Sites Inria

Version française

Research

Jean-Michel Prima - 28/03/2017

Ecologically-inspired software engineering for higher robustness

Projet Diversify

Could software engineering find some inspiration in the way biological systems function? A multidisciplinary group of scientists spent three years exploring the concept in the context of Diversify, a European project led by Inria researcher Benoît Baudry. Their in silico experiments show that, just like biodiversity, software diversity is a huge plus when it comes to robustness and adaptability to changes.

April 7, 2014 was a busy day for system operators worldwide. The existence of a security bug in the OpenSSL cryptographic library was disclosed together with the release of a corrective patch to be implemented forthwith. Indeed, Heartbleed was reputedly the worst vulnerability flaw ever to pop up in two decades of Internet history. A chunky 17% of secure web servers using digital certificates were considered at risk. That's half a million platforms serving billions of users, the latter being consequently advised to change all passwords right away.

The problem, in and of itself, is not having one bug in one library, but rather the fact that one library is being used by so many servers and applications, says Benoît Baudry. In other words, it's the software monoculture. This phenomenon is massive at the bottom of the software stack where servers, databases and routers are all run by the same few applications. But software monoculture also continues growing in upper levels. For instance, the CMS WordPress accounts for 20% of the 500,000 top web sites built with the help of a Content Managing System. And in turn, 64% of those WordPress sites use the very popular Akismet plugin. So, in essence, we all use the same software clones. Granted it comes with manifold advantages. Homogenous systems are cheaper, easier to maintain and easier to interoperate. But uniformity also begets an inherent weakness, for one single bug can lead to the failure of a whole system. That's why we have been exploring software diversity as an alternative meant to improve robustness.

Adaptability to changes

The key idea underlying the European project Diversify was to “work with ecologists, tap into what they have learned about ecological systems and use this knowledge to build more resilient software. ” Indeed, ecosystems happen to be way more robust than software systems as their diversity ensures their adaptability to changes. “Take bees and flowers for instance. Bees can pollinate a variety of flowers. By the same token, many flowers can be pollinated by other insect pollinators. ” Consequently, the extinction of a species won't snowball into the extinction of another.
Ecologists usually quantify such robustness through bipartite graphs meant to chart the interactions between species: a point would represent any kind of entity whereas a link would represent interactions between entities. “In our research, we analogized a network of software services to those bipartite ecological graphs. ”  There's no pollen involved, but “users get access to information that are stored on a central server through their device. In both cases, interactions are the core ingredient that makes these systems run. And they can be represented with the same mathematical structures.

Robustness Significantly Increased

From there, one of the challenges for the project was to “adapt these processes to achieve the emergence of diversity in software graphs in order to obtain graphs that are more robust to perturbations. ” For so doing, scientists designed a model that defines a new relationship between two major components of a web software system: the service provider (say the flowers) and the consumers (the bees). By ‘consumer’, what is actually meant is an application that aggregates remote micro services in order to offer macro services to their customers —a travel web site tapping into the weather forecast for instance.
In this model, every now and then, the service provider chooses to either add or drop one of its service. This is done at random or based on the popularity of an item. Similarly, consumers also change the links to providers through which they access their required services. Again, this can be done randomly or in view of maximizing its equitability (the number of times each required service is provided).

Then the magic kicks in: “When we inject bugs and perturbations in this diversified system, it survives as a whole much longer than the usual ones, Baudry points out. Through a string of local decisions, we very significantly increase the global robustness of the system. ” Vindicating the original intuition, these in silico experiments now open the door to further work. Next step? “Working on this topic with an industry research lab would be a logical follow-up.

Keywords: Diverse Diversy INRIA Rennes - Bretagne Atlantique Benoit Baudry European project Software Ecology

Top