Periodic Reporting for period 1 - ICOS (Towards a functional continuum operating system)
Periodo di rendicontazione: 2022-09-01 al 2024-02-29
The key objectives of the project are:
O1: Design of an intelligent meta OS for the continuum
O2: Facilitating an on-demand ad-hoc and AI-assisted development of the continuum infrastructure
O3: Enforce trustworthy yet open operation
O4: Demonstrate the project outcomes in key relevant scenarios
O5: Building an open innovation environment and fostering the creation of new applications in the continuum as well as the science and engineering community
O2: The framework for AI has been designed and implemented, which will include the corresponding AI components and will be fed from data collected from the telemetry and monitoring components. Some AI components are being developed and will be integrated in the framework during the second project iteration.
With respect to the runtime strategy for workload partitioning, the current implementation provides a basic static layout.
O3: Authentication is provided using Identity and Access Manager (Keycloak). The IAM is integrated with the ICOS shell and enables the authentication of users accessing ICOS. The authorisation of users and the authorisation of requests within the ICOS system using IAM are currently work in progress and are planned to be ready for ICOS IT-2. In addition, mechanisms for the security of infrastructure (cloud, edge) for ICOS nodes were implemented (Wazuh). These mechanisms scan for security issues, detect and propagate them to the Meta-kernel layer.
Requirements have been defined for the audit mechanism, which will be responsible for executing the light-audit checks on ICOS nodes on the edge. Some suitable technologies (e.g. Tetragon) were identified and tested, in combination with the testing of technologies for the security policies compliance (e.g. Cilium).
The existing endpoint detection mechanisms are further complemented by already implemented mechanisms for the detection of anomalous behaviour on ICOS nodes using AI (NLP) driven log analysis (LOMOS). While anomaly detection mechanisms are also normally operational at this point, they will be fully exploitable in the next ICOS releases. And finally, other mechanisms were implemented to provide trust. The communication between ICOS components in the ICOS controller (intra-cluster) is secured using Kubernetes-based Cilium which encrypts traffic on the network level. The inter-cluster communication (between ICOS controllers and ICOS agents) is also encrypted using Wireguard as a VPN protocol. Data from use case applications deployed on ICOS is encrypted using Zenoh with mTLS protocol. Additionally, data privacy is provided by anonymisation of data at the edge through data management and Intelligence layer functionalities.
O4: A basic ICOS system has been successfully deployed on each of the four Use Cases scenarios, although performing basic functionalities, i.e. nodes on-boarding and basic service deployment. With respect to the open calls program, some technical information has been prepared to provide detailed installation guidelines for the selected partners.
On the other hand, the continuum must be managed efficiently to optimally meet the application demands during service execution. This includes identifying the optimal set of nodes to execute the application, locating computation closer to where data is produced, cleaning, formatting and pre-processing data to optimise execution for both real-time processing and non-real-time data analytics, as well as monitoring the service execution to detect potential failures and applying the appropriate fault tolerance mechanisms. Furthermore, monitoring the continuum enables the detection of new resources that could improve performance, which in turn allows for the implementation of the corresponding migration mechanisms. Additionally, an AI-powered system like ICOS implements not only reactive optimisation policies but also sophisticated decision-making mechanisms based on system activity forecasting.
Finally, it is important to note that the reliability of the continuum infrastructure cannot be guaranteed. The distributed and dynamic nature of the continuum, with numerous devices from different owners and provenance, makes it challenging to apply reliability and trustiness. Secure mechanisms to access the distributed nodes, data privacy preservation, and providing open and transparent operation are fundamental to enhance trustiness. The ICOS is designed with trust as a fundamental principle, incorporating appropriate security mechanisms from the outset and facilitating the integration of AI-powered solutions to develop sophisticated, reliable, and trustworthy applications.