Final PPMGR?

docs/.gitignore

@@ -10,7 +10,6 @@ main.app
 main.aux
 main.bbl
 main.bcf
-main.bcf-SAVE-ERROR
 main.blg
 main.fdb_latexmk
 main.fls

docs/bibliografia.bib

@@ -86,3 +86,95 @@ @misc{dcp19
     howpublished = {Dostęp zdalny (14.03.2019): \url{https://github.com/ArturB/DCP-19}},
     year         = {2019}
 }
+
+% MOJE
+
+
+@misc{malul_genkubesec_2024,
+	title = {{GenKubeSec}: {LLM}-{Based} {Kubernetes} {Misconfiguration} {Detection}, {Localization}, {Reasoning}, and {Remediation}},
+	shorttitle = {{GenKubeSec}},
+	url = {http://arxiv.org/abs/2405.19954},
+	doi = {10.48550/arXiv.2405.19954},
+	abstract = {A key challenge associated with Kubernetes configuration files (KCFs) is that they are often highly complex and error-prone, leading to security vulnerabilities and operational setbacks. Rule-based (RB) tools for KCF misconfiguration detection rely on static rule sets, making them inherently limited and unable to detect newlydiscovered misconfigurations. RB tools also suffer from misdetection, since mistakes are likely when coding the detection rules. Recent methods for detecting and remediating KCF misconfigurations are limited in terms of their scalability and detection coverage, or due to the fact that they have high expertise requirements and do not offer automated remediation along with misconfiguration detection. Novel approaches that employ LLMs in their pipeline rely on API-based, general-purpose, and mainly commercial models. Thus, they pose security challenges, have inconsistent classification performance, and can be costly. In this paper, we propose GenKubeSec, a comprehensive and adaptive, LLM-based method, which, in addition to detecting a wide variety of KCF misconfigurations, also identifies the exact location of the misconfigurations and provides detailed reasoning about them, along with suggested remediation. When empirically compared with three industry-standard RB tools, GenKubeSec achieved equivalent precision (0.990 ± 0.020) and superior recall (0.999 ± 0.026). When a random sample of KCFs was examined by a Kubernetes security expert, GenKubeSec’s explanations as to misconfiguration localization, reasoning and remediation were 100\% correct, informative and useful. To facilitate further advancements in this domain, we share the unique dataset we collected, a unified misconfiguration index we developed for label standardization, our experimentation code, and GenKubeSec itself as an open-source tool. A video demonstrating our implementation of GenKubeSec can be found here: https://youtu.be/hBehYfdR-zM.},
+	language = {en},
+	urldate = {2025-01-23},
+	publisher = {arXiv},
+	author = {Malul, Ehud and Meidan, Yair and Mimran, Dudu and Elovici, Yuval and Shabtai, Asaf},
+	month = may,
+	year = {2024},
+	note = {arXiv:2405.19954 [cs]},
+	keywords = {Computer Science - Computation and Language, Computer Science - Cryptography and Security, Computer Science - Distributed, Parallel, and Cluster Computing, Computer Science - Machine Learning},
+	file = {PDF:/Users/rasztabigab/Zotero/storage/WDKEZU97/Malul et al. - 2024 - GenKubeSec LLM-Based Kubernetes Misconfiguration Detection, Localization, Reasoning, and Remediatio.pdf:application/pdf},
+}
+
+@misc{ueno_migrating_2024,
+	title = {Migrating {Existing} {Container} {Workload} to {Kubernetes} -- {LLM} {Based} {Approach} and {Evaluation}},
+	url = {http://arxiv.org/abs/2408.11428},
+	doi = {10.48550/arXiv.2408.11428},
+	abstract = {Although Kubernetes has become a widespread open-source system that automates the management of containerized applications, its complexity can be a significant barrier, particularly for application developers unfamiliar with it. One approach employs large language models (LLMs) to assist developers in generating Kubernetes manifests; however it is currently impossible to determine whether the output satisfies given specifications and is comprehensible. In this study, we proposed a benchmarking method for evaluating the effectiveness of LLMs in synthesizing manifests, using the Compose specification — a standard widely adopted by application developers — as input. The proposed benchmarking method revealed that LLMs generally produce accurate results that compensate for simple specification gaps. However, we also observed that inline comments for readability were often omitted, and completion accuracy was low for atypical inputs with unclear intentions.},
+	language = {en},
+	urldate = {2025-01-23},
+	publisher = {arXiv},
+	author = {Ueno, Masaru and Uchiumi, Tetsuya},
+	month = aug,
+	year = {2024},
+	note = {arXiv:2408.11428 [cs]},
+	keywords = {Computer Science - Software Engineering},
+	file = {PDF:/Users/rasztabigab/Zotero/storage/LXZXIS4K/Ueno and Uchiumi - 2024 - Migrating Existing Container Workload to Kubernetes -- LLM Based Approach and Evaluation.pdf:application/pdf},
+}
+
+@inproceedings{kratzke_dont_2024,
+	address = {Angers, France},
+	title = {Don't {Train}, {Just} {Prompt}: {Towards} a {Prompt} {Engineering} {Approach} for a {More} {Generative} {Container} {Orchestration} {Management}:},
+	isbn = {978-989-758-701-6},
+	shorttitle = {Don't {Train}, {Just} {Prompt}},
+	url = {https://www.scitepress.org/DigitalLibrary/Link.aspx?doi=10.5220/0012710300003711},
+	doi = {10.5220/0012710300003711},
+	abstract = {Background: The intricate architecture of container orchestration systems like Kubernetes relies on the critical role of declarative manifest files that serve as the blueprints for orchestration. However, managing these manifest files often presents complex challenges requiring significant DevOps expertise. Methodology: This position paper explores using Large Language Models (LLMs) to automate the generation of Kubernetes manifest files through natural language specifications and prompt engineering, aiming to simplify Kubernetes management. The study evaluates these LLMs using Zero-Shot, Few-Shot, and Prompt-Chaining techniques against DevOps requirements and the ability to support fully automated deployment pipelines. Results show that LLMs can produce Kubernetes manifests with varying degrees of manual intervention, with GPT-4 and GPT-3.5 showing potential for fully automated deployments. Interestingly, smaller models sometimes outperform larger ones, questioning the assumption that bigger is always better. Conclusion: The study emphasizes that prompt engineering is critical to optimizing LLM outputs for Kubernetes. It suggests further research into prompt strategies and LLM comparisons and highlights a promising research direction for integrating LLMs into automatic deployment pipelines.},
+	language = {en},
+	urldate = {2025-01-23},
+	booktitle = {Proceedings of the 14th {International} {Conference} on {Cloud} {Computing} and {Services} {Science}},
+	publisher = {SCITEPRESS - Science and Technology Publications},
+	author = {Kratzke, Nane and Drews, André},
+	year = {2024},
+	pages = {248--256},
+	file = {PDF:/Users/rasztabigab/Zotero/storage/AXC6FJA9/Kratzke and Drews - 2024 - Don't Train, Just Prompt Towards a Prompt Engineering Approach for a More Generative Container Orch.pdf:application/pdf},
+}
+
+@inproceedings{lanciano_analyzing_2023,
+	address = {Prague, Czech Republic},
+	title = {Analyzing {Declarative} {Deployment} {Code} with {Large} {Language} {Models}:},
+	isbn = {978-989-758-650-7},
+	shorttitle = {Analyzing {Declarative} {Deployment} {Code} with {Large} {Language} {Models}},
+	url = {https://www.scitepress.org/DigitalLibrary/Link.aspx?doi=10.5220/0011991200003488},
+	doi = {10.5220/0011991200003488},
+	abstract = {In the cloud-native era, developers have at their disposal an unprecedented landscape of services to build scalable distributed systems. The DevOps paradigm emerged as a response to the increasing necessity of better automations, capable of dealing with the complexity of modern cloud systems. For instance, Infrastructure-asCode tools provide a declarative way to define, track, and automate changes to the infrastructure underlying a cloud application. Assuring the quality of this part of a code base is of utmost importance. However, learning to produce robust deployment specifications is not an easy feat, and for the domain experts it is timeconsuming to conduct code-reviews and transfer the appropriate knowledge to novice members of the team. Given the abundance of data generated throughout the DevOps cycle, machine learning (ML) techniques seem a promising way to tackle this problem. In this work, we propose an approach based on Large Language Models to analyze declarative deployment code and automatically provide QA-related recommendations to developers, such that they can benefit of established best practices and design patterns. We developed a prototype of our proposed ML pipeline, and empirically evaluated our approach on a collection of Kubernetes manifests exported from a repository of internal projects at Nokia Bell Labs.},
+	language = {en},
+	urldate = {2025-01-23},
+	booktitle = {Proceedings of the 13th {International} {Conference} on {Cloud} {Computing} and {Services} {Science}},
+	publisher = {SCITEPRESS - Science and Technology Publications},
+	author = {Lanciano, Giacomo and Stein, Manuel and Hilt, Volker and Cucinotta, Tommaso},
+	year = {2023},
+	pages = {289--296},
+	file = {PDF:/Users/rasztabigab/Zotero/storage/DNJ6HQGE/Lanciano et al. - 2023 - Analyzing Declarative Deployment Code with Large Language Models.pdf:application/pdf},
+}
+
+@inproceedings{pujar_invited_2023,
+	address = {San Francisco, CA, USA},
+	title = {Invited: {Automated} {Code} generation for {Information} {Technology} {Tasks} in {YAML} through {Large} {Language} {Models}},
+	copyright = {https://doi.org/10.15223/policy-029},
+	isbn = {9798350323481},
+	shorttitle = {Invited},
+	url = {https://ieeexplore.ieee.org/document/10247987/},
+	doi = {10.1109/DAC56929.2023.10247987},
+	abstract = {The recent improvement in code generation capabilities due to the use of large language models has mainly benefited general purpose programming languages. Domain specific languages, such as the ones used for IT Automation, received far less attention, despite involving many active developers and being an essential component of modern cloud platforms. This work focuses on the generation of Ansible YAML, a widely used markup language for IT Automation. We present Ansible Wisdom, a natural-language to Ansible YAML code generation tool, aimed at improving IT automation productivity. Results show that Ansible Wisdom can accurately generate Ansible script from natural language prompts with performance comparable or better than existing state of the art code generation models.},
+	language = {en},
+	urldate = {2025-01-23},
+	booktitle = {2023 60th {ACM}/{IEEE} {Design} {Automation} {Conference} ({DAC})},
+	publisher = {IEEE},
+	author = {Pujar, Saurabh and Buratti, Luca and Guo, Xiaojie and Dupuis, Nicolas and Lewis, Burn and Suneja, Sahil and Sood, Atin and Nalawade, Ganesh and Jones, Matt and Morari, Alessandro and Puri, Ruchir},
+	month = jul,
+	year = {2023},
+	pages = {1--4},
+	file = {PDF:/Users/rasztabigab/Zotero/storage/F77VRJ2R/Pujar et al. - 2023 - Invited Automated Code generation for Information Technology Tasks in YAML through Large Language M.pdf:application/pdf},
+}

docs/main.tex

@@ -61,16 +61,18 @@
 % English abstract if \langeng is set
 %-------------------------------------
 \cleardoublepage % Zaczynamy od nieparzystej strony
-\abstract \lipsum[1-3]
-\keywords XXX, XXX, XXX
+% TODO uncomment
+% \abstract \lipsum[1-3]
+% \keywords XXX, XXX, XXX
 
 %----------------------------------------
 % Streszczenie po angielsku dla \langpol
 % Polish abstract if \langeng is set
 %----------------------------------------
 \clearpage
-\secondabstract \kant[1-3]
-\secondkeywords XXX, XXX, XXX
+% TODO uncomment
+% \secondabstract \kant[1-3]
+% \secondkeywords XXX, XXX, XXX
 
 \pagestyle{plain}
 
@@ -86,7 +88,11 @@
 \cleardoublepage % Zaczynamy od nieparzystej strony
 \pagestyle{headings}
 
-\input{tex/1-wstep}         % Wygodnie jest trzymać każdy rozdział w osobnym pliku.
+\input{tex/1-wybor-tematu}
+\input{tex/2-przeglad-literatury}
+\input{tex/3-przeglad-narzedzi}
+\input{tex/4-opis-eksperymentow}
+\input{tex/5-dalsze-prace}
 
 %---------------
 % Bibliografia
@@ -101,20 +107,23 @@
 % generuje właściwy tytuł sekcji, w zależności od języka.
 % Makro \acronym dodaje skrót/symbol do listy,
 % zapewniając podstawowe formatowanie.
-\acronymlist
-\acronym{LLM}{ang. \emph{Large Language Model}}
-\vspace{0.8cm}
+
+% TODO uncomment
+% \acronymlist
+% \acronym{LLM}{ang. \emph{Large Language Model}}
+% \vspace{0.8cm}
 
 %--------------------------------------
 % Spisy: rysunków, tabel, załączników
 %--------------------------------------
 \pagestyle{plain}
 
-\listoffigurestoc    % Spis rysunków.
-\vspace{1cm}         % vertical space
-\listoftablestoc     % Spis tabel.
-\vspace{1cm}         % vertical space
-\listofappendicestoc % Spis załączników
+% TODO uncomment
+% \listoffigurestoc    % Spis rysunków.
+% \vspace{1cm}         % vertical space
+% \listoftablestoc     % Spis tabel.
+% \vspace{1cm}         % vertical space
+% \listofappendicestoc % Spis załączników
 
 %-------------
 % Załączniki

docs/tex/1-wybor-tematu.tex

@@ -0,0 +1,19 @@
+\clearpage % Rozdziały zaczynamy od nowej strony.
+\section{Wybór tematu}
+
+
+\subsection{Tytuł pracy}
+Zastosowanie dużych modeli językowych (LLM) do generowania konfiguracji Docker i Kubernetes
+
+\subsection{Opis tematu}
+Celem niniejszej pracy jest analiza możliwości zastosowania dużych modeli językowych (LLM) do generowania konfiguracji Dockerfile i Kubernetes w ramach platformy jako usługi (PaaS) służącej do budowania i wdrażania aplikacji w klastrze Kubernetes. W pracy zostanie przeprowadzona ocena dostępnych modeli, takich jak GPT, LLAMA, Falcon czy Claude, pod kątem ich zdolności do poprawnego i bezpiecznego tworzenia tych konfiguracji. Szczególny nacisk zostanie położony na analizę aspektów bezpieczeństwa wygenerowanych konfiguracji, takich jak podatność na ataki (np. pozwalające na wykonanie arbitralnego kodu) czy możliwość "jailbreakingu" modelu poprzez manipulację danymi wejściowymi. Planowane jest opracowanie metodologii porównawczej dla wybranych modeli oraz przeprowadzenie testów poprawności, wydajności i bezpieczeństwa. Wynikiem pracy będzie system PaaS, który automatycznie generuje konfiguracje dla podanego repozytorium kodu oraz na ich podstawie buduje i wdraża aplikacje.
+
+\subsection{Motywacja}
+Duże modele językowe (LLM) w ostatnich latach zyskały ogromną popularność, co otwiera wiele nowych możliwości ich zastosowania w różnych dziedzinach. Ich zdolności w zakresie przetwarzania języka naturalnego sprawiają, że mogą być użyteczne również w generowaniu takich technicznych i żmudnych elementów jak konfiguracje Dockerfile czy Kubernetes. Proces ten, wymagający zazwyczaj manualnej pracy DevOpsów, może zostać znacznie uproszczony i przyspieszony dzięki automatyzacji opartej na LLM.
+
+Kolejnym istotnym aspektem jest możliwość wykorzystania repozytorium kodu jako wejścia dla modeli LLM. Takie podejście rodzi wiele pytań badawczych, szczególnie w zakresie podatności generowanych konfiguracji na potencjalne ataki (np. wykonanie arbitralnego kodu czy "jailbreaking" modeli). Bezpieczeństwo wygenerowanych konfiguracji jest kluczowym obszarem, wymagającym dogłębnej analizy i testów.
+
+Równie ważny jest koncept determinizmu procesu generowania. Czy konfiguracje wygenerowane przez modele LLM mogą być deterministyczne i pozbawione błędów? Jakie potencjalne "dziury" mogą się pojawić i czy tego rodzaju rozwiązania mogłyby zastąpić człowieka w procesie tworzenia konfiguracji?
+
+Na wybór tego tematu wpłynęły również osobiste zainteresowania autora. DevOps, jako dziedzina łącząca aspekty programistyczne i operacyjne, od zawsze budził jego zainteresowanie. Chęć zgłębienia zastosowań LLM w tym obszarze jest dodatkowym bodźcem do realizacji tej pracy.
+