Cougaar

1
Cougaar

• A Robust Configurable Multi-Agent
  Platform
• Todd Wright
• BBN Technologies
• twright_at_bbn.com

2
Aerospace MAS Requirements

• Aerospace operations are complex
• Distributed, heterogeneous applications
• Unreliable, slow networks
• Dynamic conditions that require autonomous
  behavior (agents)
• Must be robust to both hardware and software
  failures
• Must be secure
• A configurable, robust, and scalable
  Multi-Agent System (MAS) framework is required

Space
Ground Control
Rovers
3
Similar UltraLog MAS Requirements

• The DARPA UltraLog Program faced similar
  challenges
• Build a scalable, robust, secure agent framework
  (Cougaar)
• Support autonomous, large-scale military
  logistics planning execution
• Research and assess overall system survivability
• Many of the architecture capabilies developed in
  Cougaar could also support Aerospace applications!

Cougaar-based Logistics Application
4
The UltraLog Program

• DARPA effort to research survivable agents
• Build and extend a generic, highly capable agent
  framework (more on this later in this talk)
• Support the UltraLog logistics application
• Prototype application is military logistics
• Real algorithms and organizations
• Plan, transport, and execute 180 day deployment
• US Army FCS program scenario
• Resulting log plan has 250K individual elements
  representing demand transport for 34K entities
  of 200 types.

5
UltraLog Assessment

• Large-scale configuration
• 1092 agents
• 80 hosts
• 9 LANs
• Assess system survivability
• Kill agents, kill hosts, degrade or cut network
  links, security attacks, last-minute planning
  workload changes
• Annual testing cycle
• Engineering testing, Security red team,
  Functional assessment,
• 100s of tests

Assessed capability improvement each year
Note that UltraLog is just one Cougaar-based
application
6
The Cougaar Architecture

• UltraLog was built on top of the Cougaar
  architecture
• Cougaar is
• 100 Java agent architecture
• Open sourced (BSD-style license)
• Around 400K lines of code
• Cougaar was designed to support applications that
  are
• data intensive,
• inherently distributed,
• emphasize scalability configurability

• Developed under DARPA funding
• Cougaar is Open-Source (BSD-style license)
• http//www.cougaar.org

7
Cougaar Architecture Innovations
Benefit to future Aerospace Applications

• Reusable Component framework
• Components advertise and obtain local services
  from their peer components
• Binders can block or modify service requests (for
  security or aspects)
• All agent capabilities are pluggable components
  and services (message transport, naming, logging,
  etc)
• Two levels of agent interactions
• Intra-agent publish/subscribe for tightly-coupled
  interactions between an agents components
  (plugins)
• Inter-agent message passing for scalable,
  loosely-coupled interactions
• Domain modeling support
• Prototype/delegation data model
• Capability-based representations

Component-based design simplifies application
development. Aerospace developers can add new
services and/or replace core services
Cougaar features scalable communication patterns
Developers can define custom Aerospace domains to
simplify modeling tasks
8
Additional Architecture Features
Benefit to future Aerospace Applications

• Replicated White Pages naming service (DNS-style)
  and Yellow Pages directory service (UDDI)
• Message Transport Service (MTS)
• Guaranteed in-order asynchronous message delivery
• Pluggable protocols (RMI, CORBA, ..)
• Integrated QoS-adaptation, aspect-based metrics
  services
• Web Services support (SOAP, WSDL, ..)
• Embedded HTTP Servlet support
• Agent mobility support
• Dynamic agent Service Discovery

Includes naming services
Includes message transport. Developers can
extend or replace the MTS if desired.
Built-in Web Services and HTTP support
Agent load balancing
Capability-based agent discovery relationships
9
Adaptive Defense Layers
Benefit to future Aerospace Applications

• Robustness services
• Restart manager detects agent/host death,
  restarts, moves agents. Self-robust using leader
  election.
• Persistence of agent state, plus dynamic
  inter-agent reconciliation to recover from lost
  state
• Security services
• Encryption, policy-based authorization, service
  proxies
• Built to expect system compromise
• Application-level QoS awareness and adaptation

Includes robust persistence and restart
management layers
Includes advanced security support
Supports application-level survivability behaviors
10
Conclusions

• Cougaar has many features that would benefit
  Aerospace application developers
• Component-based, reusable infrastructure
• Robust and secure core services
• Flexibility to support future Aerospace
  applications!

Learn more, download, and contribute at
http//www.cougaar.org
11
Backup
12
Cougaar Design Goals

• The Cougaar agent architecture was built for such
  applications
• Data intensive, large-scale, naturally
  distributed, and time-sensitive problems.
• Application deployment must be secure, built to
  expect component failure, and provide user
  visibility
• It must also support agent mobility, state
  persistence
• Highly modular and configurable design

13
Cougaar Application Space

• Complex, Data intensive, Large-scale Applications
• No system-imposed scalability constraints allowed
• Distributed
• Too complex for single platform
• Naturally broken up for domain reasons
• Local to data
• Local security requirements
• Bandwidth limitations
• Efficiency required
• support parallelism distributed operations
• User visibility into operations essential
• Occasional human feedback useful, but not part of
  critical loop
• Secure Protect Respond
• Component failure expected
• Degrade gracefully in case of failure
• Continuously available
• Must support
• run-time mobility Persistence
• Modularity Code re-use or replacement

14
UltraLog Survivability Requirements
Program Goal (per original program description)
System will incur no greater than a 20
capabilities loss and a 30 performance loss
under conditions of 45 information
infrastructure loss, wartime loads, and directed
information warfare

• Stress, System Function and Degradation are
  Quantitative in Nature
• Three categories of stress
• Loss (total or partial) of hardware capabilities
  (CPU, BW, Memory, Disk)
• Significant increases in legitimate work to
  perform
• Attempts to circumvent system integrity
  (confidentiality, authentication, authorization)

Survivability Extent to which system function
is maintained under stress
15
Prototype Application MOPs
16
Cougaar History

• Supported for past 8 years by US Defense Advanced
  Research Projects Agents (DARPA)
• ALP program
• Current UltraLog program
• Large collaboration of academia industry
• Building executing detailed military logistics
  plan for 180-day deployment under heavy stress
• 45 infrastructure loss
• Current test platform runs around 1200
  medium-weight agents across nearly 100 machines

17
Cougaar Overview

• Cougaar is layered applications
• System of systems (Log, Naming, Directory,
  Robustness, Security, Community)
• Shared infrastructure
• Flexible component model
• Allows dynamic loading
• Binder proxies to mediate component interaction
  with services
• Multi-tiered interaction model
• Intra-agent via local publish-and-subscribe
  blackboard
• Inter-agent via asynchronous message passing
• Flexible data model
• Scalable handle large volumes of data
• Characterize entities by attributes Dont look
  for ducks, look for birds that live on water,
  fly, and say quack
• Dynamically discovered agent relationships
• Hierarchical service discovery
• Communities for security monitoring and
  relationship discovery
• Similar to notion of holons

18
Component Model

• Cougaar Component Model loads and
• manages software components
• Components interact through interfaces
• called Services
• CCM patterned off of JavaBeans, without the Swing
  dependencies
• CCM adds
• Strong service isolation encapsulation model
• Binders to wrap any component and audit,
  authorize or modify service interactions
• Binders may nest
• Binders are themselves components, subject to the
  same restrictions
• Components are dynamically loaded and connected
  at start time
• Provides highly customizable and flexible
  application construction

19
Cougaar component model
Cougaar component framework supports many nested
components and services
20
Building Cougaar Applications

• Example Our prototype application models the
  military logistics supply chain.
• Each Agent represents a military organization
• Agents contain re-usable software units called
  plugins
• IE an Inventory Manager or Demand Generator
• Plugins interact via publish subscribe to local
  Blackboard
• Plugins in this Planning Domain create Tasks
  that are Allocated to physical assets (eg this
  Truck will move you) or other Agents
• This Task Allocation results in a Message sent to
  the remote Agent
• Each agent plans executes its piece of the
  supply chain
• Together they produce and execute an emergent
  plan, represented across the distributed logical
  blackboard

21
FIXME Summary of other pieces

• Plugins communicate via publish/subscribe
  semantics over a blackboard.
• Blackboard is not distributed
• Logically connected
• Remote blackboards never directly viewable
• Domain-specific LogicProviders translate local
  Blackboard objects into inter-agent messages
• The Cougaar Message Transport Service is an
  adaptive componentized JVM-level service
• RMI, CORBA, HTTP and UDP supported
• Aspects may control message handling including
  security and protocol selection
• Guaranteed in-order delivery in case of transient
  communication failures
• Cougaar provides a distributed White Pages (WP)
  service for locating Agents by name
• Modeled off of DNS
• Focus on rapidly changing names
• Supports replicated and hierarchical servers
  names
• An entirely in-band application leveraging other
  components
• The Cougaar Yellow Pages (YP) provides
  attribute-based queries for agents (or
  communities)
• In-band Cougaar application
• Implements complete UDDI service through Cougaar
  Message Transport
• External UDDI servers possible
• Hierarchical servers supported encouraged for
  scalability

22
Building Applications

• Build on Infrastructure support
• Supply a Domain (object language)
• Planning supplied
• Build custom Plugins for pieces of application
  logic
• Lay out Network of Agents (modeling organizations
  for example
• Build a Society configuration
• Tool suite for support available (see
  http//cougaar.org)

23
Library of Adaptive Services

• Adaptive Robustness
• No single points of failure (SPOFs)
• Automated recovery from resource loss
• Planned or unplanned agent and machine loss
• Proactive response to perceived threat
• Lost network component (temporary or permanent)
• Resource management
• Load balancing
• Load shedding
• Adaptive Security
• Application software integrity
• Signed jars, Java security mgr
• Data integrity
• Signed and encrypted messages
• Signed and encrypted data files
• Access control
• Maintain an identity and certificates for
  Principles
• Policy-based access control of servlets,
  messages, and blackboard objects

24
Comparing MAS

• Lots of systems out there over 100
• Many only short-term research projects
• We compared Cougaar with JADE, Grasshopper, and
  Aglets
• Key differences
• Performance Cougaar optimizes thread usage,
  asynchronous operations
• Plugins allow more complex custom agents, perhaps
  steeper learning curve
• Built in servlet engine for customizable
  low-impact GUIs
• No agent standards emphasis, but future focus on
  web services, pluggable message transport leaves
  ACL a possibility
• Conclusions
• JADE suited for simple applications requiring
  FIPA compliance
• Ideal for low-volume agent interactions requiring
  cross-platform interoperability
• Grasshopper and Aglets share JADEs tool support
  ease for simple applications
• Cougaar is best suited to developers with custom
  needs, or complex, large-scale, secure, robust
  applications

25
Comparison to Other Agent Platforms
26
Message Transport System

• The Cougaar MTS is an adaptive JVM-level service
  handling inter-agent communications
• It is componentized and provides many advanced
  features
• RMI, CORBA, HTTP and UDP supported
• Aspects may control message handling including
  security and protocol selection
• Guaranteed in-order delivery in case of transient
  communication failures
• Extensive servlets for visibility
• UltraLog components adaptively select alternate
  protocols, such as SSL for security or SMTP for
  disconnected operations

27
Blackboard

• Plugins communicate via publish/subscribe
  semantics over a blackboard.
• Blackboard is not distributed
• Logically connected
• Remote blackboards never directly viewable
• Modifications are transaction controlled using a
  membership model
• Add/Remove/Modify events are transaction
  controlled
• Changes to objects on the blackboard are
  immediate
• LogicProviders translate local Blackboard changes
  into inter-agent Messages as necessary according
  to Domain-specific rules
• For instance, the Planning Domain has
  LogicProviders that take a Task allocated to an
  Asset that represents a different agent, and
  sends a Message containing that Task to the other
  Agent.
• Developer add LogicProviders to custom Domains

28
Plugins

• Plugins add specific business logic to an agent
• The emergent behavior of the agent comes from the
  interactions of its plugins
• Plugins are conceptually independent from the
  agent they are in
• They form an agent-like network that is
  data-driven within the agent

29
JADE

• Highly popular
• FIPA-compliant
• Actively maintained supported
• Latest OSS release December, 2003
• Inter-agent messages in ACL or XML format
• Pluggable transport protocols include
• RMI
• IIOP
• HTTP
• Utility classes support handling FIPA / ACL
  messages
• Security provided by SSL and socket-based proxy
  agents
• GUIs provided for debugging

30
Grasshopper

• Favored in many surveys
• Latest release July 2002
• Free for non-commercial use
• Supports FIPA and MASIF standards
• Including ACL messages
• Messaging supports both synchronous and
  asynchronous messaging
• Multicast and alternate protocols also supported
• Security
• SSL and X.509 certificates supported
• Java security manager protects intra-host
  resources
• Several development and debug GUIs provided

31
Aglets

• One of the first Java agent platforms
• Main development ended 1998
• OSS maintenance provided patch release in 2002
• MASIF compliant
• Custom message format based on Java serialization
• Security
• Custom design using roles, proxies, Java security
  manager
• Tahiti GUI for runtime debugging
• Ample documentation including a book

32
Coordinator PlugIn Architecture
33
Cougaar in Comparison

• Agent platform focusing on scalability and
  modularity
• Active maintenance and support
• Latest OSS release 11.2, July 2004
• Developers conference July, 2004
• Message transport supports pluggable link
  protocols
• RMI, IIOP, SMTP, and UDP
• Not compliant with agent standards
• Messages encoded using Java object serialization
• Security
• Pluggable and highly flexible
• Features SSL, X.509 certificates, and role-based
  authentication
• Custom GUIs supported using Agent-hosted
  HTTP-based servlets
• Many debug servlets provided

34
(No Transcript)
35
Cougaar Usage

• US Armys next generation Future Combat Systems
  includes Cougaar as a central design point in its
  Logistics Decision Support System. See
  http//cougaar.org/docman/?group_id17
• DARPA DASADA project built an Assured Assembly
  Infrastructure Toolkit for using service
  discovery to dynamically reconfigure and execute
  disparate architectures
• See http//aai.bbn.com
• US Army Communications and Electronics Command is
  using Cougaar to build a military maneuver
  decision support system
• Several commercial ventures use Cougaar as an
  integrating architecture
• Cougaar Software http//cougaarsoftware.com
• Engenia (http//engenia.com) provides IT
  management support
• IntePoint uses Cougaar for modeling critical
  infrastructure such as electrical grids
• Others have used CougaarME (Cougaar on small
  devices), ie the DARPA RobiNet project for
  wireless ad-hoc networked robots

36
Future Directions

• Upgraded CougaarME
• Web Services see http//cougaar.org/projects/cws
  /
• More support for alternate intra-agent services
• Improved multicast