[28]   

We are developing technologies for enhancing the survivability of information using a novel approach to data distribution. We are creating an information system with unusually aggressive data replication, varying levels of accuracy of replicated data, and algorithms for maintaining and distributing data patterned after the roles, communication and authority of users within their organizations.

We are designing for a future in which hardware resources are abundant, where there more machines than users. We also assume that the machines will be widely dispersed, and that some may be frequently inaccessible to the network. Each user will have at least one personal machine, and that machine will have its own "world view", which contains the code and data for which the user has authorization and potential need. Our design also assumes that each machine is quite powerful, and each world view may contain a large percentage of the code and data of the entire distributed system, but much of the data will have weak timeliness guarantees

Most operations will be able to use the (possibly old) information from the local world view, in order to react more quickly. For many operations it is more important to have a quick answer than a perfect answer. When an operation makes it necessary, the system will take the time to get more trustworthy information.

We will be investigating various approaches to the survivability of data in such an information system. When data is unavailable or corrupted, local world views can be queried to find either the latest information or the data that predates a detected intrusion. When the node that is currently responsible for updates to a particular object becomes unavailable, we can poll nearby nodes and the world views of other users to find recent copies, and nominate a still-accessible node as the new "home" node for the object. This will allow operations to continue in a sub-network that becomes detached from higher-level units.

We will be considering alternatives for presenting possibly-stale data directly to users (e.g. "foggy" fonts for old data) and programming constructs for selecting among data of differing staleness, accessibility, and trust (e.g. "best data reachable in 2 seconds"). We will be experimenting with having some kinds of objects allow several different nodes to make and broadcast changes to it, without mutual coordination. Further experiments would explore the various approaches to guaranteeing that users get appropriate data and that the system will eventually reach a valid state. We will investigate decentralized models of access control based on a spatial metaphor, where operational capabilities are associated with different areas within a virtual world. These are just some of the categories of problems and example ideas for the research we are planning to perform on the loosely-synchronized distributed system we are building.

To create the infrastructure that will support the creation of these systems we are extending our InterMOO server. MOO is an exceptionally flexible dynamic language with builtin persistence and primitives for concepts like users and permissions that might otherwise be the domain of an operating system. We have developed our own implementation of MOO, InterMOO, which we are extending to include the primitives and builtin functions necessary to quickly create software that takes advantage of the wide duplication of data, while avoiding any problems that might arise from loose synchronization. MOO was originally designed for Multi-User Domains (MUDs) and is especially well suited to quickly producing and easily evolving code that uses persistent data.

Back to the Table of Contents
   [28]