Seminarie Computernetwerken 2012-2013: Lecture I, 26-02-2013
-
Upload
vincenzo-de-florio -
Category
Technology
-
view
140 -
download
2
description
Transcript of Seminarie Computernetwerken 2012-2013: Lecture I, 26-02-2013
Seminarie Computernetwerken
2012-2013 Lecture I, 26-02-2013 Vincenzo De Florio
PATS / University of Antwerp & iMinds
• A series of seminars focusing on a set of
themes
• This year: resilience, behaviour, evolvability;
in systems, networks, and organizations
• In what follows:
1. themes of the course
2. view to the seminars
3. rules of the game
Seminarie Computernetwerken
26 February 2013 2 2001WETSCN-01
• Resilience, evolvability, behaviour:
interrelated properties
• Behavior: the characteristics of the way
systems respond to changes
• Evolvability: the ability to rapidly adapt to
novel environments
• Resilience: identity robustness w.r.t. changes
• An ancillary property: Dependability
Themes
26 February 2013 3 2001WETSCN-01
• This lecture is to introduce the themes of the
course
• Next ones: seminars describing systems and
algorithms and their adaptive / resilient
behaviors
• Aim: learn how to assess those properties in
existing systems/algorithms.
Rationale
26 February 2013 4 2001WETSCN-01
• “Any change of an entity with respect to
its surroundings” (Rosenblueth et al., 1943)
• Behavioral method: Entities are classified
according to peculiar characteristics of their
behaviors (behavioral classes)
• Passive, active, purposeful, teleological,
predictive behaviors
• Individual and social dimension
Behaviour
26 February 2013 5 2001WETSCN-01
• Entity changes its state only by receiving
energy from an external source.
• A kicked ball does not produce the energy
that sets it in motion—it simply receives that
energy passive behaviour.
Behaviour passive
26 February 2013 6 2001WETSCN-01
• Active behavior occurs when an entity “is the
source of the output energy involved in a
given particular reaction”.
Behaviour active
26 February 2013 7 2001WETSCN-01
• Active change meant to attain a goal—for
instance survival or economical profit
• Output energy is exerted so as to move from
a certain state into another one
• Opposed to purposeless (that is, random)
active behavior
• Purposeful active behavior pertains e.g. to
servo-mechanisms, cyber-physical systems,
and legal persons.
Behaviour purposeful active
26 February 2013 8 2001WETSCN-01
• Purposeful behavior that is “controlled by the
margin of error at which the [entity] stands at
a given time with reference to a relatively
specific goal”
• Requires two capabilities:
1. perceiving the relationship between one's
actions and one's goal, and
2. adjusting dynamically one's behavior so as to
maximize the chances to reach one's goal.
Behaviour teleological
26 February 2013 9 2001WETSCN-01
• Simple individual extrapolative (i.e.,
predictive) teleological behavior
• Ability to formulate one’s action in function of
an extrapolated future state along a single
or a few dimensions
• Individual: action is chosen in isolation, i.e.,
without considering the choices of the
entities co-existing in the same environment
E.g. speculation in compilers.
Behaviour predictive (individual)
26 February 2013 10 2001WETSCN-01
• Simple social predictive behavior
3. Ability to operate “quorum sensing”: choices
take into account the possible future states
of the neighboring entities
• E.g. Bacillus subtilis: When subjected to a
stressful environment such bacteria adopt
quorum sensing and choose between
cooperative and selfish strategies
• E.g. Pelotons.
Behaviour predictive (social)
26 February 2013 11 2001WETSCN-01
• Multivariate prediction
• Computing the future state also requires
4. the ability to perform
4.1 multiple extrapolations
4.2 along different dimensions, e.g. a temporal
and a spatial axis,
4.3 on an individual or a social scale
Behaviour complex multivariate
predictive
26 February 2013 12 2001WETSCN-01
• Collective and proactive forms of
organizational adaptation to the environment
5. the ability to build “collectively constructed and
controlled social environments” on top of the
physical environments (Astley & Fombrun, 1983)
Social “overlay networks”, e.g. business eco-
systems, cyber-physical societies, service-
oriented communities, knowledge ecosystems,
mutual-assistance communities…
“The subject of human ecology”.
Behaviour future-responsive
collective strategies
26 February 2013 13 2001WETSCN-01
• The ability of systems and populations to
rapidly adapting to novel environments [J. Clune, J.-B. Mouret, H. Lipson, The evolutionary origins of
modularity, Proc. R. Soc. B 2013 280]
• Evolvability is associated to several other
traits: diversity, modularity, self-similarity, self-
organization…
[D. C. Stark, “Heterarchy: Distributing Authorithy and
Organizing Diversity”. In “The Biology of Business:
Decoding the Natural Laws of Enterprise”, Jossey-Bass,
1999. p. 153–179.]
Evolvability
26 February 2013 14 2001WETSCN-01
• Measured also through modularity
• “Networks are modular if they contain highly
connected clusters of nodes that are sparsely
connected to nodes in other clusters.
• Intuitively, modular systems seem more
adaptable: it is easier to rewire a modular
network with functional subunits than an
entangled, monolithic network” .
[Clune et al., 2013]
Evolvability in networks
26 February 2013 15 2001WETSCN-01
• Identity robustness throughout change and
evolutions: A system’s ability to retain its
intended functions and properties in spite
of behaviors, endogenous conditions, and
environmental changes
• Two major methods
Entelechy (active behavior resilience)
Elasticity (passive b. r.)
Resilience
26 February 2013 16 2001WETSCN-01
• Aristotelian idea of entelechy :
the ability of “being-at-work-staying-the-same”
Continue working
Without going astray.
Resilience through entelechy
26 February 2013 17 2001WETSCN-01
• An entity (e.g. a physical person, an
organization, or a cyber-physical system) is
resilient when:
1.The entity is able to exert active behavior
(purposeful or otherwise): it continuously
adjusts its functions to compensate for
changes
(adaptivity)
Being-at-work…
26 February 2013 18 2001WETSCN-01
2. While 1., the entity is able to retain its
“identity”: its peculiar and distinctive
functional and non-functional features
in the face of the above mentioned conditions,
actions, and changes,
and despite the entity’s active behavior (the
adjustments carried out by the entity).
Features include timeliness, jitter, scalability,
quality-of-service attributes…
…staying-the-same
26 February 2013 19 2001WETSCN-01
• “The ability of a body that has been subjected
to an external force to recover its size and
shape, following deformation”
(McGraw-Hill, 2003)
• In this case the system does not exert any
purposeful behavior; it just makes use of its
internal characteristics and resources so as
to mask the action of external forces
→ Redundancy-based.
Resilience through elasticity
26 February 2013 20 2001WETSCN-01
• Depending on the enacted behaviors,
software resilience may be obtained
through software elasticity, state recovery,
software adaptation strategies, and
collective resilience strategies
• Several of our seminars focus on software
adaptivity and software resilience of systems,
communication algorithms, and organizations
Software resilience
26 February 2013 21 2001WETSCN-01
• …corresponds to simple protection
mechanisms, e.g., error correcting codes,
redundant data mechanisms, fault masking
strategies based on voting
• Redundant provisions are accommodated
at design time to compensate for certain
classes of events—to some predefined
extent
E.g. NVP; adaptively redundant data structures,
adaptive voting, etc. (see next lectures)
Software elasticity
26 February 2013 22 2001WETSCN-01
• Software mechanisms that reach resilience by
recovering trustworthy system states when
the system is affected by errors
Purposeful teleological behaviors
• Two major forms:
backward recovery (turns system back to a
previously saved “safe state”: checkpoint &
rollback, recovery blocks…)
forward recovery (synthesizes a new valid state:
e.g., recovery languages + formal methods)
State recovery software resilience
26 February 2013 23 2001WETSCN-01
• Based on several complex features
1. perception and introspection to reveal conditions
and situations threatening the intended
behaviors & identity;
2. diagnosis, e.g. ability to compare current and
past situations; unravel trends; identify causes;
3. planning reactive (resp. proactive) strategies to
compensate for current (resp. future) erroneous
behaviors / assumption failures / identity losses;
4. strategy enactment through parametric and
structural adaptation.
Software adaptation-based resilience
26 February 2013 24 2001WETSCN-01
• …corresponds to complex teleological
extrapolative behaviors
• Calls for formal methods to guarantee
persistence of identity
More information: V. De Florio, “On the Role of Perception and Apperception in
Ubiquitous and Pervasive Environments”. PDF Available .
Software adaptation-based resilience
26 February 2013 25 2001WETSCN-01
• Strategies of social organizations
(= “a set of roles tied together with channels
of communication”) (Boulding, 1956)
Business ecosystems, knowledge ecosystems,
cyber-physical societies, service-oriented
communities, mutual-assistance communities…
Bio-inspired organizations
• More information: V. De Florio et al. Service-oriented Communities: Models
and Concepts towards Fractal Social Organizations. PDF
Available
Collective adaptation strategies
26 February 2013 26 2001WETSCN-01
• The more complex the adaptation strategy,
the more difficult it is to guarantee / prove
that the system “stays-the-same”
• But simple strategies often are not enough .
A major problem
26 February 2013 27 2001WETSCN-01
• “The property of a system such that reliance
can justifiably be placed on the service it
delivers”
• System identity with a focus on certain
attributes
Dependability
26 February 2013 28 2001WETSCN-01
Attributes of dependability
26 February 2013 29 2001WETSCN-01
Attributes of dependability
• Availability
Readiness for usage
A(t) = probability that system is conform to
specifications at time t
• Reliability
Continuity of service
R(t) = probability that system is conform to
specifications during [t0,t], provided that so it is
at t0
26 February 2013 30 2001WETSCN-01
Attributes of dependability (2)
• Safety
Non-occurrence of catastrophic consequences on
environment
S(t) = probability that a system is either conform
to specifications, or reaches a safe halt, at time t
Fail-safe systems
The focus of next seminar
26 February 2013 31 2001WETSCN-01
Attributes of dependability (3)
• Maintainability
Aptitude to undergo repairs and adaptations
without going astray
M(t) = probability that system is back to
specifications at t if it failed at t0
“…recover its size and shape, following
deformation…”
26 February 2013 32 2001WETSCN-01
Attributes of dependability (4)
• Confidentiality
Non-occurrence of unauthorised disclosure of
information
• Integrity
Non-occurrence of improper alterations of
information
26 February 2013 33 2001WETSCN-01
Related attributes
• Testability
Ability to test features of a system
Related to maintainability
• Security
Integrity + availability + confidentiality
26 February 2013 34 2001WETSCN-01
Means of dependability
26 February 2013 35 2001WETSCN-01
• Fault avoidance/prevention: design
methodologies that try to make software
provably fault-free
• Fault removal: methods that aim to remove
faults after system development. Done
through testing.
Avoidance/prevention and removal
26 February 2013 36 2001WETSCN-01
• Starting point: “No amount of verification,
validation and testing can eliminate all faults
in an application and give complete
confidence in the availability and data
consistency of applications” (Randell)
• Faults will occur, but we need to make sure
that the system is elastic
• FT: provisions for the system to operate
correctly even in the presence of faults.
Fault tolerance
26 February 2013 37 2001WETSCN-01
Multiple-version Fault Tolerance
• Idea: redundancy of software: independently designed
versions of software
Randell (1975) : “All fault tolerance must be based on the
provision of useful redundancy, both for error detection and
error recovery. In software the redundancy required is not
simple replication of programs but redundancy of design”
• Assumption: random component failures. Correlated
failures sudden exhaustion of available redundancy
Ariane 5 flight 501: two crucial components were operating
in parallel with identical hardware and software…
26 February 2013 38 2001WETSCN-01
MvFT: Recovery blocks
#include <ftmacros.h>
...
ENSURE(acceptance-test) {
Alternate 1;
} ELSEBY {
Alternate 2;
} ... ENSURE;
26 February 2013 39 2001WETSCN-01
MvFT: NVP
#include <ftmacros.h>
...
NVP VERSION{ block 1; SENDVOTE(v-pointer, v-size); }
VERSION{ block 2; SENDVOTE(v-pointer, v-size); }
… ENDVERSION(timeout, v-size);
if (!agreeon(v-pointer)) error_handler();
ENDNVP;
26 February 2013 40 2001WETSCN-01
MvFT in general & in the context
of this exam
• MvFT
Implies N-fold design costs, N-fold maintenance
costs;
The risk of correlated failures is not negligible;
How would you describe the behaviors of such
systems?
What kind of behaviors?
What resilience strategy?
26 February 2013 41 2001WETSCN-01
Behaviors are simple and predefined (system
structure is fixed; no support for dynamic
adaptability)
Resilience: simple software elasticity
MvFT’s behaviors and resilience
26 February 2013 42 2001WETSCN-01
• A variety of systems and algorithms will be
presented
• Their characteristics in terms of behaviours
and resilience (B/R) will be highlighted
Next lectures
26 February 2013 43 2001WETSCN-01