Titulo Estágio
DevSecMLManyBuzzwordsOps
Áreas de especialidade
Sistemas de Informação
Engenharia de Software
Local do Estágio
DEI-FCTUC
Enquadramento
Many companies have been adopting DevOps, a set of practices that address software development (Dev) and IT operations (Ops). The tighter integration among development, deployment, and maintenance is expected to shorten cycle times and increase quality. More recently, new concerns have emerged, with the increasing incorporation of artificial intelligence (AI) in software products, namely machine learning (ML) techniques. This raises new challenges, such as the development, testing, deploying, and versioning of the models and data used to train them. Also, as cybersecurity becomes critical, the software development process must now employ “security by design” techniques from the onset.
This means that DevOps is quickly morphing into DevSecMLOps, which requires adequate governance of the process, people, and technology involved.
Objetivo
The main objective of this thesis is to study the various areas mentioned above and design a DevSecMLOps process that coherently integrates them. Such a process must be modular and support CMMI-inspired maturity levels for the various areas, enabling the companies adopting it to plan a phased inception and evolution based on business priorities.
This thesis will be integrated in an ongoing project with:
Altice Labs (https://www.alticelabs.com/en/)
Instituto Pedro Nunes (IPN) (https://www.ipn.pt), and
Department of Informatics Engineering (https://www.uc.pt/fctuc/dei/).
Plano de Trabalhos - Semestre 1
The draft plan for the first semester includes:
- Learning about the basic DevOps concept and tools (such as GitLab and BitBucket);
- Learning about the specificities of developing and maintaining software with an AI component;
- Learning about developing software with a “security by design” mindset and privacy regulations, such as General Data Protection Regulation (GDPR) and CloudAct;
- Learning about governance and compliance frameworks, such as Cobit, SOC 2 Type II, ISO 20000;
- Learning about process maturity frameworks;
- Writing the initial chapters of the thesis.
Plano de Trabalhos - Semestre 2
The draft plan for the second semester includes:
- Creating the first draft of the DevSecMLOps process and documentation, and demonstrating how to support it on readily available software tools;
- Experimenting / discussing the process in test use cases and collect feedback;
- Improving the draft the DevSecMLOps process;
- Writing a scientific paper about the work;
- Improving the initial chapters of the thesis based on jury feedback;
- Writing the remaining chapters of the thesis.
Condições
This thesis is supported by a scholarship for candidates demonstrating the skills required to achieve the stated objectives.
The scholarship is framed by FCT rules. The value will be the one for "Bolsa de Licenciado", which, according to the latest information is 835,98€ for full-time. The duration will be 6 months, renewable.
Observações
This thesis will be supervised by:
- Prof. Paulo Rupino da Cunha
- Prof. João Barata
- other colleagues from AI or software security may provide help in their specific areas of expertise.
Orientador
Paulo Rupino da Cunha
rupino@dei.uc.pt 📩