ISW'98 no.35

[35]

Massive Games of Artificial Life on the Internet:
A Testbed for Research on Survivability Architectures

Position Paper Submitted to the Information Survivability Workshop 1998

July 15, 1998

Kevin J. Sullivan
Department of Computer Science
University of Virginia
Charlottesville, VA 22903
E-mail: sullivan@Virginia.EDU
Tel. (804) 982-2206
FAX: (804) 982-2214
URL: http://www.cs.virginia.edu

Gary McGraw
Reliable Software Technologies Corporation
21515 Ridgetop Circle, Suite 250
Sterling, VA 20166
E-mail: gem@rstcorp.com
Tel. (703) 404-9293
FAX: (703) 494-9295
URL: http://www.rstcorp.com

Introduction

Information survivability is not a new idea. Neither is it new to look to biology for metaphors on which to base radical new architectures. In the 1960's, Baran though to combine path-redundancy and packet-switching in an architecture for communications systems that could survive massive disruption. The problem emerged from the threat of nuclear attack; but the idea came in the form of a metaphor: the richly interconnected structure of the human brain provided significant resiliency for critical functioning to continue in the face of injuries. The ARPANET confirmed Baran's early insights.

What is new in the 1990s is the vastly expanded role of software as a key, non-physical element of critical infrastructure systems; the opening of systems through networks and also outsourcing of code development; and thus a new kind of threat: information attack. New architectures are needed to enable critical systems to continue to deliver critical functions in the face of various disruptions to their software intensive elements. The question could be asked: What are the analogs of path-redundancy and packet-switching for the new class of smart but interconnected and vulnerable software-intensive systems?

In this paper, we sketch an architecture that we think might provide a useful testbed for research on the survivability of software-intensive systems-an architecture based on the notion of artificial life (AL). We are not endorsing AL as a mechanism for building real systems-though closely related ideas in the area of soft complexity are actually pursued, notably for designing control systems for the deregulated electric power grid [1]. Rather, we seek to exploit AL (e.g., "the game of life") as an extremely simple and light-weight model that nevertheless exhibits key features of complex systems of systems, namely autonomous local control, local interconnection of autonomous nodes, a high degree of decentralized decision-making, and clear emergent global properties. The problem of monitoring and controlling large-scale, highly decentralized, networked AL systems thus models that of monitoring and controlling real infrastructure systems of systems.

Our notion, then, is to execute "games of life" on large-scale, decentralized, networked systems in order to provide a dynamic model of actual or future infrastructure systems, and to use that executing "game" as a target for research in monitoring and control for survivability purposes. An intriguing possibility is that by enabling people everywhere to particpate in such "games" we might foster the creation of distributed simulations with a number of users well beyond what would otherwise be possible. That possibility in turn is interesting because one of the key changes facing infrastructure systems is dramatic increases in numbers of users, e.g., as power generation and distribution are deregulated. Perhaps our concept would lead to a testbed in which the global consequences of many "users" interacting could be investigated. With modification to the rules of the game we might even be able to explore cascading other failure modes of complex systems.

Concept and Design Sketch

The game of life is based theory of cellular automata, the mathematical foundations of which have been established by Wolfram and others. We are interested not in the game per se, but in its instantiation within the computational and communications fabric of the Internet and World-Wide Web. We envision "games" occurring as cells are created as the result of executions of cell programs on computers attached to the Internet. Initially we will generate the games in our local networks, but we hope to harness the curiosity of the public to realize massive game instances in later stages of the work. To that end, we will investigate implementing cell programs as Java applets or something similar. The idea is to enable anyone anywhere to enter a game by downloading and executing a cell program. A game evolves as cells enter the game; interact locally to produce globally emergent behaviors; and die as the result of program termination, computer crashes, etc.

We see massively distributed instances of such "games" as an attractive driver of work on critical technical and research issues, such as scalable communication, reconfiguration of game topologies in the face of loss of cells, and hierarchical monitoring and control of emergent behaviors. As cells are augmented with non-trivial capabilities, these games might even become useful, e.g., for network monitoring or factoring large primes.

The remainder of this abstract comprises three sections. First, we define three objectives for the proposed work. Second, we identify requirements that will drive the elaboration of our vision. Third, we describe our light-weight rapid prototyping strategy. We discuss how the work is relevant to Information Survivability throughout the paper.

Objectives

We believe that our systems concept can address three important objectives, which we now enumerate and comment upon briefly.

Prototype for Risk Identification and Resolution
The proposed system cuts across a range of technical issues, including the scalability of communications for monitoring and control as the number of cells increases; support for identification of "neighbors" in a world (the Internet) without geometry; and support for the execution of interacting cell programs on diverse platforms. By developing a light-weight prototype that cuts across these issues, we hope to identify and mitigate risks in developing real survivability monitoring and control systems for complex systems of systems. The need for scalable communication will drive us to impose scalable structures on games-e.g., hierarchical or hypercube topologies. Such structures will have to be invented and evaluated for survivability control of real complex systems of systems in any case. We propose to evaluate such capabilities in the context of highly abstracted, lightweight, distributed "games."
Testbed for Community Research
The proposed system might provide an effective testbed for use by other researchers in information survivability area. One might add authentication protocols to inter-cell communications to assess its impact on performance, for example. The lack of the "drag" of more complex experimental systems would help to facilitate such research.
Toward a Production Architecture
The proposed system, if successful, might itself provide key prototype elements for real survivability monitoring and control systems. Our architecture is intended to support rapid evolution and the iterative delivery of enhanced capabilities into cells and the inter-cell structure (e.g., QoS, authentication, etc.). A refined and extended massive distributed game of life might thus provide a useful framework for future production systems. We can only speculate on this idea at this time, but the idea is intriguing.

Requirements

Our proposed system is meant to capture essential aspects of Information Survivability but in a highly abstracted form to facilitate exploration and experimentation.

Massive Distribution
As Baran recognized in the 1960s, distribution is critical to the continued functioning of systems in the face of local disruption. Our concept focuses on the feasibility of creating massively distributed systems in which extremely large numbers of elements interact locally, but within a globally integrated, dynamic, fabric. Our proposed game models future information systems having such properties.
Interconnection of Autonomous Elements
It appears that systems will increasingly by composed of independently defined and operated nodes whose local behaviors are integrated into and constrained by a global system. Different infrastructure systems most certainty have this property (e.g., the telecommunications companies manage their networks independently of the electric power industry, but the systems are interconnected and mutually interdependent. Our cellular-automata-based abstract games model autonomous local control well.
Emergent Behavior
Survivability and other key properties of large-scale distributed systems of the future will be properties that arise out of the interactions of individual components: they are systems properties, not component properties. The game of life is famous because it exhibits interesting emergent behaviors from simple local rules. The extent to which the patterns that occur in the game model the kinds of emergent behaviors desired in large-scale systems is unclear. However, the presence of such emergent behaviors presents interesting opportunities and challenges. How, for example, will a person executing a cell on his or her workstation have visibility to the emergent behaviors of the system? The technical challenges that will have to be dealt with to obtain answers to this question model the corresponding challenges for real-world systems.
Dynamic Death
The survivability issue focuses on how to maintain system performance in the face of threats or loss of a subset of system elements. Our proposed system models the loss of elements as loss of cells. A challenge for us will be to reconstitute game topology as cells die when cell programs terminate, or for whatever cause. Another challenge is to maintain the presence of "virtual cells" in the game in the face of the loss of resources on which their execution depends. Fault tolerance through cell replication might come into play.
Dynamic Birth
The integration of new cells into an existing game presents the inverse problems. How does a cell find out which cells are its neighbors? What interfaces provide the neighbor-finding services? Is there an admission control protocol for integrating a new cell into a game in a way that preserves game-wide integrity constraints? How is the game topology adjusted to splice in new cells? How do new cells get services? What about authentication? Might we use "cancer cells" to model invaders?

Strategy

Our strategy is to focus on key abstractions without getting dragged down by application-specific detail. We want a framework for experimentation in which we can move quickly to develop, evaluate and demonstrate new survivability concepts and issues. We will thus take an incremental, spiral-based approach to developing this simulation capability. We are focused getting on maximum leverage for minimum design investment, within an architectural framework designed not only to model the key features of real systems, but also to accommodate rapid evolution of our concepts and iterative delivery of developed capabilities to researchers in the field.

We do not intend to compete head-on with researchers in other technical disciplines, such as fault-tolerance, network protocols, or computer security. Our goal is to build a novel framework that captures key features of distributed infrastructure applications and that can serve as an interesting, very large-scale testbed for exploration and evaluation of new architectural approaches to scalable survivability monitoring and control of next century infrastructure systems of systems. If this work were supported, we would expect to make research contributions in the areas of software architectures and control system theoretic approaches. For more on the control systems perspective, see the paper by Sullivan et al. in this same Workshop [2].

Bibliography

[1]: Wildberger, "Complex Adaptive System: Concepts and Application to Electric Power Distribution," IEEE Control Systems, January 1998.
[2]: Sullivan, Knight, Du and Geist, "Survivability Control Systems," this workshop.

Back to the Table of Contents