an integrative principled approach to network science for autonomic networks john s. baras institute...
TRANSCRIPT
An Integrative Principled An Integrative Principled Approach Approach
to Network Science to Network Science for Autonomic Networksfor Autonomic Networks
John S. BarasInstitute for Systems Research
University of Maryland301-405-6606
Network Science Workshop
August 31-September 1, 2006Athens, Greece
Autonomous SwarmsAutonomous Swarms
OutlineOutline
• Networks
• Constrained Coalitional Games
• Iterative Dynamics on Graphs
• Trust-Reputation-Profiling
• Direct and Indirect Trust Computation
• Component Based Networking
• Network Design and Trade-offs
What is a Network?What is a Network?
• A collection of nodes, agents, …
that collaborate to accomplish actions, gains, …
that cannot be accomplished with out such collaboration
• Most significant concept for autonomous, or autonomic networks
The Fundamental Trade-offThe Fundamental Trade-off
• The nodes gain from collaborating• To collaborate they need to communicate, and this
represents cost
• Trade-off: gain from collaboration vs cost
Multiple metrics involved typically
• Many problems in communication networks, sensor networks, economic networks, social networks, biological networks, can be traced to this key trade off
Modeling Communication PatternsModeling Communication Patterns
• What form communications take?• How are they represented? • How are costs generated?• How connectivity is controlled?• Does agent behavior influence connectivity?• Communication patterns for learning.• Connectivity can be physical, or logical
(relational)• Links-graphs, neighborhoods, MRF, etc
Example: Cooperation in MANETExample: Cooperation in MANET
• Almost all functionalities
• Emergent properties based on local interactions and information
• Cooperative comms – process overheard info – spatial diversity
• Cooperation – games - dimensioning
OutlineOutline
• Networks
• Constrained Coalitional Games
• Iterative Dynamics on Graphs
• Trust and Collaboration
• Direct and Indirect Trust Computation
• Component Based Networking
• Network Design and Trade-offs
Cooperative GamesCooperative Games
● Cooperative Game in characteristic function form = {N, v}, N = {1, 2, …, N}, v :2NR , on all subsets S (coalitions) of N
● S a coalition, v(S ) is “interpreted ” as the maximum utility S can get without the cooperation of players in N \ S
● S a coalition, v|S is the restriction of v to the player set S
● v|S (T ) = v(S ) for each T S
● {S , v|S } a subgame of the game {N, v}
superadditive: S, T N, S T = , v(S T ) v(S ) + v(T ) monotone: S T implies v(S ) v(T )
Cooperative Games and PayoffsCooperative Games and Payoffs• Feasible payoff vectors
• Efficient payoff vectors
• Individually rational payoff vectors
• Imputation set: Set of all individually rational and efficient payoffs• Solution associates with each game a subset of I*(N, v)
Can be characterized either by math relations or axioms Helps capture different notions of “desirable” properties of solutions
• x dominates y through coalition S (x S y) if xi > yi, iS, x(S) v(S)
• x dominates y (x y) if x S y for some coalition S
**( , ) { | , ( ) ( )}NI v x x R x v N N N
*( , ) { | , ( ) ( )}NI v x x R x v N N N
( , ) { | , ( ) ( ), ({ }) }NiI v x x R x v x v i all i N N N N
Cooperative GamesCooperative Games
convex: for each iN, S T, implies di(S ) di(T )
increasing marginal
returns contribution of I
rational: v(N ) iv({i})
( { }) ( ),( )
( ) ( \{ }),i
v i v if id
v v i if i
S S S S
S S S
Cooperative Games: Cooperative Games: Solution ConceptsSolution Concepts
• Core (stable, reasonable payoffs): gives each coalition at least as much as could get by itself
– Convex and average convex games have nonempty cores
– For a set of games the core is the unique solution that is individually rational, superadditive, nonempty and satisfies the reduced game property
{ ; ( ) ( ) , ( ) ( )}Ni
i
x R x x v all x v
S
S S S N N N
• Two interpretations of the core C(N, v)
• All imputations such that no group of players has an inventive to split off from the grand coalition N and form a smaller coalition S
• No group of players gets more than what they collectively add to the value obtainable by the grand coalition N
• C(N, v) is nonempty iff {N, v} is balanced
Cooperative Games: Cooperative Games: Solution ConceptsSolution Concepts
• Nucleolus: excess e(S, x) = v(S ) – x(S ) measure of dissatisfaction of coalition S for payoff x Set (x) = (e(S, x))S N ; solution obtained by min {((x)) | x I(N, v)}. Minimize maximal complaint.
• The Nucleolus is always in the core
• Stable sets: V I , there is no x, y V s.t. xy, and if yV, there is xV s.t. xy
Cooperative Games: Cooperative Games: Solution ConceptsSolution Concepts
• Nucleolus is the individually rational payoff that lexicographically minimizes the excess vector– Leads to iterative procedure for getting there– Use a small set of linear programs that iteratively minimize the highest
excess, then the second highest excess, etc.– A solution concept is the Nucleolus if and only if it is anonymous (ind.
of payer labeling), covariant (ind. of scale expressing preferences), satisfies the reduced game property
• Kernel, Bargaining Set: consider coalition structures, their stability, objections and counterobjections
• Shapley Value: solution with components the expected marginal contribution made by i when entering coalition N – T is a carrier, if v(S ) = v(S T), v(S ) = iS i (v). Shapley Value is the
unique solution that has this property, is anonymous and additive
– For convex games Shapley Value is in the core
Networks and ConstraintsNetworks and Constraints
All coalitions cannot be formedTo coordinate (collaborate) agents need to communicateNetwork (N, L)Edges – links between payersi and j directly connected i and j path connectedCooperation components
Links between players in S , L(S )Network (S , L(S )) induces a partition of S
Cycle Free and Cycle Complete networks
Wheels
Constrained CoalitionsConstrained Coalitions
• Network-restricted cooperation game or constrained coalition {N, vL}
• {N, v, L} communication situation• Characteristic function
• Myerson value : Shapley value of {N, vL}• Component decomposability, component
efficiency, fairness
/
( ) ( ) for eachS
S S NL
C L
v v C
Network FormationNetwork Formation• Form links pairwise• Iterative game• Better understanding of topologies – dynamics –
topology control• Network formation with costs for establishing
links• {N, v, L, c} {N, v L,c}
• Stability vs efficiency of the resulting network• Small world graphs
,
/
( ) ( ) | ( } | for eachS
S S S NL c
C L
v v C c L
OutlineOutline
• Networks
• Constrained Coalitional Games
• Iterative Dynamics on Graphs
• Trust and Collaboration
• Direct and Indirect Trust Computation
• Component Based Networking
• Network Design and Trade-offs
Example: Trust Management Example: Trust Management SystemSystem
TrustDecision
TrustCredential
CredentialDistribution
EvaluationPolicy
Prior trust relations
Local observations
Local key exchanges
Applications
Trust Evaluation in Trust Evaluation in Autonomic NetworksAutonomic Networks
• The network is modeled as a directed graph G(V,E)– G is the trust graph– A directed link from node i to node j corresponds to the trust
relation i has on j– The weight cij represents the opinion of i on j,
• Trust evaluation is to estimate the trustworthiness of nodes – ti represents node i being either GOOD or BAD, denoted as ti=1
or -1 – si is the estimated trust value of node i– si is a subjective concept, while ti is an existing but unknown fact– Objective: to drive si as close to ti as possible based on available
Jij
: [ 1,1]ijc V V
Local Voting RuleLocal Voting Rule
• In homogenous networks, the trustworthiness of an agent is based on other peers’ opinion– The most straightforward scheme is to ask neighbors to “vote” for it
– Values of the votes are equal to cij
• Iterative voting rule:
– Evaluation starts from a small set of trusted nodes
– Our interest is to study evolution of the estimated trust value si and its property at the equilibrium
( 1) ( ) |i ji j is k f c s k j N
Trust DynamicsTrust Dynamics
Initial “islands” of trusts
Trust spreads
Trust-connected network
• Trust spreading
● Trust revocation:– Changes in topology, membership, secure paths
– Referees of a node may change, trust evidence for a node may change
– Votes timeout or negative votes
Deterministic Voting RuleDeterministic Voting Rule• We use the weighted average as the voting rule, where weights are
‘vote values’ (all quantities nonnegative)
– is the degree of node i– n represents discrete time– Assume is a constant, i.e. it doesn’t change with time, which is true when
considering the steady state
• The voting rule can be written in system equation
0
1( ) ( 1) ( )
i
j
i j jij Nit
s k s k c kd
| |i id N
jic
1( ) ( 1),S k D CS k
Voting with HeadersVoting with Headers• We introduce the notion of headers
– Headers are pre-trusted agents and only vote for nodes that they fully trust.
– If node i is trusted with bi headers, it gets bi more votes with value 1. Let B = diag[b1 , b2 ,…, bN ].
– The system equation changes to
• Convergence– Theorem: Given a virtuous network, in order to have a trust connected
graph, the number of headers of each node must satisfy
– This theorem proves, as well as provides, a network design method to establish a fully trusted network by introducing headers
1( ) ( ) ( 1) .S k D B CS k B1
( ) .
1B D C1 1
Stochastic Threshold RuleStochastic Threshold Rule
• Stochastic threshold rule with uncertainty parameter b:
– Where
• Update sequence – random asynchronous updates– Difficult to achieve synchronicity in autonomic networks– The probability that node i is chosen as the target at each
iteration is fixed as qi
( ) ( ) ( )i
i ji ij jj N
m k c c s k
( ( ) )
( ( ) )
Pr[ ( 1) 1| ( )]( )
Pr[ ( 1) 1| ( )]( )
i
i
b m k
i ii
b m k
i ii
es k m k
Z k
es k m k
Z k
Zi(k) is the normalization factor
ConvergenceConvergence
• The steady state can be derived using the Markov chain– If and , the voting rule converges to the
steady state with a unique stationary distribution
– The unique stationary distribution is
where
and Z is the normalization function
• Criterion: probability of correct estimation
(0, )b 0,iq i V
( )bU S
S
e
Z
( , )( ) ( )ij ji i j ii j E i V
U S c c s s s
1
correct {Expected # of } / 12i i
S TP s t N E
N
Trust in Virtuous NetworksTrust in Virtuous Networks
Left figure: The threshold should be less or equal to 0, otherwise the trust estimate of each node converges to -1.
Right figure: When threshold is equal to 0 -- phase transition. Small change on the parameter results in opposite performance of the voting rule.
All nodes are good and have full confidence in their neighbors. We study Pcorrect at steady state.
Virtuous Networks with Virtuous Networks with UncertaintyUncertainty
• All nodes are good, but because of uncertainty and incompleteness, Jij’s are random variables– Assume
– Assume that the probability of a good node having an incorrect opinion on its neighbors is pe
{ 1,0, 1}ijJ
• Simulation results– When pe is larger, the system more
probably stays in the random phase. – When pe is large enough (pe > 0.15), the
system always stays in the random phase.
• Theoretical analysis: replica method in spin glasses
Network TopologyNetwork Topology
• Random Graph (Erdös and Rényi, 1960)– Nodes link to each other randomly
• Small-world model (Watts & Strogatz,1998)– Short average distance (six degree of separation)– Large clustering coefficient
• Scale-free model (Barabási & Albert, 1999)– The distribution of degrees follows the power law
• Existence of hubs• Rich get richer
– Recent research discovered lots of complex networks being scale-free
Spreading Speed and TopologySpreading Speed and Topology
• The time for updating rule to reach steady state, i.e., how fast the trust values converge.
• Perron-Frobenius Theorem in algebraic graph theory: For a stochastic matrix A
– is the largest eigenvalue of A, which is 1 and is the second largest eigenvalue of A.
– The convergence rate of An is of order
– Normalized adjacency matrices are stochastic matrices, therefore those with smaller converge faster.
• What kind of networks or which network topology has smaller second largest eigenvalue
2
1
11 1 2( ).
nmn n TA v u O n
1
2 .n
2
2
2 ?n
Network Topology and Network Topology and Deterministic Voting RuleDeterministic Voting Rule
– Adding just 1% more edges, spreading finishes in 10 times less rounds.
• We consider the Φ small-world model proposed by Watts and Strogatz– High clustering coefficient and small average graphical distance between
any pair.
– We use Φ-model, which is modeled by adding small number of new edges into a regular lattice.
Network Topology and Stochastic Network Topology and Stochastic Voting RuleVoting Rule
• B Small-world model:– Prw represents “short cuts fraction” on a regular lattice
– Regular lattice: Prw=0; Random graph: Prw=1
– Prw in [0.1,0.01] is the area for the small world model
• The performance of the voting rule increases as Prw increases.– A more random graph has shorter
average distance
– Accuracy of trust information degenerates over the path length, so a short spreading path has more accurate information and leads to good result
OutlineOutline
• Networks
• Constrained Coalitional Games
• Iterative Dynamics on Graphs
• Trust and Collaboration
• Direct and Indirect Trust Computation
• Component Based Networking
• Network Design and Trade-offs
Ising and Spin Glass ModelsIsing and Spin Glass Models
● Statistical Physics models for magnetization– Orientation of each particle’s spin depends on its
neighbors – Ising Model: behavior of simple magnets– Spin Glass Model: complex materials
● Math interpretation:– s = {s1, s2,…, sn} is a configuration of n particle
spins, where sj = 1 or -1 , spin j is up or down
– Energy for configuration s
1( )
i
ij i j ii V ij N
mHH J s s s
T Ts
– Ising Model: Jij = J for all i, j
– Spin Glass Model: Jij depend on i,j and can be random
Ising/SG Models and GamesIsing/SG Models and Games
• Ising/SG models can be interpreted as dynamic (repeated) games: – The value of si represents whether node i is willing to cooperate or not
– each particle selects spin to maximize its own payoff
– Ising model (Jij = J>0) : align its spin with the majority of neighbors spin
• High T, conservative agents, not willing to change, small payoffs
• Low T, aggressive agents, larger payoffs
– Collection of local decisions reduces the total energy of the interacting particles
• Inspires an approach where trust is an incentive for cooperation– Jij can be interpreted as the worth of player j to player i
– decide to cooperate or not based on benefit from cooperation and trust values of neighbors
( ) /i
i ij i jj N
J s s T
Statistical Mechanics of Spin GlassesStatistical Mechanics of Spin Glasses
• Statistical Mechanics primary object of interest
– Recent excitement: computation of ground state, partition function Z, NP - complete, Replica Method
– Application and extensions to several well known problems: turbocodes, image restoration, neural networks, learning, associative memory, SAT, knapsack, SA, number parttioning, graph partitioning, CDMA, MIMO, …
(1/ )( ) ( ) /T HP e Zs
[log ] lim ([ ] 1) /n
nZ Z n
Spin Glass Cooperative GameSpin Glass Cooperative Game
• Spin glass model as a cooperative game (spin glass game) – S N = {1, 2, …, n} is a coalition, in which all nodes cooperate
– Interaction topology (Jij’s) moderates effects pos. and neg. feedback
– v(S) : value of the characteristic function of the game , v: 2NR, which is the maximum payoff S can get without cooperation from other nodes N /S.
– The cooperative game is denoted as Γ =(N, v)
• Object: to find what form or policy for Jij can induce all (or most) nodes to cooperate: maximize the coalition
, ,
( ) i ij iji S i j S i S j S
v S J J
Subset S={1,2,3,4}
v(S)=J12+J21+J14+J41+J43+J34 -J36 -J154
6
5 1
2
3J12
J21
J14
J41
J34
J43
Cooperation and GamesCooperation and Games● In autonomic networks
– Cooperation is restricted to only local interactions– Decision is made by each node individually– Nodes are self-interested– Explain and analyze emergent properties
● Game theoretic methods– Provide a framework for modeling individual interactions– Understand complex global structures and dynamics of a system composed
of a large number of agents with simple local interactions– Guide for analytical approach– Examples: Ising – spin glass models, prisoner’s dilemma
● Goal: how to encourage nodes to collaborate in games?– Incentive: trust systems to promote cooperation and circumvent
misbehaving nodes.
Trust as Mechanism to Induce Trust as Mechanism to Induce Collaboration – Profiling--ReputationCollaboration – Profiling--Reputation
● Trust is an incentive for collaboration– Nodes who refrain from cooperation get lower trust values– They will be eventually penalized because other nodes tend to only cooperate with
highly trusted ones.
● Assume, for node i, that the loss for not cooperating with node j is a nondecreasing function of Jji as f (Jji), and the new characteristic function is
● Theorem : if , the core is nonempty and
is a feasible payoff allocation in the core. – By introducing a trust mechanism, all nodes are induced to collaborate without any
negotiation
, S S, S
(S) ( )ij iji j i j
v J f J
, , ( ) 0ij jii j J f J
ii ijj N
x J
Dynamic Coalition FormationDynamic Coalition Formation• System model
Two linked dynamics
• Trust propagation
• Game evolution
• Stability of dynamic coalition– Nash equilibrium: no node will gain if it changes its current strategy, while others keep unchanged.
Results of Game EvolutionResults of Game Evolution
● Theorem: , there exists τ0, such that for a reestablishing period τ > τ0
– The iterated game converges to Nash equilibrium;
– In the Nash equilibrium, all nodes cooperate with all their neighbors.● Comparison of games with (without) trust mechanism, strategy update:
and
ii i ijj N
i N x J
Percentage of cooperating pairs vs negative links Average payoffs vs negative links
OutlineOutline
• Networks
• Constrained Coalitional Games
• Iterative Dynamics on Graphs
• Trust and Collaboration
• Direct and Indirect Trust Computation
• Component Based Networking
• Network Design and Trade-offs
Example: Direct Network TrustExample: Direct Network Trust
• Direct trust is based on past interactions between User A and User B.
• It is A’s belief about B’s future behavior.• Helps A decide for himself and based on local
information what to do next.
????
CD
……
CD
CC
n
n+1
…
2
1
A B
Example: Indirect Network TrustExample: Indirect Network Trust
1 7
5
3
4
2
6
8
User 8 asks for access to User 1’s files.User 1 and User 8 have no previous interactionWhat should User 1 do?What should User 1 do?
Use transitivity
of trust
(i.e. use
references)
Direct TrustDirect Trust
• User i – is of type ti{Good, Bad}
– chooses action ai{C,D}, i=1…N
– receives payoff Ri=R(ai,a(i),ti)
– wants to maximize his own payoff (local behavior)
Direct TrustDirect Trust
• Questions we are investigating– How can collaboration of Good nodes be achieved?
• Maximization of the Good node payoff
– How quickly can it be achieved?• Repeated interactions
– How many bad nodes can destroy it?
• Within our framework, the following parameters affect the answers to the above questions.– Payoffs
– Strategies
– Topology
Direct TrustDirect Trust
• Prior probability (reputation, profiling) for user types
• Bayes-Nash equilibrium
Strategy for User i :
evolving reputation
Direct TrustDirect Trust• Two sequences evolving with time:
– Vector of actions (strategies), time 1:n
– Set of vectors of neighbor probabilities (reputations), time 1:n
Example: Direct Trust -- LearningExample: Direct Trust -- Learning
• Where is trust in all this?• Remember:
“Direct trust is based on past interactions between User A and User B.It is A’s belief about B’s future behavior.Helps A decide what to do next.”
• Trust is how users use the history of past actions to decide what to do next.
• Quantified with updated probabilities (reputations) pi.
Semirings-DefinitionsSemirings-Definitions
• is used to combine edge weights along a path:
• is used to combine path weights:
a b ab
b
aab
Trust Semiring Properties:Trust Semiring Properties:Partial OrderPartial Order
• Combined along-a-path weight should not increase :
• Combined across-paths weight should not decrease :
2 31
b
a
a b
Semirings-ExamplesSemirings-Examples
• Shortest Path Problem– Semiring:– is + and computes total path delay– is and picks shortest path
• Bottleneck Problem– Semiring:– is and computes path bandwidth– is and picks highest bandwidth
Computing Indirect TrustComputing Indirect Trust
1 7
5
3
4
2
6
8
Trust Path SemiringTrust Path Semiring• 0 trust, confidence 1 is is
Computing Indirect TrustComputing Indirect Trust
• Path interpretation
• Linear system interpretation
Indicator vector of pre-trusted nodes
Computing Indirect TrustComputing Indirect Trust
• Treat as a linear system– We are looking for its steady state.
• Benefits– Result of computation linked explicitly to
properties of matrix W– Easier to see effect of attacks, of pre-trusted
nodes, of changes in the topology (manipulation of W).
– Speed of convergence linked to circuits of W.
AttackerAttacker
• The Attacker wants to change the opinion of a node s for a node d as much as possible.
• Similar to: The Attacker wants to change the distance (path length) from a node s to a node d as much as possible.
• Similar to: The Attacker wants to change the capacity (throughput) from a node s to a node d as much as possible.
Most Vital EdgeMost Vital Edge
• In all cases, the Attacker attacks a single edge, called the “Most Vital Edge”.
• All that changes is the semiring and the interpretation of the weights.
• Ramaswamy, Orlin, and Chakravarti found two different characterizations of the Most Vital Edge for the (min,+) and the (max,min) semiring.
• Is there a unified characterization?
Edge TolerancesEdge Tolerances
• Upper (Lower) edge tolerance of an edge e, w.r.t. an optimal path p*, is the highest (lowest) weight of e that would preserve the optimality of p*.
• In a shortest path problem (min, +), the most vital edge is the path edge whose weight has the largest difference with the upper tolerance.
• In a maximum capacity problem (max, min), the most vital edge is the path edge whose weight has the largest difference with the lower tolerance.
Upper Tolerance ExampleUpper Tolerance Example
• Upper Tolerances for the Shortest Path Problem
42
1 3 51
665 5
10
Most Vital Edge
10
∞ ∞∞ ∞
12
Upper Tolerances
Shortest Path
Lower Tolerance ExampleLower Tolerance Example
• Lower Tolerances for the Shortest Path Problem
42
1 3 51
665 5
10
-∞
4 4-4 -4
-∞
Lower Tolerances
Shortest Path
“Smallest” required changes
Attacked Edge on the PathAttacked Edge on the Path
1 7
5
3
4
2
6
8
Trust Edge Attack
Optimal Path p*, trust value: t*
RESULT: Decrease Trust!
New Optimal Path p’,
trust value: t’
Attacked Edge not Attacked Edge not on the Pathon the Path
1 7
5
3
4
2
6
8
Trust Edge Attack
Optimal Path p*, trust value: t*
RESULT:Increase Trust!Change Path!
New Optimal Path p’, trust value: t’
Tolerances for Tolerances for any any Optimization SemiringOptimization Semiring
• Optimization semirings: is min or max -minimal (maximal) tolerance αe (βe) of edge e instead of
lower (upper) tolerance. is the inverse of defined by: a x = b x = b a• w(e) is the weight of edge e. w(p) is the weight of path p.
If e p* If e p*
Tolerances for the Tolerances for the Trust SemiringTrust Semiring
• Assume (max, ·) semiring; essentially equivalent to our trust semiring.
• Tolerances:If e p* If e p*
OutlineOutline
• Networks
• Constrained Coalitional Games
• Iterative Dynamics on Graphs
• Trust and Collaboration
• Direct and Indirect Trust Computation
• Component Based Networking
• Network Design and Trade-offs
Component Based Networking Component Based Networking (CBN)(CBN)
• MANETs are complex engineering systems composed of many heterogeneous hardware and software components
• It is our fundamental view that MANET must be viewed as distributed, asynchronous and hybrid dynamic systems
• They should be regarded as systems of subsystems that sense, make decisions and execute actions ---- as closed-loop systems
• The subsystems that perform this sensing or decision making or action execution (be they single nodes or collections of nodes) are not co-located
• As a result communications occur between sensing blocks, decision making blocks and action execution blocks that are subject to greatly varying constraints on communication bandwidth and delay
• This distributed asynchronous dynamic systems view of MANETs has not been promoted to date
• It is essential, in our view, for understanding fundamental architectural issues and issues such as stability and robustness, and performance vs complexity trade-offs, and it leads to new fundamental rethinking of the analytical foundations for dynamic collaboration (between nodes and/or subsets of nodes) subject to the constraints of distributed operation, asynchronous operation, bandwidth, delay.
MANET as Distributed Hybrid MANET as Distributed Hybrid SystemsSystems
• Our long term approach will utilize a mixture of methods from computer science (distributed communicating processes, formal models, formal verification-validation) and from control-communication systems (hybrid systems, multi-agent systems, feedback, system dynamics and stability).
• We are developing formal dynamic models for MANET that respect the constraints, while at the same time formally specifying the structure (what the network consists of?) and behavior (what the network does?) of a MANET as a system from a systems engineering perspective.
• It is within this framework that distributed and asynchronous operation will be built in as constraints (logical or numerical), and where bandwidth and delay constraints between sensing, decision making and action execution blocks will also be modeled.
• To completely model and understand properties of MANET we need a framework that combines logical and numerical models, thus hybrid systems.
Component-Based System Synthesis ProcessComponent-Based System Synthesis Process
Iterate to Find a Feasible Solution / Change as needed
DefineRequirementsEffectiveness
Measures
CreateBehavior
Model
AssessAvailable
Information
CreateStructure
Model
SpecificationsPerform
Trade-OffAnalysis
CreateSequentialbuild & Test Plan
Change structure/behavior model as needed
Map behavior onto structure
Allocate Requirements
Generate derivative
requirementsmetrics
Model-based Beyond UML Rapsody UPPAAL Artist Tools MATLAB, MAPLE ModelicaDOORS, etcOPCADCPLEX, SOLVER,ILOG
Integrated System Synthesis Tools - Environments missing …
Integrated Multiple Views is Hard !
Model-BasedInformation-CentricAbstractions
System Synthesis and System Synthesis and Integration is the Next FrontierIntegration is the Next Frontier
●From a Reductionist Approach to an Integrative Approach
●The challenge is to generate system predictable behavior by integrating behaviors of the components
●It is not all in the software environments●Need a combination of
●Model-Based system and software design and integration (software tools environments)
and ●Deeper analysis of underlying abstractions and models and
their properties
Model-Based Integration Model-Based Integration Software Environments NeedsSoftware Environments Needs
Domain Specific Modeling Languages (DSML) with semantics that can be composed and manipulated
Composition platforms correct by construction systems platforms and models of computations; substantial reduction in V&V
System and component behavioral abstractions that can support Incremental System Integration while preserving testability and predictability
Fully integrated semantically control, software and systems design tools and platforms
Deeper Analysis of System Models and Deeper Analysis of System Models and Properties Needs Properties Needs
• Principles for system integration System Science Network Science
• Fundamental performance limitations of networked systems implementation technology free
• Fundamental performance limitations of distributed asynchronous systems, with concurrency constraints, with non-collocated sensors, decision making and actuation nodes, with multiple feedback loops, with delay and bandwidth constraints
• Distributed control of and inference in the same • Theories of compositionality• Much better integration of logic and optimization for
trade-off analysis in dynamical systems
Current Autonomic Wireless Nets Current Autonomic Wireless Nets Performance: Very PoorPerformance: Very Poor
From Tim Krout
Overhead (OH) Overhead (OH) vsvs Performance PerformanceFrom Ananthram Swami
Cross-Linked Executable, Formal and Cross-Linked Executable, Formal and Performance Models for MANET Performance Models for MANET
ProtocolsProtocols
Executable Models
Performance Models
Formal Models
Cross-Linked ModelsCross-Linked Models• Executable system models (ESM) utilize modern software engineering
methodologies to develop object-oriented and component-based models of sensor networks, utilizing UML2 and other advanced software systems.
• From these models automatic generation of executable code for all elements of a MANET is possible for either simulation or field tests. Embedded in these models are semantics of the operation and composition of the various components.
• Formal system models (FSM) of MANET protocols are based on communicating extended finite state machines (deterministic or stochastic) (CEFSM) or on colored timed Petri nets (deterministic or stochastic) (CTPN). They are linked with the executable models via bisimulation relationships, and typically correspond to approximations of the executable models by emphasizing timing behavior of the modeled system in a timed automata sense.
• Performance system models (PSM) of MANET and MANET protocols are based on various approximate dynamic system model frameworks (queuing systems, differential equations and fluid flow, difference equations, discrete event systems) together with performance metrics (or utilities) that can be evaluated using the models either analytically or by efficient numerical schemes.
• Performance models are linked to executable models via bisimulation relationships, and typically correspond to approximations of the executable models emphasizing performance and quality of service metrics computation or bounds.
• Performance models are also linked to Formal models via bisimulation relationships and critical event correspondence.
Cross-Linked ModelsCross-Linked Models• This is already a substantial extension from the software engineering work.• A further and substantial extension is that we will develop a formal
compositional (or component based) version of this approach. • This includes development of semantics for linking components of
MANET protocols and of MANET, including the associated theories of components and compositionality. This, methodology and framework is in itself an important contribution to network science.
• It is this specific framework and underlying mathematical methodologies that we utilize to describe, model and evaluate the structure of MANET (including network structure and network architecture) versus multi-criteria (multiple metrics) performance.
• This represents a uniquely innovative departure from the current state of the art in MANET investigations that focus almost entirely on network behavior (i.e. the dynamics of the algorithms for network operation).
• Our framework allows us to investigate the design of both structure and operation (i.e. behavior) within a well integrated framework.
Cross Linked ModelsCross Linked Models
• A very significant and unique feature of our approach is that we will be able to check correctness of functionality as well as performance of the MANET protocol or MANET or its components.
• Furthermore and most significantly the proposed approach and framework allows the automation (to a large degree) of the validation, verification and testing of the MANET protocol and of the MANET design and operation.
• This is our vision and long term research in this area.• Among other things it represents a truly innovative
and fundamental contribution to Network Science.
Current State of MANET Routing – the Current State of MANET Routing – the Need for Component Based RoutingNeed for Component Based Routing
• Formal methods and models hardly used lack of systematic analysis of correctness and proof of properties
• Evaluation predominantly done by simulations• Limited knowledge as to specific relations between parts
and parameters of the protocol and performance• Ad hoc approach to cross-layer design • Very limited consideration of trade offs between
performance – reliability – security• Problems from conventional layering: inflexibility,
inefficiency, side-effects • Conventional layers create time, energy, OH inefficiencies
– especially for MANET (Jung and Biersack 2000)
CBR – What is it? – What are the Goals?CBR – What is it? – What are the Goals?CBNCBN
• Not a single routing protocol, but a collection of elementary modules that can be combined to form routing protocols with various capabilities, limitations, efficiency, and a synthesis environment to meet requirements
• Heterogeneous wireless communication networks very large and complex software systems Model and Component Based Software Engineering
• Routing protocols have special needs and requirements, such as loopfreeness, etc, examples of formal model requirements
• Longer term vision – new and powerful methodology for cross-layer design, that examines
layers from the fundamental perspective of components / compositions – component based networking (CBN) scientific foundation for
systems of systems (networks of networks) synthesis problems • Basic research problem: develop this systems engineering or
component based analysis and synthesis subject to various formal model constraints
Can Components be Determined Can Components be Determined Formally?Formally?
• Explicit interfaces are fundamental for components – make explicit all the means for communication and coordination of components
• Requires a much stronger notion of interface than is common in OO models or model based software
• Component-based systems behavioral specifications integrated into component interfaces are important need to go beyond EFSM and CEFSM
• Model-based generators of component adaptors• Semantic foundations of architectural and component-based
design within UML • Compositional techniques for the analysis of embedded and
real-time systems in UML • Compositional model checking of UML behavioral models
Statecharts
Formal Methods: Network ProtocolsFormal Methods: Network Protocols
• Protocols: set of rules, syntax, semantics• Network Protocols: Specification, Verification,
Monitoring• Reason about Network Routing Protocols• Formal methods allow to check:
– if protocol is working properly; – if implementation is correct; – do devices deviate from protocol standard, etc
• SPIN, UPPAAL, Esterel, etc• Bhargavan et al, 2002, formal models for DSDV-AODV• Yang and Baras 2002-2003, formal model for TORA• Yang and Baras 2005-2006, automated Vulnerability
Analysis of MANET routing protocols
Modularity of Routing ProtocolsModularity of Routing Protocols
• All MANET routing protocols studied (AODV, DSR, OLSR, TORA, …) can be modularized into four functional components:
• Route Discovery Component: how to search path from source to the desired destination by RREQ, RREP message or by link state advertisement.
• Route Maintenance Component: how to propagate the information of a broken link once it’s detected by Topology Database Maintenance Component, how to delete the routing paths cached which contain the broken link.
• Data Packet Forwarding Component: how to relay data packets from source node to destination node by routing paths (hops) cached.
• Topology Database Maintenance Component: how to detect the local connectivity when it’s up or down.
• AODV:
Route Discovery Component: SubcomponentsExpanding_ring: RREQ’s TTL incremented by TTL_increment in each retransmission for RREQ_timeout.Hop_defined: Hops traversed by RREQ aren’t encapsulated into packet. Next hop is stored in Route_Cache_Table.Cached_RREP: Intermediate node on RREQ’s path can initiate RREP.
Route Maintenance Component: SubcomponentsLocal_connectivity_update: Use overheard packet to update Local_Connectivity_Table.Local_repair: Intermediate node on data packet’s path can initiate Route Discovery Procedure.Route_error_disseminate: notify hosts implementing unreachable nodes as routing hop to delete the entry.
Packet Forwarding Component: SubcomponentsHop_based: Look up next routing hop in each intermediate node’s Route_Cache_Table.Unsolicited_forwarding: Forward data packet without waiting for Ack from the receiver hop.
Topology Database Maintenance Component: SubcomponentsHello_detection: Period beacon message to confirm the existence of the neighboring node.
Subcomponents for AODVSubcomponents for AODV
• DSR:
Route Discovery Component: SubcomponentsFixed_ring: RREQ’s TTL is a fixed value.Path_defined: Hops traversed by RREQ are encapsulated into packet. Routing path is stored in Route_Cache_Table.Cached_RREP: Intermediate node on RREQ’s path can initiate RREP.
Route Maintenance Component: SubcomponentsPacket_salvage: In multipath Route_Cache_Table, another path can substitute current broken path. Route_Error: notify hosts implementing unreachable nodes as routing hop to delete the entry.
Packet Forwarding Component: SubcomponentsSourcePath_based: Data Packet follows the sequence of hops defined by source node, and don’t look up routes at intermediate nodes.
Topology Database Maintenance Component: SubcomponentsSolicited_forwarding: Each sender of data packet (source node and intermediate node) will wait for ACK from the receiver hop, and make a copy of the data packet in Maintenance_Buffer. The data packet will be retransmitted without receiving ACK before Maintenance_timeout.
Subcomponents for DSRSubcomponents for DSR
Description of Components using UML2Description of Components using UML2
• Class and Object Diagrams – Describe the physical structure of the protocol
• Activity and Sequence Diagrams– Represent behavior models of each component
• Mapping of behavior diagrams to structure– Helps to identify interfaces needed for plug and
play components
Description of AODV ComponentsDescription of AODV Components
Route Discovery
•Expanding ring search •Hop-based•Sequence numbers maintenance
Route Maintenance
•Local connectivity update •Local repair•Route error disseminate•Sequence numbers maintenance
Packet Forwarding
•Hop-based•Unsolicited forwarding
Topology Database Maintenance
•Hello messaging
AODV StructureAODV Structure
RREP-ACK
TypeReserved
Route Table Entry
Destination IPNext-hop IPHop CountDestination Seq. numberValid Dest Seq Number FlagList of PrecursorslifetimeRoute StateActive Neighbors
Reverse Route Entry
Source Node IPSN Seq. numbernumber of hopsprecursor Neighbor IP
HELLO
Destination IPDestination Seq. numberHop CountLifetime
Forward Route Entry
Destination Node
send_RREP_Message()
Forwarding Node
maintain_local_connectivity()send_RERR_Message()initiate_local_repair()recieve_RERR_message()
Source Node
send_RREQ_Message()
Data PacketRREQ
Source Node IPDestination IPCurrent Seq. numberLast Known Seq. numberBroadcast IDTypeHop COunt
RREP
TypePrefix SizeHop CountDestination IPDestination Seq NumberSource IPLifetime
RERR
TypeDestCountUnreachable Dest IPUnreachable Dest Seq NumberAddition Unreachable Dest IPsAdditional Unreachable Dst Seq Numbersname
Node Buffer
Data packetRoute Table
AODV Node
broadcast_Hello_message()recieve_Hello_message()Listen_for_packets()update_Routing_Table()
<<sends>>
Route Discovery Behavior ModelRoute Discovery Behavior Model
Description: When the Intermediate Node receives RREQ or RREP it initiates its own Route Discovery Process
AODV Route Discovery Component.Scenarion #2: Intermediate Node Recieves RREQ/RREP
Discard redundant RREQ
Searches for Reverse Route
Creates new Reverse Route
Update Reverse Route
no route
Create or Update Route to Prev Hop
Generate RREP
active route to destination
braodcast RREQ
Unicast G RREP to Destination Node
Discard RREQ
search for route to prev hop
RREQ RREP
Creates Forward Route to Destination
Forward RREP toward Sourse Node
if gratuitouse RREQ
Packet Forwarding Behavior ModelPacket Forwarding Behavior Model
Description: This component forwards data packets in a hop-by-hop manner. Drops the packets if there is no valid route. Performs unsolicited forwarding. Does not wait for a reply from the next-hop in order to send the packet.
Recieve Data Packet
Originate Route Request
no route entry
Buffer Data Packet
Drop Data Packets
Send Destination Unrichable Message
Update Route Entry
Forward Data Packet
no RREP on time & no local repair
RREP or Local Repair was succesfull
Topology Database MaintenanceTopology Database Maintenance
Description: This component describes the current topology of the network. Each node knows if it is connected to it’s neighbors by sending out periodic Hello Messages. It also knows if a link has been broken when it receives a Hello Message but nothing else happens.
Check if it sent a broadcast
broadcast Hello Message
no broadcast within last HELLO_INTRVAL
Receive Hello Message
Assume the link is broken
Update Rourting Table
no more packets in lifetime
Component RelationshipsComponent Relationships
NODE
LINK
Route Maintenance
Route Discovery
Packet Forwarding
Topology Database
Maintenance
Routing Protocol
Routing Protocol Metrics Routing Protocol Metrics vsvs Component Derivative Metrics Component Derivative Metrics
• Goal: Evaluate the components against relevant metrics that will not only differentiate the various components but will also relate the performance of the component with the routing protocol performance.
Also link to other layer metrics (e.g. MAC)
• Derivative Metrics:
• Route discovery latency (sec)• Route discovery overhead (packets/sec)• Number of routes found and ranking• Quality of the routes (stability, E2E rate delay loss)
Performance Metrics for Performance Metrics for
Routing ComponentsRouting Components
• Component selection: how to evaluate and compare different components under different environments (Network topology, Traffic scenario, Mobility profile, Link states)?
• Meaningful Component Metrics are crucial for components performance evaluation, comparison, selection
• Finer metrics than System Performance Metrics (Latency, Throughput, Packet Loss Ratio)
• Statistics can be collected during network activities
Performance Metrics for Routing Performance Metrics for Routing Components (cont)Components (cont)
Route Discovery Component: Metrics1. Percentage of Route Discovery Failure (DPDF): #RREQ Unreplied / #Total RREQ Initialized2. Route Discovery Inefficiency Ratio (DOIR): #Total Routing Discovery Traffic Rcvd / #RREQ Replied3. Percentage of Route Cache Hit for High Layer Data Packet (DPCH): #Cache Hit Data Packet from High Layer / #Total Data Packet from High Layer4. Percentage of Cached RREP (DPCR): #Cached RREP Generated/ #Total RREP Generated 5. Average Delay for Route Discovery (DDRD): Accumulated Delay Time / # RREQ Replied
Topology Database Maintenance Component: Metrics1. Overhead of Topology Database Maintenance (TODM): # Total Control Packet Traffic Introduced by Topology Database Maintenance /
# Data Packet Reaching Destination
Performance Metrics for Routing Performance Metrics for Routing Components (cont)Components (cont)
Route Maintenance Component: Metrics1. Percentage of Data Packet Reaching Destination Aided by Route Maintenance
(MPDA):# Data Packet Reaching Destination Aided by Route Maintenance / # Data Packet Reaching Destination
2. Average Overhead of Route Maintenance (MORM):# Total Control Traffic Introduced by Route Maintenance / #Data Packet Reaching Destination Aided by Route Maintenance
3. Percentage of Route Maintenance Success (MPMS):# Data Packet Reaching Destination Aided by Route Maintenance / # Data Packet Attempting Route Maintenance
Packet Forwarding Component: Metrics1. Percentage of Failed Forwarding (FPFF):
# Failed Data Packet Forwarding between hops/ # Data Packet Forwarding between hops
2. Percentage of Failed Forwarding Detected by Soliciting Data Packet Forwarding (FPFD):# Detection of Failed Data Packet Forwarding between hops / # Failed Data Packet Forwarding between hops
3. Average End to End Delay for Packet Forwarding (FDPF):Accumulated End to End Delay / # End to End Data Packet Forwarding
Performance of Components:Performance of Components:Route DiscoveryRoute Discovery
Four instantiations– TTL based flooding + nexthop storage (AODV like)– TTL based flooding + path storage– Network flooding + nexthop storage– Network flooding + path storage (DSR like)
Metrics (key to evaluating components)– Path Discovery Failure, Path Discovery Overhead
(Efficiency)– Impact of cached routes (data pkt cache hit, RREP generated
by cache)– Quality of paths (avg hops, avg src-dst connectivity )– Path Discovery Latency
Performance of Components: Performance of Components: Route Discovery (cont)Route Discovery (cont)
• Simulation setup: - 100 nodes move in area 5x5 km- Mobility Model: Random way point, mobility
speed varied at 0, 25, 50, 75 and 100 meters/second. Pause time is 0.
- Traffic Mode: data packet arrivals as Poisson process, with mean interarrival time 0.5, 1, 1.5 and 2 seconds. Packet length is randomly set as exponential (1024).
Performance of Components: Performance of Components: Route Discovery (cont)Route Discovery (cont)
“Path Storage” contributes to:
• reduce Path Discovery Overhead (Inefficiency)
• decrease Path Discovery Failure
1. “Path Storage” vs “Neighbor Storage”
• Path Discovery Overhead: Average number of routing packets received / each RREQ replied
• Path Discovery Failure Ratio: Portion of unreplied RREQs to total RREQs generated
0
50
100
150
200
250
300
350
400
450
0 25 50 75 100Mobility Speed(m/s)
TTL_NbrTTL_PathFlood_NbrFlood_Path
Path Discovery Overhead(Pkt)
Mobility speed (m/s)
Path Discovery Overhead
0
0.1
0.2
0.3
0.4
0.5
0.6
0.7
0.8
0.9
1
0 25 50 75 100Mobility Speed(m/s)
TTL_NbrTTL_PathFlood_NbrFlood_Path
Path Discovery Failure RatioPath Discovery Failure Ratio
Mobility speed (m/s)
Correlation Between System MetricsCorrelation Between System Metrics and Component Metricsand Component Metrics
• How component influences system performance?
– Analyze correlation between values of component metrics and system metrics.
– Detach system metrics (e.x End to End Delay) to percentage of each component’s metrics(e.x Path Discovery Delay).
– Figure out “bottleneck” component.
• Trace Data Packet
– Differentiate each component .
– Record component metric’s value.
Packet Registration TablePacket Registration Table • Create registration table for each component.
– Route Discovery Component: Pkt_Enroll_Route_Disc.
– Route Maintenance Component: Pkt_Enroll_Route_Maint.
– Data Packet Forwarding: Pkt_Enroll_Data_Forward.
– Topology Database Maintenance: Pkt_Enroll_Topo_Maint.Route
DiscoveryComponent
TopologyDatabase
Component
RouteMaintenanceComponent
PacketForwardingComponent
Data Pkt
Pkt_Enroll_Route_Disc
Pkt_Enroll_Route_Maint
Pkt_Enroll_Data_Forward
Pkt_Enroll_Topo_Maint
Register to
Route Discovery Delay Route Discovery Delay vsvs
End to End DelayEnd to End Delay
• Simulation Scenarios:
– Network Topology: 20 nodes in 2 x 2 km.
– Traffic Mode: Data Traffic (12,000 bytes/sec)
Voice Traffic (57,000 bytes/sec)
Video Traffic (698,000 bytes/sec)
– Mobility: Random way point, mobility speed varied at 0, 15 and 30 meters/second. Pause time is 0.
Route Discovery Delay Route Discovery Delay vsvs End to End Delay (cont.)End to End Delay (cont.)
• As mobility speed is increased, Route Discovery Delay has higher proportion of End to End Delay.
Mobility Speed (meters/sec)
0
0.1
0.2
0.3
0.4
0.5
0.6
0.7
1 2 3 0 15 30
Proportion of Route Discovery Delay to E2E Delay (percentage)
Video Traffic (698,000 bytes/sec)
Route Discovery Delay Route Discovery Delay vs vs End to End Delay (cont.)End to End Delay (cont.)
0
0.1
0.2
0.3
0.4
0.5
0.6
1 2 3
Mobility Speed: 15 meters/sec
data voice video Traffic Type (Bit Rate)
Proportion of Route Discovery Delay to E2E Delay (percentage)
• As bit rate is increased, Route Discovery Delay has higher proportion of End to End Delay.
Route Discovery Delay Route Discovery Delay vs vs End to End Delay (cont.)End to End Delay (cont.)
Proportion of Route Discovery Delay to E2E Delay (percentage)
1 2 3
S1
S3
0
0.1
0.2
0.3
0.4
0.5
0.6
0.7
data voice video
0 15 3
0
• Generally, proportion of Route Discovery Delay will be increased along with increasing bit rate and mobility speed.
OutlineOutline
• Networks
• Constrained Coalitional Games
• Iterative Dynamics on Graph
• Trust and Collaboration
• Direct and Indirect Trust Computation
• Component Based Networking
• Network Design and Trade-offs
CBN Formal Models
Formal Hybrid Models (Component Based Networking) Performance Models (Rates – Throughput, packet losses, delays) Sensitivity Computation and Trade offs (Automatic Differentiation / Infinitesimal Perturbation Analysis / Cross Entropy) and UMD CONSOL-OPTCAD, ILOG CPLEX-SOLVER
Topology-MobilityTraffic patterns and matrixNetwork ConditionsQoS
Protocol componentsDesign parameters and architecture
Performance Models
Multi-objectivedesigner/optimizer
AD/IPA/CE processor
Performance Metrics and sensitivities
MANET Network Design-DimensioningMANET Network Design-Dimensioning
Routing ProtocolMAC ProtocolFlow Control Protocol
Fundamental Trade-Off: Benefits vs Cost of Collaboration