Approach

The concept of ENACT is to evolve DevOps methods and techniques to support the development and operation of smart IoT systems, which (i) involve sensors and actuators and (ii) need to be trustworthy. 

DevOps practices aim to ensure a rapid and efficient value delivery to market. DevOps ideas promote a tight collaboration between the developers (Dev) and the teams that deploy and operate the software systems (Ops). DevOps seeks to decrease the gap between a product design and its operation by introducing software design and development practices and approaches to the operation domain and vice versa. In the core of DevOps there is automation and continuous processes supported by different tools at various stages of the product life-cycle. In particular, ENACT will support the DevOps practices during the development and operation of trustworthy smart IoT systems and provide innovations and enablers that will feature trustworthy IoT systems related to seven stages of the process as depicted in the Figure below.

 

 

 

 

  • Plan: ENACT will support the planning of IoT systems development cycles as well as the smooth transition towards the code stage, introducing a new enabler for risk-driven and context-aware selection of the most relevant and trustworthy devices and services to be used in the future stages. 

  • Code: ENACT will leverage the model-driven engineering approach and in particular evolve recent advances of the ThingML17 language and generators to support modelling of system behaviours and automatic derivation across vastly heterogeneous and distributed devices at the IoT and edge end. 

  • Build and Deploy: ENACT will provide a new deployment modelling language to specify trustworthy and secure orchestrations of sensors, actuators and software components, along with the mechanisms to identify and handle potential actuation conflicts at the model level. The deployment engine will automatically collect the required software components and integrate the evolution of the system into the run-time environment across the whole IoT, edge and cloud space. 

  • Test: Targeting the constraints related to the distribution and infrastructure of IoT systems, ENACT enablers will allow continuous testing of smart IoT systems in an environment capable of emulating and simulating IoT and edge infrastructures. This system will also be able to simulate some basic attacks or security threats related to the use cases. 

  • Operate: ENACT will provide enablers for the automatic adaptation of IoT systems based on their run-time context, reinforced by online learning. Such automatic adaptation will address the issue that the management complexity of open-context IoT systems exceeds the capacity of human operation teams, and by this, improve the trustworthiness of the smart IoT system execution. 

  • Monitor: ENACT will deliver innovative mechanisms to observe the status and behaviour of the running IoT systems for quality assurance and root cause analysis, and support the testing of these systems at run-time. 

In addition to the DevOps related innovations identified above, ENACT will provide specific cross-cutting innovations related to trustworthiness, which can be seamlessly applied: 

  • Resilience and robustness: ENACT will provide novel solutions to make the smart IoT systems resilient by providing enablers for diversifying IoT service implementations, and deployment topologies (e.g., implying that instance of a service can have a different implementation and operate differently, still ensuring consistent and predictable global behavior). This will lower the risk for privacy and security breaches and significantly reduced impact in case of cyber-attack infringes. 

  • Security, privacy and identity management: According to the IEC report on smart and secure IoT platforms18, security, trust, privacy and identity management are major challenges in today’s IoT systems. ENACT will provide support to ensure end-to-end security of trustworthy SIS. This will not only include smart preventive security mechanisms but also the continuous monitoring of (i) security metrics and (ii) the context with the objective to trigger reactive security measures.