Autonomous Pervasive Systems and the Policy Challenges of a Small World!

Emil Lupu
Emil LupuDeputy-Director PETRAS IoT Research Hub at PETRAS IoT Research Hub
Keynote IEEE Symp on Policies for Distributed Systems
and Networks 2007

Autonomous Pervasive Systems and the Policy
Challenges of a Small World!
Emil Lupu

Imperial College London
University of Bologna
• Oldest University in Europe
(certainly the oldest medieval).

• Born out of conflict: the papalimperial rivalry, restrictions put
by the church on learning and
in particular on common law.

• Lack of protection of non
“citizens” leads to the
formation of guilds
(“universitas”).
Policy at Bologna
• In essence a school of law.

• A university ran by the students.
Policy (Bologna University style): 

• Doctors elected by students.
• Curriculum must be agreed by
the students.
• Curriculum must be divided into
two-weekly puncta.

• Doctors who start lectures late or
finish late must pay a fine.
• Doctors who fail to attract at
least 5 students are deemed
absent and fined.
• Doctors must pay a deposit
before being allowed to leave the
city to ensure their return.
Peter Watson 

Ideas: A history from Fire to Freud
Phoenix Publ. 2005
Policies are for
Large Systems
Policies
• Originally introduced to separate the strategy for resource allocation in OSs
from the mechanisms controlling the resources. 



R Levin et al. Policy/Mechanism Separation in Hydra. 5th Symp. on Operating
Systems Principles (SOSP), November 1975.
• Became popular in large centralised access control systems and
subsequently, in the early 90’s, for managing large networks and distributed
systems. 

• Policies apply to large sets of objects providing uniform configuration. 

• Provide the means to automate adaptation across large systems
Policy Areas

Business Rules
Network and
Systems Management
Semantic Web

Trust

Privacy
SLAs Access Control and
Security
Management
Policy Workshop
Web-Services Data Centric Security
1999

Enterprise
Distributed Multi-Agent Systems
Object
Computing
Negotiation
Policies for Large Systems
require Complex Policy Systems
• Build on complex software infrastructure: CIM, LDAP, Storage, Databases,
Web-Services (WS-*), Grid-Environments, ... 

• Systems are functionally separated. A function realised for the entire system
e.g., Authentication, Fault-Diagnostics, Accounting, ... 

• Architectures are tightly coupled, making in difficult and laborious to add new
elements. 

• Computational power is infinite (or almost). Components are always available

• Policies are replacing human actions.
Examples: Ponder
Java obligation
policies

Policy
Source
Text

Editor

Java security
Code Generator
Syntax
Analysis

Scope/
Type
Analysis

AST

Win2000 security
Code Generator

IC

XML
Code Generator

Semantic
Analyser

Syntax
Analyser
(SableCC)

...

Code
Assembler

CIM

Call PolicyService to store
policy code in
directory

Compiler
Toolkit
HypTree Browser

Analysis
Refinement
DiffServ

Domain Service 

London
network
Front End

enable

Deleted
unload

load
Loaded

core network

disable

tr2

2
load, enable,..
checkRefrains

inst
mstruct /london/tr1 = trafficT(op1, qos1)
mstruct /paris/tr2 = trafficT(op1, qos2)

Paris
network

7

2

3

enable,disable

6

eventHandler
obligMethod

REOs
enable,disable
checkRefrain

Policy
Management
Agents
(Obligation &
Refrain Policies)

Deployment

Event Service

OEOs
1

Access
Controllers
(Authorisation
Policies)

Enabled

edge Policy Management Agent
router
OPOs
RPOs

LDAP Server

enable

Enforcement
Agents

Dormant

edge router

tr1

Policy
Object

Roles, Rel
Management
Structures
register, ...

5

eventEngine

4

8

Access Controllers

ACs

9

Enforcement

Configuration
Manager
Lessons
• Development intensive requiring numerous services that depend on many
underlying systems and packages. Must be able to rely on commercial policy
products ... which aren’t there. 

• Difficult to maintain, distribute and demonstrate. Numerous queries received
about the Ponder toolkit were about LDAP installation and configuration. 

• Difficult to integrate with new techniques: planning, context, analysis, security
and management ... 

• Policies replace human (administrator) led activity. Typically compared with
scripting and ad-hoc human-driven solutions. Poor short term ROI.

Need to provide “advantage”: analysis, refinement and validation. 

Need to provide benchmarking and proof of scale up.
Policy Outset
• Policy motivated by arguments of
scale

• Industry cannot deliver the
products and benchmarks 

• Academics cannot deliver
convincing demonstrations

• Restrict to theoretical work. 

• Small proof of concept for
individual techniques.
Autonomous Pervasive Systems
... at any scale
Cardiac Monitoring
UbiMon Body Sensor Node

Primary unit

Secondary unit
Sensors

RF

Control

Control

RF
Battery

Power
Signal conditioning

Antenna

Antenna

Tertiary unit/Central Server
The BSN platform
- TinyOS

- Ultra low power 16 bit processor

- 64KB + 256KB Flash memory

- 6 analog channels

- IEEE 802.15.4 (Zigbee) wireless link
Body Area Networks for eHealth
• Implanted and wearable sensors:
Heart monitoring, blood-pressure,
oxygen saturation, etc.

• Continuous monitoring of
physiological condition e.g.,
cardiac arrhythmia.

• Maintenance of chronic
conditions: heart deficiencies,
diabetes mellitus, chronic
anaesthesia

• Incremental drug delivery. Context
dependent drug delivery. 


Body Area Networks

• Remote interrogation

• Alert for emergency interventions.
Requirements
• Continuous adaptation:

• sensor failures, new sensors and
diagnostic units

• changes in user activity and
context

• changes in the patient’s medical
condition

• interactions with other devices
in different environments: home,
hospital, GP clinic

• Minimal resource (power)
consumption

• No administrator interactions


• Low-coupling

• Support for Interactions

• peer-to-peer interactions
between devices

• composition between
subsystems

• federation between collections
of devices

• Decision making: goal-driven,
heuristics, utility

• Learning: classification, statistical,
declarative
Policy-based closed adaptation loop
Events

Monitor

Events

Manager 

Agent
Managed

Objects

Control
actions

Decisions

Policies

(auth)
New functionality


Policies

(oblig/ECAs)
Policies in Healthcare Environments
• Obligations define which operations need to be performed when certain
events occur. Event-Condition-Action Rules

• Authorisations define which operations are permitted and under which
circumstances. 

• Other policy types: Membership management, Information Filtering, Trust
Management, Delegation, Negotiation, etc. 

• Policies applied to different functional areas: device and service discovery,
device configuration, authentication and authorisation, privacy,
collaborations, ...
The Controller: Gumstix
• 200-400MHz (Intel XScale
PXA255)16 MBFlash

Bluetooth

• Expansion boards: Wifi, Eth, Cf or
MMC, audio, GPS

• Linux 2.6

• GCC, JamVM and other
development tools

• 802.15.4 through connected BSN
Autonomous Unmanned Vehicles
• Each vehicle is
an autonomous
collection of
managed
devices with
different
functional
capabilities

• Must be
extensible to
different sensors
and modules


• Can aggregate
and collaborate
in fleets of
autonomous
vehicles

• Must interact
with external
environment
Building Integration
• Instrumentation
of in-door
environments:
multimedia,
assisted living for
the elderly

• Discovery and
autonomy across
nested
collections of
devices


• Interactions with
persons (and
their personal
area networks)

• Composition and
federation that
follows: physical
space, functional
space
Citywide environments
• How do we build next generation
pervasive city infrastructures?

• Composition federation and
interaction of pervasive spaces.

• Interactions with mobile users
and groups of users. 

• Space as catalyst for social
interaction
Pervasive Spaces

Events

Monitor

Events

Manager
Agent
Managed
Objects

Control
actions

Decisions

Policies
New functionality

Policies

PAN Control

Autonomous 

Vehicles

Personal Area Networks
Home Appliance
Control
Events

Monitor

Events

Manager
Agent
Managed
Objects

Control
actions

Decisions

Policies
New functionality

Policies

Intelligent Home
Networks

Pervasive
Environments
A common pattern
• That can be used at different levels of scale: body area networks, unmanned
vehicles, intelligent homes, and large distributed systems and networks. 

• That can provide self-management and closed-loop adaptation at the local
level.

• That can provide different levels of functionality. 

• That is architectural as well as functional.

• Provides low-coupling between the different services.
Self-Managed Cells
... and the first
Architectural Steps
What is a Self-Managed Cell?
• A set of hardware and software components forming an administrative
domain that is able to function autonomously and thus capable of selfmanagement. 

• Management services interact with each other through asynchronous events
propagated through a content-based event bus.

• Policies provide local closed-loop adaptation.

• Able to interact with other SMCs and able to compose in larger scales
SMCs.
Self-Managed Cell (SMC)
Monito
Events

Events

Control
actions

Managed 

Objects

Decisions

Policies
New functionality`

Policies

Manager 

Agent
SMC Pattern
• Provides low-coupling between the different services.

• Permits the use of different service implementations when used at different
levels of scale. 

• Permits to add services to SMCs in order to add functionality: 

• Context service(s) for mobile users and gathering information from the
environment. 

• Authentication, Access Control and other security services.

• Provisioning and Optimisation services for control of resources
SMC Core Services
• Discovery Service 

(including membership management)

• Event Service 

Events

• Policy Service

Monitor

Events

Manager 

Agent
Managed

Objects

Control
actions

Decisions

Policies

(auth)
New functionality


Policies

(oblig/ECAs)
Cell Discovery Service
• Discovers new devices and maintains membership to detect failures and
departures from cell.

• Queries device for its profile and services; 

• Performs vetting functions e.g. authentication, admission control. 

• Listens for new service offers and service removals from the devices

• Generates events to signal new/disconnected devices or software
components. Interested services can subscribe, receive and react to these
events. 

• Own implementation developed to cater for BSN nodes and policy
configurable parameters but other protocols e.g., SDP, SLP, ... could be used
in other environments.
Cell Event Service
• Publish/Subscribe with content based router. 

• At-most-once, reliable event delivery.

• To an individual recipient events are delivered in the same order as received
by the router.

• Quenchable publishers to minimise number of messages and power
consumption.

• Supports heterogeneous communication.
Event Service Architecture

NewDevice

Publisher

Router

DeviceLeft

subscription
filtering

proxy S1

Subscribers

S1

S1

proxy P1

P1

proxy S2
S2

S2

filter(s)

undelivered
messages
Policy Service: Ponder2
... the same, yet very different
http://ponder2.net
Policies for Different Functional Areas
• Device and Service Discovery. How to react to new devices and services and
their disappearance. 

• Membership Management. 

• Context Management. How to react to changes in location, activities of the
user, surrounding environment.

• Clinical Management. How to react to changes in the clinical condition. 

• Security Management.

• Policy Management. Enable, disable, unload policies.
Ponder2 Design Goals
• Permit interaction with a running SMC


Ponder2 Design Process

• invoking operations on objects

• policy creation, activation, etc.


Design

• Only loads what is needed

• Can be extended (dynamically)

• Must run on a Gumstix (and possibly on
BSN nodes)

Remove
Ponder2
• Supports both obligation policies in the form of Event-Condition-Action rules
and authorisation policies. Therefore it requires:

• Managed Objects to represent resources and invoke operations on
external services

• Domains to group objects and specify policies in terms of domains of
objects. 

• Events to trigger policies and interactions with the event bus.

• Policies of multiple kinds. 

• Object invocations to implement policy actions
Ponder2 Policy Service
Event
Events
Domains
Policy Objects
...

Cell Policy

Interpreter

Actions

Holds refs to managed
objects: Devices, SMCs,
Policies, Roles, etc

Managed Objects

PonderTalk

Commands

(and Policies)

Policy

Service
Ponder2, try again
• The Policy Service requires:

• Convention for loading and creating Managed Objects

• Invoking operations on Managed Objects

• Root domain (that does not know it is a domain)

• That’s it!

• Domains, policies, events, ... are themselves managed objects that follow the
same conventions.
Bootstrapping Ponder2 in PonderTalk
• SMC is just an empty
domain - root

• Import domain factory

• Create domains

• Import basic factories


// Bootstrap code for Ponder2

!

// Import the Domain code 
// and create the default domains
domainFactory := root load: "Domain".
root 
at: "factory" put: domainFactory create;
at: "policy" put: domainFactory create;
at: "event" put: domainFactory create.

// Put the domain factory into the factory directory
root/factory at: "domain" put: domainFactory.

!

• Read more PonderTalk

// Import event and policy factories
root/factory
at: "event" put: ( root load: "EventTemplate" );
at: "oblig" put: ( root load: "ObligationPolicy" ).
Managed Objects
• A managed object 

• Conforms to a set of interface rules.

• Created through a factory


External

import

Policy
service

import

RMI
import

• Accepts commands 


Internal
Factory

.jar file

• Several pre-defined types of managed
objects: domains, policies, factories,
external, events

/

/svc

/fact
factory
object

remote
invocation
RMI

<<create>>
Writing a new Managed Object
• A Managed Object is a Java class

• PonderTalk messages converted to method calls

• Constructors called by factory messages

• Instance methods called by operational messages

• Mapping done by @Ponder2op Java annotation

• uses apt Annotation Processing Tool instead of javac
Example: a HashTable Managed Object
public class MyManagedObject 

implements P2ManagedObject {

!
!

!

!

!

private Map<String, OID> data;
@Ponder2op("create")
MyManagedObject() {
data = new HashMap<String, OID>();
}

!

!

return data.get(name);
}
@Ponder2op("remove:")
OID remove(String name) {
return data.remove(name);
}

}

@Ponder2op("size:")
MyManagedObject(int size) {
data = 

new HashMap<String, OID>(size);
}

apt

ManagedObject

@Ponder2op("at:put:")
OID store(String name, OID oid) {
data.put(name, oid);
return oid;
}
@Ponder2op("at:")
OID get(String name) {

P2MyManagedObject
create
size: int
at: name put: OID
at: name
remove: name

<<interface>>
ManagedObject

MyManagedObject
MyManagedObject()
MyManagedObect(int size)
store(String name, OID oid)
get(String name)
remove(String name)
41
Events in Ponder2
• Event = notification with named
attributes.


/

• Trigger policies.

• An event factory interfaces with an
external event bus. 


event

event
types

fact

• Multiple factories can be used. 

inst

• Event types (templates) are created
by factories.

XML
intrusion compromise
Blaster WS-Notif
<<create>>
Example: Discovery of new BSN sensor
• Discovery service issues events when BSN is detected or lost

!
newevent := root/factory/SMCeventbus. 
!
// newBSN event type
!
root/event 
at: "newBSN" 
put: (newevent create: #("name" "type") ).
!
// example of raising an event
root/event/newBSN 

create: #("Temp1" "TempMon").
Policies
• Created with policy factory


Blocks

• Dynamically associate events,
actions and conditions with a
policy


• Blocks are objets that group
statements. 


• Can be activated and deactivated

• Are managed objects. Can be
moved, deleted, created,
activated, deactivated by other
policies

• Actions and conditions are blocks

• Block execution is delayed

• Blocks can take arguments

• Blocks are closures

• Blocks return the result of their last
statement
Discovery Policies
• When a new BSN sensor is
discovered a policy is used to
create the appropriate adaptor
managed object

• Adaptor object acts as proxy for
the BSN and can receive
commands for them e.g. setrate

// Create discovery policy
newpolicy := root/factory/oblig.
!
discBSN := newpolicy create.
discBSN 
event: root/event/newBSN;
action: [ :name :type |
root/template/bsnAdaptor
create: name
setActive: type
];
setActive: true.
Blood Pressure Policy
// Create blood pressure policy
• on bp(value)

newpolicy := root/factory/event.


newevent := root/factory/ecapolicy.
if (value>150)

!
&& oldValue<=150
 bphigh := newpolicy create.
bphigh 
event: (newevent create: #(“name”, “newVal”, “oldVal”)
condition: [ :name :newVal :oldVal | 
• do

name == "BP1" 
&& ( newVal > 150 )
/bsn/HEART1

&& ( oldVal < 150 ) ];
.set(sensorRate=1)

action: [ 


root/bsn/HEART1 setRate: 0.1. 
/alarm.alarm(on)

root/alarm setAlarm: true; show ];
/alarm.show
setActive: true.
!
root/policy at: "bphigh" put: bphigh
Ponder2 Policy Service - II
Not yet quite a policy language
on new_component(id, profile, addr) do

if profile == “heart rate” then

r = /fact/hr.create(profile, addr); /sensors.add(r)

!

on hr(level) do 

if level > 100 then /sensors/os.setfreq(10min);
/sensors/os.setMinVal(80)




!

on context(activity) do 

if activity == “running” then

/policies/normal.disable(); /policies/active.enable()

!

auth+ /patient → /os.{setfreq, setMinVal, stop, start}

auth+ /patient → /policies.{load, delete, enable, disable}
Heart Monitoring Demo
BSN Node

Accelerometer

BSN Node

ECG sensor

BT link
Gumstix (Linux, BT, WiFi)


!

Discovery Service 

Policy service 

Event service
HR visualisation

and communication

(SMS, Call, GPRS)
How small should an SMC be?
• Is a BSN node an SMC?

• 6 analog sensor channels

• Event based interactions

• Need for policy-based adaptation
Interactions
Between
Self-Managed
Cells
Inter-SMC Interactions

Measure ment
& Mon itorin g

Interaction
Adaptation

Serv ice
Discov ery

Ev ent Bus

Policy
Management

M e a sur e m e n t &
Mo n it o r in g

Se r v ice
D is co ver y

Measurement an d
Control Adapters

In te r a ct io n
Ad a p t a t io n

In te r a ct io n
Ad a p t a t io n

M e a sur e m e n t a n d
C o n tr o l Ad a p te r s

Ma n a g e d R e so ur ce s

Ser v ic e
D isco ver y

Me a su r e me n t &
M o n it o r in g

Eve n t Bu s

Eve n t Bu s

Po lic y
Ma n a g e me n t

Other

Context

C o n t e xt

Po lic y
M a n a g e me n t

M e a su r e m e n t a n d
C o n tr o l Ad a p t er s

M a n a g e d R e so u r ce s

C o n te xt
Peer-to-Peer Interactions
…

• Layered SMCs: application /
services / network

• Peer SMCs (peer devices,
peer networks, SLAs…)

…
Peer to Peer Interactions

Patient

Doctor 

(GP clinic)

Nurse
SMC Composition

The internal
SMCs cease to
advertise
themselves
externally.
!
!

The enclosing
SMC programs
the nested SMCs
Composition Interactions
SMC Interactions: Requirements
• Despite apparent differences both peer-to-peer and composition interactions
require similar support:

• actions: SMCs need to invoke actions on other SMCs e.g. to access
device readings, actions specified as part of policies. 

• events: SMCs need to exchange events i.e. both publish and subscribe to
events in a remote SMC

• policies: SMCs need to exchange policies e.g. ask a remote SMC to react
to events in a particular way
Interactions and Autonomy
• Each SMC must retain autonomy over its resources:

• It must decide which functions (services) to export

• It must retain decision on whether to export (bind) any of its internal resources
externally

• It may mediate external interactions to internal managed objects e.g., for
filtering and parameter adaptation. 

• It decides which policies to accept (allowing “full access” may jeopardise
integrity).

• Applicable in both p2p and composition
Differences: p2p - composition
• Once bound as a resource in a composition relationship: 

• The SMC ceases to advertise itself

• The SMC does not establish other p2p or composition relationships unless
directed by the outer SMC

• “administrative” interfaces are guaranteed to be bound to a single outer SMC.

• Events and services exposed to other SMCs will be different in composition and
p2p relationships. 

• Policies (i.e., missions) accepted will be different
SMCs discovery

• On SMC discovery, each SMC assigns discovered SMC to pre-defined
domains.

• Policies for domain apply to assigned SMC.

• SMC Discovery can also result in policy-exchange and sharing of events and
services.
SMC Missions: Policy Exchange

• SMC Interfaces define:

• events: that can be raised by an SMC

• notifications: that an SMC can receive

• actions: that can be invoked on the SMC
Policy Exchange II
mission patientT(nurse, patient, ECGlevel, ECGTime) do 

on patient.mloaded() do 

nurse.store(patient.readlog())

on patient.hr(level) do 

if level > ECGlevel then

patient.startECG()

patient.timer(ECGTime, endECG())

nurse.ecgOn() 

on patient.endECG() do 

nurse.display(patient.readECG())
SMC Missions: Policy Exchange

auth+ /nurse → /patient.loadMission // at the Patient 

auth+ /patient → /nurse.store
// at the Nurse

auth+ /patient → /nurse.displayECG 

on newPatient(p) do 

ref = p.loadMission(/patients.interface, p.interface, 82, 40); /
roles[p].add(ref)
Interaction Procedure
• Discover SMCs

• Decide what kind of interaction to create (for both SMCs)

• Decide on role assignment

• Exchange Interfaces

• Perform role assignment and creation of managed object

• Decide which missions to instantiate and instantiate them.
Missions in Multi-Party Interactions

Patient

Doctor

Nurse
Measurements
and Performance
IEEE 802.15.4
• Claims maximum bandwidth of 250Kbps

1 hop away
1 packet = 76B
Rate varies: 

1-40 packets/s
• Observed max. throughput 50Kbps. At this rate the
receiver’s packet queue fills up and packets are dropped
IEEE 802.15.4 throughput
End-to-end Delay

Gumstix 

Bluetooth, WiFi

Linux

Discovery Service

Discovery Service 

Policy service 

Event service

BSN Node

802.15.4 gateway

Serial Comms

25 ms

IEEE 802.15.4

20 ms
Discovery
• expected 110ms (2 serial + 3 * 802.15.4 packets)

• observed 129ms

• End-to-end: 144ms; includes

• discovery handshake

• generation of new_component event

• event proxy and managed object creation
Event Service
• Subscription matching: 13-15ms
Policy Service
• Policy Object: 3.214 kB includes policy type, triggers, actions and constraints

• Simple policy execution (null action): 13.57ms

• Simple policy execution action issued to BSN: 23.88ms

• Simple policy execution + simple condition: 30.05ms

• End-to-end: event published to proxy to policy execution: 46.05 ms
Observations
• Use of XML generates significant overhead in terms of both memory
consumption and run-time processing.

• This despite using a small footprint and efficient parser. 

• Performance suitable for body-area network for self-management purposes. 

• Not always suitable for application data e.g., ECG 200Hz

• Processing and adaptation capability on sensor
Challenges
Reasoning and Planning
• Analysis and Refinement work to date relies on abductive reasoning. 

• Can we do abductive reasoning on a Gumstix? 

• Yes with a bit more memory!

• Planning and Distributed Planning

?

?
?

?
Making Sense of the Surrounding World
• Much work is directed
towards abstracting sensor
input in higher level “state”
information. Accelerometers,
Temperature, Sound, ...

• Buy why should be always
starting from scratch...

Can we use
acquired information
to refine Context
Models?
Making Sense of Behaviour
Policies are rules governing choices in the
behaviour of systems

Policies are rules learnt from the behaviour of ...
Trust, Security and Privacy
Conclusions
• SMC defines a common architectural pattern that can be applied at different
levels of scale.

• Content-based filtering event bus provides flexibility and de-coupling
between services.

• Ponder2 provides support for general object management and policies

• In contrast to policies in large systems, designs in autonomous pervasive
computing strive to be simple. Scale is achieved through extensibility,
modularity and composition of autonomous components.

• Realising autonomous pervasive systems requires the integration of multiple
techniques from different areas of computing: operating systems, distributed
systems, statistical decision methods, AI, DAI, multi-agent systems,
knowledge engineering, ... 

• ... on a small scale!
Acknowledgements
Sye-Loong Keoh

Kevin Twidle Morris Sloman

Joe Sventek

Naranker Dulay

Alberto Schaeffer

Stephen Strowes

Steven Heeps
References
• Ponder2 Policy Service: http://www.ponder2.net

• E. Lupu, N. Dulay, M. Sloman, J.Sventek, S. Heeps, S. Strowes, K. Twidle, S.-L. Keoh, A.
Schaeffer-Filho. AMUSE: Autonomic Management of Ubiquitous e-Health Systems.
Concurrency and Computation: Practice and Experience, John Wiley and Sons, Inc., 2007
(To Appear).

• Keoh, S.L., Twidle K., Pryce, N., Schaeffer-Filho, A E., Lupu, E., Dulay, N., Sloman, M.,
Heeps, S., Strowes, S., Sventek, J., and Katsiri, E. Policy-based Management for BodySensor Networks. 4th International Workshop on Wearable and Implantable Body Sensor
Networks (BSN 2007), AAchen, Germany, March 2007.

• Russello, C. Dong, and N. Dulay. Authorisation and Conflict Resolution for Hierarchical
Domains. IEEE Workshop on Policies for Distributed Systems and Networks (Policy),
Bologna, Italy, June 2007.
Autonomous Pervasive Systems and the Policy Challenges of a Small World!
1 of 83

Recommended

Who has the data ... and will breach the duty of confidence by
Who has the data ... and will breach the duty of confidenceWho has the data ... and will breach the duty of confidence
Who has the data ... and will breach the duty of confidenceEmil Lupu
1.7K views10 slides
WSN Security Research Directions by
WSN Security Research DirectionsWSN Security Research Directions
WSN Security Research DirectionsEmil Lupu
2.3K views15 slides
Goal Decomposition and Abductive Reasoning for Policy Analysis and Refinement by
Goal Decomposition and Abductive Reasoning for Policy Analysis and RefinementGoal Decomposition and Abductive Reasoning for Policy Analysis and Refinement
Goal Decomposition and Abductive Reasoning for Policy Analysis and RefinementEmil Lupu
2.1K views14 slides
Poster nci 2010 by
Poster   nci 2010Poster   nci 2010
Poster nci 2010bdemchak
135 views1 slide
Ann by
AnnAnn
AnnHassan khan
116 views14 slides
Cyber Security Architecture - A Systems Approach December 05 2012 by
Cyber Security Architecture - A Systems Approach December 05 2012Cyber Security Architecture - A Systems Approach December 05 2012
Cyber Security Architecture - A Systems Approach December 05 2012Joseph Hennawy
483 views18 slides

More Related Content

What's hot

00 what is_msit223(information technology) by
00 what is_msit223(information technology)00 what is_msit223(information technology)
00 what is_msit223(information technology)jenrefamonte
328 views11 slides
Applications of expert system by
Applications of expert systemApplications of expert system
Applications of expert systemLearnbay Datascience
236 views8 slides
Interface interoperability by
Interface interoperabilityInterface interoperability
Interface interoperabilitymsdanij
155 views5 slides
The DETER Project: Towards Structural Advances in Experimental Cybersecurity ... by
The DETER Project: Towards Structural Advances in Experimental Cybersecurity ...The DETER Project: Towards Structural Advances in Experimental Cybersecurity ...
The DETER Project: Towards Structural Advances in Experimental Cybersecurity ...DETER-Project
1.2K views11 slides
The Science of Cyber Security Experimentation: The DETER Project by
The Science of Cyber Security Experimentation: The DETER ProjectThe Science of Cyber Security Experimentation: The DETER Project
The Science of Cyber Security Experimentation: The DETER ProjectDETER-Project
2.9K views11 slides
The DETER Project: Advancing the Science of Cyber Security Experimentation an... by
The DETER Project: Advancing the Science of Cyber Security Experimentation an...The DETER Project: Advancing the Science of Cyber Security Experimentation an...
The DETER Project: Advancing the Science of Cyber Security Experimentation an...DETER-Project
2.1K views7 slides

What's hot(14)

00 what is_msit223(information technology) by jenrefamonte
00 what is_msit223(information technology)00 what is_msit223(information technology)
00 what is_msit223(information technology)
jenrefamonte328 views
Interface interoperability by msdanij
Interface interoperabilityInterface interoperability
Interface interoperability
msdanij155 views
The DETER Project: Towards Structural Advances in Experimental Cybersecurity ... by DETER-Project
The DETER Project: Towards Structural Advances in Experimental Cybersecurity ...The DETER Project: Towards Structural Advances in Experimental Cybersecurity ...
The DETER Project: Towards Structural Advances in Experimental Cybersecurity ...
DETER-Project1.2K views
The Science of Cyber Security Experimentation: The DETER Project by DETER-Project
The Science of Cyber Security Experimentation: The DETER ProjectThe Science of Cyber Security Experimentation: The DETER Project
The Science of Cyber Security Experimentation: The DETER Project
DETER-Project2.9K views
The DETER Project: Advancing the Science of Cyber Security Experimentation an... by DETER-Project
The DETER Project: Advancing the Science of Cyber Security Experimentation an...The DETER Project: Advancing the Science of Cyber Security Experimentation an...
The DETER Project: Advancing the Science of Cyber Security Experimentation an...
DETER-Project2.1K views
Framework architecture for improving by IJMIT JOURNAL
Framework architecture for improvingFramework architecture for improving
Framework architecture for improving
IJMIT JOURNAL331 views
06 styles and_greenfield_design by Majong DevJfu
06 styles and_greenfield_design06 styles and_greenfield_design
06 styles and_greenfield_design
Majong DevJfu606 views
Finding Critical Link and Critical Node Vulnerability for Network by ijircee
Finding Critical Link and Critical Node Vulnerability for NetworkFinding Critical Link and Critical Node Vulnerability for Network
Finding Critical Link and Critical Node Vulnerability for Network
ijircee411 views
Big Data Analytics and Advanced Computer Networking Scenarios by Stenio Fernandes
Big Data Analytics and Advanced Computer Networking ScenariosBig Data Analytics and Advanced Computer Networking Scenarios
Big Data Analytics and Advanced Computer Networking Scenarios
Stenio Fernandes2.4K views
Taubenberger by anesah
TaubenbergerTaubenberger
Taubenberger
anesah743 views
Towards a methodology for a Quantitative (Risk) Assessment of Critical Infras... by Global Risk Forum GRFDavos
Towards a methodology for a Quantitative (Risk) Assessment of Critical Infras...Towards a methodology for a Quantitative (Risk) Assessment of Critical Infras...
Towards a methodology for a Quantitative (Risk) Assessment of Critical Infras...
Mobile Multimodal Interaction: An Investigation and Implementation of Context... by Mafer Solorzano
Mobile Multimodal Interaction: An Investigation and Implementation of Context...Mobile Multimodal Interaction: An Investigation and Implementation of Context...
Mobile Multimodal Interaction: An Investigation and Implementation of Context...
Mafer Solorzano529 views

Viewers also liked

Pervasive Computing by
Pervasive ComputingPervasive Computing
Pervasive ComputingVijayaLakshmi N
59.1K views22 slides
Wireless Sensor Network by
Wireless Sensor NetworkWireless Sensor Network
Wireless Sensor NetworkMuhammad Farooq Hussain
475 views16 slides
Clock synchronization in distributed system by
Clock synchronization in distributed systemClock synchronization in distributed system
Clock synchronization in distributed systemSunita Sahu
28.8K views25 slides
Clock Synchronization in Distributed Systems by
Clock Synchronization in Distributed SystemsClock Synchronization in Distributed Systems
Clock Synchronization in Distributed SystemsZbigniew Jerzak
55.6K views89 slides
Wireless Security by
Wireless SecurityWireless Security
Wireless SecurityStefano Coratti
325 views19 slides
wireless sensor network my seminar ppt by
wireless sensor network my seminar pptwireless sensor network my seminar ppt
wireless sensor network my seminar pptEisha Madhwal
121.4K views23 slides

Viewers also liked(8)

Clock synchronization in distributed system by Sunita Sahu
Clock synchronization in distributed systemClock synchronization in distributed system
Clock synchronization in distributed system
Sunita Sahu28.8K views
Clock Synchronization in Distributed Systems by Zbigniew Jerzak
Clock Synchronization in Distributed SystemsClock Synchronization in Distributed Systems
Clock Synchronization in Distributed Systems
Zbigniew Jerzak55.6K views
wireless sensor network my seminar ppt by Eisha Madhwal
wireless sensor network my seminar pptwireless sensor network my seminar ppt
wireless sensor network my seminar ppt
Eisha Madhwal121.4K views
Wireless Sensor Networks by rajatmal4
Wireless Sensor NetworksWireless Sensor Networks
Wireless Sensor Networks
rajatmal458.6K views
Distributed Systems by Rupsee
Distributed SystemsDistributed Systems
Distributed Systems
Rupsee191.3K views

Similar to Autonomous Pervasive Systems and the Policy Challenges of a Small World!

Artificial Intelligence for Automated Decision Support Project by
Artificial Intelligence for Automated Decision Support ProjectArtificial Intelligence for Automated Decision Support Project
Artificial Intelligence for Automated Decision Support ProjectValerii Klymchuk
3.1K views28 slides
Chap 01 lecture 1distributed computer lecture by
Chap 01 lecture 1distributed computer lectureChap 01 lecture 1distributed computer lecture
Chap 01 lecture 1distributed computer lectureMuhammad Arslan
595 views30 slides
Personalizing medical treatments based on ambient information: towards intero... by
Personalizing medical treatments based on ambient information: towards intero...Personalizing medical treatments based on ambient information: towards intero...
Personalizing medical treatments based on ambient information: towards intero...Rémi Bastide
868 views31 slides
lecture2-intro-of-CPS.pdf by
lecture2-intro-of-CPS.pdflecture2-intro-of-CPS.pdf
lecture2-intro-of-CPS.pdfMahendraShukla27
1 view29 slides
Embedded systems in biomedical applications by
Embedded systems in biomedical applicationsEmbedded systems in biomedical applications
Embedded systems in biomedical applicationsSeminar Links
23K views25 slides
LAS - System Biology Lesson by
LAS - System Biology LessonLAS - System Biology Lesson
LAS - System Biology LessonLASircc
510 views39 slides

Similar to Autonomous Pervasive Systems and the Policy Challenges of a Small World!(20)

Artificial Intelligence for Automated Decision Support Project by Valerii Klymchuk
Artificial Intelligence for Automated Decision Support ProjectArtificial Intelligence for Automated Decision Support Project
Artificial Intelligence for Automated Decision Support Project
Valerii Klymchuk3.1K views
Chap 01 lecture 1distributed computer lecture by Muhammad Arslan
Chap 01 lecture 1distributed computer lectureChap 01 lecture 1distributed computer lecture
Chap 01 lecture 1distributed computer lecture
Muhammad Arslan595 views
Personalizing medical treatments based on ambient information: towards intero... by Rémi Bastide
Personalizing medical treatments based on ambient information: towards intero...Personalizing medical treatments based on ambient information: towards intero...
Personalizing medical treatments based on ambient information: towards intero...
Rémi Bastide868 views
Embedded systems in biomedical applications by Seminar Links
Embedded systems in biomedical applicationsEmbedded systems in biomedical applications
Embedded systems in biomedical applications
Seminar Links23K views
LAS - System Biology Lesson by LASircc
LAS - System Biology LessonLAS - System Biology Lesson
LAS - System Biology Lesson
LASircc510 views
Chapeter 2 introduction to cloud computing by eShikshak
Chapeter 2   introduction to cloud computingChapeter 2   introduction to cloud computing
Chapeter 2 introduction to cloud computing
eShikshak2.5K views
Internet of Things: Research Directions by Davide Nardone
Internet of Things: Research DirectionsInternet of Things: Research Directions
Internet of Things: Research Directions
Davide Nardone3.5K views
Event Driven Software Architecture Pattern by jeetendra mandal
Event Driven Software Architecture PatternEvent Driven Software Architecture Pattern
Event Driven Software Architecture Pattern
jeetendra mandal200 views
Grid Computing July 2009 by Ian Foster
Grid Computing July 2009Grid Computing July 2009
Grid Computing July 2009
Ian Foster1.6K views
Architecting in the era of Cybermatics by UFRN
Architecting in the era of CybermaticsArchitecting in the era of Cybermatics
Architecting in the era of Cybermatics
UFRN90 views
Model-Simulation-and-Measurement-Based Systems Engineering of Power System Sy... by Luigi Vanfretti
Model-Simulation-and-Measurement-Based Systems Engineering of Power System Sy...Model-Simulation-and-Measurement-Based Systems Engineering of Power System Sy...
Model-Simulation-and-Measurement-Based Systems Engineering of Power System Sy...
Luigi Vanfretti702 views
smILLe Emtacl10 presentation by George Veranis
smILLe Emtacl10 presentationsmILLe Emtacl10 presentation
smILLe Emtacl10 presentation
George Veranis218 views

Recently uploaded

Business Analyst Series 2023 - Week 4 Session 7 by
Business Analyst Series 2023 -  Week 4 Session 7Business Analyst Series 2023 -  Week 4 Session 7
Business Analyst Series 2023 - Week 4 Session 7DianaGray10
139 views31 slides
Enabling DPU Hardware Accelerators in XCP-ng Cloud Platform Environment - And... by
Enabling DPU Hardware Accelerators in XCP-ng Cloud Platform Environment - And...Enabling DPU Hardware Accelerators in XCP-ng Cloud Platform Environment - And...
Enabling DPU Hardware Accelerators in XCP-ng Cloud Platform Environment - And...ShapeBlue
106 views12 slides
Webinar : Desperately Seeking Transformation - Part 2: Insights from leading... by
Webinar : Desperately Seeking Transformation - Part 2:  Insights from leading...Webinar : Desperately Seeking Transformation - Part 2:  Insights from leading...
Webinar : Desperately Seeking Transformation - Part 2: Insights from leading...The Digital Insurer
90 views52 slides
Import Export Virtual Machine for KVM Hypervisor - Ayush Pandey - University ... by
Import Export Virtual Machine for KVM Hypervisor - Ayush Pandey - University ...Import Export Virtual Machine for KVM Hypervisor - Ayush Pandey - University ...
Import Export Virtual Machine for KVM Hypervisor - Ayush Pandey - University ...ShapeBlue
119 views17 slides
2FA and OAuth2 in CloudStack - Andrija Panić - ShapeBlue by
2FA and OAuth2 in CloudStack - Andrija Panić - ShapeBlue2FA and OAuth2 in CloudStack - Andrija Panić - ShapeBlue
2FA and OAuth2 in CloudStack - Andrija Panić - ShapeBlueShapeBlue
147 views23 slides
Zero to Cloud Hero: Crafting a Private Cloud from Scratch with XCP-ng, Xen Or... by
Zero to Cloud Hero: Crafting a Private Cloud from Scratch with XCP-ng, Xen Or...Zero to Cloud Hero: Crafting a Private Cloud from Scratch with XCP-ng, Xen Or...
Zero to Cloud Hero: Crafting a Private Cloud from Scratch with XCP-ng, Xen Or...ShapeBlue
198 views20 slides

Recently uploaded(20)

Business Analyst Series 2023 - Week 4 Session 7 by DianaGray10
Business Analyst Series 2023 -  Week 4 Session 7Business Analyst Series 2023 -  Week 4 Session 7
Business Analyst Series 2023 - Week 4 Session 7
DianaGray10139 views
Enabling DPU Hardware Accelerators in XCP-ng Cloud Platform Environment - And... by ShapeBlue
Enabling DPU Hardware Accelerators in XCP-ng Cloud Platform Environment - And...Enabling DPU Hardware Accelerators in XCP-ng Cloud Platform Environment - And...
Enabling DPU Hardware Accelerators in XCP-ng Cloud Platform Environment - And...
ShapeBlue106 views
Webinar : Desperately Seeking Transformation - Part 2: Insights from leading... by The Digital Insurer
Webinar : Desperately Seeking Transformation - Part 2:  Insights from leading...Webinar : Desperately Seeking Transformation - Part 2:  Insights from leading...
Webinar : Desperately Seeking Transformation - Part 2: Insights from leading...
Import Export Virtual Machine for KVM Hypervisor - Ayush Pandey - University ... by ShapeBlue
Import Export Virtual Machine for KVM Hypervisor - Ayush Pandey - University ...Import Export Virtual Machine for KVM Hypervisor - Ayush Pandey - University ...
Import Export Virtual Machine for KVM Hypervisor - Ayush Pandey - University ...
ShapeBlue119 views
2FA and OAuth2 in CloudStack - Andrija Panić - ShapeBlue by ShapeBlue
2FA and OAuth2 in CloudStack - Andrija Panić - ShapeBlue2FA and OAuth2 in CloudStack - Andrija Panić - ShapeBlue
2FA and OAuth2 in CloudStack - Andrija Panić - ShapeBlue
ShapeBlue147 views
Zero to Cloud Hero: Crafting a Private Cloud from Scratch with XCP-ng, Xen Or... by ShapeBlue
Zero to Cloud Hero: Crafting a Private Cloud from Scratch with XCP-ng, Xen Or...Zero to Cloud Hero: Crafting a Private Cloud from Scratch with XCP-ng, Xen Or...
Zero to Cloud Hero: Crafting a Private Cloud from Scratch with XCP-ng, Xen Or...
ShapeBlue198 views
Extending KVM Host HA for Non-NFS Storage - Alex Ivanov - StorPool by ShapeBlue
Extending KVM Host HA for Non-NFS Storage -  Alex Ivanov - StorPoolExtending KVM Host HA for Non-NFS Storage -  Alex Ivanov - StorPool
Extending KVM Host HA for Non-NFS Storage - Alex Ivanov - StorPool
ShapeBlue123 views
How to Re-use Old Hardware with CloudStack. Saving Money and the Environment ... by ShapeBlue
How to Re-use Old Hardware with CloudStack. Saving Money and the Environment ...How to Re-use Old Hardware with CloudStack. Saving Money and the Environment ...
How to Re-use Old Hardware with CloudStack. Saving Money and the Environment ...
ShapeBlue166 views
The Power of Heat Decarbonisation Plans in the Built Environment by IES VE
The Power of Heat Decarbonisation Plans in the Built EnvironmentThe Power of Heat Decarbonisation Plans in the Built Environment
The Power of Heat Decarbonisation Plans in the Built Environment
IES VE79 views
DRaaS using Snapshot copy and destination selection (DRaaS) - Alexandre Matti... by ShapeBlue
DRaaS using Snapshot copy and destination selection (DRaaS) - Alexandre Matti...DRaaS using Snapshot copy and destination selection (DRaaS) - Alexandre Matti...
DRaaS using Snapshot copy and destination selection (DRaaS) - Alexandre Matti...
ShapeBlue139 views
iSAQB Software Architecture Gathering 2023: How Process Orchestration Increas... by Bernd Ruecker
iSAQB Software Architecture Gathering 2023: How Process Orchestration Increas...iSAQB Software Architecture Gathering 2023: How Process Orchestration Increas...
iSAQB Software Architecture Gathering 2023: How Process Orchestration Increas...
Bernd Ruecker54 views
DRBD Deep Dive - Philipp Reisner - LINBIT by ShapeBlue
DRBD Deep Dive - Philipp Reisner - LINBITDRBD Deep Dive - Philipp Reisner - LINBIT
DRBD Deep Dive - Philipp Reisner - LINBIT
ShapeBlue180 views
Migrating VMware Infra to KVM Using CloudStack - Nicolas Vazquez - ShapeBlue by ShapeBlue
Migrating VMware Infra to KVM Using CloudStack - Nicolas Vazquez - ShapeBlueMigrating VMware Infra to KVM Using CloudStack - Nicolas Vazquez - ShapeBlue
Migrating VMware Infra to KVM Using CloudStack - Nicolas Vazquez - ShapeBlue
ShapeBlue218 views
Mitigating Common CloudStack Instance Deployment Failures - Jithin Raju - Sha... by ShapeBlue
Mitigating Common CloudStack Instance Deployment Failures - Jithin Raju - Sha...Mitigating Common CloudStack Instance Deployment Failures - Jithin Raju - Sha...
Mitigating Common CloudStack Instance Deployment Failures - Jithin Raju - Sha...
ShapeBlue180 views
Backup and Disaster Recovery with CloudStack and StorPool - Workshop - Venko ... by ShapeBlue
Backup and Disaster Recovery with CloudStack and StorPool - Workshop - Venko ...Backup and Disaster Recovery with CloudStack and StorPool - Workshop - Venko ...
Backup and Disaster Recovery with CloudStack and StorPool - Workshop - Venko ...
ShapeBlue184 views
Updates on the LINSTOR Driver for CloudStack - Rene Peinthor - LINBIT by ShapeBlue
Updates on the LINSTOR Driver for CloudStack - Rene Peinthor - LINBITUpdates on the LINSTOR Driver for CloudStack - Rene Peinthor - LINBIT
Updates on the LINSTOR Driver for CloudStack - Rene Peinthor - LINBIT
ShapeBlue206 views
State of the Union - Rohit Yadav - Apache CloudStack by ShapeBlue
State of the Union - Rohit Yadav - Apache CloudStackState of the Union - Rohit Yadav - Apache CloudStack
State of the Union - Rohit Yadav - Apache CloudStack
ShapeBlue297 views
Transitioning from VMware vCloud to Apache CloudStack: A Path to Profitabilit... by ShapeBlue
Transitioning from VMware vCloud to Apache CloudStack: A Path to Profitabilit...Transitioning from VMware vCloud to Apache CloudStack: A Path to Profitabilit...
Transitioning from VMware vCloud to Apache CloudStack: A Path to Profitabilit...
ShapeBlue159 views
Future of AR - Facebook Presentation by Rob McCarty
Future of AR - Facebook PresentationFuture of AR - Facebook Presentation
Future of AR - Facebook Presentation
Rob McCarty64 views
CloudStack Managed User Data and Demo - Harikrishna Patnala - ShapeBlue by ShapeBlue
CloudStack Managed User Data and Demo - Harikrishna Patnala - ShapeBlueCloudStack Managed User Data and Demo - Harikrishna Patnala - ShapeBlue
CloudStack Managed User Data and Demo - Harikrishna Patnala - ShapeBlue
ShapeBlue135 views

Autonomous Pervasive Systems and the Policy Challenges of a Small World!

  • 1. Keynote IEEE Symp on Policies for Distributed Systems and Networks 2007 Autonomous Pervasive Systems and the Policy Challenges of a Small World! Emil Lupu Imperial College London
  • 2. University of Bologna • Oldest University in Europe (certainly the oldest medieval). • Born out of conflict: the papalimperial rivalry, restrictions put by the church on learning and in particular on common law. • Lack of protection of non “citizens” leads to the formation of guilds (“universitas”).
  • 3. Policy at Bologna • In essence a school of law. • A university ran by the students. Policy (Bologna University style): • Doctors elected by students. • Curriculum must be agreed by the students. • Curriculum must be divided into two-weekly puncta. • Doctors who start lectures late or finish late must pay a fine. • Doctors who fail to attract at least 5 students are deemed absent and fined. • Doctors must pay a deposit before being allowed to leave the city to ensure their return. Peter Watson 
 Ideas: A history from Fire to Freud Phoenix Publ. 2005
  • 5. Policies • Originally introduced to separate the strategy for resource allocation in OSs from the mechanisms controlling the resources. 
 
 R Levin et al. Policy/Mechanism Separation in Hydra. 5th Symp. on Operating Systems Principles (SOSP), November 1975. • Became popular in large centralised access control systems and subsequently, in the early 90’s, for managing large networks and distributed systems. • Policies apply to large sets of objects providing uniform configuration. • Provide the means to automate adaptation across large systems
  • 6. Policy Areas Business Rules Network and Systems Management Semantic Web Trust Privacy SLAs Access Control and Security Management Policy Workshop Web-Services Data Centric Security 1999 Enterprise Distributed Multi-Agent Systems Object Computing Negotiation
  • 7. Policies for Large Systems require Complex Policy Systems • Build on complex software infrastructure: CIM, LDAP, Storage, Databases, Web-Services (WS-*), Grid-Environments, ... • Systems are functionally separated. A function realised for the entire system e.g., Authentication, Fault-Diagnostics, Accounting, ... • Architectures are tightly coupled, making in difficult and laborious to add new elements. • Computational power is infinite (or almost). Components are always available • Policies are replacing human actions.
  • 8. Examples: Ponder Java obligation policies Policy Source Text Editor Java security Code Generator Syntax Analysis Scope/ Type Analysis AST Win2000 security Code Generator IC XML Code Generator Semantic Analyser Syntax Analyser (SableCC) ... Code Assembler CIM Call PolicyService to store policy code in directory Compiler Toolkit HypTree Browser Analysis Refinement DiffServ Domain Service 
 London network Front End enable Deleted unload load Loaded core network disable tr2 2 load, enable,.. checkRefrains inst mstruct /london/tr1 = trafficT(op1, qos1) mstruct /paris/tr2 = trafficT(op1, qos2) Paris network 7 2 3 enable,disable 6 eventHandler obligMethod REOs enable,disable checkRefrain Policy Management Agents (Obligation & Refrain Policies) Deployment Event Service OEOs 1 Access Controllers (Authorisation Policies) Enabled edge Policy Management Agent router OPOs RPOs LDAP Server enable Enforcement Agents Dormant edge router tr1 Policy Object Roles, Rel Management Structures register, ... 5 eventEngine 4 8 Access Controllers ACs 9 Enforcement Configuration Manager
  • 9. Lessons • Development intensive requiring numerous services that depend on many underlying systems and packages. Must be able to rely on commercial policy products ... which aren’t there. • Difficult to maintain, distribute and demonstrate. Numerous queries received about the Ponder toolkit were about LDAP installation and configuration. • Difficult to integrate with new techniques: planning, context, analysis, security and management ... • Policies replace human (administrator) led activity. Typically compared with scripting and ad-hoc human-driven solutions. Poor short term ROI.
 Need to provide “advantage”: analysis, refinement and validation. 
 Need to provide benchmarking and proof of scale up.
  • 10. Policy Outset • Policy motivated by arguments of scale • Industry cannot deliver the products and benchmarks • Academics cannot deliver convincing demonstrations • Restrict to theoretical work. • Small proof of concept for individual techniques.
  • 12. Cardiac Monitoring UbiMon Body Sensor Node Primary unit Secondary unit Sensors RF Control Control RF Battery Power Signal conditioning Antenna Antenna Tertiary unit/Central Server
  • 13. The BSN platform - TinyOS - Ultra low power 16 bit processor - 64KB + 256KB Flash memory - 6 analog channels - IEEE 802.15.4 (Zigbee) wireless link
  • 14. Body Area Networks for eHealth • Implanted and wearable sensors: Heart monitoring, blood-pressure, oxygen saturation, etc. • Continuous monitoring of physiological condition e.g., cardiac arrhythmia. • Maintenance of chronic conditions: heart deficiencies, diabetes mellitus, chronic anaesthesia • Incremental drug delivery. Context dependent drug delivery. Body Area Networks • Remote interrogation • Alert for emergency interventions.
  • 15. Requirements • Continuous adaptation: • sensor failures, new sensors and diagnostic units • changes in user activity and context • changes in the patient’s medical condition • interactions with other devices in different environments: home, hospital, GP clinic • Minimal resource (power) consumption • No administrator interactions • Low-coupling • Support for Interactions • peer-to-peer interactions between devices • composition between subsystems • federation between collections of devices • Decision making: goal-driven, heuristics, utility • Learning: classification, statistical, declarative
  • 16. Policy-based closed adaptation loop Events Monitor Events Manager 
 Agent Managed
 Objects Control actions Decisions Policies (auth) New functionality
 Policies
 (oblig/ECAs)
  • 17. Policies in Healthcare Environments • Obligations define which operations need to be performed when certain events occur. Event-Condition-Action Rules • Authorisations define which operations are permitted and under which circumstances. • Other policy types: Membership management, Information Filtering, Trust Management, Delegation, Negotiation, etc. • Policies applied to different functional areas: device and service discovery, device configuration, authentication and authorisation, privacy, collaborations, ...
  • 18. The Controller: Gumstix • 200-400MHz (Intel XScale PXA255)16 MBFlash
 Bluetooth • Expansion boards: Wifi, Eth, Cf or MMC, audio, GPS • Linux 2.6 • GCC, JamVM and other development tools • 802.15.4 through connected BSN
  • 19. Autonomous Unmanned Vehicles • Each vehicle is an autonomous collection of managed devices with different functional capabilities • Must be extensible to different sensors and modules • Can aggregate and collaborate in fleets of autonomous vehicles • Must interact with external environment
  • 20. Building Integration • Instrumentation of in-door environments: multimedia, assisted living for the elderly • Discovery and autonomy across nested collections of devices • Interactions with persons (and their personal area networks) • Composition and federation that follows: physical space, functional space
  • 21. Citywide environments • How do we build next generation pervasive city infrastructures? • Composition federation and interaction of pervasive spaces. • Interactions with mobile users and groups of users. • Space as catalyst for social interaction
  • 22. Pervasive Spaces Events Monitor Events Manager Agent Managed Objects Control actions Decisions Policies New functionality Policies PAN Control Autonomous 
 Vehicles Personal Area Networks Home Appliance Control Events Monitor Events Manager Agent Managed Objects Control actions Decisions Policies New functionality Policies Intelligent Home Networks Pervasive Environments
  • 23. A common pattern • That can be used at different levels of scale: body area networks, unmanned vehicles, intelligent homes, and large distributed systems and networks. • That can provide self-management and closed-loop adaptation at the local level. • That can provide different levels of functionality. • That is architectural as well as functional. • Provides low-coupling between the different services.
  • 24. Self-Managed Cells ... and the first Architectural Steps
  • 25. What is a Self-Managed Cell? • A set of hardware and software components forming an administrative domain that is able to function autonomously and thus capable of selfmanagement. • Management services interact with each other through asynchronous events propagated through a content-based event bus. • Policies provide local closed-loop adaptation. • Able to interact with other SMCs and able to compose in larger scales SMCs.
  • 26. Self-Managed Cell (SMC) Monito Events Events Control actions Managed 
 Objects Decisions Policies New functionality` Policies Manager 
 Agent
  • 27. SMC Pattern • Provides low-coupling between the different services. • Permits the use of different service implementations when used at different levels of scale. • Permits to add services to SMCs in order to add functionality: • Context service(s) for mobile users and gathering information from the environment. • Authentication, Access Control and other security services. • Provisioning and Optimisation services for control of resources
  • 28. SMC Core Services • Discovery Service 
 (including membership management) • Event Service Events • Policy Service Monitor Events Manager 
 Agent Managed
 Objects Control actions Decisions Policies (auth) New functionality
 Policies
 (oblig/ECAs)
  • 29. Cell Discovery Service • Discovers new devices and maintains membership to detect failures and departures from cell. • Queries device for its profile and services; • Performs vetting functions e.g. authentication, admission control. • Listens for new service offers and service removals from the devices • Generates events to signal new/disconnected devices or software components. Interested services can subscribe, receive and react to these events. • Own implementation developed to cater for BSN nodes and policy configurable parameters but other protocols e.g., SDP, SLP, ... could be used in other environments.
  • 30. Cell Event Service • Publish/Subscribe with content based router. • At-most-once, reliable event delivery. • To an individual recipient events are delivered in the same order as received by the router. • Quenchable publishers to minimise number of messages and power consumption. • Supports heterogeneous communication.
  • 31. Event Service Architecture NewDevice Publisher Router DeviceLeft subscription filtering proxy S1 Subscribers S1 S1 proxy P1 P1 proxy S2 S2 S2 filter(s) undelivered messages
  • 32. Policy Service: Ponder2 ... the same, yet very different http://ponder2.net
  • 33. Policies for Different Functional Areas • Device and Service Discovery. How to react to new devices and services and their disappearance. • Membership Management. • Context Management. How to react to changes in location, activities of the user, surrounding environment. • Clinical Management. How to react to changes in the clinical condition. • Security Management. • Policy Management. Enable, disable, unload policies.
  • 34. Ponder2 Design Goals • Permit interaction with a running SMC Ponder2 Design Process • invoking operations on objects • policy creation, activation, etc. Design • Only loads what is needed • Can be extended (dynamically) • Must run on a Gumstix (and possibly on BSN nodes) Remove
  • 35. Ponder2 • Supports both obligation policies in the form of Event-Condition-Action rules and authorisation policies. Therefore it requires: • Managed Objects to represent resources and invoke operations on external services • Domains to group objects and specify policies in terms of domains of objects. • Events to trigger policies and interactions with the event bus. • Policies of multiple kinds. • Object invocations to implement policy actions
  • 36. Ponder2 Policy Service Event Events Domains Policy Objects ... Cell Policy
 Interpreter Actions Holds refs to managed objects: Devices, SMCs, Policies, Roles, etc Managed Objects PonderTalk
 Commands
 (and Policies) Policy
 Service
  • 37. Ponder2, try again • The Policy Service requires: • Convention for loading and creating Managed Objects • Invoking operations on Managed Objects • Root domain (that does not know it is a domain) • That’s it! • Domains, policies, events, ... are themselves managed objects that follow the same conventions.
  • 38. Bootstrapping Ponder2 in PonderTalk • SMC is just an empty domain - root • Import domain factory • Create domains • Import basic factories // Bootstrap code for Ponder2 ! // Import the Domain code // and create the default domains domainFactory := root load: "Domain". root at: "factory" put: domainFactory create; at: "policy" put: domainFactory create; at: "event" put: domainFactory create. // Put the domain factory into the factory directory root/factory at: "domain" put: domainFactory. ! • Read more PonderTalk // Import event and policy factories root/factory at: "event" put: ( root load: "EventTemplate" ); at: "oblig" put: ( root load: "ObligationPolicy" ).
  • 39. Managed Objects • A managed object • Conforms to a set of interface rules. • Created through a factory External import Policy service import RMI import • Accepts commands Internal Factory .jar file • Several pre-defined types of managed objects: domains, policies, factories, external, events / /svc /fact factory object remote invocation RMI <<create>>
  • 40. Writing a new Managed Object • A Managed Object is a Java class • PonderTalk messages converted to method calls • Constructors called by factory messages • Instance methods called by operational messages • Mapping done by @Ponder2op Java annotation • uses apt Annotation Processing Tool instead of javac
  • 41. Example: a HashTable Managed Object public class MyManagedObject 
 implements P2ManagedObject { ! ! ! ! ! private Map<String, OID> data; @Ponder2op("create") MyManagedObject() { data = new HashMap<String, OID>(); } ! ! return data.get(name); } @Ponder2op("remove:") OID remove(String name) { return data.remove(name); } } @Ponder2op("size:") MyManagedObject(int size) { data = 
 new HashMap<String, OID>(size); } apt ManagedObject @Ponder2op("at:put:") OID store(String name, OID oid) { data.put(name, oid); return oid; } @Ponder2op("at:") OID get(String name) { P2MyManagedObject create size: int at: name put: OID at: name remove: name <<interface>> ManagedObject MyManagedObject MyManagedObject() MyManagedObect(int size) store(String name, OID oid) get(String name) remove(String name) 41
  • 42. Events in Ponder2 • Event = notification with named attributes. / • Trigger policies. • An event factory interfaces with an external event bus. event event types fact • Multiple factories can be used. inst • Event types (templates) are created by factories. XML intrusion compromise Blaster WS-Notif <<create>>
  • 43. Example: Discovery of new BSN sensor • Discovery service issues events when BSN is detected or lost ! newevent := root/factory/SMCeventbus. ! // newBSN event type ! root/event at: "newBSN" put: (newevent create: #("name" "type") ). ! // example of raising an event root/event/newBSN 
 create: #("Temp1" "TempMon").
  • 44. Policies • Created with policy factory Blocks • Dynamically associate events, actions and conditions with a policy • Blocks are objets that group statements. • Can be activated and deactivated • Are managed objects. Can be moved, deleted, created, activated, deactivated by other policies • Actions and conditions are blocks • Block execution is delayed • Blocks can take arguments • Blocks are closures • Blocks return the result of their last statement
  • 45. Discovery Policies • When a new BSN sensor is discovered a policy is used to create the appropriate adaptor managed object • Adaptor object acts as proxy for the BSN and can receive commands for them e.g. setrate // Create discovery policy newpolicy := root/factory/oblig. ! discBSN := newpolicy create. discBSN event: root/event/newBSN; action: [ :name :type | root/template/bsnAdaptor create: name setActive: type ]; setActive: true.
  • 46. Blood Pressure Policy // Create blood pressure policy • on bp(value)
 newpolicy := root/factory/event. 
 newevent := root/factory/ecapolicy. if (value>150)
 ! && oldValue<=150
 bphigh := newpolicy create. bphigh event: (newevent create: #(“name”, “newVal”, “oldVal”) condition: [ :name :newVal :oldVal | • do
 name == "BP1" && ( newVal > 150 ) /bsn/HEART1
 && ( oldVal < 150 ) ]; .set(sensorRate=1)
 action: [ 
 root/bsn/HEART1 setRate: 0.1. /alarm.alarm(on)
 root/alarm setAlarm: true; show ]; /alarm.show setActive: true. ! root/policy at: "bphigh" put: bphigh
  • 48. Not yet quite a policy language on new_component(id, profile, addr) do if profile == “heart rate” then r = /fact/hr.create(profile, addr); /sensors.add(r) ! on hr(level) do if level > 100 then /sensors/os.setfreq(10min); /sensors/os.setMinVal(80) 
 ! on context(activity) do if activity == “running” then /policies/normal.disable(); /policies/active.enable() ! auth+ /patient → /os.{setfreq, setMinVal, stop, start} auth+ /patient → /policies.{load, delete, enable, disable}
  • 49. Heart Monitoring Demo BSN Node Accelerometer BSN Node ECG sensor BT link Gumstix (Linux, BT, WiFi) ! Discovery Service Policy service Event service HR visualisation and communication (SMS, Call, GPRS)
  • 50. How small should an SMC be? • Is a BSN node an SMC? • 6 analog sensor channels • Event based interactions • Need for policy-based adaptation
  • 52. Inter-SMC Interactions Measure ment & Mon itorin g Interaction Adaptation Serv ice Discov ery Ev ent Bus Policy Management M e a sur e m e n t & Mo n it o r in g Se r v ice D is co ver y Measurement an d Control Adapters In te r a ct io n Ad a p t a t io n In te r a ct io n Ad a p t a t io n M e a sur e m e n t a n d C o n tr o l Ad a p te r s Ma n a g e d R e so ur ce s Ser v ic e D isco ver y Me a su r e me n t & M o n it o r in g Eve n t Bu s Eve n t Bu s Po lic y Ma n a g e me n t Other Context C o n t e xt Po lic y M a n a g e me n t M e a su r e m e n t a n d C o n tr o l Ad a p t er s M a n a g e d R e so u r ce s C o n te xt
  • 53. Peer-to-Peer Interactions … • Layered SMCs: application / services / network • Peer SMCs (peer devices, peer networks, SLAs…) …
  • 54. Peer to Peer Interactions Patient Doctor 
 (GP clinic) Nurse
  • 55. SMC Composition The internal SMCs cease to advertise themselves externally. ! ! The enclosing SMC programs the nested SMCs
  • 57. SMC Interactions: Requirements • Despite apparent differences both peer-to-peer and composition interactions require similar support: • actions: SMCs need to invoke actions on other SMCs e.g. to access device readings, actions specified as part of policies. • events: SMCs need to exchange events i.e. both publish and subscribe to events in a remote SMC • policies: SMCs need to exchange policies e.g. ask a remote SMC to react to events in a particular way
  • 58. Interactions and Autonomy • Each SMC must retain autonomy over its resources: • It must decide which functions (services) to export • It must retain decision on whether to export (bind) any of its internal resources externally • It may mediate external interactions to internal managed objects e.g., for filtering and parameter adaptation. • It decides which policies to accept (allowing “full access” may jeopardise integrity). • Applicable in both p2p and composition
  • 59. Differences: p2p - composition • Once bound as a resource in a composition relationship: • The SMC ceases to advertise itself • The SMC does not establish other p2p or composition relationships unless directed by the outer SMC • “administrative” interfaces are guaranteed to be bound to a single outer SMC. • Events and services exposed to other SMCs will be different in composition and p2p relationships. • Policies (i.e., missions) accepted will be different
  • 60. SMCs discovery • On SMC discovery, each SMC assigns discovered SMC to pre-defined domains. • Policies for domain apply to assigned SMC. • SMC Discovery can also result in policy-exchange and sharing of events and services.
  • 61. SMC Missions: Policy Exchange • SMC Interfaces define: • events: that can be raised by an SMC • notifications: that an SMC can receive • actions: that can be invoked on the SMC
  • 62. Policy Exchange II mission patientT(nurse, patient, ECGlevel, ECGTime) do on patient.mloaded() do nurse.store(patient.readlog()) on patient.hr(level) do if level > ECGlevel then patient.startECG()
 patient.timer(ECGTime, endECG()) nurse.ecgOn() on patient.endECG() do nurse.display(patient.readECG())
  • 63. SMC Missions: Policy Exchange auth+ /nurse → /patient.loadMission // at the Patient auth+ /patient → /nurse.store // at the Nurse auth+ /patient → /nurse.displayECG on newPatient(p) do ref = p.loadMission(/patients.interface, p.interface, 82, 40); / roles[p].add(ref)
  • 64. Interaction Procedure • Discover SMCs • Decide what kind of interaction to create (for both SMCs) • Decide on role assignment • Exchange Interfaces • Perform role assignment and creation of managed object • Decide which missions to instantiate and instantiate them.
  • 65. Missions in Multi-Party Interactions Patient Doctor Nurse
  • 67. IEEE 802.15.4 • Claims maximum bandwidth of 250Kbps 1 hop away 1 packet = 76B Rate varies: 
 1-40 packets/s • Observed max. throughput 50Kbps. At this rate the receiver’s packet queue fills up and packets are dropped
  • 69. End-to-end Delay Gumstix Bluetooth, WiFi Linux Discovery Service Discovery Service Policy service Event service BSN Node
 802.15.4 gateway Serial Comms 25 ms IEEE 802.15.4 20 ms
  • 70. Discovery • expected 110ms (2 serial + 3 * 802.15.4 packets) • observed 129ms • End-to-end: 144ms; includes • discovery handshake • generation of new_component event • event proxy and managed object creation
  • 71. Event Service • Subscription matching: 13-15ms
  • 72. Policy Service • Policy Object: 3.214 kB includes policy type, triggers, actions and constraints • Simple policy execution (null action): 13.57ms • Simple policy execution action issued to BSN: 23.88ms • Simple policy execution + simple condition: 30.05ms • End-to-end: event published to proxy to policy execution: 46.05 ms
  • 73. Observations • Use of XML generates significant overhead in terms of both memory consumption and run-time processing. • This despite using a small footprint and efficient parser. • Performance suitable for body-area network for self-management purposes. • Not always suitable for application data e.g., ECG 200Hz • Processing and adaptation capability on sensor
  • 75. Reasoning and Planning • Analysis and Refinement work to date relies on abductive reasoning. • Can we do abductive reasoning on a Gumstix? • Yes with a bit more memory! • Planning and Distributed Planning ? ? ? ?
  • 76. Making Sense of the Surrounding World • Much work is directed towards abstracting sensor input in higher level “state” information. Accelerometers, Temperature, Sound, ... • Buy why should be always starting from scratch... Can we use acquired information to refine Context Models?
  • 77. Making Sense of Behaviour Policies are rules governing choices in the behaviour of systems Policies are rules learnt from the behaviour of ...
  • 80. • SMC defines a common architectural pattern that can be applied at different levels of scale. • Content-based filtering event bus provides flexibility and de-coupling between services. • Ponder2 provides support for general object management and policies • In contrast to policies in large systems, designs in autonomous pervasive computing strive to be simple. Scale is achieved through extensibility, modularity and composition of autonomous components. • Realising autonomous pervasive systems requires the integration of multiple techniques from different areas of computing: operating systems, distributed systems, statistical decision methods, AI, DAI, multi-agent systems, knowledge engineering, ... • ... on a small scale!
  • 81. Acknowledgements Sye-Loong Keoh Kevin Twidle Morris Sloman Joe Sventek Naranker Dulay Alberto Schaeffer Stephen Strowes Steven Heeps
  • 82. References • Ponder2 Policy Service: http://www.ponder2.net • E. Lupu, N. Dulay, M. Sloman, J.Sventek, S. Heeps, S. Strowes, K. Twidle, S.-L. Keoh, A. Schaeffer-Filho. AMUSE: Autonomic Management of Ubiquitous e-Health Systems. Concurrency and Computation: Practice and Experience, John Wiley and Sons, Inc., 2007 (To Appear). • Keoh, S.L., Twidle K., Pryce, N., Schaeffer-Filho, A E., Lupu, E., Dulay, N., Sloman, M., Heeps, S., Strowes, S., Sventek, J., and Katsiri, E. Policy-based Management for BodySensor Networks. 4th International Workshop on Wearable and Implantable Body Sensor Networks (BSN 2007), AAchen, Germany, March 2007. • Russello, C. Dong, and N. Dulay. Authorisation and Conflict Resolution for Hierarchical Domains. IEEE Workshop on Policies for Distributed Systems and Networks (Policy), Bologna, Italy, June 2007.