Presentation is loading. Please wait.

Presentation is loading. Please wait.

Dissecting Self-* Properties Andrew Berns & Sukumar Ghosh University of Iowa.

Published byScarlett Powers Modified over 8 years ago

Similar presentations

Presentation on theme: "Dissecting Self-* Properties Andrew Berns & Sukumar Ghosh University of Iowa."— Presentation transcript:

1 Dissecting Self-* Properties Andrew Berns & Sukumar Ghosh University of Iowa

2 Background Autonomic systems are characterized by a number of properties that exhibit its ability of self-management. Collectively known as self-* properties

3 Goal Self-organizing Self-stabilizing Self-optimizing Self-adaptive Self-healing Self-scaling Self-managing What do they precisely mean? How do they differ? Can we find some common framework to satisfy different characterizations of the various self-star properties?

4 The model of a system Network of processes: topology G = (V, E) Processes execute actions. Each action by a process changes its local state. Global state S is the collection of local states. A computation is a sequence of global states.

5 What is a “good” system Safety. Property P must always hold Bad things never happen. Example: no deadlock, at least one token must always exist etc. Liveness. Property Q must eventually hold Good things eventually happen. Example: termination, convergence, progress etc. A system configuration is legal when these properties hold

6 The Environment System Environment Consists of variables that a process can read but not modify. A system is legal when it satisfies its safety properties. Legality is defined with respect to an environment Time of day Network topology User demands for service Output from another system Failures etc

7 System vs. adversary Adversary Disrupts or challenges the system The adversary causes failures, perturbation, allows processes to join or leave without notice, changes global state, launches security attacks, changes the environment etc. Ultimately the system must win. System Environment

8 Tolerance to Adversarial actions Masking. Safety and Liveness Properties are NEVER violated. The system always remains in a legal configuration Non masking. Safety properties (but not Liveness) are temporarily violated, but eventually restored. The system state may temporarily become illegal Self-management = tolerance to adversarial actions

9 Masking vs. Non-masking Legal State space

10 More on tolerance Tolerance to adversarial actions also depends on its type and extent. A system may be masking tolerant to a single crash failure, but exhibit non-masking tolerance to multiple failures

11 Graceful degradation The system negotiates the adversarial action, but recovers to a configuration that satisfies a predicate P’ ⊃ P’ (P= original safety predicate). To be graceful, P’ predicate must be acceptable to the application.

12 Types of actions Actions can be internal or external. External actions can change the environment. Processes execute internal actions only The adversary executes both internal and external actions.

13 Self-management Self-management is a vision. It encompasses all self-* properties. Typically attributed to systems that exhibit at least one self-star property.

14 The framework Generally, in defining a specific self-* property, the important issues are:  Interpretation of the legal configuration  type of adversarial action  Type of tolerance permitted like masking, non-masking, or graceful degradation

15 Self-stabilization Starting from an arbitrary configuration, a self-stabilizing system eventually recovers to a legal configuration (satisfies a predefined predicate P) and remains in that configuration thereafter. Starting from an arbitrary configuration, a self-stabilizing system eventually recovers to a legal configuration (satisfies a predefined predicate P) and remains in that configuration thereafter. Adversarial action: transient failure corrupting the system state Tolerance: non-masking Adversarial action: transient failure corrupting the system state Tolerance: non-masking

16 Self-adaptation if R k then  P k will hold Can be viewed as an extension of a self- stabilizing system, where the legal configuration satisfies the predicate P = ∨ ( R i ∧ P i ) if R k then  P k will hold Can be viewed as an extension of a self- stabilizing system, where the legal configuration satisfies the predicate P = ∨ ( R i ∧ P i ) Environment ∈ {R 1 R 2 …, R m }. A system adapts to an environment R. Environment R P i Process j crashes implies that adversary changes the environment variable crashed (j) from false to true

17 Self-healing A system is self-healing with respect to a subset of external actions if occurrence of those actions cause at most a temporary violation of the system’s legal configuration (safety Property P) Adversarial action: a subset of all possible external actions Tolerance: typically non-masking, but masking not ruled out Adversarial action: a subset of all possible external actions Tolerance: typically non-masking, but masking not ruled out

18 Comments on Self-healing A self-healing system may not be self-healing with respect to an enlarged set of adversarial actions. Skype is a Self-healing system, but it crashed on August 16, 2007 and was down for nearly two days. Why? A self-healing system may not be self-healing with respect to an enlarged set of adversarial actions. Skype is a Self-healing system, but it crashed on August 16, 2007 and was down for nearly two days. Why?

19 Comments on Self-healing Also, self-healing frequently leads to graceful degradation.

20 Self-organization A system is self-organizing with respect to a subset of external actions involving process join and leave if those actions cause at most a temporary violation of the system’s legal configuration (safety Property P) Adversarial action: join / leave actions (up to N processes may concurrently join or N/2 processes may concurrently leave) Tolerance: usually non-masking, but masking not ruled out. Adversarial action: join / leave actions (up to N processes may concurrently join or N/2 processes may concurrently leave) Tolerance: usually non-masking, but masking not ruled out.

21 Self-organization 75 10 78 25 34 45 18 5 83

22 Self-organization An example of gathering

23 Comments on Self-organization A self-organizing system is expected to recover in a reasonable time. [1] imposed a requirement of sub-linear recovery time per join or leave operation [1] Dolev & Tzachar: Empire of Colonies, Theoretical Computer Science 2009 A self-organizing system is expected to recover in a reasonable time. [1] imposed a requirement of sub-linear recovery time per join or leave operation [1] Dolev & Tzachar: Empire of Colonies, Theoretical Computer Science 2009

24 Self-protection A system is self-protecting with respect to a set of malicious external actions if it maintains its legal configuration (data integrity and continued functionality) in the presence of those actions. Adversarial action: malicious actions Tolerance: masking. Comment: Hard to characterize what a malicious action is. It may be a direct security attack, or something very subtle. Adversarial action: malicious actions Tolerance: masking. Comment: Hard to characterize what a malicious action is. It may be a direct security attack, or something very subtle.

25 Self-optimization A system is self-optimizing when starting from an initial configuration if it spontaneously improves / maximizes the value of an objective function (cost) relevant to the systems performance Adversarial action: A bad initialization, or an interim action that makes the current configuration sub-optimal. Tolerance: Non-masking. Comment: What if different nodes have different perceptions of cost? Selfishness adds a new dimension. Adversarial action: A bad initialization, or an interim action that makes the current configuration sub-optimal. Tolerance: Non-masking. Comment: What if different nodes have different perceptions of cost? Selfishness adds a new dimension.

26 Self-optimization with selfish agents Selfish actions used to optimize a system may never reach an equilibrium configuration 1, 34, 3 3, 10 1, 31, 10 3, 1 4,1 1, 10 From a game theory perspective, no Nash Equilibrium exists root Shortest path tree with two different types of processes

27 Self-configuration The legal configuration is defined over the configuration space: Various notions of configuration, like a set of optimal choices of hardware or software modules and connections among them, which is consistent with the environment. Adversarial action: A subset of external actions. Tolerance: Non-masking. Adversarial action: A subset of external actions. Tolerance: Non-masking.

28 Self-configuration 1 User

29 Self-configuration 2 User

30 Relationships among self-star properties Self-stabilization implies self-healing with respect to any adversarial internal action Self-organization implies self-healing with respect to join and leave operations

31 Relationships among self-star properties Self-organization implies self-configuration but the reverse is not true For example, a self-configuring web-server changes the connection between server components, processor cycles and memory capacity to provide a stable response [2], but is not self-organizing since it cannot automatically integrate another server [2] (Wildstrom et al ICAC 2005)

32 Relationships among self-star properties Self-organizationSelf-stabilization A self-stabilizing system that allows a process to join or leave a system of N processes is O(N 2 ) time is not self-organizing (some will disagree)

33 Relationships among self-star properties Chord P2P network is self-organizing, but not self- stabilizing, since once an adversarial action splits the Chord ring into two rings, they do not join.

34 New property: self-immunity A system is self-immune with respect to an action C, if (1) initially tolerance to action C is non-masking, but (1) eventually the system is able to mask the effect of action C The system learns from experience, and becomes smarter with time

35 Self-immune behavior Legal State space

36 New property: self-containment Self-containment is a variant of self-protection. It prevents the total system from being compromised by external malicious actions. At most a fraction of the system is compromised, but eventually the non-compromised processes are able to offer a meaningful level of service. (The system has the ability of damage control by saving a part of it in spite of a security attack. It is a non-masking version of self- protection, similar in spirit with the fault-containment property of self-stabilizing systems)

37 Self-containment

38 Conclusion There is a need for a framework to define what we actually mean by specific self-star property. This will not satisfy everyone’s vision, but as long as it satisfies the majority’s view, the chance of further divergence of views is minimized.

Download ppt "Dissecting Self-* Properties Andrew Berns & Sukumar Ghosh University of Iowa."

Similar presentations

Global States.

Global States.
Chapter 6 - Convergence in the Presence of Faults1-1 Chapter 6 Self-Stabilization Self-Stabilization Shlomi Dolev MIT Press, 2000 Shlomi Dolev, All Rights.

Chapter 6 - Convergence in the Presence of Faults1-1 Chapter 6 Self-Stabilization Self-Stabilization Shlomi Dolev MIT Press, 2000 Shlomi Dolev, All Rights.
KAIS T The Vision of Autonomic Computing Jeffrey O. Kephart, David M Chess IBM Watson research Center IEEE Computer, Jan. 2003 발표자 : 이승학.

KAIS T The Vision of Autonomic Computing Jeffrey O. Kephart, David M Chess IBM Watson research Center IEEE Computer, Jan 발표자 : 이승학.
Self Stabilizing Algorithms for Topology Management Presentation: Deniz Çokuslu.

Self Stabilizing Algorithms for Topology Management Presentation: Deniz Çokuslu.
Self-stabilizing Distributed Systems Sukumar Ghosh Professor, Department of Computer Science University of Iowa.

Self-stabilizing Distributed Systems Sukumar Ghosh Professor, Department of Computer Science University of Iowa.
Self-Stabilization in Distributed Systems Barath Raghavan Vikas Motwani Debashis Panigrahi.

Self-Stabilization in Distributed Systems Barath Raghavan Vikas Motwani Debashis Panigrahi.
Fabian Kuhn, Microsoft Research, Silicon Valley

Fabian Kuhn, Microsoft Research, Silicon Valley
Fabián E. Bustamante, Winter 2006 Autonomic Computing The vision of autonomic computing, J. Kephart and D. Chess, IEEE Computer, Jan. 2003. Also - A.G.

Fabián E. Bustamante, Winter 2006 Autonomic Computing The vision of autonomic computing, J. Kephart and D. Chess, IEEE Computer, Jan Also - A.G.
CSCE 668 DISTRIBUTED ALGORITHMS AND SYSTEMS Fall 2011 Prof. Jennifer Welch CSCE 668 Self Stabilization 1.

CSCE 668 DISTRIBUTED ALGORITHMS AND SYSTEMS Fall 2011 Prof. Jennifer Welch CSCE 668 Self Stabilization 1.
Autonomic Systems Sukumar Ghosh Department of Computer Science The University of Iowa.

Autonomic Systems Sukumar Ghosh Department of Computer Science The University of Iowa.
Altruistic Routing in P2P Networks: Solutions and Problems Sukumar Ghosh Alina Bejan Amlan Bhattacharya University of Iowa.

Altruistic Routing in P2P Networks: Solutions and Problems Sukumar Ghosh Alina Bejan Amlan Bhattacharya University of Iowa.
Towards a Logic for Wide-Area Internet Routing Nick Feamster and Hari Balakrishnan M.I.T. Computer Science and Artificial Intelligence Laboratory Kunal.

Towards a Logic for Wide-Area Internet Routing Nick Feamster and Hari Balakrishnan M.I.T. Computer Science and Artificial Intelligence Laboratory Kunal.
Safety and Liveness. Defining Programs Variables with respective domain –State space of the program Program actions –Guarded commands Program computation.

Safety and Liveness. Defining Programs Variables with respective domain –State space of the program Program actions –Guarded commands Program computation.
A Game-theoretic Approach to the Design of Self-Protection and Self-Healing Mechanisms in Autonomic Computing Systems Birendra Mishra Anderson School of.

A Game-theoretic Approach to the Design of Self-Protection and Self-Healing Mechanisms in Autonomic Computing Systems Birendra Mishra Anderson School of.
Taming Dynamic and Selfish Peers “Peer-to-Peer Systems and Applications” Dagstuhl Seminar March 26th-29th, 2006 Stefan Schmid Distributed Computing Group.

Taming Dynamic and Selfish Peers “Peer-to-Peer Systems and Applications” Dagstuhl Seminar March 26th-29th, 2006 Stefan Schmid Distributed Computing Group.
CPSC 668Self Stabilization1 CPSC 668 Distributed Algorithms and Systems Spring 2008 Prof. Jennifer Welch.

CPSC 668Self Stabilization1 CPSC 668 Distributed Algorithms and Systems Spring 2008 Prof. Jennifer Welch.
Autonomic Computing Shafay Shamail Malik Jahan Khan.

Autonomic Computing Shafay Shamail Malik Jahan Khan.
Self-Stabilization An Introduction Aly Farahat Ph.D. Student Automatic Software Design Lab Computer Science Department Michigan Technological University.

Self-Stabilization An Introduction Aly Farahat Ph.D. Student Automatic Software Design Lab Computer Science Department Michigan Technological University.
CS 603 Communication and Distributed Systems April 15, 2002.

CS 603 Communication and Distributed Systems April 15, 2002.
70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 14: Troubleshooting Windows Server 2003 Networks.

70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 14: Troubleshooting Windows Server 2003 Networks.

Similar presentations

Ads by Google