InfraGov: A Public Framework for Reliable and Secure IT Infrastructure

InfraGov aims to address critical challenges in the reliability and security of Infrastructure as Code (IaC) used in Public Administration.

As Public Administration services move to digital platforms, the reliability and security of IT infrastructure become even more critical to ensure seamless service delivery, safeguard citizens’ personal information, and maintain public trust in governmental systems. Central to the operation of these services is the configuration and infrastructure code that defines and manages the environment in which they run. This process of using programmable configuration files to provision and manage IT infrastructure is known as Infrastructure as Code (IaC).

Despite the critical role of configuration and infrastructure code in software system reliability and security, research focusing on the reliable configuration and infrastructure as code remains scarce. In this project, we aim to address this gap by developing an innovative solution for automated error and vulnerability detection and repair of software configuration and infrastructure code. This goal faces several challenges, including the diversity of IaC technologies, the complexity of IaC ecosystems, and the need for techniques that can accurately model and reason about these systems’ behavior.

Building upon recent developments by our research team (Saavedra and Ferreira, 2022; Saavedra et al. 2023), we propose the first polyglot solution for reliable analysis and automated repair for Infrastructure as Code that also uses recent developments in generative AI for reducing the time from vulnerability disclosure to mitigation. We plan to cover a wide range of errors, including code smells, configuration inconsistencies, dependency errors, and so-called configuration drifts (which happen when the state of a system deviates from what is specified in the system’s configuration file).

Our solution is tailored to meet the needs of Public Administration IT teams. By collaborating closely with our partners at Agência para a Modernização Administrativa (AMA), Instituto de Gestão Financeira e Equipamentos da Justiça (IGFEJ), and Entidade de Serviços Partilhados da Administração Pública (ESPAP), we will ensure that the solution delivers immediate and practical benefits. The timing for this research is particularly appropriate, as we observe a significant shift of critical Public Administration systems to the cloud, underscoring the need for enhanced security and reliability in cloud infrastructure. Besides the critical infrastructure of the Portuguese Public Administration, another example is the AWS European Sovereign Cloud, tailored for government agencies and regulated industries in the EU. This initiative emphasizes the criticality of storing sensitive data and running essential workloads securely within the cloud, spotlighting the urgent need for our research in ensuring robust and reliable cloud infrastructure management.

By advancing the reliability of configuration and infrastructure code, this research has the potential to significantly reduce the incidence of system failures and security breaches. Improving the robustness of these foundational elements of software systems will enhance the stability and security of critical services, contributing to the prevention, detection, analysis, and response capabilities regarding threats, risks, and incidents that jeopardize the protection of infrastructures, data, and individuals.