Seminarie Computernetwerken 2012-2013: Lecture I, 26-02-2013

Seminarie Computernetwerken

2012-2013 Lecture I, 26-02-2013 Vincenzo De Florio

[email protected]

PATS / University of Antwerp & iMinds

• A series of seminars focusing on a set of

themes

• This year: resilience, behaviour, evolvability;

in systems, networks, and organizations

• In what follows:

1. themes of the course

2. view to the seminars

3. rules of the game

Seminarie Computernetwerken

26 February 2013 2 2001WETSCN-01

• Resilience, evolvability, behaviour:

interrelated properties

• Behavior: the characteristics of the way

systems respond to changes

• Evolvability: the ability to rapidly adapt to

novel environments

• Resilience: identity robustness w.r.t. changes

• An ancillary property: Dependability

Themes


• This lecture is to introduce the themes of the

course

• Next ones: seminars describing systems and

algorithms and their adaptive / resilient

behaviors

• Aim: learn how to assess those properties in

existing systems/algorithms.

Rationale


• “Any change of an entity with respect to

its surroundings” (Rosenblueth et al., 1943)

• Behavioral method: Entities are classified

according to peculiar characteristics of their

behaviors (behavioral classes)

• Passive, active, purposeful, teleological,

predictive behaviors

• Individual and social dimension

Behaviour


• Entity changes its state only by receiving

energy from an external source.

• A kicked ball does not produce the energy

that sets it in motion—it simply receives that

energy passive behaviour.

Behaviour passive


• Active behavior occurs when an entity “is the

source of the output energy involved in a

given particular reaction”.

Behaviour active


• Active change meant to attain a goal—for

instance survival or economical profit

• Output energy is exerted so as to move from

a certain state into another one

• Opposed to purposeless (that is, random)

active behavior

• Purposeful active behavior pertains e.g. to

servo-mechanisms, cyber-physical systems,

and legal persons.

Behaviour purposeful active


• Purposeful behavior that is “controlled by the

margin of error at which the [entity] stands at

a given time with reference to a relatively

specific goal”

• Requires two capabilities:

1. perceiving the relationship between one's

actions and one's goal, and

2. adjusting dynamically one's behavior so as to

maximize the chances to reach one's goal.

Behaviour teleological


• Simple individual extrapolative (i.e.,

predictive) teleological behavior

• Ability to formulate one’s action in function of

an extrapolated future state along a single

or a few dimensions

• Individual: action is chosen in isolation, i.e.,

without considering the choices of the

entities co-existing in the same environment

E.g. speculation in compilers.

Behaviour predictive (individual)


• Simple social predictive behavior

3. Ability to operate “quorum sensing”: choices

take into account the possible future states

of the neighboring entities

• E.g. Bacillus subtilis: When subjected to a

stressful environment such bacteria adopt

quorum sensing and choose between

cooperative and selfish strategies

• E.g. Pelotons.

Behaviour predictive (social)


• Multivariate prediction

• Computing the future state also requires

4. the ability to perform

4.1 multiple extrapolations

4.2 along different dimensions, e.g. a temporal

and a spatial axis,

4.3 on an individual or a social scale

Behaviour complex multivariate

predictive


• Collective and proactive forms of

organizational adaptation to the environment

5. the ability to build “collectively constructed and

controlled social environments” on top of the

physical environments (Astley & Fombrun, 1983)

Social “overlay networks”, e.g. business eco-

systems, cyber-physical societies, service-

oriented communities, knowledge ecosystems,

mutual-assistance communities…

“The subject of human ecology”.

Behaviour future-responsive

collective strategies


• The ability of systems and populations to

rapidly adapting to novel environments [J. Clune, J.-B. Mouret, H. Lipson, The evolutionary origins of

modularity, Proc. R. Soc. B 2013 280]

• Evolvability is associated to several other

traits: diversity, modularity, self-similarity, self-

organization…

[D. C. Stark, “Heterarchy: Distributing Authorithy and

Organizing Diversity”. In “The Biology of Business:

Decoding the Natural Laws of Enterprise”, Jossey-Bass,

1999. p. 153–179.]

Evolvability


• Measured also through modularity

• “Networks are modular if they contain highly

connected clusters of nodes that are sparsely

connected to nodes in other clusters.

• Intuitively, modular systems seem more

adaptable: it is easier to rewire a modular

network with functional subunits than an

entangled, monolithic network” .

[Clune et al., 2013]

Evolvability in networks


• Identity robustness throughout change and

evolutions: A system’s ability to retain its

intended functions and properties in spite

of behaviors, endogenous conditions, and

environmental changes

• Two major methods

Entelechy (active behavior resilience)

Elasticity (passive b. r.)

Resilience


• Aristotelian idea of entelechy :

the ability of “being-at-work-staying-the-same”

Continue working

Without going astray.

Resilience through entelechy


http://books.google.be/books/about/Aristotle_s_Physics.html?id=6ychtCR4TZUC&redir_esc=y

• An entity (e.g. a physical person, an

organization, or a cyber-physical system) is

resilient when:

1.The entity is able to exert active behavior

(purposeful or otherwise): it continuously

adjusts its functions to compensate for

changes

(adaptivity)

Being-at-work…


2. While 1., the entity is able to retain its

“identity”: its peculiar and distinctive

functional and non-functional features

in the face of the above mentioned conditions,

actions, and changes,

and despite the entity’s active behavior (the

adjustments carried out by the entity).

Features include timeliness, jitter, scalability,

quality-of-service attributes…

…staying-the-same


• “The ability of a body that has been subjected

to an external force to recover its size and

shape, following deformation”

(McGraw-Hill, 2003)

• In this case the system does not exert any

purposeful behavior; it just makes use of its

internal characteristics and resources so as

to mask the action of external forces

→ Redundancy-based.

Resilience through elasticity


• Depending on the enacted behaviors,

software resilience may be obtained

through software elasticity, state recovery,

software adaptation strategies, and

collective resilience strategies

• Several of our seminars focus on software

adaptivity and software resilience of systems,

communication algorithms, and organizations

Software resilience


• …corresponds to simple protection

mechanisms, e.g., error correcting codes,

redundant data mechanisms, fault masking

strategies based on voting

• Redundant provisions are accommodated

at design time to compensate for certain

classes of events—to some predefined

extent

E.g. NVP; adaptively redundant data structures,

adaptive voting, etc. (see next lectures)

Software elasticity


• Software mechanisms that reach resilience by

recovering trustworthy system states when

the system is affected by errors

Purposeful teleological behaviors

• Two major forms:

backward recovery (turns system back to a

previously saved “safe state”: checkpoint &

rollback, recovery blocks…)

forward recovery (synthesizes a new valid state:

e.g., recovery languages + formal methods)

State recovery software resilience


• Based on several complex features

1. perception and introspection to reveal conditions

and situations threatening the intended

behaviors & identity;

2. diagnosis, e.g. ability to compare current and

past situations; unravel trends; identify causes;

3. planning reactive (resp. proactive) strategies to

compensate for current (resp. future) erroneous

behaviors / assumption failures / identity losses;

4. strategy enactment through parametric and

structural adaptation.

Software adaptation-based resilience


• …corresponds to complex teleological

extrapolative behaviors

• Calls for formal methods to guarantee

persistence of identity

More information: V. De Florio, “On the Role of Perception and Apperception in

Ubiquitous and Pervasive Environments”. PDF Available .

Software adaptation-based resilience


http://www.pats.ua.ac.be/content/publications/2012/SUPE_99_DeFlorio.pdf

• Strategies of social organizations

(= “a set of roles tied together with channels

of communication”) (Boulding, 1956)

Business ecosystems, knowledge ecosystems,

cyber-physical societies, service-oriented

communities, mutual-assistance communities…

Bio-inspired organizations

• More information: V. De Florio et al. Service-oriented Communities: Models

and Concepts towards Fractal Social Organizations. PDF

Available

Collective adaptation strategies


http://www.pats.ua.ac.be/content/publications/2012/SoC12b.pdf

http://www.pats.ua.ac.be/content/publications/2012/SoC12b.pdf

• The more complex the adaptation strategy,

the more difficult it is to guarantee / prove

that the system “stays-the-same”

• But simple strategies often are not enough .

A major problem


• “The property of a system such that reliance

can justifiably be placed on the service it

delivers”

• System identity with a focus on certain

attributes

Dependability


Attributes of dependability


Attributes of dependability

• Availability

Readiness for usage

A(t) = probability that system is conform to

specifications at time t

• Reliability

Continuity of service

R(t) = probability that system is conform to

specifications during [t0,t], provided that so it is

at t0


Attributes of dependability (2)

• Safety

Non-occurrence of catastrophic consequences on

environment

S(t) = probability that a system is either conform

to specifications, or reaches a safe halt, at time t

Fail-safe systems

The focus of next seminar



• Maintainability

Aptitude to undergo repairs and adaptations

without going astray

M(t) = probability that system is back to

specifications at t if it failed at t0

“…recover its size and shape, following

deformation…”



• Confidentiality

Non-occurrence of unauthorised disclosure of

information

• Integrity

Non-occurrence of improper alterations of

information


Related attributes

• Testability

Ability to test features of a system

Related to maintainability

• Security

Integrity + availability + confidentiality


Means of dependability


• Fault avoidance/prevention: design

methodologies that try to make software

provably fault-free

• Fault removal: methods that aim to remove

faults after system development. Done

through testing.

Avoidance/prevention and removal


• Starting point: “No amount of verification,

validation and testing can eliminate all faults

in an application and give complete

confidence in the availability and data

consistency of applications” (Randell)

• Faults will occur, but we need to make sure

that the system is elastic

• FT: provisions for the system to operate

correctly even in the presence of faults.

Fault tolerance


Multiple-version Fault Tolerance

• Idea: redundancy of software: independently designed

versions of software

Randell (1975) : “All fault tolerance must be based on the

provision of useful redundancy, both for error detection and

error recovery. In software the redundancy required is not

simple replication of programs but redundancy of design”

• Assumption: random component failures. Correlated

failures sudden exhaustion of available redundancy

Ariane 5 flight 501: two crucial components were operating

in parallel with identical hardware and software…


MvFT: Recovery blocks

#include <ftmacros.h>

...

ENSURE(acceptance-test) {

Alternate 1;

} ELSEBY {

Alternate 2;

} ... ENSURE;


MvFT: NVP

#include <ftmacros.h>

...

NVP VERSION{ block 1; SENDVOTE(v-pointer, v-size); }

VERSION{ block 2; SENDVOTE(v-pointer, v-size); }

… ENDVERSION(timeout, v-size);

if (!agreeon(v-pointer)) error_handler();

ENDNVP;


MvFT in general & in the context

of this exam

• MvFT

Implies N-fold design costs, N-fold maintenance

costs;

The risk of correlated failures is not negligible;

How would you describe the behaviors of such

systems?

What kind of behaviors?

What resilience strategy?


Behaviors are simple and predefined (system

structure is fixed; no support for dynamic

adaptability)

Resilience: simple software elasticity

MvFT’s behaviors and resilience


• A variety of systems and algorithms will be

presented

• Their characteristics in terms of behaviours

and resilience (B/R) will be highlighted

Next lectures


Seminarie Computernetwerken 2012-2013: Lecture I, 26-02-2013

Technology

Transcript of Seminarie Computernetwerken 2012-2013: Lecture I, 26-02-2013