The%20Endeavour%20Expedition:%20Computing%20and%20Communications%20at%20the%20eXtremes

1
The Endeavour Expedition Computing and
Communications at the eXtremes

• Professor Randy H. Katz
• CS Division, EECS Department
• University of California, Berkeley
• DARPA Expeditions PI Meeting
• October 2000

2
The Endeavour Expedition Computingand
Communications at the eXtremes

• New Ideas
• Systems Architecture for Vastly Diverse Computing
  Devices (MEMS, cameras, displays)
• Wide-area Oceanic Data Info Utility
• Sensor-Centric Data Mgmt for Capture and Reuse
  (MEMS networked storage)
• Tacit Knowledge Infrastructure to support
  High-Speed Decision-Making
• Scalable Safe Component-based Design and UI
  Design Tools

R. H. Katz, Principal Investigator, University
of California, Berkeley

• Impact
• Enhancing human understanding by making it
  dramatically more convenient for people to
  interact with information, devices, and other
  people
• Supported by a planetary-scale Information
  Utility, stress tested by applications in
  decision making and learning, achieved thru
  new methodologies for design, construction,
  and administration of systems of
  unprecedented scale and complexity

Schedule
Usability Studies Early Tool Design
Implementation of UI Sys Design Tools
Tools Release Final Evaluations
Design Methodologies
Initial Application Implementation Evaluation
Refined Implementation Final Evaluation
Information Applications
Initial Architectural Design Testbeds
Initial Evaluation 2nd Gen Redesign
Final Deployment Evaluation
Information Utility
Initial Architectural Design Document
Initial Experiments Revised Design Doc
Final Experiments Architecture Docs
Jun 99 Start
Jun 00
Jun 01
May 02 End
3
Expedition Goals and Themes

• Dramatically enhanced ability to interact more
  conveniently with information, devices, and
  others
• Enhanced physical and virtual work spaces
• Support for high speed decision making and
  learning
• Context-Aware Computing
• User Preferences
• Planetary-scale Information Utility
• Confederations of (limited trusting) Service
  Providers
• Fluidic components that self-configure,
  self-heal, continuously monitor, and adapt to
  their dynamic use
• Composition of conceptualized services
• Design, construction, and administration of
  systems of unprecedented scale and complexity

4
The eXtremes
New System Architectures New Enabled
Applications Diverse, Connected, Physical
5
The Coming Revolution
6
The EndeavournautsInterdisciplinary,
Technology-Centered Expedition Team

• Eric Brewer, OS
• John Canny, AI
• David Culler, OS/Arch
• Michael Franklin, DB
• Joseph Hellerstein, DB
• Anthony Joseph, OS
• Randy Katz, Nets

• John Kubiatowicz, Arch
• James Landay, UI
• David Patterson, Arch
• Kris Pister, Mems
• Larry Rowe, MM
• Doug Tygar, Security
• Robert Wilensky, DL/AI

7
High Speed Decision Making
Learning Classroom
E-Book
Vehicles
Applications
Collaboration Spaces
Info Appliances
Human Activity Capture
Generalized UI Support
Event Modeling
Transcoding, Filtering, Aggregating
Statistical Processing/Inference
Proxy Agents
Negotiated APIs
Self-Organizing Data
Information Utility
Interface Contracts
Wide-area Search Index
Nomadic Data Processing
Wide-Area Data Processing
Automated Duplication
Distributed Cache Management
Movement Positioning
Stream- and Path-Oriented Processing Data Mgmt
Non-Blocking RMI
Soft-/Hard-State Partitioning
Laptop
PDA
Wallmount Display
Camera
Information Devices
Smartboard
MEMS Sensor/Actuator/Locator
Handset
8
Organization The Expedition Cube
Base
Sys Arch for Diverse Devices (TinyOS)
Oceanic Data Utility (OceanStore)
Capture and Re-Use (Telegraph)
Negotiation Arch for Cooperation
Tacit Knowledge Infrastructure
Classroom Testbed (NSF)
Scalable Safe Component-Based Design
9
Evolution of A Project of Projects
ICEBERG Computer-TelephonyIntegration Service
Creation
Endeavour Post-PC Explorations Vastly Diverse
Devices Oceanic Data Utility Sensor-Centric Data
Mgmt Negotiation Architecture Tacit Knowledge
I/F Context-Aware Applications Design Methods
NINJA Scalable, Secure Services in the Network
Millennium Campus-Area Distributed Clusters
10
Evolution of aProject of Projects
TinyOS Run-time Support forMinimal Devices
Endeavour Post-PC Explorations Vastly Diverse
Devices Oceanic Data Utility Sensor-Centric Data
Mgmt Negotiation Architecture Tacit Knowledge
I/F Context-Aware Applications Design Methods
OceanStore Distributed, RedundantStorage
Telegraph Scalable Data/InformationProcessing
Data Recharging Mobile and DisconnectedAccess to
Information
11
Subproject Dependencies
Context-Aware Group Schedulingand Group Activity
Management Applications
Smart SpacesLearning Environments
Data Charging/Decoupled Access
OceanStoreDistributed StorageManager, Untrusted
ServiceProviders, Service Discovery, Introspecti
on
Telegraph Cluster-basedStorage Manager,
Scalable Query Processing, Federated Service
Providers,Internet-scale Service Discovery
ICEBERG Wide-Area Service Creation/Mgmt
for Computer-Telephony Integration
Ninja Java-Based Scalable, Fault
Tolerate, Available Service Execution Environment
Tiny OS Ad Hoc Wireless Networking Dust Motes
Millennium Cluster of Clusters Scalable
Processing Environment
12
First Year Highlights

• TinyOS
• OceanStore
• Telegraph
• Data Recharging
• Context-Aware Applications
• Design Methodologies/Secure Protocols

13
Convergence at the eXtremesTinyOS and Ninja
Services

• Event-driven execution model well suited to
  device extremes high throughput scalable
  Internet services and low power networked sensors
• High-end vSpace execution platform--Event/request
  queue serviced by bounded pool of threads
• Low-end TinyOS for low-power networked sensors
• Apps collection of s/w components connected in a
  command/event schematic
• Fine-grained interleaving of processing with
  multiple flows on limited storage and computing
  resources
• Sensor net applications conceptualized as
  composable Internet services

14
Characteristics of Network Sensors

• Small physical size/low power consumption
• Concurrency-intensive operation
• Flow-thru, not wait-command-respond
• Limited physical parallelism controller
  hierarchy
• Primitive direct-to-device interface
• Diversity in design and usage
• Application specific, not general purpose
• Huge device variation
• Efficient modularity
• Migration across HW/SW boundary
• Robust operation
• Numerous, unattended, critical
• Narrow interfaces

• 4Mhz, 8bit MCU
• 512 bytes RAM, 8K ROM
• 900Mhz Radio
• 10-30 ft. range
• Temperature Sensor
• Light Sensor
• LED outputs
• Serial Port

15
TinyOS Run-time Model
Commands
Events

• Scheduler Graph of Components
• Constrained 2-level scheduling model threads
  events
• Component
• Frame (storage)
• Threads (concurrency)
• Commands and Handlers (events)
• Constrained Storage Model
• Frame/component, shared stack, no heap
• Very lean multithreading
• Efficient layering
• Components issue commands to lower-level
  components
• Event signal high-level events, or call
  lower-level commands

send_msg(addr, type, data)
msg_rec(type, data)
power(mode)
msg_send_done)
init
Messaging Component
Internal State
internal thread
init
Power(mode)
TX_packet(buf)
RX_packet_done (buffer)
TX_packet_done (success)
16
Application Component Graph
Route map
Router
Sensor Application
application
Active Messages
Serial Packet
Radio Packet
Temp
packet
SW
HW
Radio Byte
i2c
UART
Photo
byte
Example ad hoc, multi-hop routing of photo
sensor readings Program schematic
clocks
bit
RFM
17
OceanStore

• Confederations of (Mutually Suspicious) Utilities

• Nomadic devices require ubiquitous storage
• Untrusted infrastructure
• Nomadic data/promiscuous caching
• Needed properties
• Strong Security
• Coherence
• Automatic replica management and optimization
• Simple and automatic recovery from disasters
• Utility model

18
OceanStore RecentDevelopments

• Two-level, secure update architecture with
  byzantine commit and multicast to second-level
  caches
• Updates performed directly on encrypted data for
  important set of applications
• Routing data location architecture that routes
  queries directly to closest replica under wide
  range of failure and denial of service models
• JAVA-based implementation underway

19
OceanStoreNaming Architecture

• Every object version identified by unique,
  unforgeable, verifiable GUID
• 160-bit SHA-1 hashes over information
• Read-only data GUID is hash over actual
  information
• Changeable data GUID is combined hash over a
  human-readable name public key
• SDSI paradigm to map user names to GUIDS
• Every user has a series of naming roots secured
  by keys acquired out-of-band
• Mapping names to objects starts at these roots
• Names mapped to GUIDs or GUID/public key pairs
• Naming directories are just OceanStore objects!

20
OceanStoreIntegrated Routing and Location

• Net requests addressed to GUIDs, not locations
• Infrastructure routes packets to closest physical
  copy
• Certify well-behaved servers using hash/signature
  verification
• Knows state of network and can adapt
• Redundant Plaxton Mesh used for underlying
  routing infrastructure (Tapestry)
• Randomized routing structure with locality
  properties
• Redundant, insensitive to faults, and repairable
• Permits continuous adaptation to adjust for
  changing behavior, faults, and denial of service
  attacks
• Fast probabilistic search for routing cache
• Built from attenuated bloom filters
• Approximation to gradient search

21
Telegraph Dataflow-basedStorage Manager

• Adaptive dataflow system
• Cluster-based execution
• Rivers and Eddies Screen scraper
• Extensions toDistributed/Sensor Nets
• Target Applications
• Sensor Stream Services
• Simple examples first, then TinyOs Motes
• Distributed Introspection Services
• For OceanStore, Iceberg, etc.

22
Telegraph Recent Developments

• Accesses data from multiple sites organized as a
  "Facts and Figures Federation (FFF) joined
  analyzed using adaptive federated dataflow
• Election 2000 presidential campaign donations
  (http//fff.cs.berkeley.edu)
• Live data from the Federal Election Commission,
  the APBNews.com Crime Statistics site, the Yahoo
  Real Estate database, the Yahoo Actor and Actress
  List, the US Census, etc.
• What movie stars donated to Bush or to
  Gore?",How is the crime rating of a neighborhood
  correlated to Bush/Gore donations", Break down
  Bush and Gore's donations by state and
  occupation", etc.
• Future apps dataflow with networks of sensor
  sources

23
Todays Demo
24
Data Recharging

• Mobile devices require power and data
• Cope with disconnection via caching
• Make recharging data as simple as power
• Anywhere, anytime, hands-off operation w/
  flexible connection duration
• Data Dissemination based on User Profiles
• Profiles PIM data enable context-aware
  delivery
• Intelligent caching architecture collects,
  composes, and distributes data
• Two-way synchronization for multi-user/multi-devic
  e data
• Ties to Telegraph (continuous queries) and
  OceanStore (data staging)

25
XFilter Dissemination of XML Data
User Profiles
Filtered Data
XML Documents
XML Conversion
Filter Engine
Users
Data Sources

• Filter XML-encoded data based on simple user
  profiles
• Standing queries over streams of XML documents
  profiles convert-ed to parallel FSMs indexed to
  quickly discard irrelevant profiles
• Developing extended profile format that allows
  user prefs to drive resolution of data delivered
  to clients

26
Context-Aware Computing

• Phased-array sound sensor for high-quality speech
  recognition and speaker ID
• Networked, embedded CPU performs local
  distributed computation to phase own signal with
  a set of virtual sources target for TinyOS
• Extensions underway for distributed motion
  analysis using camera arrays
• Software "sensor" for email gathers information
  about individuals email usage
• Context Fabric
• Infrastructure for context-aware apps supports
  context-aware cycle of location, acquisition,
  fusion, and reaction mechanisms for handling and
  fusing incomplete and ambiguous information and
  path-creation of context data

27
Context-Aware Applications Sensor Arrays

• To extract who, where, what
• Distributed computationin each sensor
• E.g. a scalable phasedarray microphone
• Generic embeddedarchitecture (H8)
• running Java VM
• USB for networkingand sensor comm

PC
Microphones
CPU 1
CPU 2
CPU 3
28
Context-Aware Applications User-based Privacy
Control

• Usage of data from ubiquitous sensors highly
  sensitive
• Control over data about your own activity
• What and to whom will it be shared
• Control how long it will be kept and where
• Part of user preferences
• Peer-to-peer collaborative filtering application
• Recommendations come from groupaggregate
  visible to all members but doesnt encode
  individual data
• Individuals data doesnt leave own machine in
  raw form crypto techniques protect it

29
Context-Aware ApplicationsAdaptive User
Interfaces

• Context is defined as activity
• Relationships between user and objects
• Use history to discover patterns
• Context-awareness provides a lot of high value
  apps
• Managing privacy using context (privacy by
  example)
• Multimodal UIs context
• Adapt UI based on context
• Tools in hands-gt switch to voice-based UI
• Checking calendar in meeting -gt use visual UI
• Context is often immediate in this case
• where am I?, what tool am I using?, what am I
  doing?

30
Context Fabric

• Infrastructure approach to context awareness
• Context shared among different apps / devices
• Encourages simpler and heterogeneous clients
• Makes use of sensors in the environment
• Allows algorithms to be easily upgraded
• Provide basic context services abstractions
• Context cycle location, acquisition, fusion,
  reaction
• Path creation of context (GPS -gt Zip -gt Weather)
• e.g., given GPS data, convert it to ZIP code,
  which is used to retrieve local weather
  conditions
• Mechanisms for handling incomplete/ambiguous
  information
• Privacy and security of information

31
Security/Validation

• New way to search files/databases of encrypted
  data stored on untrusted hosts, without needing
  to decrypt such data
• New technique to sign authenticate a stream of
  data that is tolerant of packet losses
• Protocol verification engine that rapidly
  authenticates complex protocols, particularly,
  those for authentication
• Tools that intelligently generate all feasible
  protocols, and then discover which of these are
  correct

32
Security Protocol Verification

• Security protocols notoriously difficult to
  verify
• Traditional Approaches
• Logic of Authentication add additional axioms
  primitives as new attacks/properties are
  discovered
• Machine assisted NRL protocol analyzer/built on
  top of pure model-checkers--often quite slow
• Athena
• Uses logic based approach with model checking,
  e.g., exploring the state space of all possible
  protocol interactions
• Fully extensible to new properties
• Fast runs in fraction of second on tested
  protocols
• Found bugs in many existing protocols
• Being extended to new applications (e-commerce,
  voting, etc.)

33
Automatic Protocol Generation (APG)

• Enumerates all possible protocols
• Generated thru user-provided metric for protocol
  complexity
• Pre-screening step to exclude most invalid
  protocols
• Athena tests surviving candidates
• Generates most efficient secure protocol for
  given application in a few hours
• Efficiency is measured relative to given metric
• Found new, more efficient authentication
  protocols
• Can be used to increase protocol heterogeneity
• Perhaps may reduce vulnerability of commercial
  off-the-shelf software configurations to
  automated attack

34
(No Transcript)
35
Problem
Technical Approaches
Coherently managing billions of devices where
none are average Information on demand,
available wherever needed, on a global scale,
in an untrusted infrastructure Pervasive
management of massive stream-oriented information
collection/inference in the wide-area
Data movement transformation Paths, not
threads Persistent state/soft state
partitioning Non-blocking RMI for remote
functionality Support for MEMS devices,
cameras, displays, etc. Serverless/homeless/freely
flowing data Opportunistic distribution,
promiscuous caching, without administrative
boundaries High availability/disaster recovery,
application-specific data consistency,
securityOverlapping, partially consistent
indices Data freedom of movement Expanding
search parties to find data, using
application-specific hints Extract, manage,
analyze streams of sensor data Path-based
processing integrated with storage Data
reduction via filtering/aggregation Distributed
collection processing Evidence accumulation
from inherently noisy sensors
36
Problem
Technical Approaches

Overwhelming config-uration complexity of large
heterogeneous systems Ineffectiveness of
technology-mediated collaborative workBetter
support for rapid decision making Enabling
Problem-based Learning in Enhanced Physical
Virtual Spaces Correctness by Construction Safe
Component Design
Dynamic self-configuration advertise provided
services, discover components providing required
services, negotiate interface contracts, monitor
compliance, eliminate non-performing
confederates Infer communications flow, indirect
relationships, availability, participation to
enhance awareness support opportunistic
decision making New collaborative applications
3D activity spaces for representing
decision-making activities, people, info
sources Visual cues weighting relationships
among agents, awareness levels, activity tracking
attention span Device/net-independent
people-to-people comms via pervasive
translation/adaptation Information
dissemination technologies Wide-area
information mgmt/access Formal specifications
and methods Safety enforcement,
design/development methods Proof carrying
code/secure protocol verification
37
Prototype Applications Universal In-Box,
Context-Aware UI, Group Collaboration
OceanStore File Management
Telegraph Data Federation
ICEBERG Service Mobility
Data Recharging Info Distribution
Context-Awareness Services Activity
Tracking/Coordination,Preferences
Specification/Interpretation
Adaptation Services Introspection, Tacit
Information Extraction/Organization
Wide-Area Services Discovery, Mobility, Trust,
Availability
Performance Measurement and Monitoring
Core Wide-Area Network
Wireless LAN
Storage ManagerFlow-oriented QP
Device-Specific Access Network
Wireless/Pwr AwareAd Hoc Networking
Concurrency Mgmt Resource Mgmt
Tiny OS
System Area Network
Communicators
Cluster Servers (Millennium)
Dust Motes
38
Industrial Collaborators
SRI