973 views
--- slideOptions: transition: fade theme: white slideNumber: 'c/t' --- # Continuous Diversification <div style="font-size:80%;text-align: right;">Nicolas Harrand</div> --- ## Context <iframe src="https://diversify-project.github.io/code-strata/test/cs.html" scrolling="no" width="1100" height="600" style="border: 0px"></iframe> --- ## How do we build such a stack? --- ## How do we build such a stack? -> Automation & Reuse --- ## Running exemple * Banking web application generated with JHipster * Front end in javascript * Backend in Java --- <img src="/uploads/upload_0a59d01dee4fe07cad6592bc4f3c0fea.png" style="width:80%;border: 0; box-shadow: 0px 0px;"/> ---- <img src="/uploads/upload_392e2d139907800c85dd1b3cd8d5a569.png" style="width:80%;border: 0; box-shadow: 0px 0px;"/> ---- <img src="/uploads/upload_94de1c6c1d05c03cf2a7047317cc0b1d.png" style="width:80%;border: 0; box-shadow: 0px 0px;"/> ---- <img src="/uploads/upload_dd8babec6a74758fcf22ec571709540a.png" style="width:80%;border: 0; box-shadow: 0px 0px;"/> ---- <img src="/uploads/upload_82fd9fa7670bc251027db22b4cca6b0a.png" style="width:80%;border: 0; box-shadow: 0px 0px;"/> ---- <img src="/uploads/upload_f745477d08753432e9a7165db9cb010e.png" style="width:80%;border: 0; box-shadow: 0px 0px;"/> ---- <img src="/uploads/upload_068d78b0ca8306f458605e955c306e7b.png" style="width:80%;border: 0; box-shadow: 0px 0px;"/> --- Build tools often propose: * Automation * Explicit models * Pool of reusable artifacts --- ## Continuous diversification * Leverages DevOps tools properties to produce highly diversified software variants --- ## Applications * Security (Monoculture conter meseure) * Resilience (N version) * Test (Chaos Engineering) --- ## Transformation Exemples ---- <img src="/uploads/upload_2b47f1b3c7af55a722a90fd821cfc48a.png" style="width:80%;border: 0; box-shadow: 0px 0px;"/> <pre><code class="JSON hljs"><span style="background-color: DarkRed;">- <span class="hljs-string">"clusteredHttpSession"</span>: <span class="hljs-literal">false</span>,</span> <span style="background-color: DarkGreen;">+ <span class="hljs-string">"clusteredHttpSession"</span>: <span class="hljs-string">"hazelcast"</span>,</span> <span style="background-color: DarkRed;">- <span class="hljs-string">"websocket"</span>: <span class="hljs-literal">false</span>,</span> <span style="background-color: DarkGreen;">+ <span class="hljs-string">"websocket"</span>: <span class="hljs-string">"spring-websocket"</span>,</span> </code></pre> ---- <img src="/uploads/upload_4197194417f646e8d12dc6589ecf5415.png" style="width:80%;border: 0; box-shadow: 0px 0px;"/> <pre><code class="Java hljs">List&lt;<span class="hljs-built_in">String</span>&gt; ribbon = <span style="background-color: DarkGreen;"> + <span class="hljs-keyword">new</span> GrowthList&lt;&gt;(Arrays.asList(display));</span> <span style="background-color: DarkRed;"> - <span class="hljs-keyword">new</span> ArrayList&lt;&gt;(Arrays.asList(display));</span> </code></pre> ---- <img src="/uploads/upload_0e2100b57d61b5926f5d0d699d6066df.png" style="width:80%;border: 0; box-shadow: 0px 0px;"/> <pre><code class="xml hljs"><span class="hljs-tag">&lt;<span class="hljs-name">dependency</span>&gt;</span> <span class="hljs-tag">&lt;<span class="hljs-name">groupId</span>&gt;</span>com.fasterxml.jackson.datatype<span class="hljs-tag">&lt;/<span class="hljs-name">groupId</span>&gt;</span> <span class="hljs-tag">&lt;<span class="hljs-name">artifactId</span>&gt;</span>jackson-datatype-json-org<span class="hljs-tag">&lt;/<span class="hljs-name">artifactId</span>&gt;</span> <span style="background-color: DarkGreen;"> + <span class="hljs-tag">&lt;<span class="hljs-name">version</span>&gt;</span>2.8.10<span class="hljs-tag">&lt;/<span class="hljs-name">version</span>&gt;</span></span> <span style="background-color: DarkRed;"> - <span class="hljs-tag">&lt;<span class="hljs-name">version</span>&gt;</span>2.8.8<span class="hljs-tag">&lt;/<span class="hljs-name">version</span>&gt;</span></span> <span class="hljs-tag">&lt;/<span class="hljs-name">dependency</span>&gt;</span> </code></pre> ---- <img src="/uploads/upload_8d34e635e6226d631f6769b9512ce607.png" style="width:80%;border: 0; box-shadow: 0px 0px;"/> <pre><code class="dockerfile hljs"><span style="background-color: DarkGreen;"> + <span class="hljs-selector-tag">FROM</span> <span class="hljs-selector-tag">openj9</span></span> <span style="background-color: DarkRed;"> - <span class="hljs-selector-tag">FROM</span> <span class="hljs-selector-tag">java</span><span class="hljs-selector-pseudo">:8-alpine</span></span> </code></pre> ---- <img src="/uploads/upload_0bfcf4adac152e5d286611684b264e4c.png" style="width:80%;border: 0; box-shadow: 0px 0px;"/> <pre><code class="yaml hljs"> <span class="hljs-selector-tag">my-mysql-instance</span>: <span style="background-color: DarkGreen;">+ <span class="hljs-selector-tag">image</span>: <span class="hljs-selector-tag">mysql</span><span class="hljs-selector-pseudo">:5.7.20</span></span> <span style="background-color: DarkRed;"><span class="hljs-selector-tag">-</span> <span class="hljs-selector-tag">image</span>: <span class="hljs-selector-tag">mysql</span><span class="hljs-selector-pseudo">:5.7.19</span></span> </code></pre> --- ## Approach ---- ### Description of the build chain <img src="/uploads/upload_b573050bf9ab07d1ae0321d47982ece9.png" style="width:80%;border: 0; box-shadow: 0px 0px;"/> ---- ### Choice of Transformations <img src="/uploads/upload_fa6e536114c0b3b585f33bdf39f77f90.png" style="width:80%;border: 0; box-shadow: 0px 0px;"/> ---- ### Exploration of the Acceptability Envelope <img src="/uploads/upload_c28f22b9845233024420af52f0d60433.png" style="width:80%;border: 0; box-shadow: 0px 0px;"/> ---- ### Exploration of the Acceptability Envelope <img src="/uploads/upload_c2cedd4b857d92da4c4fe3a4696c1209.png" style="width:80%;border: 0; box-shadow: 0px 0px;"/> ---- ### Generation of Variants within the Envelope <img src="/uploads/upload_e943227c5a6dfaba9b742cf7d4dadfee.png" style="width:80%;border: 0; box-shadow: 0px 0px;"/> --- # Initial results * Low or inexistant increase in application size * Low or inexistant performances overhead * Differences application vulnerabilities --- # Questions