraform [ 5 ], Brooklyn [ 6 ] or many other less known approaches. Moreover, Software-Defined Networking (SDN) exploits specific protocols, such as OpenFlow or NETCONF, each with its own data modeling language, storage mechanisms, and based on a large number of proprietary protocols and configuration languages. The same occurs if the monitoring stack, the load balancer or the auto-scaling mechanism are to be configured using proprietary languages and associated tools. Such a diversity implies that adopting the IaC approach today requires a variety of specialized skills and DevSecOps environments that, in many cases, companies do not have, and struggle to find.

The main objective of the PIACERE project is thus to provide means (tools, methods and techniques) to enable most organizations to fully embrace the Infrastructure-as-Code approach, 1https://medium.com/netflix-techblog/how-we-build-code-at-netflix-c5d9bd727f15 • Automatic infrastructural code generation supported by language transformations • Support for the most prominent target environments and languages • Model level verification to check that the model of the execution environment can be transformed into executable code. • Code level verification to assess the correctnessof the generated IaC • IaC code security inspection to check the IaC code againstcybersecurity issues • Component security inspection checking for known security vulnerabilities in imported software components • Enable the definition of semantic machine-readable abstractions of infrastructural artifacts from some of the major existing IaC languages • Support for Infrastructural requirements specification, includingNFRs • Modelling libraries of common patterns and typical requirements to support context specific instantiation and different domains (Public Sector, critical infrastructures,5G). • Support for evolution and extension of the infrastructuralartifacts • IaC execution to orchestrate the deployment. • (Optimized) Execution environment • Runtimesecurity monitoring • Monitoring tools and metrics time - series collection • Support for IaC self-healing decisions based on the anomalousevents identifiedor predicted. • Self learning algorithms to detect noncompliance or anomalies of a NFR of the deployedIaC • Support for IaC improvements identification based on the monitored metrics • Isolated testing of IaC behaviour (Canary Environment) • Catalogue of services, resources and infrastructuralelements • Optimized deploymentconfiguration through the DevSecOps philosophy, by making the creation of such infrastructural code more accessible to designers, developers and operators (DevSecOps teams), increasing the quality, security, trustworthiness and evolvability of infrastructural code while ensuring its business continuity by providing self-healing mechanisms anticipation of failures and violations, allowing it to self-learn from the conditions that triggered such re-adaptations.

To achieve the IaC DevSecOps concept, PIACERE will provide an integrated DevSecOps framework to develop, verify, release, configure, provision, and monitor infrastructure as code. The extensible architecture and modular approach of PIACERE will support the diferent DevSecOps activities. Using a single integrated environment (IDE) to develop infrastructural code will unify the automation of the main DevSecOps activities and will shorten the learning curve for new DevSecOps teams. PIACERE will allow DevSecOps teams to model diferent infrastructure environments, by means of abstractions, through a novel DevOps Modeling Language (DOML), thus hiding the specificities and technicalities of current solutions. Moreover, PIACERE will provide an extensible Infrastructural Code Generator (ICG), translating DOML into source files for diferent existing IaC tools, to reduce the time needed for creating infrastructural code for complex applications. The provided extensibility mechanisms (DOML-E) shall ensure the sustainability and longevity of the PIACERE approach and tool-suite (new languages and protocols that can appear in the near future). There are several projects whose research areas are of interest for PIACERE and which already provide assets and methods dealing with IaC design, development, creation and maintenance.Therefore, PIACERE will actively monitor, survey and consider the results from relevant projects and analyse potential adoption of aligned assets into PIACERE solution. In the following list some of the already identified projects are presented: • DevOps and IaC: • Modelling languages and extensions: • Infrastructure/Code verification: – DICE [ 7 ] ofers a novel UML profile and tools for data – aware quality – driven development – DECIDE [ 8 ] provides a DevOps framework for multi-cloud applications, including the optimization of their deployment and the monitoring and automatic rereployment of the applications (including the creation of the new infrastructure). – MELODIC [ 9 ] enables data-intensive applications to run within defined security, cost, and performance boundaries seamlessly on geographically distributed and federated cloud infrastructures. – SODALITE [ 10 ] provides a toolsuite for developers and infrastructure operators by providing (1) a pattern-based abstraction library, including application and infrastructure (2) design and programming model for full-stack application and infrastructure descriptions (3) deployment framework, enabling static optimisation (4) automated run-time optimisation – SmartCLIDE [ 11 ] project provides high levels of abstraction at all stages (development, testing, deployment and run-time) as well as self-discovery of IaaS and SaaS Services – RADON [ 12 ] aims at creating a DevOps framework to create and manage microservicesbased applications that can optimally exploit serverless computing technologies. It provides a Defect Prediction tool which aims at analyzing IaC correctness, code smells detection and refactoring of IaC blueprints • Security in IaC: • IaC monitoring: – UNICORN [ 13 ] project simplifies the design, deployment and management of secure and elastic – by design – multi-cloud services. It provides a component that enables the continuous orchestration and automatic optimization of portable and dynamic cloud services running on virtual instances or micro-execution containers for increased security, data protection privacy and vast resource (de)-allocation. – DECIDE [ 8 ] project provides as part of its solution a monitoring stack for heterogeneous cloud resources supporting diferent metrics that are configurable. • Self-healing and self-learning IaC: – DECIDE project’s ADAPT tool provides means for automatic re-deployment of a microservices based application should a violation of the NFRs occur – ACCORDION [ 14 ]orchestrates the compute and network continuum formed between edge and public clouds, using the latter as a capacitor

– MORPHEMIC [ 15 ] project proposes a way of adapting and optimizing Cloud computing applications by introducing the novel concepts of poly-morph architecture and proactive adaptation. Depending on the application’s requirements and its current workload, its components could be deployed in various forms in diferent environments to maximize the utility of the application deployment and the satisfaction of the user

The PIACERE workflow (Figure 2) starts from the specification of qualitative requirements such as infrastructure, security, networking and software characteristics. These trigger the development of both the application and infrastructural software. Among the others, they identify those non-functional requirements for application software that become functional ones (need for provisioning certain services, for configuring certain network functions and the like, security requirements, etc.) for the infrastructural code. Based on these requirements, the DevSecOps team will focus on the development of the infrastructural code. Through DOML, the DevSecOps Modeling Language, the topology and the properties of the infrastructure to be created such as computation, memory, networking, software and services resources, security requirements and rules, will be defined. This will allow the DevSecOps team to model an infrastructure with its configuration abstracting the peculiarities of the provisioning and configuration of complex execution environments, without being limited by the lack of knowledge on the large variety of needed IaC languages and protocols.

After the modeling stage, the DevSecOps team will check if the resulting model can be turned into executable code (verification at model level), using the Verification Tool (VT), a composition of tools that works both at the level of models and infrastructural code.

Once the infrastructure, network, and execution environment models are ready and verified, the DevSecOps team will generate the infrastructural code from them through the PIACERE Infrastructure Code Generator (ICG). The currently most prominent target IaC environments and languages (e.g. Terraform, Ansible, TOSCA) will be supported by ICG, in terms of provisioning and deployment orchestrators, configuration management environments, monitoring platforms, and network APIs. The adequacy of the generated infrastructural code will be checked, ranging from syntactic correctness to consistency and ability to fulfill specific non-functional properties such as performance of applications after their deployment. Special focus on security will be included. The VT will contain an IaC code Security Inspector that will check the IaC code against the known cybersecurity issues ofering a Static Analysis Security Testing. Additionally, the VT will support the testing of the specific security libraries and middleware to be used within the framework to build the security inclusion policy. This whitebox fuzzing testing will be executed by the Security Components Inspector. All these components (from DOML to VT) supporting the IaC DevSec process will be integrated in an IDE which will ofer the IaC developers an integrated framework to support the design, development, generation and verification of the infrastructural code.

Once the code is verified, PIACERE will support the simulation of the conditions of the production environment through the Canary Sandbox Environment, enabling isolated execution and testing of the IaC behavior (reliability and behavior testing and cybersecurity threats) while identifying potential vulnerabilities and bottlenecks before the code is deployed. As part of this pre-deployment phase, PIACERE will ofer the IaC optimized execution platform (IOP), which will include both a catalog describing the available services (e.g. IaaS, XaaS) and infrastructural elements (e.g. computation, networks) to deploy the IaC, and an Optimizer that will provide the best combination of those services with such resources, based on a set of constraints (e.g., types of infrastructural elements, NFRs, and so on).

The following step is the execution at runtime of the created IaC through the IaC execution platform (IEP). The main task of the execution platform is to create a deployment plan by splitting the work into separate tasks, ordering them according to their interdependencies, and distributing them to the specialized subsystems that perform the actual provisioning (e.g. creating virtual machines using proper IaaS connector, installing software packages or adjusting application configuration using Ansible). Tracking dependencies also encompasses information transfer between interdependent tasks, which is vital for producing functioning end-results. The PIACERE Monitoring platform will log the whole IaC execution run, making metadata and metrics about the creation of resources available to the rest of the PIACERE components. This will enable insight into the efects of the specific IaC code, enabling feedback not only on the application’s own runtime, but also on its provisioning, deployment. In such a complex system, PIACERE will also verify any security violation at runtime through Runtime security monitoring. This data (security-, performance-, uptime-related) will feed the PIACERE Self-learning and self-healing mechanisms to ensure that the conditions of the QoS are met at all times and that a failure or non-compliance of NFRs is not likely to occur. If any of these occurs an alert to the DevSecOps teams will be sent and the most appropriate IaC deployment configuration will be sought and selected by the optimizer again. PIACERE will support the automatic redeployment of the selected IaC to ensure that their infrastructural code is always conforming to the SLAs committed with the end-user even if the environmental situation changes. PIACERE baseline technologies will be open-source solutions and background technology and expertise provided by each partner. Existing results form research projects, especially those where the PIACERE partners participate will be incorporated, mainly form DECIDE, SODALITE, DICE and MELODIC. 2.1. PIACERE pilots PIACERE outcomes will be validated in three specific use case validation activities focused on three diferent application domains, namely 1) Public Administrations, 2) Critical Infrastructure and 3) 5G (Public Safety in IoT using 5G) shortly described in the following subsections. • Use Case 1 Public Administrations In public administrations, namely the Slovenian Ministry of Public Administration (SI-MPA) partner of the PIACERE project, the resource provisioning, infrastructure configuration and deployment of new systems in centralized infrastructure are the main challenges from an operational and security perspective. Public administrations in general and SI-MPA in particular is using Infrastructure as Code in segments of virtualization and network. In both cases dedicated tools are used enabling automation just for a limited scope, out of the whole infrastructure creation and maintenance life-cycle. PIACERE outcomes will enable to embrace the IaC approach throughout the whole life-cycle, reducing the costs of deploying IT solutions which are compliant with the requirements from the IT management standards while improving the level of information security through the DevSecOps approach. • Use Case 2 Critical Maritime Infrastructures In Industrial IoT platforms specially in those of critical systems (such as maritime infrastructure) performance and trustworthiness of the infrastructure to be created through the IaC is crucial. Therefore, performance is usually guaranteed by over allocating resources for critical systems that most of the time will be significantly infra-utilised. Thanks to the PIACERE outcomes developers and operators will gain better knowledge (more frequent, more accurate, pervasive) of the use of resources of the whole systems and the capability of dynamically assign computation tasks to all nodes (cloud and edge). The inclusion of automatic verification both at model and code level will guarantee the needed quality of the IaC to generate trustworthy infrastructural ecosystem where to deploy the required software. • Use Case 3 Public Safety on IoT in 5G Mobile networks (5G) are well suited for this kind of public safety applications because of their ability to handle trafic from large numbers of low-energy devices that are transmitting small volumes of data. In this case, the definition of security requirements of the infrastructure needed is a key need. All the policies to be configured can be described at model and code level and applied regardless the concrete technology used for the infrastructural layer. PIACERE platform will ensure the full adoption of DevSecOps approach improving the quality, security and evolvability of infrastructural code. Furthermore, the possibility of performing static analysis security testing by checking the code against known cyber-security issues and vulnerabilities will provide feedback in exploring the security by design approach in the context of IoT distributed architectures and relevant technologies.

The main aim we envision for the PIACERE project is to enable organizations to embrace the Infrastructure-as-Code (IaC) approach, through the DevSecOps philosophy, by making the creation of such code more accessible to designers, developers and operators (DevSecOps teams), increasing the quality, security, trustworthiness and evolvability of infrastructural code while ensuring its business continuity by providing self-healing mechanisms anticipating to failures and violations, and self-learning from the conditions that triggered such re-adaptations.

The envisioned PIACERE benefits will be assessed and demonstrated on its Use Cases (5G, Public Administrations, Critical Infrastructures), with the focus on the utility and suitability of the PIACERE approach and toolset in real cases from relevant application domains and industrial sectors (telco, IoT, services).

This project has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No 101000162.