DeployFix: Dynamic Repair of Software Deployment Failures via Constraint Solving

International audience

Small and Medium-sized Enterprises (SMEs) face unique challenges in software deployment, often dealing with limited resources, budget constraints, and the need for fast, reliable updates. This review outlines a Continuous Integration and Continuous Deployment (CI/CD) model specifically tailored to optimize software deployment in SME environments. The proposed CI/CD framework enhances operational efficiency by automating the integration, testing, and deployment processes, significantly reducing the risk of human error and deployment failures. The model leverages key CI/CD practices, including automated testing, version control, and continuous monitoring, to ensure seamless updates and minimal downtime. By integrating tools like Jenkins, GitLab, and Docker, SMEs can streamline code integration, enhance collaboration between development and operations teams, and enable faster, more frequent releases. Automated testing ensures that code changes are validated before deployment, identifying and addressing potential issues early in the development cycle. The framework also emphasizes rollback capabilities and monitoring systems to further reduce deployment risks. Rollbacks allow for quick recovery in case of failure, while continuous monitoring enables real-time detection of performance issues, helping SMEs maintain operational uptime and minimize service disruptions. Moreover, the model supports a microservices architecture, allowing SMEs to scale their applications efficiently without compromising stability. Incorporating CI/CD practices fosters agility, enabling SMEs to respond rapidly to market demands and customer feedback. This model not only improves software quality and deployment speed but also aligns with the budgetary and operational limitations of SMEs. It provides a cost-effective solution that enhances overall system reliability and reduces the frequency of software-related incidents. This CI/CD model serves as a practical approach to software deployment, empowering SMEs to optimize their software development lifecycle while ensuring continuous improvement and operational stability.

Software deployment is an important phase of the software development life cycle because it makes software available for the customers. This process needs collaboration between developers and customers. Usually, there are many particular requirements requested from customer aspect. However, software deployment is not directly related to the development of software main functions. Many developers, therefore, tend to underinvest in this process. The critical consequence of a deployment failure is that software may be not available on the targeted environment. This paper presents a framework for gap analysis based on software deployment requirements prioritization. It supports an analysis of a large volume of requirements in order for developer to perform deployment process. The framework is consisted of five related procedures; Project Establishment Phase, Software Deployment Requirements Prioritization Phase, Software Deployment Reference Process Prioritization Phase, Gap Analysis Phase, and Gap Evaluation Phase. Each organization can apply this framework to evaluate gaps between the software deployment requirements and the deployment process according to what the customers really need and improve deployment process to satisfy user need.

This paper presents a security-enhanced, AI-assisted automated software deployment framework that combines CI/CD practices, containerization, Kubernetes orchestration, and DevSecOps integration. The proposed system automates the build, test, and deployment pipeline while embedding security checks at multiple stages through static code analysis, dependency scanning, image vulnerability assessment, and configuration validation. In addition, an AI-assisted monitoring component analyzes runtime metrics and error patterns to support early detection of anomalies and recommends rollback actions when deployments deviate from expected behavior. The framework is implemented using Git-based version control, a CI server, Docker images, and Kubernetes-based staging and production environments. Experimental evaluation comparing the traditional manual approach and the proposed pipeline shows significant reductions in deployment time and failure rate, along with higher test pass rates, improved vulnerability detection, and faster recovery from faults. The results indicate that integrating AI-driven analysis with security-aware CI/CD automation provides a more reliable, efficient, and secure deployment process suitable for modern large-scale software systems.

Modern software deployment process produces software that is uniform, and hence vulnerable to large-scale code-reuse attacks, such as Jump-Oriented Programming (JOP) attacks. Compiler-based diversification improves the resilience and security of software systems by automatically generating different assembly code versions of a given program. Existing techniques are efficient but do not have a precise control over the quality, such as the code size or speed, of the generated code variants. 
 This paper introduces Diversity by Construction (DivCon), a constraint-based compiler approach to software diversification. Unlike previous approaches, DivCon allows users to control and adjust the conflicting goals of diversity and code quality. A key enabler is the use of Large Neighborhood Search (LNS) to generate highly diverse assembly code efficiently. For larger problems, we propose a combination of LNS with a structural decomposition of the problem. To further improve the diversification efficiency of DivCon against JOP attacks, we propose an application-specific distance measure tailored to the characteristics of JOP attacks. 
 We evaluate DivCon with 20 functions from a popular benchmark suite for embedded systems. These experiments show that DivCon's combination of LNS and our application-specific distance measure generates binary programs that are highly resilient against JOP attacks (they share between 0.15% to 8% of JOP gadgets) with an optimality gap of 10%. Our results confirm that there is a trade-off between the quality of each assembly code version and the diversity of the entire pool of versions. In particular, the experiments show that DivCon is able to generate binary programs that share a very small number of gadgets, while delivering near-optimal code. 
 For constraint programming researchers and practitioners, this paper demonstrates that LNS is a valuable technique for finding diverse solutions. For security researchers and software engineers, DivCon extends the scope of compiler-based diversification to performance-critical and resource-constrained applications.