Seminarie Computernetwerken is a course given at Universiteit Antwerpen, Belgium A series of seminars focusing on various themes changing from year to year. This year's themes are: resilience, behaviour, evolvability;  in systems, networks, and organizations In what follows we describe: themes of the course view to the seminars rules of the game

1. Seminarie Computernetwerken
2012-2013 Lecture I, 26-02-2013
Vincenzo De Florio
vincenzo.deflorio@uantwerpen.be
PATS / University of Antwerp & iMinds

2. Seminarie Computernetwerken
• A series of seminars focusing on a set of
themes
• This year: resilience, behaviour, evolvability;
in systems, networks, and organizations
• In what follows:
1. themes of the course
2. view to the seminars
3. rules of the game
26 February 2013
2001WETSCN-01
2

3. Themes
• Resilience, evolvability, behaviour:
interrelated properties
• Behavior: the characteristics of the way
systems respond to changes
• Evolvability: the ability to rapidly adapt to
novel environments
• Resilience: identity robustness w.r.t. changes
• An ancillary property: Dependability
26 February 2013
2001WETSCN-01
3

4. Rationale
• This lecture is to introduce the themes of the
course
• Next ones: seminars describing systems and
algorithms and their adaptive / resilient
behaviors
• Aim: learn how to assess those properties in
existing systems/algorithms.
26 February 2013
2001WETSCN-01
4

5. Behaviour
• “Any change of an entity with respect to
its surroundings”
(Rosenblueth et al., 1943)
• Behavioral method: Entities are classified
according to peculiar characteristics of their
behaviors (behavioral classes)
• Passive, active, purposeful, teleological,
predictive behaviors
• Individual and social dimension
26 February 2013
2001WETSCN-01
5

6. Behaviour  passive
• Entity changes its state only by receiving
energy from an external source.
• A kicked ball does not produce the energy
that sets it in motion—it simply receives that
energy  passive behaviour.
26 February 2013
2001WETSCN-01
6

7. Behaviour  active
• Active behavior occurs when an entity “is the
source of the output energy involved in a
given particular reaction”.
26 February 2013
2001WETSCN-01
7

8. Behaviour  purposeful active
• Active change meant to attain a goal—for
instance survival or economical profit
• Output energy is exerted so as to move from
a certain state into another one
• Opposed to purposeless (that is, random)
active behavior
• Purposeful active behavior pertains e.g. to
servo-mechanisms, cyber-physical systems,
and legal persons.
26 February 2013
2001WETSCN-01
8

9. Behaviour  teleological
• Purposeful behavior that is “controlled by the
margin of error at which the [entity] stands at
a given time with reference to a relatively
specific goal”
• Requires two capabilities:
perceiving the relationship between one's
actions and one's goal, and
2. adjusting dynamically one's behavior so as to
maximize the chances to reach one's goal.
1.
26 February 2013
2001WETSCN-01
9

10. Behaviour  predictive (individual)
• Simple individual extrapolative (i.e.,
predictive) teleological behavior
• Ability to formulate one’s action in function of
an extrapolated future state along a single
or a few dimensions
• Individual: action is chosen in isolation, i.e.,
without considering the choices of the
entities co-existing in the same environment

E.g. speculation in compilers.
26 February 2013
2001WETSCN-01
10

11. Behaviour  predictive (social)
• Simple social predictive behavior
3.
Ability to operate “quorum sensing”: choices
take into account the possible future states
of the neighboring entities
• E.g. Bacillus subtilis: When subjected to a
stressful environment such bacteria adopt
quorum sensing and choose between
cooperative and selfish strategies
• E.g. Pelotons.
26 February 2013
2001WETSCN-01
11

12. Behaviour  complex multivariate
predictive
• Multivariate prediction
• Computing the future state also requires
4.
the ability to perform
4.1 multiple extrapolations
4.2 along different dimensions, e.g. a temporal
and a spatial axis,
4.3 on an individual or a social scale
26 February 2013
2001WETSCN-01
12

13. Behaviour  future-responsive
collective strategies
• Collective and proactive forms of
organizational adaptation to the environment
the ability to build “collectively constructed and
controlled social environments” on top of the
physical environments (Astley & Fombrun, 1983)
 Social “overlay networks”, e.g. business ecosystems, cyber-physical societies, serviceoriented communities, knowledge ecosystems,
mutual-assistance communities…
 “The subject of human ecology”.
5.
26 February 2013
2001WETSCN-01
13

14. Evolvability
• The ability of systems and populations to
rapidly adapting to novel environments
[J. Clune, J.-B. Mouret, H. Lipson, The evolutionary origins of
modularity, Proc. R. Soc. B 2013 280]
• Evolvability is associated to several other
traits: diversity, modularity, self-similarity, selforganization…
[D. C. Stark, “Heterarchy: Distributing Authorithy and
Organizing Diversity”. In “The Biology of Business:
Decoding the Natural Laws of Enterprise”, Jossey-Bass,
1999. p. 153–179.]
26 February 2013
2001WETSCN-01
14

15. Evolvability in networks
• Measured also through modularity
• “Networks are modular if they contain highly
connected clusters of nodes that are sparsely
connected to nodes in other clusters.
• Intuitively, modular systems seem more
adaptable: it is easier to rewire a modular
network with functional subunits than an
entangled, monolithic network” .
[Clune et al., 2013]
26 February 2013
2001WETSCN-01
15

16. Resilience
• Identity robustness throughout change and
evolutions: A system’s ability to retain its
intended functions and properties in spite
of behaviors, endogenous conditions, and
environmental changes
• Two major methods
 Entelechy (active behavior resilience)
 Elasticity (passive b. r.)
26 February 2013
2001WETSCN-01
16

17. Resilience through entelechy
• Aristotelian idea of entelechy :
the ability of “being-at-work-staying-the-same”

Continue working
 Without going astray.
26 February 2013
2001WETSCN-01
17

18. Being-at-work…
• An entity (e.g. a physical person, an
organization, or a cyber-physical system) is
resilient when:
1.The entity is able to exert active behavior
(purposeful or otherwise): it continuously
adjusts its functions to compensate for
changes
(adaptivity)
26 February 2013
2001WETSCN-01
18

19. …staying-the-same
2. While 1., the entity is able to retain its
“identity”: its peculiar and distinctive
functional and non-functional features

in the face of the above mentioned conditions,
actions, and changes,
 and despite the entity’s active behavior (the
adjustments carried out by the entity).
 Features include timeliness, jitter, scalability,
quality-of-service attributes…
26 February 2013
2001WETSCN-01
19

20. Resilience through elasticity
• “The ability of a body that has been subjected
to an external force to recover its size and
shape, following deformation”
(McGraw-Hill, 2003)
• In this case the system does not exert any
purposeful behavior; it just makes use of its
internal characteristics and resources so as
to mask the action of external forces
→ Redundancy-based.
26 February 2013
2001WETSCN-01
20

21. Software resilience
• Depending on the enacted behaviors,
software resilience may be obtained
through software elasticity, state recovery,
software adaptation strategies, and
collective resilience strategies
• Several of our seminars focus on software
adaptivity and software resilience of systems,
communication algorithms, and organizations
26 February 2013
2001WETSCN-01
21

22. Software elasticity
• …corresponds to simple protection
mechanisms, e.g., error correcting codes,
redundant data mechanisms, fault masking
strategies based on voting
• Redundant provisions are accommodated
at design time to compensate for certain
classes of events—to some predefined
extent

E.g. NVP; adaptively redundant data structures,
adaptive voting, etc. (see next lectures)
26 February 2013
2001WETSCN-01
22

23. State recovery software resilience
• Software mechanisms that reach resilience by
recovering trustworthy system states when
the system is affected by errors

Purposeful teleological behaviors
• Two major forms:

backward recovery (turns system back to a
previously saved “safe state”: checkpoint &
rollback, recovery blocks…)
 forward recovery (synthesizes a new valid state:
e.g., recovery languages + formal methods)
26 February 2013
2001WETSCN-01
23

24. Software adaptation-based resilience
• Based on several complex features
perception and introspection to reveal conditions
and situations threatening the intended
behaviors & identity;
2. diagnosis, e.g. ability to compare current and
past situations; unravel trends; identify causes;
3. planning reactive (resp. proactive) strategies to
compensate for current (resp. future) erroneous
behaviors / assumption failures / identity losses;
4. strategy enactment through parametric and
structural adaptation.
1.
26 February 2013
2001WETSCN-01
24

25. Software adaptation-based resilience
• …corresponds to complex teleological
extrapolative behaviors
• Calls for formal methods to guarantee
persistence of identity

More information:
V. De Florio, “On the Role of Perception and Apperception in
Ubiquitous and Pervasive Environments”. PDF Available .
26 February 2013
2001WETSCN-01
25

26. Collective adaptation strategies
• Strategies of social organizations
(= “a set of roles tied together with channels
of communication”)
(Boulding, 1956)

Business ecosystems, knowledge ecosystems,
cyber-physical societies, service-oriented
communities, mutual-assistance communities…
 Bio-inspired organizations
• More information:

V. De Florio et al. Service-oriented Communities: Models
and Concepts towards Fractal Social Organizations. PDF
Available
26 February 2013
2001WETSCN-01
26

27. A major problem
• The more complex the adaptation strategy,
the more difficult it is to guarantee / prove
that the system “stays-the-same”
• But simple strategies often are not enough .
26 February 2013
2001WETSCN-01
27

28. Dependability
• “The property of a system such that reliance
can justifiably be placed on the service it
delivers”
• System identity with a focus on certain
attributes
26 February 2013
2001WETSCN-01
28

29. Attributes of dependability
26 February 2013
2001WETSCN-01
29

30. Attributes of dependability
• Availability

Readiness for usage
 A(t) = probability that system is conform to
specifications at time t
• Reliability

Continuity of service
 R(t) = probability that system is conform to
specifications during [t0,t], provided that so it is
at t0
26 February 2013
2001WETSCN-01
30

31. Attributes of dependability (2)
• Safety

Non-occurrence of catastrophic consequences on
environment
 S(t) = probability that a system is either conform
to specifications, or reaches a safe halt, at time t
 Fail-safe systems
 The focus of next seminar
26 February 2013
2001WETSCN-01
31

32. Attributes of dependability (3)
• Maintainability

Aptitude to undergo repairs and adaptations
without going astray
 M(t) = probability that system is back to
specifications at t if it failed at t0
 “…recover its size and shape, following
deformation…”
26 February 2013
2001WETSCN-01
32

33. Attributes of dependability (4)
• Confidentiality

Non-occurrence of unauthorised disclosure of
information
• Integrity

Non-occurrence of improper alterations of
information
26 February 2013
2001WETSCN-01
33

34. Related attributes
• Testability

Ability to test features of a system
 Related to maintainability
• Security

Integrity + availability + confidentiality
26 February 2013
2001WETSCN-01
34

35. Means of dependability
26 February 2013
2001WETSCN-01
35

36. Avoidance/prevention and removal
• Fault avoidance/prevention: design
methodologies that try to make software
provably fault-free
• Fault removal: methods that aim to remove
faults after system development. Done
through testing.
26 February 2013
2001WETSCN-01
36

37. Fault tolerance
• Starting point: “No amount of verification,
validation and testing can eliminate all faults
in an application and give complete
confidence in the availability and data
consistency of applications” (Randell)
• Faults will occur, but we need to make sure
that the system is elastic
• FT: provisions for the system to operate
correctly even in the presence of faults.
26 February 2013
2001WETSCN-01
37

38. Multiple-version Fault Tolerance
• Idea: redundancy of software: independently designed
versions of software

Randell (1975) : “All fault tolerance must be based on the
provision of useful redundancy, both for error detection and
error recovery. In software the redundancy required is not
simple replication of programs but redundancy of design”
• Assumption: random component failures. Correlated
failures  sudden exhaustion of available redundancy

Ariane 5 flight 501: two crucial components were operating
in parallel with identical hardware and software…
26 February 2013
2001WETSCN-01
38

39. MvFT: Recovery blocks
#include <ftmacros.h>
...
ENSURE(acceptance-test) {
Alternate 1;
} ELSEBY {
Alternate 2;
} ... ENSURE;
26 February 2013
2001WETSCN-01
39

40. MvFT: NVP
#include <ftmacros.h>
...
NVP VERSION{ block 1; SENDVOTE(v-pointer, v-size); }
VERSION{ block 2; SENDVOTE(v-pointer, v-size); }
…
ENDVERSION(timeout, v-size);
if (!agreeon(v-pointer)) error_handler();
ENDNVP;
26 February 2013
2001WETSCN-01
40

41. MvFT in general & in the context
of this exam
• MvFT

Implies N-fold design costs, N-fold maintenance
costs;
 The risk of correlated failures is not negligible;

How would you describe the behaviors of such
systems?
 What kind of behaviors?
 What resilience strategy?
26 February 2013
2001WETSCN-01
41

42. MvFT’s behaviors and resilience

Behaviors are simple and predefined (system
structure is fixed; no support for dynamic
adaptability)
 Resilience: simple software elasticity
26 February 2013
2001WETSCN-01
42

43. Next lectures
• A variety of systems and algorithms will be
presented
• Their characteristics in terms of behaviours
and resilience (B/R) will be highlighted
26 February 2013
2001WETSCN-01
43