![Page 1: Autonomous Pervasive Systems and the Policy Challenges of a Small World!](https://reader033.vdocument.in/reader033/viewer/2022060116/5581474bd8b42a9b098b547a/html5/thumbnails/1.jpg)
Autonomous Pervasive Systems and the Policy Challenges of a Small World!
Emil LupuImperial College London
Keynote IEEE Symp on Policies for Distributed Systems and Networks 2007
![Page 2: Autonomous Pervasive Systems and the Policy Challenges of a Small World!](https://reader033.vdocument.in/reader033/viewer/2022060116/5581474bd8b42a9b098b547a/html5/thumbnails/2.jpg)
University of Bologna
• Oldest University in Europe (certainly the oldest medieval).
• Born out of conflict: the papal-imperial rivalry, restrictions put by the church on learning and in particular on common law.
• Lack of protection of non “citizens” leads to the formation of guilds (“universitas”).
![Page 3: Autonomous Pervasive Systems and the Policy Challenges of a Small World!](https://reader033.vdocument.in/reader033/viewer/2022060116/5581474bd8b42a9b098b547a/html5/thumbnails/3.jpg)
• In essence a school of law.
• A university ran by the students. Policy (Bologna University style):
• Doctors elected by students.
• Curriculum must be agreed by the students.
• Curriculum must be divided into two-weekly puncta.
• Doctors who start lectures late or finish late must pay a fine.
• Doctors who fail to attract at least 5 students are deemed absent and fined.
• Doctors must pay a deposit before being allowed to leave the city to ensure their return.
Policy at Bologna
Peter Watson Ideas: A history from Fire to Freud
Phoenix Publ. 2005
![Page 4: Autonomous Pervasive Systems and the Policy Challenges of a Small World!](https://reader033.vdocument.in/reader033/viewer/2022060116/5581474bd8b42a9b098b547a/html5/thumbnails/4.jpg)
Policies are for Large Systems
![Page 5: Autonomous Pervasive Systems and the Policy Challenges of a Small World!](https://reader033.vdocument.in/reader033/viewer/2022060116/5581474bd8b42a9b098b547a/html5/thumbnails/5.jpg)
Policies
• Originally introduced to separate the strategy for resource allocation in OSs from the mechanisms controlling the resources. R Levin et al. Policy/Mechanism Separation in Hydra. 5th Symp. on Operating Systems Principles (SOSP), November 1975.
• Became popular in large centralised access control systems and subsequently, in the early 90’s, for managing large networks and distributed systems.
• Policies apply to large sets of objects providing uniform configuration.
• Provide the means to automate adaptation across large systems
![Page 6: Autonomous Pervasive Systems and the Policy Challenges of a Small World!](https://reader033.vdocument.in/reader033/viewer/2022060116/5581474bd8b42a9b098b547a/html5/thumbnails/6.jpg)
Policy Areas
Network and Systems Management
Access Control and Security
Management
Enterprise Distributed Object
Computing
Policy Workshop 1999
Privacy
Trust
Business Rules
Multi-Agent Systems
Web-Services
SLAs
Negotiation
Semantic Web Data Centric Security
![Page 7: Autonomous Pervasive Systems and the Policy Challenges of a Small World!](https://reader033.vdocument.in/reader033/viewer/2022060116/5581474bd8b42a9b098b547a/html5/thumbnails/7.jpg)
Policies for Large Systems require Complex Policy Systems
• Build on complex software infrastructure: CIM, LDAP, Storage, Databases, Web-Services (WS-*), Grid-Environments, ...
• Systems are functionally separated. A function realised for the entire system e.g., Authentication, Fault-Diagnostics, Accounting, ...
• Architectures are tightly coupled, making in difficult and laborious to add new elements.
• Computational power is infinite (or almost). Components are always available
• Policies are replacing human actions.
![Page 8: Autonomous Pervasive Systems and the Policy Challenges of a Small World!](https://reader033.vdocument.in/reader033/viewer/2022060116/5581474bd8b42a9b098b547a/html5/thumbnails/8.jpg)
Examples: Ponder
LDAP Server
Domain Service Front End
HypTree Browser
Editor
PolicyObject
enable
EnforcementAgents
enable
DeletedDormant
Loaded
Enabled
load unload
disable
AccessControllers
(AuthorisationPolicies)
PolicyManagementAgents
(Obligation &Refrain Policies)
Deployment
PolicySourceText
CodeAssembler
Call Policy-Service to storepolicy code indirectory
ICScope/Type
Analysis
SemanticAnalyser
AST
SyntaxAnalyser(SableCC)
SyntaxAnalysis
XMLCode Generator
Java securityCode Generator
Win2000 securityCode Generator
...
Java obligationpolicies
Compiler
OPOsRPOs
load, enable,..
checkRefrains
enable,disable
eventHandler
obligMethod
enable,disable
checkRefrain
register, ...
eventEngine
ACs
OEOs
REOs
Policy Management AgentEvent Service
Access Controllers
1 2 3
74
56
28
9 EnforcementConfiguration
Manager
Toolkit
Londonnetwork
edge router
edge router
Parisnetwork
tr1
instinstmstruct /london/tr1 = trafficT(op1, qos1)
core network
tr2
mstruct /paris/tr2 = trafficT(op1, qos2)
Roles, Rel Management
Structures
CIM
DiffServ
Analysis Refinement
![Page 9: Autonomous Pervasive Systems and the Policy Challenges of a Small World!](https://reader033.vdocument.in/reader033/viewer/2022060116/5581474bd8b42a9b098b547a/html5/thumbnails/9.jpg)
Lessons
• Development intensive requiring numerous services that depend on many underlying systems and packages. Must be able to rely on commercial policy products ... which aren’t there.
• Difficult to maintain, distribute and demonstrate. Numerous queries received about the Ponder toolkit were about LDAP installation and configuration.
• Difficult to integrate with new techniques: planning, context, analysis, security and management ...
• Policies replace human (administrator) led activity. Typically compared with scripting and ad-hoc human-driven solutions. Poor short term ROI.Need to provide “advantage”: analysis, refinement and validation. Need to provide benchmarking and proof of scale up.
![Page 10: Autonomous Pervasive Systems and the Policy Challenges of a Small World!](https://reader033.vdocument.in/reader033/viewer/2022060116/5581474bd8b42a9b098b547a/html5/thumbnails/10.jpg)
Policy Outset
• Policy motivated by arguments of scale
• Industry cannot deliver the products and benchmarks
• Academics cannot deliver convincing demonstrations
• Restrict to theoretical work.
• Small proof of concept for individual techniques.
![Page 11: Autonomous Pervasive Systems and the Policy Challenges of a Small World!](https://reader033.vdocument.in/reader033/viewer/2022060116/5581474bd8b42a9b098b547a/html5/thumbnails/11.jpg)
Autonomous Pervasive Systems ... at any scale
![Page 12: Autonomous Pervasive Systems and the Policy Challenges of a Small World!](https://reader033.vdocument.in/reader033/viewer/2022060116/5581474bd8b42a9b098b547a/html5/thumbnails/12.jpg)
Cardiac Monitoring
Power
RF
Control
Primary unit Secondary unit
Signal conditioning Antenna Antenna
ControlRF
Tertiary unit/Central Server
Battery
Sensors
UbiMon Body Sensor Node
![Page 13: Autonomous Pervasive Systems and the Policy Challenges of a Small World!](https://reader033.vdocument.in/reader033/viewer/2022060116/5581474bd8b42a9b098b547a/html5/thumbnails/13.jpg)
The BSN platform
- TinyOS- Ultra low power 16 bit processor- 64KB + 256KB Flash memory- 6 analog channels- IEEE 802.15.4 (Zigbee) wireless link
![Page 14: Autonomous Pervasive Systems and the Policy Challenges of a Small World!](https://reader033.vdocument.in/reader033/viewer/2022060116/5581474bd8b42a9b098b547a/html5/thumbnails/14.jpg)
Body Area Networks for eHealth• Implanted and wearable sensors:
Heart monitoring, blood-pressure, oxygen saturation, etc.
• Continuous monitoring of physiological condition e.g., cardiac arrhythmia.
• Maintenance of chronic conditions: heart deficiencies, diabetes mellitus, chronic anaesthesia
• Incremental drug delivery. Context dependent drug delivery.
• Remote interrogation
• Alert for emergency interventions.Body Area Networks
![Page 15: Autonomous Pervasive Systems and the Policy Challenges of a Small World!](https://reader033.vdocument.in/reader033/viewer/2022060116/5581474bd8b42a9b098b547a/html5/thumbnails/15.jpg)
Requirements• Continuous adaptation:
• sensor failures, new sensors and diagnostic units
• changes in user activity and context
• changes in the patient’s medical condition
• interactions with other devices in different environments: home, hospital, GP clinic
• Minimal resource (power) consumption
• No administrator interactions
• Low-coupling
• Support for Interactions
• peer-to-peer interactions between devices
• composition between subsystems
• federation between collections of devices
• Decision making: goal-driven, heuristics, utility
• Learning: classification, statistical, declarative
![Page 16: Autonomous Pervasive Systems and the Policy Challenges of a Small World!](https://reader033.vdocument.in/reader033/viewer/2022060116/5581474bd8b42a9b098b547a/html5/thumbnails/16.jpg)
Policy-based closed adaptation loop
Control actions
Decisions
ManagedObjects
MonitorEvents
Manager Agent
Events
Policies(auth)
New functionality Policies(oblig/ECAs)
![Page 17: Autonomous Pervasive Systems and the Policy Challenges of a Small World!](https://reader033.vdocument.in/reader033/viewer/2022060116/5581474bd8b42a9b098b547a/html5/thumbnails/17.jpg)
Policies in Healthcare Environments• Obligations define which operations need to be performed when certain
events occur. Event-Condition-Action Rules
• Authorisations define which operations are permitted and under which circumstances.
• Other policy types: Membership management, Information Filtering, Trust Management, Delegation, Negotiation, etc.
• Policies applied to different functional areas: device and service discovery, device configuration, authentication and authorisation, privacy, collaborations, ...
![Page 18: Autonomous Pervasive Systems and the Policy Challenges of a Small World!](https://reader033.vdocument.in/reader033/viewer/2022060116/5581474bd8b42a9b098b547a/html5/thumbnails/18.jpg)
The Controller: Gumstix
• 200-400MHz (Intel XScale PXA255)16 MBFlashBluetooth
• Expansion boards: Wifi, Eth, Cf or MMC, audio, GPS
• Linux 2.6
• GCC, JamVM and other development tools
• 802.15.4 through connected BSN
![Page 19: Autonomous Pervasive Systems and the Policy Challenges of a Small World!](https://reader033.vdocument.in/reader033/viewer/2022060116/5581474bd8b42a9b098b547a/html5/thumbnails/19.jpg)
Autonomous Unmanned Vehicles
• Each vehicle is an autonomous collection of managed devices with different functional capabilities
• Must be extensible to different sensors and modules
• Can aggregate and collaborate in fleets of autonomous vehicles
• Must interact with external environment
![Page 20: Autonomous Pervasive Systems and the Policy Challenges of a Small World!](https://reader033.vdocument.in/reader033/viewer/2022060116/5581474bd8b42a9b098b547a/html5/thumbnails/20.jpg)
Building Integration
• Instrumentation of in-door environments: multimedia, assisted living for the elderly
• Discovery and autonomy across nested collections of devices
• Interactions with persons (and their personal area networks)
• Composition and federation that follows: physical space, functional space
![Page 21: Autonomous Pervasive Systems and the Policy Challenges of a Small World!](https://reader033.vdocument.in/reader033/viewer/2022060116/5581474bd8b42a9b098b547a/html5/thumbnails/21.jpg)
Citywide environments
• How do we build next generation pervasive city infrastructures?
• Composition federation and interaction of pervasive spaces.
• Interactions with mobile users and groups of users.
• Space as catalyst for social interaction
![Page 22: Autonomous Pervasive Systems and the Policy Challenges of a Small World!](https://reader033.vdocument.in/reader033/viewer/2022060116/5581474bd8b42a9b098b547a/html5/thumbnails/22.jpg)
Pervasive Spaces
PAN Control
ControlControlactionsactions DecisionsDecisions
Managed Managed ObjectsObjects
MonitorMonitorEventsEvents
Manager Manager AgentAgent
EventsEvents
PoliciesPolicies
New functionalityNew functionality PoliciesPolicies
ControlControlactionsactions DecisionsDecisionsControlControlactionsactions DecisionsDecisions
Managed Managed ObjectsObjects
MonitorMonitorEventsEvents MonitorMonitorEventsEvents
Manager Manager AgentAgent
EventsEvents
Manager Manager AgentAgent
EventsEventsEventsEventsEventsEvents
PoliciesPoliciesPoliciesPolicies
New functionalityNew functionalityNew functionalityNew functionality PoliciesPoliciesPoliciesPolicies
Personal Area Networks
Pervasive Environments
Home Appliance Control
ControlControlactionsactions DecisionsDecisions
Managed Managed ObjectsObjects
MonitorMonitorEventsEvents
Manager Manager AgentAgent
EventsEvents
PoliciesPolicies
New functionalityNew functionality PoliciesPolicies
ControlControlactionsactions DecisionsDecisionsControlControlactionsactions DecisionsDecisions
Managed Managed ObjectsObjects
MonitorMonitorEventsEvents MonitorMonitorEventsEvents
Manager Manager AgentAgent
EventsEvents
Manager Manager AgentAgent
EventsEventsEventsEventsEventsEvents
PoliciesPoliciesPoliciesPolicies
New functionalityNew functionalityNew functionalityNew functionality PoliciesPoliciesPoliciesPolicies
Intelligent Home Networks
Autonomous Vehicles
![Page 23: Autonomous Pervasive Systems and the Policy Challenges of a Small World!](https://reader033.vdocument.in/reader033/viewer/2022060116/5581474bd8b42a9b098b547a/html5/thumbnails/23.jpg)
A common pattern
• That can be used at different levels of scale: body area networks, unmanned vehicles, intelligent homes, and large distributed systems and networks.
• That can provide self-management and closed-loop adaptation at the local level.
• That can provide different levels of functionality.
• That is architectural as well as functional.
• Provides low-coupling between the different services.
![Page 24: Autonomous Pervasive Systems and the Policy Challenges of a Small World!](https://reader033.vdocument.in/reader033/viewer/2022060116/5581474bd8b42a9b098b547a/html5/thumbnails/24.jpg)
Self-Managed Cells
... and the first Architectural Steps
![Page 25: Autonomous Pervasive Systems and the Policy Challenges of a Small World!](https://reader033.vdocument.in/reader033/viewer/2022060116/5581474bd8b42a9b098b547a/html5/thumbnails/25.jpg)
What is a Self-Managed Cell?
• A set of hardware and software components forming an administrative domain that is able to function autonomously and thus capable of self-management.
• Management services interact with each other through asynchronous events propagated through a content-based event bus.
• Policies provide local closed-loop adaptation.
• Able to interact with other SMCs and able to compose in larger scales SMCs.
![Page 26: Autonomous Pervasive Systems and the Policy Challenges of a Small World!](https://reader033.vdocument.in/reader033/viewer/2022060116/5581474bd8b42a9b098b547a/html5/thumbnails/26.jpg)
Self-Managed Cell (SMC)
Control actions DecisionsManaged
Objects
MonitoEvents
Manager Agent
Events
Policies
New functionality` Policies
![Page 27: Autonomous Pervasive Systems and the Policy Challenges of a Small World!](https://reader033.vdocument.in/reader033/viewer/2022060116/5581474bd8b42a9b098b547a/html5/thumbnails/27.jpg)
SMC Pattern
• Provides low-coupling between the different services.
• Permits the use of different service implementations when used at different levels of scale.
• Permits to add services to SMCs in order to add functionality:
• Context service(s) for mobile users and gathering information from the environment.
• Authentication, Access Control and other security services.
• Provisioning and Optimisation services for control of resources
![Page 28: Autonomous Pervasive Systems and the Policy Challenges of a Small World!](https://reader033.vdocument.in/reader033/viewer/2022060116/5581474bd8b42a9b098b547a/html5/thumbnails/28.jpg)
SMC Core Services
• Discovery Service (including membership management)
• Event Service
• Policy Service
Control actions
Decisions
ManagedObjects
MonitorEvents
Manager Agent
Events
Policies(auth)
New functionality Policies(oblig/ECAs)
![Page 29: Autonomous Pervasive Systems and the Policy Challenges of a Small World!](https://reader033.vdocument.in/reader033/viewer/2022060116/5581474bd8b42a9b098b547a/html5/thumbnails/29.jpg)
Cell Discovery Service
• Discovers new devices and maintains membership to detect failures and departures from cell.
• Queries device for its profile and services;
• Performs vetting functions e.g. authentication, admission control.
• Listens for new service offers and service removals from the devices
• Generates events to signal new/disconnected devices or software components. Interested services can subscribe, receive and react to these events.
• Own implementation developed to cater for BSN nodes and policy configurable parameters but other protocols e.g., SDP, SLP, ... could be used in other environments.
![Page 30: Autonomous Pervasive Systems and the Policy Challenges of a Small World!](https://reader033.vdocument.in/reader033/viewer/2022060116/5581474bd8b42a9b098b547a/html5/thumbnails/30.jpg)
Cell Event Service
• Publish/Subscribe with content based router.
• At-most-once, reliable event delivery.
• To an individual recipient events are delivered in the same order as received by the router.
• Quenchable publishers to minimise number of messages and power consumption.
• Supports heterogeneous communication.
![Page 31: Autonomous Pervasive Systems and the Policy Challenges of a Small World!](https://reader033.vdocument.in/reader033/viewer/2022060116/5581474bd8b42a9b098b547a/html5/thumbnails/31.jpg)
Event Service Architecture
proxy S1
proxy S2
proxy P1
subscription filtering
S1
S2
undeliveredmessages
P1
S1
S2
filter(s)
RouterPublisher Subscribers
NewDevice DeviceLeft
![Page 33: Autonomous Pervasive Systems and the Policy Challenges of a Small World!](https://reader033.vdocument.in/reader033/viewer/2022060116/5581474bd8b42a9b098b547a/html5/thumbnails/33.jpg)
Policies for Different Functional Areas
• Device and Service Discovery. How to react to new devices and services and their disappearance.
• Membership Management.
• Context Management. How to react to changes in location, activities of the user, surrounding environment.
• Clinical Management. How to react to changes in the clinical condition.
• Security Management.
• Policy Management. Enable, disable, unload policies.
![Page 34: Autonomous Pervasive Systems and the Policy Challenges of a Small World!](https://reader033.vdocument.in/reader033/viewer/2022060116/5581474bd8b42a9b098b547a/html5/thumbnails/34.jpg)
Ponder2 Design Goals
• Permit interaction with a running SMC
• invoking operations on objects
• policy creation, activation, etc.
• Only loads what is needed
• Can be extended (dynamically)
• Must run on a Gumstix (and possibly on BSN nodes)
Ponder2 Design Process
Design
Remove
![Page 35: Autonomous Pervasive Systems and the Policy Challenges of a Small World!](https://reader033.vdocument.in/reader033/viewer/2022060116/5581474bd8b42a9b098b547a/html5/thumbnails/35.jpg)
Ponder2
• Supports both obligation policies in the form of Event-Condition-Action rules and authorisation policies. Therefore it requires:
• Managed Objects to represent resources and invoke operations on external services
• Domains to group objects and specify policies in terms of domains of objects.
• Events to trigger policies and interactions with the event bus.
• Policies of multiple kinds.
• Object invocations to implement policy actions
![Page 36: Autonomous Pervasive Systems and the Policy Challenges of a Small World!](https://reader033.vdocument.in/reader033/viewer/2022060116/5581474bd8b42a9b098b547a/html5/thumbnails/36.jpg)
...
Ponder2 Policy Service
Cell Policy Interpreter
Managed Objects
Event
Policy Objects
PonderTalkCommands
(and Policies)
PolicyService
Domains
Holds refs to managed objects: Devices, SMCs,
Policies, Roles, etc
Actions
Events
![Page 37: Autonomous Pervasive Systems and the Policy Challenges of a Small World!](https://reader033.vdocument.in/reader033/viewer/2022060116/5581474bd8b42a9b098b547a/html5/thumbnails/37.jpg)
Ponder2, try again
• The Policy Service requires:
• Convention for loading and creating Managed Objects
• Invoking operations on Managed Objects
• Root domain (that does not know it is a domain)
• That’s it!
• Domains, policies, events, ... are themselves managed objects that follow the same conventions.
![Page 38: Autonomous Pervasive Systems and the Policy Challenges of a Small World!](https://reader033.vdocument.in/reader033/viewer/2022060116/5581474bd8b42a9b098b547a/html5/thumbnails/38.jpg)
Bootstrapping Ponder2 in PonderTalk
• SMC is just an empty domain - root
• Import domain factory
• Create domains
• Import basic factories
• Read more PonderTalk
// Bootstrap code for Ponder2 !// Import the Domain code // and create the default domains domainFactory := root load: "Domain". root at: "factory" put: domainFactory create; at: "policy" put: domainFactory create; at: "event" put: domainFactory create. // Put the domain factory into the factory directory root/factory at: "domain" put: domainFactory. !// Import event and policy factories root/factory at: "event" put: ( root load: "EventTemplate" ); at: "oblig" put: ( root load: "ObligationPolicy" ).
![Page 39: Autonomous Pervasive Systems and the Policy Challenges of a Small World!](https://reader033.vdocument.in/reader033/viewer/2022060116/5581474bd8b42a9b098b547a/html5/thumbnails/39.jpg)
Managed Objects
• A managed object • Conforms to a set of interface rules.• Created through a factory• Accepts commands
• Several pre-defined types of managed objects: domains, policies, factories, external, events
Policy
serviceRMI
.jar file
import
import
import
External
Internal
Factory
/
/svc /fact
RMI
factory
objectremote
invocation
<<create>>
![Page 40: Autonomous Pervasive Systems and the Policy Challenges of a Small World!](https://reader033.vdocument.in/reader033/viewer/2022060116/5581474bd8b42a9b098b547a/html5/thumbnails/40.jpg)
Writing a new Managed Object
• A Managed Object is a Java class
• PonderTalk messages converted to method calls
• Constructors called by factory messages
• Instance methods called by operational messages
• Mapping done by @Ponder2op Java annotation• uses apt Annotation Processing Tool instead of javac
![Page 41: Autonomous Pervasive Systems and the Policy Challenges of a Small World!](https://reader033.vdocument.in/reader033/viewer/2022060116/5581474bd8b42a9b098b547a/html5/thumbnails/41.jpg)
public class MyManagedObject implements P2ManagedObject { ! private Map<String, OID> data; ! @Ponder2op("create") MyManagedObject() { data = new HashMap<String, OID>(); } ! @Ponder2op("size:") MyManagedObject(int size) { data = new HashMap<String, OID>(size); } ! @Ponder2op("at:put:") OID store(String name, OID oid) { data.put(name, oid); return oid; } ! @Ponder2op("at:") OID get(String name) {
return data.get(name); } ! @Ponder2op("remove:") OID remove(String name) { return data.remove(name); } !}
Example: a HashTable Managed Object
�41
apt
createsize: intat: name put: OIDat: nameremove: name
P2MyManagedObjectMyManagedObject()MyManagedObect(int size)store(String name, OID oid)get(String name)remove(String name)
MyManagedObject
<<interface>>ManagedObject
ManagedObject
![Page 42: Autonomous Pervasive Systems and the Policy Challenges of a Small World!](https://reader033.vdocument.in/reader033/viewer/2022060116/5581474bd8b42a9b098b547a/html5/thumbnails/42.jpg)
/
event fact
<<create>>
intrusion compromise
inst
event
types
XML
BlasterWS-Notif
Events in Ponder2
• Event = notification with named attributes.
• Trigger policies.
• An event factory interfaces with an external event bus.
• Multiple factories can be used.
• Event types (templates) are created by factories.
![Page 43: Autonomous Pervasive Systems and the Policy Challenges of a Small World!](https://reader033.vdocument.in/reader033/viewer/2022060116/5581474bd8b42a9b098b547a/html5/thumbnails/43.jpg)
Example: Discovery of new BSN sensor• Discovery service issues events when BSN is detected or lost
!newevent := root/factory/SMCeventbus. !// newBSN event type !root/event at: "newBSN" put: (newevent create: #("name" "type") ). !// example of raising an event root/event/newBSN create: #("Temp1" "TempMon").
![Page 44: Autonomous Pervasive Systems and the Policy Challenges of a Small World!](https://reader033.vdocument.in/reader033/viewer/2022060116/5581474bd8b42a9b098b547a/html5/thumbnails/44.jpg)
Policies
• Created with policy factory
• Dynamically associate events, actions and conditions with a policy
• Can be activated and deactivated
• Are managed objects. Can be moved, deleted, created, activated, deactivated by other policies
• Actions and conditions are blocks
Blocks
• Blocks are objets that group statements.
• Block execution is delayed
• Blocks can take arguments
• Blocks are closures
• Blocks return the result of their last statement
![Page 45: Autonomous Pervasive Systems and the Policy Challenges of a Small World!](https://reader033.vdocument.in/reader033/viewer/2022060116/5581474bd8b42a9b098b547a/html5/thumbnails/45.jpg)
Discovery Policies
• When a new BSN sensor is discovered a policy is used to create the appropriate adaptor managed object
• Adaptor object acts as proxy for the BSN and can receive commands for them e.g. setrate
// Create discovery policy newpolicy := root/factory/oblig. !discBSN := newpolicy create. discBSN event: root/event/newBSN; action: [ :name :type | root/template/bsnAdaptor create: name setActive: type ]; setActive: true.
![Page 46: Autonomous Pervasive Systems and the Policy Challenges of a Small World!](https://reader033.vdocument.in/reader033/viewer/2022060116/5581474bd8b42a9b098b547a/html5/thumbnails/46.jpg)
Blood Pressure Policy
• on bp(value) if (value>150) && oldValue<=150
• do /bsn/HEART1 .set(sensorRate=1) /alarm.alarm(on) /alarm.show
// Create blood pressure policy newpolicy := root/factory/event. newevent := root/factory/ecapolicy. !bphigh := newpolicy create. bphigh event: (newevent create: #(“name”, “newVal”, “oldVal”) condition: [ :name :newVal :oldVal | name == "BP1" && ( newVal > 150 ) && ( oldVal < 150 ) ]; action: [ root/bsn/HEART1 setRate: 0.1. root/alarm setAlarm: true; show ]; setActive: true. !root/policy at: "bphigh" put: bphigh
![Page 47: Autonomous Pervasive Systems and the Policy Challenges of a Small World!](https://reader033.vdocument.in/reader033/viewer/2022060116/5581474bd8b42a9b098b547a/html5/thumbnails/47.jpg)
Ponder2 Policy Service - II
![Page 48: Autonomous Pervasive Systems and the Policy Challenges of a Small World!](https://reader033.vdocument.in/reader033/viewer/2022060116/5581474bd8b42a9b098b547a/html5/thumbnails/48.jpg)
Not yet quite a policy language
on new_component(id, profile, addr) do if profile == “heart rate” then r = /fact/hr.create(profile, addr); /sensors.add(r)!on hr(level) do
if level > 100 then /sensors/os.setfreq(10min); /sensors/os.setMinVal(80)
!on context(activity) do if activity == “running” then /policies/normal.disable(); /policies/active.enable()!auth+ /patient → /os.{setfreq, setMinVal, stop, start}auth+ /patient → /policies.{load, delete, enable, disable}
![Page 49: Autonomous Pervasive Systems and the Policy Challenges of a Small World!](https://reader033.vdocument.in/reader033/viewer/2022060116/5581474bd8b42a9b098b547a/html5/thumbnails/49.jpg)
Heart Monitoring Demo
Gumstix (Linux, BT, WiFi)!Discovery Service Policy service Event service
BSN NodeAccelerometer
BSN NodeECG sensor
BT link
HR visualisationand communication(SMS, Call, GPRS)
![Page 50: Autonomous Pervasive Systems and the Policy Challenges of a Small World!](https://reader033.vdocument.in/reader033/viewer/2022060116/5581474bd8b42a9b098b547a/html5/thumbnails/50.jpg)
How small should an SMC be?
• Is a BSN node an SMC?
• 6 analog sensor channels
• Event based interactions
• Need for policy-based adaptation
![Page 51: Autonomous Pervasive Systems and the Policy Challenges of a Small World!](https://reader033.vdocument.in/reader033/viewer/2022060116/5581474bd8b42a9b098b547a/html5/thumbnails/51.jpg)
Interactions Between Self-Managed Cells
![Page 52: Autonomous Pervasive Systems and the Policy Challenges of a Small World!](https://reader033.vdocument.in/reader033/viewer/2022060116/5581474bd8b42a9b098b547a/html5/thumbnails/52.jpg)
Inter-SMC Interactions Measurement& Monitoring
Serv iceDiscovery
Event Bus
PolicyManagement Measurement and
Control AdaptersContext
InteractionAdaptation
Other
Me a sur e me n t &Mo n ito r in g
Serv iceD isco ver y
Eve n t Bu s
Po licyMa n a g e me n t Me a sur e me n t a n d
Co n tro l Ad a p tersC o n t e xt
In tera ct io nAd a p t a t io n
Ma n a g e d R e so urce s
Me a sure me n t &Mo n ito r in g
Ser v iceD isco very
Eve n t Bu s
Po licyMa n a g e me n t Me a sure me n t a n d
C o n tro l Ad a p t er sC o n te xt
In tera ct io nAd a p t a t io n
Ma n a g e d R e so urce s
![Page 53: Autonomous Pervasive Systems and the Policy Challenges of a Small World!](https://reader033.vdocument.in/reader033/viewer/2022060116/5581474bd8b42a9b098b547a/html5/thumbnails/53.jpg)
Peer-to-Peer Interactions
• Layered SMCs: application / services / network
• Peer SMCs (peer devices, peer networks, SLAs…)
…
…
![Page 54: Autonomous Pervasive Systems and the Policy Challenges of a Small World!](https://reader033.vdocument.in/reader033/viewer/2022060116/5581474bd8b42a9b098b547a/html5/thumbnails/54.jpg)
Peer to Peer Interactions
Patient
Nurse
Doctor (GP clinic)
![Page 55: Autonomous Pervasive Systems and the Policy Challenges of a Small World!](https://reader033.vdocument.in/reader033/viewer/2022060116/5581474bd8b42a9b098b547a/html5/thumbnails/55.jpg)
SMC Composition
The internal SMCs cease to advertise themselves externally. !!The enclosing SMC programs the nested SMCs
![Page 56: Autonomous Pervasive Systems and the Policy Challenges of a Small World!](https://reader033.vdocument.in/reader033/viewer/2022060116/5581474bd8b42a9b098b547a/html5/thumbnails/56.jpg)
Composition Interactions
![Page 57: Autonomous Pervasive Systems and the Policy Challenges of a Small World!](https://reader033.vdocument.in/reader033/viewer/2022060116/5581474bd8b42a9b098b547a/html5/thumbnails/57.jpg)
SMC Interactions: Requirements
• Despite apparent differences both peer-to-peer and composition interactions require similar support:
• actions: SMCs need to invoke actions on other SMCs e.g. to access device readings, actions specified as part of policies.
• events: SMCs need to exchange events i.e. both publish and subscribe to events in a remote SMC
• policies: SMCs need to exchange policies e.g. ask a remote SMC to react to events in a particular way
![Page 58: Autonomous Pervasive Systems and the Policy Challenges of a Small World!](https://reader033.vdocument.in/reader033/viewer/2022060116/5581474bd8b42a9b098b547a/html5/thumbnails/58.jpg)
Interactions and Autonomy
• Each SMC must retain autonomy over its resources:
• It must decide which functions (services) to export
• It must retain decision on whether to export (bind) any of its internal resources externally
• It may mediate external interactions to internal managed objects e.g., for filtering and parameter adaptation.
• It decides which policies to accept (allowing “full access” may jeopardise integrity).
• Applicable in both p2p and composition
![Page 59: Autonomous Pervasive Systems and the Policy Challenges of a Small World!](https://reader033.vdocument.in/reader033/viewer/2022060116/5581474bd8b42a9b098b547a/html5/thumbnails/59.jpg)
Differences: p2p - composition
• Once bound as a resource in a composition relationship:
• The SMC ceases to advertise itself
• The SMC does not establish other p2p or composition relationships unless directed by the outer SMC
• “administrative” interfaces are guaranteed to be bound to a single outer SMC.
• Events and services exposed to other SMCs will be different in composition and p2p relationships.
• Policies (i.e., missions) accepted will be different
![Page 60: Autonomous Pervasive Systems and the Policy Challenges of a Small World!](https://reader033.vdocument.in/reader033/viewer/2022060116/5581474bd8b42a9b098b547a/html5/thumbnails/60.jpg)
SMCs discovery
• On SMC discovery, each SMC assigns discovered SMC to pre-defined domains.
• Policies for domain apply to assigned SMC.
• SMC Discovery can also result in policy-exchange and sharing of events and services.
![Page 61: Autonomous Pervasive Systems and the Policy Challenges of a Small World!](https://reader033.vdocument.in/reader033/viewer/2022060116/5581474bd8b42a9b098b547a/html5/thumbnails/61.jpg)
SMC Missions: Policy Exchange
• SMC Interfaces define:• events: that can be raised by an SMC• notifications: that an SMC can receive• actions: that can be invoked on the SMC
![Page 62: Autonomous Pervasive Systems and the Policy Challenges of a Small World!](https://reader033.vdocument.in/reader033/viewer/2022060116/5581474bd8b42a9b098b547a/html5/thumbnails/62.jpg)
Policy Exchange II
mission patientT(nurse, patient, ECGlevel, ECGTime) do on patient.mloaded() do nurse.store(patient.readlog()) on patient.hr(level) do if level > ECGlevel then
patient.startECG() patient.timer(ECGTime, endECG())
nurse.ecgOn() on patient.endECG() do nurse.display(patient.readECG())
![Page 63: Autonomous Pervasive Systems and the Policy Challenges of a Small World!](https://reader033.vdocument.in/reader033/viewer/2022060116/5581474bd8b42a9b098b547a/html5/thumbnails/63.jpg)
SMC Missions: Policy Exchange
auth+ /nurse → /patient.loadMission // at the Patient auth+ /patient → /nurse.store // at the Nurseauth+ /patient → /nurse.displayECG on newPatient(p) do ref = p.loadMission(/patients.interface, p.interface, 82, 40); /
roles[p].add(ref)
![Page 64: Autonomous Pervasive Systems and the Policy Challenges of a Small World!](https://reader033.vdocument.in/reader033/viewer/2022060116/5581474bd8b42a9b098b547a/html5/thumbnails/64.jpg)
Interaction Procedure
• Discover SMCs
• Decide what kind of interaction to create (for both SMCs)
• Decide on role assignment
• Exchange Interfaces
• Perform role assignment and creation of managed object
• Decide which missions to instantiate and instantiate them.
![Page 65: Autonomous Pervasive Systems and the Policy Challenges of a Small World!](https://reader033.vdocument.in/reader033/viewer/2022060116/5581474bd8b42a9b098b547a/html5/thumbnails/65.jpg)
Missions in Multi-Party Interactions
Patient
Nurse
Doctor
![Page 66: Autonomous Pervasive Systems and the Policy Challenges of a Small World!](https://reader033.vdocument.in/reader033/viewer/2022060116/5581474bd8b42a9b098b547a/html5/thumbnails/66.jpg)
Measurements and Performance
![Page 67: Autonomous Pervasive Systems and the Policy Challenges of a Small World!](https://reader033.vdocument.in/reader033/viewer/2022060116/5581474bd8b42a9b098b547a/html5/thumbnails/67.jpg)
IEEE 802.15.4
• Claims maximum bandwidth of 250Kbps
1 hop away 1 packet = 76B Rate varies: 1-40 packets/s
• Observed max. throughput 50Kbps. At this rate the receiver’s packet queue fills up and packets are dropped
![Page 68: Autonomous Pervasive Systems and the Policy Challenges of a Small World!](https://reader033.vdocument.in/reader033/viewer/2022060116/5581474bd8b42a9b098b547a/html5/thumbnails/68.jpg)
IEEE 802.15.4 throughput
![Page 69: Autonomous Pervasive Systems and the Policy Challenges of a Small World!](https://reader033.vdocument.in/reader033/viewer/2022060116/5581474bd8b42a9b098b547a/html5/thumbnails/69.jpg)
End-to-end Delay
BSN Node802.15.4 gateway
Serial Comms
25 ms 20 ms
IEEE 802.15.4
Gumstix Bluetooth, WiFi
LinuxDiscovery ServiceDiscovery Service
Policy service Event service
![Page 70: Autonomous Pervasive Systems and the Policy Challenges of a Small World!](https://reader033.vdocument.in/reader033/viewer/2022060116/5581474bd8b42a9b098b547a/html5/thumbnails/70.jpg)
• expected 110ms (2 serial + 3 * 802.15.4 packets)
• observed 129ms
• End-to-end: 144ms; includes
• discovery handshake
• generation of new_component event
• event proxy and managed object creation
Discovery
![Page 71: Autonomous Pervasive Systems and the Policy Challenges of a Small World!](https://reader033.vdocument.in/reader033/viewer/2022060116/5581474bd8b42a9b098b547a/html5/thumbnails/71.jpg)
Event Service
• Subscription matching: 13-15ms
![Page 72: Autonomous Pervasive Systems and the Policy Challenges of a Small World!](https://reader033.vdocument.in/reader033/viewer/2022060116/5581474bd8b42a9b098b547a/html5/thumbnails/72.jpg)
Policy Service
• Policy Object: 3.214 kB includes policy type, triggers, actions and constraints
• Simple policy execution (null action): 13.57ms
• Simple policy execution action issued to BSN: 23.88ms
• Simple policy execution + simple condition: 30.05ms
• End-to-end: event published to proxy to policy execution: 46.05 ms
![Page 73: Autonomous Pervasive Systems and the Policy Challenges of a Small World!](https://reader033.vdocument.in/reader033/viewer/2022060116/5581474bd8b42a9b098b547a/html5/thumbnails/73.jpg)
Observations
• Use of XML generates significant overhead in terms of both memory consumption and run-time processing.
• This despite using a small footprint and efficient parser.
• Performance suitable for body-area network for self-management purposes.
• Not always suitable for application data e.g., ECG 200Hz
• Processing and adaptation capability on sensor
![Page 74: Autonomous Pervasive Systems and the Policy Challenges of a Small World!](https://reader033.vdocument.in/reader033/viewer/2022060116/5581474bd8b42a9b098b547a/html5/thumbnails/74.jpg)
Challenges
![Page 75: Autonomous Pervasive Systems and the Policy Challenges of a Small World!](https://reader033.vdocument.in/reader033/viewer/2022060116/5581474bd8b42a9b098b547a/html5/thumbnails/75.jpg)
Reasoning and Planning
• Analysis and Refinement work to date relies on abductive reasoning.
• Can we do abductive reasoning on a Gumstix?
• Yes with a bit more memory!
• Planning and Distributed Planning
???
?
![Page 76: Autonomous Pervasive Systems and the Policy Challenges of a Small World!](https://reader033.vdocument.in/reader033/viewer/2022060116/5581474bd8b42a9b098b547a/html5/thumbnails/76.jpg)
Making Sense of the Surrounding World• Much work is directed
towards abstracting sensor input in higher level “state” information. Accelerometers, Temperature, Sound, ...
• Buy why should be always starting from scratch...
Can we use acquired information to refine Context Models?
![Page 77: Autonomous Pervasive Systems and the Policy Challenges of a Small World!](https://reader033.vdocument.in/reader033/viewer/2022060116/5581474bd8b42a9b098b547a/html5/thumbnails/77.jpg)
Making Sense of Behaviour
Policies are rules governing choices in the behaviour of systems
Policies are rules learnt from the behaviour of ...
![Page 78: Autonomous Pervasive Systems and the Policy Challenges of a Small World!](https://reader033.vdocument.in/reader033/viewer/2022060116/5581474bd8b42a9b098b547a/html5/thumbnails/78.jpg)
Trust, Security and Privacy
![Page 79: Autonomous Pervasive Systems and the Policy Challenges of a Small World!](https://reader033.vdocument.in/reader033/viewer/2022060116/5581474bd8b42a9b098b547a/html5/thumbnails/79.jpg)
Conclusions
![Page 80: Autonomous Pervasive Systems and the Policy Challenges of a Small World!](https://reader033.vdocument.in/reader033/viewer/2022060116/5581474bd8b42a9b098b547a/html5/thumbnails/80.jpg)
• SMC defines a common architectural pattern that can be applied at different levels of scale.• Content-based filtering event bus provides flexibility and de-coupling
between services.• Ponder2 provides support for general object management and policies
• In contrast to policies in large systems, designs in autonomous pervasive computing strive to be simple. Scale is achieved through extensibility, modularity and composition of autonomous components.
• Realising autonomous pervasive systems requires the integration of multiple techniques from different areas of computing: operating systems, distributed systems, statistical decision methods, AI, DAI, multi-agent systems, knowledge engineering, ...
• ... on a small scale!
![Page 81: Autonomous Pervasive Systems and the Policy Challenges of a Small World!](https://reader033.vdocument.in/reader033/viewer/2022060116/5581474bd8b42a9b098b547a/html5/thumbnails/81.jpg)
Acknowledgements
Morris Sloman
Naranker DulaySye-Loong Keoh
Alberto Schaeffer
Joe Sventek Stephen Strowes Steven Heeps
Kevin Twidle
![Page 82: Autonomous Pervasive Systems and the Policy Challenges of a Small World!](https://reader033.vdocument.in/reader033/viewer/2022060116/5581474bd8b42a9b098b547a/html5/thumbnails/82.jpg)
References
• Ponder2 Policy Service: http://www.ponder2.net
• E. Lupu, N. Dulay, M. Sloman, J.Sventek, S. Heeps, S. Strowes, K. Twidle, S.-L. Keoh, A. Schaeffer-Filho. AMUSE: Autonomic Management of Ubiquitous e-Health Systems. Concurrency and Computation: Practice and Experience, John Wiley and Sons, Inc., 2007 (To Appear).
• Keoh, S.L., Twidle K., Pryce, N., Schaeffer-Filho, A E., Lupu, E., Dulay, N., Sloman, M., Heeps, S., Strowes, S., Sventek, J., and Katsiri, E. Policy-based Management for Body-Sensor Networks. 4th International Workshop on Wearable and Implantable Body Sensor Networks (BSN 2007), AAchen, Germany, March 2007.
• Russello, C. Dong, and N. Dulay. Authorisation and Conflict Resolution for Hierarchical Domains. IEEE Workshop on Policies for Distributed Systems and Networks (Policy), Bologna, Italy, June 2007.
![Page 83: Autonomous Pervasive Systems and the Policy Challenges of a Small World!](https://reader033.vdocument.in/reader033/viewer/2022060116/5581474bd8b42a9b098b547a/html5/thumbnails/83.jpg)