Willow Survivablity Architecture
The Willow system is designed to support the survivability of large distributed information systems. As part of its approach, Willow deals broadly with their faults, applying:
The reactive component of Willow supplements the usual information system fabric with a comprehensive fault-tolerance mechanism referred to as a survivability architecture or information survivability control system (paper). The key to the architecture is a powerful reconfiguration mechanism that is combined with a general control loop structure in which network state is sensed, analyzed, and required changes effected.
The main challenges Willow overcomes are those of scalability and complexity. The information systems of interest are composed of (1) complex arrangements of very large numbers of computing nodes (hundreds of thousands to millions), (2) apply extensive communication facilities, and (3) operate across many domains of ownership and responsibility. Resultingly, the damage to such systems may be complex and widespread. This damage then necessitates extensive, complex error recovery. Our implementation strategy explictly deals with precisely these issues of scalability and complexity in both detection and response.
Willow is based on declarative specification of large-scale fault-tolerance programming. These specifications of fault detection and reaction are used directly to generate a specific instantiation of Willow. Willow provides demonstrably efficient, automated fault tolerance over large and complex systems with an innovative distributed architecture. The Willow system is fully implemented, allowing us to investigate its application and efficiency with respect to survivability problems.
The major components of Willow are:
We are also applying the paradigms of Willow to the domain of emergency response in the STILT project.
Willow is fully implememented in Java as a distributed architecture.
If you are interested in the software please contact us.
|© 2003-2005 Dependability Research Group|