- Dagstuhl Materials Page (Use personal credentials as created in DOOR to log in)
Errors originating from infrastructure and their configurations are one of the major causes of system failures and system degradation, resulting in security vulnerabilities, application outages, and incorrect program executions. Investigating the root causes of such issues and remedies for them requires insight from different research perspectives, including systems, programming languages, software engineering, and verification. From these areas, approaches are emerging to manage the complexity of infrastructure and configuration, covering a breadth of forms, such as domain-specific languages, standalone verification tools, automated learning techniques, specification-based synthesis, security annotation extensions, and configuration optimizers.
The Dagstuhl Seminar on Resilient Software Configuration and Infrastructure Code Analysis brought together experts from different fields to explore new cross-disciplinary approaches to configuration management. The seminar facilitated collaboration between academia and industry and enabled synergies between different subareas of software systems. The seminar was a forum for cross-disciplinary discussions, bridged communities, and forged new conversations between academic and industrial perspectives. The shared knowledge built during the seminar is captured in this report, which we hope can act as a body of knowledge for researchers joining this newly forming community.
Overall, the seminar consisted of 3 tutorial talks, 16 presentations, and 5 group discussions. Emerging themes that were revealed during the seminar included a focus on Infrastructure as Code, the similarities and differences between configuration engineering and software engineering, the portability (or lack thereof) of program analysis techniques to configuration analysis, the design space of expressibility of configuration languages, and future challenges of analysis for safety, security, and auditing. In addition, we had a joint evening session with the parallel seminar "Agents on the Web" (Dagstuhl Seminar 23081), where each organizer presented an overview of their seminar. As a result, we started joint discussions where we investigated the use of formal methods, in particular synthesis, for establishing semantic relations between the data.
Key outcomes of this seminar were evident both in new short-term collaboration and connections, as well as the initiation of longer-term projects. For example, a collection of the participants have connected to host a workshop on configuration languages and analysis called CONFLANG 2023, which will be hosted at SPLASH 2023. Additionally, a vision paper outlining key future directions of the field is being drafted by participants of the event.
After two postponements due to COVID-19, this seminar was a pleasure to hold in person and a great success from both a community and a research perspective. We would like to thank the team of Schloss Dagstuhl for their hospitality and support as well as all the participants for their valuable contributions.
According to a recent survey study, configuration errors were reported to be the largest fraction of failures in storage systems. In general, errors originating from infrastructure and their configurations are one of the major causes of system failures, resulting in security vulnerabilities, application outages, and incorrect program executions. Current research focuses on investigating the root cause of these errors and remedies to them, from different perspectives. Approaches are emerging to manage the complexity of infrastructure and configuration, covering a breadth of forms, such as domain specific languages, standalone verification tools, automated learning techniques, specification-based synthesis, security annotation extensions, and configuration optimizers.
These new research directions in the field of configuration analysis impose the challenge of finding a synergy between theory, tools, and interface design. Our goal is to gain a better understanding of the theoretical foundations that will enable reasoning about configuration and infrastructure code. Some of the key high-level challenges to be addressed include
- Infrastructure and Configuration Code Maintenance and Evolution
- Configuration Summaries and Optimization
- Specification Learning and Mining
- Infrastructure and Configuration Testing and Verification
- Infrastructure and Configuration Repair
This Dagstuhl Seminar will reflect on the perspectives of the different communities involved in configuration analysis, including the systems, programming languages, and verification communities, as well as the software industry at large. The seminar will serve as a venue to find common language and concepts to discuss open problems and potential future research directions. Additionally, we seek to facilitate collaboration between the underlying theory of configuration analysis and practitioners who drive the conversation from an industrial perspective.
The overarching goal is the advance of state of the art and practice of infrastructure and configuration code from a holistic software engineering perspective and build a community of practice around the topic of configuration analysis. To meet this goal, we will focus on bridging research groups and forging new conversations between various academic sub-disciplines and industrial perspectives. As a newly-forming community, we first need to understand the challenges that have been identified in each of the existing fields. Next, our goal is to define a research agenda that finds synergies between the fields. The shared knowledge that will be built during this seminar will be captured in a report, that can act as a body of knowledge for researchers within the space of software configuration and infrastructure code analysis.
- Claudia Cauli (Amazon Web Services - London, GB)
- Jürgen Cito (TU Wien, AT) [dblp]
- Myra B. Cohen (Iowa State University - Ames, US) [dblp]
- Coen De Roover (VU - Brussels, BE) [dblp]
- Dario Di Nucci (University of Salerno, IT)
- Thomas Durieux (TU Delft, NL)
- João F. Ferreira (INESC-ID - Lisboa, PT)
- Michael Greenberg (Stevens Institute of Technology - Hoboken, US) [dblp]
- Yann Hamdaoui (Tweag I/O - Paris, FR)
- Wolfgang Küchlin (Universität Tübingen, DE) [dblp]
- Anthony W. Lin (RPTU - Kaiserslautern, DE) [dblp]
- Shane McIntosh (University of Waterloo, CA) [dblp]
- Ruben Opdebeeck (VU - Brussels, BE)
- Ruzica Piskac (Yale University - New Haven, US) [dblp]
- Akond Rahman (Auburn University, US) [dblp]
- Guido Salvaneschi (Universität St. Gallen, CH) [dblp]
- Mark Santolucito (Barnard College - New York, US) [dblp]
- Martin Schäf (Amazon Web Services - New York City, US) [dblp]
- Daniel Sokolowski (Universität St. Gallen, CH)
- Davide Taibi (University of Oulu, FI)
- Damian Andrew Tamburri (TU Eindhoven, NL) [dblp]
- Marcel Van Lohuizen (CUE - Zug, CH)
- Tianyin Xu (University of Illinois - Urbana-Champaign, US) [dblp]
- operating systems
- programming languages / compiler
- software engineering
- computing infrastructure
- program analysis