Propostas Submetidas

DEI - FCTUC
Gerado a 2024-03-28 21:23:32 (Europe/Lisbon).
Voltar

Titulo Estágio

Automated and secure infrastructure stack

Áreas de especialidade

Comunicações, Serviços e Infraestruturas

Local do Estágio

Trabalho Remoto (Sede da empresa em Coimbra)

Enquadramento

Takinobori is a small enterprise with its origins in Coimbra developing Koi [1]. Koi is a product for organisations that want to improve their understanding of their own processes, clients, and overall data. Koi mitigates risk through informed business decisions and management of uncertainty. It leverages the power of data exploration and analysis to gain new insights and information. At Takinobori we strive for flexible, resilient and open processes. This premise applies to ourselves and to everyone working with us. Ongoing efforts to modernise systems' infrastructures are very much aligned with our own goals and we're constantly trying to follow the latest developments. One such development is proposed by the HashiCorp Stack [2], which addresses infrastructure, security, networking and applications challenges in a layered approach. Providing trust and control to our customers is fundamental. As well as reproducibility and predictability in a dynamic environment. This is where an approach based on monitoring and security automation mechanisms, comes into the picture. We already maintain a reliable and resilient virtualised infrastructure, based on FreeBSD and jails, to support all our activities. The goal of this project will be to design and evaluate a proof-of-concept infrastructure, focusing on traditional security services (e.g. firewall, monitoring) combined with HashiCorp's Vault approach, or similar. At Takinobori you will be able to work with the latest cloud technologies and investigate about best practices for infrastructure automation. You will be part of a small but knowledgeable team of professionals, and will have access to real-world challenges, both technical and organisational (e.g. how to keep customers' credentials at customer premises only?). Weekly meetings will be scheduled and support given throughout the entire project. We are looking for someone passionate about distributed systems, infrastructures/cloud computing, and problem solving in general. Experience in BSDs or Linux will be an advantage. [1]

Objetivo

The overarching goal of this project is to study state-of-the-art solutions for the management of secrets and protection of sensitive data based on users and workload identities.
Ultimately, this should lead to a stable, well-defined and documented process for enabling security in dynamic a infrastructure across multiple clouds and private data-centres, without a clear network perimeter.

The outcomes to be achieved include:

* familiarisation with security automation principles (e.g. secrets management systems) and with Takinobori's infrastructure;
* a theoretical analysis and comparison of state-of-the-art solutions;
* definition of requirements and design of a proof of concept scenario;
* implementation and evaluation in a real testbed.

These outcomes shall be part of the final thesis and, if meaningful developments are made, part of an open publication (e.g. article or white-paper) or of a public code-repository.

In addition to the practical objectives, we see the opportunity to strengthen bridges between academia and industry in an important area for future/next-generation internet/services.
Finally, we expect to contribute to the training of future professionals in this field.

Plano de Trabalhos - Semestre 1

During the first semester the project shall include:

* A preliminary study of the HashiCorp Stack, focusing on Vault [2 weeks];
* A literature search of similar approaches [3 weeks];
* A theoretical comparison study of found solutions [1 week];
* Definition of research questions and requirements [3 weeks];
* Choice of one candidate solution and preliminary testing [4 weeks];
* Intermediate Report: documentation of preliminary findings, writing of the state of the art and planning for second semester [4 weeks].

It is important to note that this work will be closely aligned with Takinobori's own infrastructure and developments.
This means that the search space on the topic will be contained, with focus on the HashiCorp Stack, but still open to new discoveries.
The goal is provide you with initial documentation and materials while also allowing for an independent and critical search/research process.

Plano de Trabalhos - Semestre 2

During the second semester the project shall include:

* Revision of the state of the art, research questions and specification of methodology (e.g. definition of metrics/key performance indicators and unit tests) [2 weeks];
* Refinement of the minimum viable proof-of-concept infrastructure and applications/services (e.g. a secure shell server and a trusted source of identity) [2 weeks initially and in parallel with other activities throughout the semester];
* Deployment and implementation of the designed solution [6 weeks];
* Validation, evaluation and additional refinements [4 weeks];
* Documentation (writing of thesis) [4 weeks].

As with the work in the first semester, you will be given autonomy for conducting your own research.
Nonetheless, Takinobori will accompany the research process until its conclusion, providing input and guidance whenever deemed necessary.

Condições

You will be working as part of a team at Takinobori and will be included in all relevant activities in the company.

Work at Takinobori is conducted remotely, therefore you are expected to have sufficient computation resources (i.e. thin client) to connect to our server/cloud resources.
However, we will guarantee access to servers/cloud resources for conducting all the necessary experiments and evaluations.

Depending on the quality of your developed work and overall engagement during the first semester, there is the possibility of remuneration for the duration of the second semester.
Furthermore, the best candidates may expect a job offer at Takinobori.

Observações

While the scope of the project is well defined, there is room for different variations of the designed solution. As such, if more than one candidate is admitted to the same project, each one will have their own independent project. Supervisor at DEI: Tiago Cruz

Orientador

David Fonseca Palma
education@takinobori.com 📩