Self Healingnetworksben

7/30/2019 Self Healingnetworksben

1/36

Self-healing networksWhen the going gets tough, the tough get going

L.Spaanenburg. Groningen University, Department of Computing Science. P.O. Box 800, 9700 AV, Groningen.Mail: ben @cs.rug.nl , http://www.cs.rug.nl/~ben

2001 IPA Spring Dayson

Security
mailto:[email protected]:[email protected]


2/36

April 2001 IPA Spring Days - Security 2

Motivation

Security involves the guaranteed access

to all resources at all times with top quality

Threats: - from outside

- from inside

Here: internal diseases only

What is security?


3/36


4/36


The weak spot

A network is billions of tightly connecteddistributed heterogeneous components

Things happen on a wide time/spatial scale withmassive interaction

A local disturbance can spread widely in zero

time Relationships and interdependencies are too

complex for mathematical theories

It is the small dog that bites!


5/36


Users perspective on networks An integrated Power Information

Communication technology


6/36


Telephone network A network can be a tree with central control

connectionlocalexchange

2nd-order exchange

1st-order exchange

short distance

medium distance

long distance


7/36


Data Network Connectionless communication by broadcast

Subnet

LAN

Host Router


8/36


Means of Communication

Synchronous PDH: Plesiochronous Digital HierarchySDH: Synchronous Digital HierarchyISDN: Integrated Services Digital Network

AsynchronousFDDI: Fiber Distributed Data InterfaceFR: Frame RelayATM: Asynchronous Transfer Mode

Sigh, there are some many ways to communicate


9/36


Sources of Abnormality

Attacks from the outside world

(service attack) Hick-ups in the network communication Failures on the network nodes

Its a detection problem!

What goes wrong, will go wrong


10/36


The Keeler-Allston disaster

On 10 August 1996, the Keeler-Allston 500 kVpower line tripped creating voltage depressionand the McNary Dam went to maximum

The Ross-Lexington 230 kV line also trippedand pushed the McNary Dam over the edge

The McNary Dam sets off oscillations that wentto 500 MW within 1.5 minutes The North-South Pacific INTER-tie isolated 11

US states and 2 Canadian provinces

The network is vulnerable for local abnormalities


11/36


The 1998 Galactic page out

In May 1998, the Galaxy-IV satellite wasdisabled by unknown causes

US National Public Radio and 40M pagerswent out, airline flights delayed and datanetworks had to be manually reconfigured

Many geo-stationary satellites are 800 1400km; 13 (60-), 35 (70-), 69 (80-) and 250 (90-) 10 million pieces of debris > 1 mm

The weak belly of the Earth


12/36


Other fault cascades

Finagles Law

Anything that can go wrong, will

Antibiotics cause resistance (DDT)Code replication also works for errors

Cause/effect relations occur frequently


13/36


Self-healing in history

1993 AT&T announced the self-healingwireless network

1998 SUN bought the RedCape PolicyFramework for self-healing software

1998 HP released the sefl-healing version

of OpenView Network Node Manager 2001 Concord Com. Announced

self-healing for the home

The name has been used before


14/36


Self-Healing ingredients

Application handling the communication

Presentation message formatting Session controls traffic between parties Transport converts packets into frames v.v. Network controls frame routing Data Link frames of bit sequences Physical relays physical quantities

Self-healing = Detection + Diagnosis + Self-Repair

Network

TestNodeTest

Recon-figure


15/36


An Initiative in Self-Healing

The CIN/SI is funded by the Electronic Power

Research Institute and the US Dept. of Defenseas part of the Government-IndustryCollaborative University Research program

28 universities in 6 consortia started Spring

1999 to spent $30 M in 5 years The approach is multi-agent technology

The Complex Interactive Networks/Systems Initiative


16/36


CIN/SI consortia

[CalTech] CIN Mathematical Foundation

[CMU] Context-dependent Agents [Cornell] Failure Minimization [Harvard] Modeling and Diagnosis

[Purdue] Intelligent Management [Washington] Defense to Attacks

The different aspects of self-healing


17/36


Key issues

Pre-programming misses the target by lack of context dependence

No damage would have occurred if the load onthe McNary Dam would have decreased by0.4% during the next 30 minutes

Local agents making real-time decision wouldhave eliminated the Keeler-Allson disaster.

Central control comes too late by definition


18/36


Basic agent types

Agents are called cognitive or rational whenequipped with clear rules and algorithms

Agents are called reactive when theirfunctioning depends on the interrogation of theenvironment

Both type of agents are required on the decision-making layers handling respectively reaction,coordination and deliberation

What are agents?


19/36


CIN/SI architecture (1)Operational control of the power plant

Power System

ProtectionAgents

GenerationAgents

Controls

Faults Isolation

Agents

Frequency Stability

Agents

Events/alarmFiltering Agents

Model updateAgents

CommandAgents

Events/ alarms

Triggering events Plans/Decisions


20/36


CIN/SI architecture (2)Strategic management of the power grid

Events/alarmFiltering Agents

Model updateAgents

CommandAgents

Triggering events Plans/Decisions

Events IdentificationAgents

PlanningAgents

RestorationAgents

Vulnerability AssessmentAgents

Hidden FailureMonitoring Agents

ReconfigurationAgents


21/36


Monitoring the processStrategic decisions on tactic control

Monitor

ProcessControlSensor Actuator


22/36


The network emphasisThe network glues the agents together

Network Agent

Agent Agent

Agent Agent

Agent


23/36


Defect looses all

But what we need is:

Mutual observation between nodes Group decision of testing agents Implied reconfiguration of the network

How can we facilitatetesting with agent properties?

Majority voting is a centralized consensus scheme


24/36


Agent characteristicsWhat is security?

sensors

effectors

Behaviour

mousemessages...other agents

messagesmovechange appearancespeak

Independent, Reactive,Proactive, Social


25/36


Built-in Block ObservationTesting complex systems requires autonomy

generator

process

verifier


26/36


Linear Feedback Shift-register

When data flows over identical nodes,the typical function can be characterized

by the feedback polynomial

Generation of ordered bit strings by EXORs

016 x x x


27/36


Friedmann modelThe aim is for a locally compacted set of patterns

ProcessI O

Q


28/36


A basic function

A simple low-pass filter

Takes a data sampling routine,multiplying adder and final function 1/N.

Proto-typical software on a small PIC controller

1

0)(1 N

iit i xc N

z


29/36


A neuron

A simple neuron

Is similar to the low-pass filter except forthe incoming data. Operates from thesame input data ring-buffer.

Intelligence can be built from filtering

1

0)( N

iiji xw f z


30/36


A neural network

A feed-forward network

Differs only in the layer-by-layerswitching of the I/O-blocks

Where there is one neuron, there can be more

1

0

1

0)(

M

j

N

iiji j xw f w f z


31/36


Non-Linear Feedback SR

When data flows over identical nodes,the typical function can be characterizedby the globally recurrent neural network

Generation of ordered patterns by Correlators

t xw


32/36


Neural Observation

Analog correlation is about finding thefunctional similarity

Digital correlation is the same except for theeffect of crisping

Random access storage is always larger thanstorage of an ordered function

The neurally approximated function allowesfor a dense salvage of ordered I/O-pairs

Analog correlation looks like digital EXOR


33/36


Data-Flow Architecture

When data flows over identical nodes,the typical function can be characterized

Built-In Logic Block Observation The BIFBO can also be shared with

neighboring nodes

Built-In Function Block Observation The local test does not differentiate between

hardware and software

Data discrepancy is low-level abnormal behavior


34/36


Question 1

If you can not test it, then its not worth

to design it. Hierarchical design needs a hierarchicaltest.

Abstraction gives a condensed view onreality.

Abstraction provides for scalability.

Is there an abstractional test?


35/36


Question 2

Interaction is good, conflicts are less

If resources have a state, access should bebounded by state Conflicting services pose basically a

scheduling problem Its hard to schedule over an arbitrary

network

Is feature interaction really a static problem?


36/36

April 2001 IPA Spring Da s Sec rit 36

Question 3

Design should be scalable; test is no exception.

Detection can do without diagnosis;Diagnosis can not go without detection. Testing can be based on area (coverage) or on

frontier (sensitivity) The boundary between software and hardware

is still moving

Do neural networks provide for a built-in test?

Self Healingnetworksben

Documents

Transcript of Self Healingnetworksben