I-Corps: A Learned Cloud Infrastructure-as-Code (IaC) Linter

I-Corps：学习型云基础设施即代码 (IaC) Linter

• 批准号: 2344828
• 负责人: Ang Chen
• 金额: $ 5万
• 依托单位: Regents of the University of Michigan - Ann Arbor
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2023
• 资助国家: 美国
• 起止时间: 2023-11-15 至 2024-04-30
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2344828&HistoricalAwards=false
• 关键词: Corps; Learned; Cloud; Infrastructure; Code

The broader impact/commercial potential of this I-Corps project is the development of a tool for orchestrating cloud computing resources. It is designed for cloud providers to make their service easier to access, and for cloud tenants for migrating their workloads to the cloud. Existing tools are derived from low-level cloud application programming interface (API) specifications, which fail to capture a complete picture of the interactions between cloud resources. Therefore, they can make mistakes or leave problems undetected until the deployment is run. The proposed technology is an infrastructure-as-code (IaC) tool that increases the reliability of IaC cloud resource deployment. It has the potential to detect many classes of bugs and misconfigurations to reduce the number of errors and security vulnerabilities in the actual deployment. The proposed technology may be able to detect a variety of cloud deployment problems in advance and help suggest repairs. This may change the status-quo on how people manage and deploy public cloud infrastructure, and may reduce manpower needed for the development and deployment life cycle of cloud tenants.This I-Corps project is based on the development of a learned cloud infrastructure-as-code (IaC) linter that enables extracting cloud provider requirements automatically and formalizes them as configuration checks. This is an end-to-end tool chain to extract cloud provider requirements from various sources, formally validate their correctness, and turn them into efficient checks against user-written IaC configurations. While previous IaC linters could check against security or policy compliance based on manually written rules, the proposed technology takes automatically extracted provider conformance rules as the first-class objective. This technology is part of a long-term research endeavor that aims at simplifying cloud management with infrastructure clarity. The goal is to bridge the communication gap between the internal logistics of cloud providers and the intent from various cloud tenants, which hampers the adoption of public cloud services. To mitigate this problem, the proposed technology leverages a unique combination of interdisciplinary techniques, including well-established concepts such as program analysis, formal reasoning, and software testing, as well as fast-growing technologies such as large language models. This tool may help users detect misconfigurations and security problems before they manifest, saving time, manpower and money required to fix problems.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

该 I-Corps 项目更广泛的影响/商业潜力是开发用于编排云计算资源的工具。 它旨在帮助云提供商使他们的服务更易于访问，并帮助云租户将其工作负载迁移到云。 现有工具源自低级云应用程序编程接口（API）规范，无法捕获云资源之间交互的完整情况。因此，他们可能会犯错误或在部署运行之前未发现问题。 所提出的技术是一种基础设施即代码（IaC）工具，可提高 IaC 云资源部署的可靠性。它有可能检测许多类别的错误和错误配置，以减少实际部署中的错误和安全漏洞的数量。所提出的技术或许能够提前检测各种云部署问题并帮助提出修复建议。这可能会改变人们管理和部署公共云基础设施的现状，并可能减少云租户的开发和部署生命周期所需的人力。这个I-Corps项目是基于学习型云基础设施的开发—— -code (IaC) linter，能够自动提取云提供商需求并将其形式化为配置检查。 这是一个端到端的工具链，用于从各种来源提取云提供商的要求，正式验证其正确性，并将其转化为针对用户编写的 IaC 配置的有效检查。虽然以前的 IaC linter 可以根据手动编写的规则检查安全性或策略合规性，但所提出的技术将自动提取的提供商一致性规则作为首要目标。该技术是长期研究工作的一部分，旨在通过基础设施的清晰度简化云管理。目标是弥合云提供商的内部物流与各种云租户的意图之间的沟通差距，这阻碍了公共云服务的采用。为了缓解这个问题，所提出的技术利用了跨学科技术的独特组合，包括程序分析、形式推理和软件测试等成熟的概念，以及大型语言模型等快速发展的技术。 该工具可以帮助用户在错误配置和安全问题出现之前发现它们，从而节省解决问题所需的时间、人力和金钱。该奖项反映了 NSF 的法定使命，并通过使用基金会的智力价值和更广泛的影响审查标准进行评估，被认为值得支持。