Top

Published in:

2024 | OriginalPaper | Chapter

Using Datalog for Effective Continuous Integration Policy Evaluation

Authors : Kaarel Loide, Bruno Rucy Carneiro Alves de Lima, Pelle Jakovits, Jevgeni Demidov

Published in: Software Quality as a Foundation for Security

Publisher: Springer Nature Switzerland

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

Containerisation and microservices have introduced unprecedented complexity in system configurations, exacerbating the blast zone of misconfigurations and system failures. This complexity is further amplified within the DevOps paradigm, where developers are entrusted with the entire software development lifecycle, often without comprehensive insights into the impact of their configurations. This article explores using the declarative logic programming language Datalog in automating and optimizing configuration validation to mitigate these challenges.

We present an overview of a real-world case involving a software company with approximately 300 engineers, highlighting the challenges that lead to delegating mission-critical configuration validation to a declarative language.

With Datalog, we spearheaded an initiative to entirely deprecate a non-declarative solution in order to attempt to circumvent the problem of writing business logic alongside its evaluation. The outcome revealed a substantial reduction in maintenance efforts and user complaints, providing further evidence of Datalog’s potential in streamlining internal policy enforcement.

We propose a set of best practices, extrapolated from our findings, to guide organizations in both implementing and optimizing automatic configuration validation. These insights offer a strategic roadmap for harnessing declarative languages like Datalog to effectively navigate the intricate configuration landscapes of contemporary software systems.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

previous chapter Source Code Clone Detection Using Unsupervised Similarity Measures

next chapter On the Interaction Between Software Engineers and Data Scientists When Building Machine Learning-Enabled Systems

Apache kafka (2022). https://kafka.apache.org/

Isolate containers with a user namespace (2022). https://docs.docker.com/engine/security/userns-remap/

Metric definitions (2022). https://docs.sonarqube.org/latest/user-guide/metric-definitions/

Open policy agent: Introduction (2022). https://www.openpolicyagent.org/docs/latest/

Production-grade container orchestration (2022). https://kubernetes.io/

Redis (2022). https://redis.io/

Dockerfile reference (2023). https://docs.docker.com/engine/reference/builder/

Open policy agent (2023). https://github.com/open-policy-agent/opa

Abad, Z.S., Karras, O., Schneider, K., Barker, K., Bauer, M.: Task interruption in software development projects. In: Proceedings of the 22nd International Conference on Evaluation and Assessment in Software Engineering 2018 (2018). https://doi.org/10.1145/3210459.3210471

10.

Baset, S., Suneja, S., Bila, N., Tuncer, O., Isci, C.: Usable declarative configuration specification and validation for applications, systems, and cloud. Proceedings of the 18th ACM/IFIP/USENIX Middleware Conference on Industrial Track - Middleware ’17 (2017). https://doi.org/10.1145/3154448.3154453

11.

Bourhis, P., Reutter, J.L., Suárez, F., Vrgoc, D.: JSON: data model, query languages and schema specification. In: Proceedings of the 36th ACM SIGMOD-SIGACT-SIGAI Symposium on Principles of Database Systems (2017). https://api.semanticscholar.org/CorpusID:18059418

12.

Ceri, S., Gottlob, G., Tanca, L.: What you always wanted to know about Datalog (and never dared to ask). IEEE Trans. Knowl. Data Eng. 1(1), 146–166 (1989). https://doi.org/10.1109/69.43410CrossRef

13.

Huang, P., Bolosky, W.J., Singh, A., Zhou, Y.: Confvalley. In: Proceedings of the Tenth European Conference on Computer Systems (2015). https://doi.org/10.1145/2741948.2741963

14.

Leite, L., Rocha, C., Kon, F., Milojicic, D., Meirelles, P.: A survey of DevOps concepts and challenges. ACM Comput. Surv. 52(6), 1-35 (2019). https://doi.org/10.1145/3359981. cited By 47

15.

Lian, X., Chen, Y., Cheng, R., Huang, J., Thakkar, P., Xu, T.: Configuration validation with large language models. arXiv:abs/2310.09690 (2023). https://api.semanticscholar.org/CorpusID:264146437

16.

Palatin, N., Leizarowitz, A., Schuster, A., Wolff, R.: Mining for misconfigured machines in grid systems. In: Knowledge Discovery and Data Mining (2006). https://api.semanticscholar.org/CorpusID:52835750

17.

Paljasma, T.: Validating docker image and container security using best practices and company policies (2019). https://digikogu.taltech.ee/et/Item/b9367be6-0646-4c2f-b32b-56ee8a024f0d

18.

Pranata, A.A., Barais, O., Bourcier, J., Noirie, L.: Misconfiguration discovery with principal component analysis for cloud-native services. In: 2020 IEEE/ACM 13th International Conference on Utility and Cloud Computing (UCC), pp. 269–278 (2020). https://api.semanticscholar.org/CorpusID:230511700

19.

Roziere, B., et al.: Code Llama: open foundation models for code. arXiv preprint: arXiv:2308.12950 (2023)

20.

Sun, X., Cheng, R., Chen, J., Ang, E., Legunsen, O., Xu, T.: Testing configuration changes in context to prevent production failures. In: OSDI (2020)

21.

Tuncer, O., Bila, N., Duri, S., Isci, C., Coskun, A.K.: ConfEX: towards automating software configuration analytics in the cloud. In: 2018 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops (DSN-W), pp. 30–33 (2018). https://doi.org/10.1109/DSN-W.2018.00019

22.

Wei, J., et al.: Emergent abilities of large language models. arXiv preprint: arXiv:2206.07682 (2022)

23.

Xu, T., Legunsen, O.: Configuration testing: testing configuration values as code and with code. arxiv Software Engineering (2019)

24.

Zhao, D., Subotic, P., Scholz, B.: Debugging large-scale datalog. ACM Trans. Program. Lang. Syst. (TOPLAS) 42, 1–35 (2020). https://api.semanticscholar.org/CorpusID:218905148

Title: Using Datalog for Effective Continuous Integration Policy Evaluation
Authors: Kaarel Loide
Bruno Rucy Carneiro Alves de Lima
Pelle Jakovits
Jevgeni Demidov
Publisher: Springer Nature Switzerland
Book: Software Quality as a Foundation for Security
Print ISBN: 978-3-031-56280-8

Electronic ISBN: 978-3-031-56281-5

Copyright Year: 2024
DOI: https://doi.org/10.1007/978-3-031-56281-5_3

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner