300 likes | 420 Views
A Social Semantic Infrastructure for Decentralised Systems Based on Specification-Carrying Code and Trust. Giovanna Di Marzo Serugendo University of Geneva, Switzerland. Outline. Semantic Infrastructure « Specification-Carrying Code » (SCC) Service-oriented architecture
E N D
A Social Semantic Infrastructure for Decentralised Systems Based on Specification-Carrying Code and Trust Giovanna Di Marzo Serugendo University of Geneva, Switzerland Giovanna Di Marzo Serugendo
Outline • Semantic Infrastructure • « Specification-Carrying Code » (SCC) • Service-oriented architecture • Social Infrastructure • Trust-Based Systems • Social Semantic Infrastructure • SCC + Trust Giovanna Di Marzo Serugendo
Applications • Wireless / Ad hoc Networks • Bluetooth / WiFi / Ad hoc networks of PDAs • Sensor Networks • Grid • Agent-Based Systems • Ambient Intelligence • End-user services based on an invisible intelligent techonology • Virtual shopping, visa detection, traffic management • Autonomic Computing • Self-management systems • Large Scale Security Systems Giovanna Di Marzo Serugendo
Applications • Characteristics • Based on autonomous entities • Ex: PDAs, Agents • Uncertain environment • Decentralised • Large number of components • Dynamic environment • Need for adaptability • Social dimension • Interactions, discovery, negociations, transactions Giovanna Di Marzo Serugendo
Issues • Interactions with unknown entities (semantics) • Understanding • Interoperability • Management of uncertainty (social) • Malicious entities • Exhibit desirable characteristics, but … • Good faith entities • Fail because: software error, lack of toner, paper jam, … • Adaptability to changing environment • Control / Design of decentralised behaviour • Good properties have to emerge • Bad properties to be avoided! Giovanna Di Marzo Serugendo
Specification-Carrying Code • Interaction with unknown entities • No common design / No common API • Idea: communication is based on a formal specification of the behaviour of a peer entity • Software « carries » a formal description of its own functional behaviour • Communication occurs without API • Formal specification defines the semantics of the behaviour Giovanna Di Marzo Serugendo
SCC - Principle • Scenario • Publication of specifications • Services requested / Services proposed • Specification matching • Proposed service matches requested service • Service realised in an anonymous / asynchronous / non-deterministic manner • Interest • Minimum basis for communication • Specification language (for expressing concepts) • Interaction with new software / with unknown software • No central control (self-assembly) Giovanna Di Marzo Serugendo
S1 Ax1 S Ax Register S Ax S2 Ax2 Code Request ….. Thm Checker {Si | SiS} SCC - Principle Giovanna Di Marzo Serugendo
RegEx Prolog HOL Register (SpecS,IP,Port) SpecS SpecS Search (SpecS) Service Manager (IP,Port) Execute (ArrayList) CodeWR/SpecE CodeWR/SpecS ArrayList’ Code Code Execute (SpecS) Register Service Entity SCC - Architecture SpecS,(IP,Port) Giovanna Di Marzo Serugendo
SCC – Keywords • Registration(Functionality: ``FileSystem´´: ``Read´´,Behaviour: String : ``return´´ : String,QoS: ``local´´, [3,2,1]) • Request(Functionality: ``FileSystem´´: ``Read´´,Behaviour: ``myFile.html´´ : ``return´´ : String,QoS: ``local´´, [3,2,1]) Giovanna Di Marzo Serugendo
SCC – RegEx • Registration <specs> <description active="true"> <content> Sorting service </content> </description> <regex active="true"> <name>(?i)\w*sort\w*</name> <params>String\*</params> <result>String*</result> </regex> </specs> • Request <specs> <description active="true"> <content>Sorting request </content> </description> <regex active="true"> <name>sort</name> <params>String*</params> <result>String\*</result> </regex> </specs> Giovanna Di Marzo Serugendo
SCC – Prolog • Request <specs> <description active="true"> <content> Sorting Request </content> </description> <prolog active="true"> <content> rev([],[]), rev([A|B],R), rev(B,RevB), append(RevB,[A],R), rev(R,[A|B]). </content> </prolog> </specs> • Registration <specs> <description active="true"> <content> Sorting service </content> </description> <prolog active="true"> <content> append([],L,L). append([H|T],L2,[H|L3]):- append(T,L2,L3). rev([],[]). rev([H|T],R) :- rev(T,RevT), append(RevT,[H],R). </content> </prolog> </specs> Giovanna Di Marzo Serugendo
SCC – Alternatives • Specification • Keywords • Regular Expressions (syntactic) • Prolog (SWIProlog) • HOL (Isabelle Thm Prover – meta-ontology) • Jena (Logic + ontology) • Common Simple Logic • Architecture • Publication of specifications (asynchronous / anonymous / non-deterministic) • Direct exchange of specifications (interaction decisions) • Service Discovery • JXTA protocols • Géo-positioning • Information contained in the specification • Functional • Non-functional, security, reputation, positioning, etc, Giovanna Di Marzo Serugendo
SCC - Advantages • Interaction/Interoperability with unknown peers • Integration with new entities • Ontology+Semantics • Service Combination • Robustness • Resilience Giovanna Di Marzo Serugendo
SCC for Unanticipated Run-time Code Evolution • Code changes during its execution (without stopping the application) • Non anticipated evolution • Non anticipated by the programmer • Distribution on the fly • Experiments • Web Server • 160 different versions of the server, with only 4 stops • Tic-Tac-toe for Open Days • Changes done to the application during the play Giovanna Di Marzo Serugendo
SCC for Autonomic Computing • Self-configuration (installation, configuration, integration) • SCC expresses high-level configuration policies • Installation needs • Seamless integration of new entities • Self-repair (error detection, diagnostic, repair) • Generation of correct code from SCC • Replace error code with code having matching specification • Checking of code against specification Giovanna Di Marzo Serugendo
SCC for Autonomic Computing • Self-optimisation (parameters) • SCC expresses optimisation policies • Parameters description • Permanent optimisation of parameters depending on the context • Self-protection (detection and response to attacks) • SCC expresses security policies • Conditions regulating services delivery • Signatures of attacks / Response schema Giovanna Di Marzo Serugendo
SCC vs PCC vs Trust • SCC • Code is decoupled from specification • No guarantee that the code satisfies the specification • It is the same with APIs! • Proof Carrying Code (PCC) [Necula00] • Code « carries » the proof that it is correct • Low level (no infinite loop, no division by zero) • Not at the functional level • No specification • What happens if the code/proof are malicious? • What happens if the code/proof are in good faith, but the code fails? • Trust • Adaptation mechanism based on experience and observation Giovanna Di Marzo Serugendo
Trust-based Systems • Human notion of trust • Uncertainty and partial knowledge • Human beings make choices, take decisions, learn by experience, adapt their behavior • Decisions implicitly rely on trust: • Peers • Legal institutions • Business companies • Idea • Human-like trust-based access control • To learn about peer behavior • To dynamically adapt access control policies Giovanna Di Marzo Serugendo
Trust-based Systems • Software entities • Part of decentralised and distributed systems • Autonomous, roaming • Highly changing environment • Information changes and is not permanently valid • Interactions occur locally • Partial knowledge about the entities, and the environment • Take decisions with local and incomplete knowledge • Trust-based schema helps evaluating: • Good faith, correct functioning Giovanna Di Marzo Serugendo
Trust-based Model (1) • Principals: • interacting set of entities (human/computers, trusted or untrusted) • Local trust values: • Principals maintain local trust values about other principals • Evidence • Direct observations: evaluated outcome of an interaction • Recommendations: asked or received (indirect observation) Giovanna Di Marzo Serugendo
Trust-based Model (2) • Scenario • Request of interaction • Decision making process • Recognise principal • Evaluate trust value, evidence, risk implied by requested interaction • Application of Control Policy • After interaction: trust value updated on the basis of evaluated outcome of the interaction • Trust evolves with time • allows to adapt behaviour of principal SECURE – IST Funded Project (2002-2004) Giovanna Di Marzo Serugendo
Issues • Autonomous Systems • Needs • Interaction with unknown entities • Exchange of capabilities: • To learn about peer behavior • Issues • Malicious entities • Exhibit desirable characteristics, but … • Good Faith entities • Fail because: software error, lack of toner, paper jam, … • Idea • Combination of specifications and trust Giovanna Di Marzo Serugendo
SCC and Trust-based model • Human behavior • Communication through semantic information • Autonomous software: Entities carry specification describing their functional and non-functional behavior • Decisions despite uncertainty • Autonomous software:Trust formation and evolution Giovanna Di Marzo Serugendo
SCC and Trust-based model • Request for collaboration and exchange of Specification • Principals learn services provided by other principals • Decision to interact • Evaluation of specifications, past direct observations, received recommendations, local trust value, risk implied by interaction • Trust update • Evaluation (positive or negative) of outcome of interaction • Spreading of recommendations Giovanna Di Marzo Serugendo
Example: Printers and PDAs • Set of printers (not predefined) • Set of computers (using printers, not predefined) • Exchange of capabilities before interactions • Postscript/double-sided • Storing of interactions outcome • Only single-sided, no printing • Local trust value computation and update • Propagation of recommendations • Risks: • Losing time using a far located printer, printer runs out of paper, etc. Giovanna Di Marzo Serugendo
lw3: New / Prints all PDFs lw6 lw3 Printers and Users (1) lw6: PostScript / Double-Sided/ Paper Jam / Problems with PDFs Giovanna Di Marzo Serugendo
lw6: Random Printing lw8: In the Library lw6 lw8 lw3 Printers and Users (2) lw6: New Printer Giovanna Di Marzo Serugendo
lw6 lw8 lw3 Printers and Users (3) lw6: Software Evolution Giovanna Di Marzo Serugendo
Conclusion • SCC • Simple specifications of behavior • Implementation through a middleware infrastructure • Trust-based model • Defined and implemented as part of EU Funded project – SECURE • Future work • Own specification language (pre- post- conditions, parameters mapping) • Large scale examples • “Google” services Giovanna Di Marzo Serugendo