The main objective of project ICOS is to design, develop and validate a meta operating system for a continuum, by addressing the challenges of: i) devices volatility and heterogeneity, continuum infrastructure virtualization and diverse network connectivity; ii) optimized and scalable service execution and performance, as well as resources consumptions, including power consumption; iii) guaranteed trust, security and privacy, and; iv) reduction of integration costs and effective mitigation of cloud provider lock-in effects, - in a datadriven system built upon the principles of openness, adaptability, data sharing and a future edge market scenario for services and data.
ICOS architecture consists of three main layers, Meta-Kernel, Security and Intelligence layers, as well as two additional modules, ICOS Shell and Data Management. The Meta-Kernel Layer is responsible for providing the principal OS functionalities to the continuum. It closely integrates with the Security Layer taking responsibility for guaranteeing security and trust provisioning, as well as with the Intelligence Layer that will enrich any action to be taken with innovative AI approaches. Moreover, ICOS also includes a Shell to interface users as well as a Data Management to handle all data related issues. As well illustrated in the figure is a list of candidate technologies, from today’s perspective, ICOs will use for its development.
ICOS Shell exposes the ICOS services, by means of a graphical user interface (GUI) or a command-line interface (CLI), and it also provides a set of Development and Operations (DevOps) tools to facilitate the development lifecycle. Thus, ICOS shell provides an interface between the system administrator or the developer, and the proposed ICOS intelligence, security and meta-kernel layers. The ICOS shell module consists of three main components:
The Data Management Module is responsible for managing all data required in ICOS, as well as the efficient execution layer of data-based applications and services used in ICOS. Its main functionalities include:
This layer provides functionality to train, test, use, maintain and update analytics and machine learning models in the continuum, with the goal of supporting and augmenting the operations and performance of the security and meta-kernel layers by considering specific policies in the use of data and models, with special emphasis in trustworthiness (see Fig. 1.6), including:
This layer includes: i) Federated Identity Management; ii) Authentication, Authorization and Audit capabilities; iii) Detection of security issues and mitigation mechanisms (e.g. self-healing); iv) Support for compliance frameworks, and; v) Trust and privacy, as supported by several architectural components:
The Meta-Kernel Module provides the base functionalities necessary to make edge devices manageable and ICOS-ready. It is built on the following set of well defined components (see figure below):
Three different functional roles are envisioned in the ICOS system: system client, system core, and system workers. For this reason, three delivery suites are provided accordingly. The system client may be either a user with a device or a device programmed to launch commands to the system. In either case, the Client suite contains the user's shell with basic operational commands (service launching, users' configuration, etc.),
monitoring capabilities and, optionally, the development tools kit and an interactive GUI. The system core is the responsible for all system control and management tasks defined in the ICOS architecture, and includes Meta-Kernel layer, Security layer, and Intelligence layer. Consequently, the Core suite implements all these functionalities and is, by far, the most complex system component. The system workers shape the set of available running devices in ICOS to effectively execute all system service executions. The Worker suite is a lightweight component with the basic run-time libraries to enable the execution of off-loaded tasks and subtasks. Delivery suites will be installed in devices according to the device's role in the system, i.e., whether a client (Client suite), part of the system core (Core suite) or one of the multiple system workers (Worker suite). Each suite can be delivered as a complete package or delivered selectively as isolated components as part of the ICOS solution, to facilitate reuse and updating. Furthermore, note
that a physical device can install more than one suite instance if desired, assuming several roles in the system. For instance, one can install a Client suite and a few Worker instances in a smartphone, a Core suite and several Worker instances in one server, or just a Worker instance in a low-power device.