This project has received funding from the European
Union’s Horizon 2020 research and innovation
programme under grant agreement No. 101000162.
PIACERE: Making secure IaC
code development easier
through ECLIPSE EMF
Gorka Benguria (Tecnalia)
Eclipse Community Day Talk, 16th of October
2 20/10/2023
GA 101000162
Vision: DevSecOps framework for the development,
deployment and operation of trustworthy
infrastructure-as-code.
Goal: Framework with tools integrated in the IDE.
Status: PoC version already available!
PIACERE Project
3 20/10/2023
GA 101000162
PIACERE Project DevSecOps Approach
4 20/10/2023
GA 101000162
Eclipse EMF role
5 20/10/2023
GA 101000162
 DOML – domain specific language
 Model checker
 IaC Optim. Platform + catalogue
 IaC Code Generator (Terraform, Ansible, …)
 IaC security inspector
 Component security inspector
 PIACERE runtime controller
 Canary sandbox environment
 IaC Execution manager
 (Security) monitoring
 Self-learning
 Self-healing
6 20/10/2023
GA 101000162
Eclipse EMF role
DOML: DevSecOps Modeling Language that is developed by using
ECLIPSE EMF:
• Multiple layers
• Aplication layer
• Abstract infrastructure layer
• Supports realtime security and performance settings
• Concrete infrastructure layer
• Optimization layer
7 20/10/2023
GA 101000162
8 20/10/2023
GA 101000162
 DOML – domain specific language
 Model checker
 IaC Optim. Platform + catalogue
 IaC Code Generator (Terraform, Ansible, …)
 IaC security inspector
 Component security inspector
 PIACERE runtime controller
 Canary sandbox environment
 IaC Execution manager
 (Security) monitoring
 Self-learning
 Self-healing
9 20/10/2023
GA 101000162
10 20/10/2023
GA 101000162
 DOML – domain specific language
 Model checker
 IaC Optim. Platform + catalogue
 IaC Code Generator (Terraform, Ansible, …)
 IaC security inspector
 Component security inspector
 PIACERE runtime controller
 Canary sandbox environment
 IaC Execution manager
 (Security) monitoring
 Self-learning
 Self-healing
11 20/10/2023
GA 101000162
12 20/10/2023
GA 101000162
13 20/10/2023
GA 101000162
 DOML – domain specific language
 Model checker
 IaC Optim. Platform + catalogue
 IaC Code Generator (Terraform, Ansible, …)
 IaC security inspector
 Component security inspector
 PIACERE runtime controller
 Canary sandbox environment
 IaC Execution manager
 (Security) monitoring
 Self-learning
 Self-healing
14 20/10/2023
GA 101000162
15 20/10/2023
GA 101000162
 DOML – domain specific language
 Model checker
 IaC Optim. Platform + catalogue
 IaC Code Generator (Terraform, Ansible, …)
 IaC security inspector
 Component security inspector
 PIACERE runtime controller
 Canary sandbox environment
 IaC Execution manager
 (Security) monitoring
 Self-learning
 Self-healing
16 20/10/2023
GA 101000162
17 20/10/2023
GA 101000162
 DOML – domain specific language
 Model checker
 IaC Optim. Platform + catalogue
 IaC Code Generator (Terraform, Ansible, …)
 IaC security inspector
 Component security inspector
 PIACERE runtime controller
 Canary sandbox environment
 IaC Execution manager
 (Security) monitoring
 Self-learning
 Self-healing
18 20/10/2023
GA 101000162
19 20/10/2023
GA 101000162
 DOML – domain specific language
 Model checker
 IaC Optim. Platform + catalogue
 IaC Code Generator (Terraform, Ansible, …)
 IaC security inspector
 Component security inspector
 PIACERE runtime controller
 Canary sandbox environment
 IaC Execution manager
 (Security) monitoring
 Self-learning
 Self-healing
20 20/10/2023
GA 101000162
Thank you!
www.piacere-project.org

PIACERE project at EClipse Con 2023

  • 1.
    This project hasreceived funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No. 101000162. PIACERE: Making secure IaC code development easier through ECLIPSE EMF Gorka Benguria (Tecnalia) Eclipse Community Day Talk, 16th of October
  • 2.
    2 20/10/2023 GA 101000162 Vision:DevSecOps framework for the development, deployment and operation of trustworthy infrastructure-as-code. Goal: Framework with tools integrated in the IDE. Status: PoC version already available! PIACERE Project
  • 3.
    3 20/10/2023 GA 101000162 PIACEREProject DevSecOps Approach
  • 4.
  • 5.
    5 20/10/2023 GA 101000162 DOML – domain specific language  Model checker  IaC Optim. Platform + catalogue  IaC Code Generator (Terraform, Ansible, …)  IaC security inspector  Component security inspector  PIACERE runtime controller  Canary sandbox environment  IaC Execution manager  (Security) monitoring  Self-learning  Self-healing
  • 6.
    6 20/10/2023 GA 101000162 EclipseEMF role DOML: DevSecOps Modeling Language that is developed by using ECLIPSE EMF: • Multiple layers • Aplication layer • Abstract infrastructure layer • Supports realtime security and performance settings • Concrete infrastructure layer • Optimization layer
  • 7.
  • 8.
    8 20/10/2023 GA 101000162 DOML – domain specific language  Model checker  IaC Optim. Platform + catalogue  IaC Code Generator (Terraform, Ansible, …)  IaC security inspector  Component security inspector  PIACERE runtime controller  Canary sandbox environment  IaC Execution manager  (Security) monitoring  Self-learning  Self-healing
  • 9.
  • 10.
    10 20/10/2023 GA 101000162 DOML – domain specific language  Model checker  IaC Optim. Platform + catalogue  IaC Code Generator (Terraform, Ansible, …)  IaC security inspector  Component security inspector  PIACERE runtime controller  Canary sandbox environment  IaC Execution manager  (Security) monitoring  Self-learning  Self-healing
  • 11.
  • 12.
  • 13.
    13 20/10/2023 GA 101000162 DOML – domain specific language  Model checker  IaC Optim. Platform + catalogue  IaC Code Generator (Terraform, Ansible, …)  IaC security inspector  Component security inspector  PIACERE runtime controller  Canary sandbox environment  IaC Execution manager  (Security) monitoring  Self-learning  Self-healing
  • 14.
  • 15.
    15 20/10/2023 GA 101000162 DOML – domain specific language  Model checker  IaC Optim. Platform + catalogue  IaC Code Generator (Terraform, Ansible, …)  IaC security inspector  Component security inspector  PIACERE runtime controller  Canary sandbox environment  IaC Execution manager  (Security) monitoring  Self-learning  Self-healing
  • 16.
  • 17.
    17 20/10/2023 GA 101000162 DOML – domain specific language  Model checker  IaC Optim. Platform + catalogue  IaC Code Generator (Terraform, Ansible, …)  IaC security inspector  Component security inspector  PIACERE runtime controller  Canary sandbox environment  IaC Execution manager  (Security) monitoring  Self-learning  Self-healing
  • 18.
  • 19.
    19 20/10/2023 GA 101000162 DOML – domain specific language  Model checker  IaC Optim. Platform + catalogue  IaC Code Generator (Terraform, Ansible, …)  IaC security inspector  Component security inspector  PIACERE runtime controller  Canary sandbox environment  IaC Execution manager  (Security) monitoring  Self-learning  Self-healing
  • 20.
  • 21.