1 / 11

Three Lessons from Aladdin on Dependability Evaluation

Three Lessons from Aladdin on Dependability Evaluation. http://research.microsoft.com/~ymwang/default.htm#Aladdin. Yi-Min Wang Microsoft Research, Redmond. IM & Email. Aladdin Device Adapter (ADA). SIMBA MyAlertBuddy.

raechel
Télécharger la présentation

Three Lessons from Aladdin on Dependability Evaluation

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Three Lessons from Aladdin onDependability Evaluation http://research.microsoft.com/~ymwang/default.htm#Aladdin Yi-Min Wang Microsoft Research, Redmond

  2. IM & Email Aladdin Device Adapter (ADA) SIMBA MyAlertBuddy Aladdin: connect to your house at any time, from any place, and on any device Text-based Interface Email Natural Language Parser MSN Device control objects My Home Buddy Lookup Services Eventing Monitoring Daemon Soft-State Store

  3. UbiComp Dependability Issue #1 • If a lamp was physically switched off, the X10 module and the Aladdin lookup service couldn’t know about it  system failure due to operator/user error! • Solution: better training, procedure, and disciplinary action to eliminate operator errors • Hide or remove the physical switches • Kids are easy to train • Wife refused to be trained: “your system is supposed to make my life better, so don’t tell me to change my life to make your system better.” • Better solution: Aladdin Device Adaptor (ADA)

  4. Modern Fault Model Operator/User Errors Hardware, Software, Overload Faults Traditional Fault Model UbiComp Dependability Principle #1: Users Are Always Right • “If a problem has no solution, it may not be a problem, but a fact, not to be solved, but to be coped with over time” — Shimon Peres (“Peres’s Law”) • It’s all about fault model

  5. UbiComp Dependability Issue #2 12:31AM, Sep. 24, 1999 - House under attack... 00:31:42 - Address = M13 >>>>> ALERT: BOGUS ADDRESS <<<<< ... 00:35:07 - Func = C HailRequest(8) ... 00:35:13 - Func = F AllLightsOn(1) ... 00:35:59 - Func = M ExtendedDataTransfer(12) >>>>> ALERT: BOGUS ADDRESS <<<<< ... 00:36:09 - Address = M13 >>>>> ALERT: BOGUS ADDRESS <<<<< ... 00:36:12 - Func = M Dim(4) Change in brightness level = 0x0e >>>>> ALERT: BOGUS ADDRESS <<<<< ... 00:38:00 - Func = E HailAcknowledge(9) >>>>> ALERT: BOGUS ADDRESS <<<<< ... 00:38:50 - Func = I On(2) ... 00:40:26 - Func = N AllLightsOn(1) >>>>> ALERT: BOGUS ADDRESS <<<<< ... 00:45:14 - Func = E AllLightsOn(1) >>>>> ALERT: BOGUS ADDRESS <<<<< ... 01:24:31 - Func = K AllLightsOn(1) >>>>> ALERT: BOGUS ADDRESS <<<<< ... 01:25:28 - Func = I AllUnitsOff(0) ... 01:26:24 - Func = E AllLightsOff(6) >>>>> ALERT: BOGUS ADDRESS <<<<< ... 01:44:52 - Func = J StatusRequest(15) >>>>> ALERT: BOGUS ADDRESS <<<<<

  6. 01:44AM, Sep. 24 -- Attacker identified A plugged-in X10 interface With a floating serial-port connector ! Operator error + non-fail-stop failure

  7. Modern Fault Model Imaginable Faults Traditional Fault Model UbiComp Dependability Principle #2: Panic Button For Stopping The System • “If a problem has no solution, it may not be a problem, but a fact, not to be solved, but to be coped with over time” — Shimon Peres (“Peres’s Law”) • It’s all about fault model Unimaginable Faults

  8. UbiComp Dependability Issue #3 • Affordable redundancy • Triple garage door sensors with camera • Uninterruptible Power Supply for home server • Multi-PC leader election • There are always single points of failure • Major outages • Power outage in the office shut down MyAlertBuddy • Kids installing game controller shut down MyHomeBuddy • Patch installation shut down MyAlertBuddy

  9. Modern Fault Model “Clean” Faults Traditional Fault Model UbiComp Dependability Principle #3: Ubiquitous Computing = Ubiquitous Pain • “If a problem has no solution, it may not be a problem, but a fact, not to be solved, but to be coped with over time” — Shimon Peres (“Peres’s Law”) • It’s all about fault model Systems Management Issues

  10. STRIDER: Computer Genomics approach to systems management • Black-box specifications derived from behavior monitoring & modeling http://research.microsoft.com/~ymwang/default.htm#Strider 105 ?! 105 101 STRIDER UbiComp

  11. Summary Users Are Always Right Panic Button For Stopping The System • UbiComp dependability evaluation needs to adopt a modern fault model to cover these three areas • “But it’s so messy! How can it be done?” Ubiquitous Computing = Ubiquitous Pain That itself is a major challenge for the research community!

More Related