InfraGov: A Public Framework for Reliable and Secure IT Infrastructure
As Public Administration services move to digital platforms, the reliability and security of IT infrastructure become even more critical to ensure seamless service delivery, safeguard citizens’ personal information, and maintain public trust in governmental systems. Central to the operation of these services is the configuration and infrastructure code that defines and manages the environment in which they run. This process of using programmable configuration files to provision and manage IT infrastructure is known as Infrastructure as Code (IaC).
Despite the benefits provided by Infrastructure as Code (IaC), such as more reliable and predictable deployments, as well as scalability with minimal effort, errors in these critical pieces of code can lead to security vulnerabilities, application outages, and incorrect program executions, ultimately undermining the stability and reliability of essential services.
In this project, we aim to develop an innovative solution for automated error and vulnerability detection and repair of software configuration and infrastructure code. This goal faces several challenges, including the diversity of IaC technologies, the complexity of IaC ecosystems, and the need for techniques that can accurately model and reason about these systems’ behavior.
Building upon recent developments by our research team (Saavedra and Ferreira, 2022; Saavedra et al. 2023), we will build a language-agnostic solution for reliable analysis and automated repair for Infrastructure as Code that also uses recent developments in generative AI for reducing the time from vulnerability disclosure to mitigation. We plan to cover a wide range of errors, including code smells, configuration inconsistencies, dependency errors, and so-called configuration drifts (which happen when the state of a system deviates from what is specified in the system’s configuration file).
Our solution is tailored to meet the needs of Public Administration IT teams. By collaborating closely with our partners at Agência para a Modernização Administrativa (AMA), Instituto de Gestão Financeira e Equipamentos da Justiça (IGFEJ), and Entidade de Serviços Partilhados da Administração Pública (ESPAP), we will ensure that the solution delivers immediate and practical benefits. The timing for this research is particularly appropriate, as we observe a significant shift of critical Public Administration systems to the cloud, underscoring the need for enhanced security and reliability in cloud infrastructure.
By advancing the reliability of configuration and infrastructure code, this research has the potential to significantly reduce the incidence of system failures and security breaches. Improving the robustness of these foundational elements of software systems will enhance the stability and security of critical services, contributing to the prevention, detection, analysis, and response capabilities regarding threats, risks, and incidents that jeopardize the protection of infrastructures, data, and individuals.
Contacts
Principal Investigator (INESC-ID): João F. Ferreira
Principal Investigator (INESC TEC): Alexandra Mendes
Research and Academic Institutions:
- INESC-ID: Instituto de Engenharia de Sistemas e Computadores, Investigação e Desenvolvimento em Lisboa (INESC-ID)
- Instituto Superior Técnico, Universidade de Lisboa
- INESC TEC: Instituto de Engenharia de Sistemas e Computadores, Tecnologia e Ciência
- Faculty of Engineering, University of Porto
Public Administration Partners:
- AMA: Agência para a Modernização Administrativa
- eSPap: Entidade de Serviços Partilhados da Administração Pública, I. P.
- IGFEJ: Instituto de Gestão Financeira e Equipamentos da Justiça I.P.
Funding
InfraGov is funded by Fundação para a Ciência e a Tecnologia (FCT) under the program Inteligência Artificial, Ciência dos Dados e Cibersegurança de relevância na Administração Pública. Funded amount: 124.918,40 €