Robust Systems

Faults at James Reserve

Faults on a volcano in Ecuador [WLJ+06]

Data faults in Bangladesh

Calibration

Motivation Summary

SensingChannel

Transducer

Network

AnalogProcessing

ADC

Digital H/W+ Software

Phenomenon

User

NoiseInterferenceObstructionsAdversaries

NoiseCalibrationFaults

NoiseCalibrationFaults

Quantization Error

FaultsBugsAdversaries

Packet LossAdversaries

Smart SensorsStable gain;Auto zero-offset correction; Transducer interference compensation; Compensation for temperature, package strain etc.; Integrated trimming for end-of-line calibration; Outstanding calibration stability

Well Studied

Image courtesy Mani Srivastava

Hard Problems

Summary

• People pay for robustness in other systems– Higher quality hardware– Technicians to monitor the data– Wired infrastructure

• In sensor networks when we pay, we pay for scale• The burden on software has increased• Robustness in sensor networks requires research and

engineering

CentRoute

• Designed for robustness– Minimizes routing inconsistencies, including loops– Minimizes memory (state) requirements on motes – Increases routing stability– Can scale to dense networks

Routing table, neighbor table, local decisions

Distributed decision making on very limited RAM hardware

Distributed Mote Routing Centralized Mote Routing

All routing decisions & state at microserver

Bypasses mote hardware limitations through global view at microserver

• Additional functionality– Bidirectional unicast routing (to and from the sink)– Global view of the entire mote network at each sink

Work by Thanos Stathopoulos

Memory Protection

• LIGHTHOUSE

• Develop simple and intuitive memory model

– Each block of memory is under the control of exactly one program at any time

– Controlling program is responsible for either tracking, freeing, or transferring ownership of the data

• Found significant memory management errors in both kernel and user SOS code using new analysis tool

• Accomplishes analysis via basic data-flow analysis on source code

• SANDBOX

• Create multiple protection domains within single address space CPUs

– Restrict write accesses of a domain to memory it owns– Restrict control flow in and out of a domain

• Designed for small memory CPUs– No static partitioning of address space– Compact memory map tracks ownership and layout

• Enforced by inline run-time checks– All write accesses are checked– All control flow operations are checked

• Checks introduced through binary re-write– Binary verified at every node– Verifier independent of re-writer– Correctness of scheme depends only upon correctness of

verifier

Work by Ram Kumar and Roy Shea

Tenet

• Show counter on LEDs

• Sense and send data back to the sink

• ... with time-stamp and sequence number

• Get memory status for node 10

• If temperature is above 50, send temperature, node ID and next routing hop

Wait Count Lights Send

Sample Send

CountStampTime SendSample

MemStats SendAddress NEQ(10) DeleteIf

Sample LT(50) DeleteATaskIf Address Nexthop SendPaek, Greenstein et al.

Environment

Sensors

Mote

Batteries

Radio Network

Final Destination

Sensorboard

Sympathy & Confidence

Data Generation Path Data Delivery Path

BothUser ActionsUser ActionsRemediate

Action-Refinement Probes + Database

----- -----Refine &

Adapt

BothHardware Rules identify locations data could be corrupted

Data Flow Rules identify locations data could be lost

Diagnose

BothTrack end-to-end data quality

Track end-to-end data quantity

Detect

ConfidenceData IntegritySympathy

Nithya Ramanathan

Fault Detection

Contextual or multiscale information

Another modality on the same node

Nodes of Same Altitude or Depth

Proximate NodesMeasurements at same time previous day

Recent Measurements

• Exploit sensor data by finding correlations between different variables

• Recognize a fault when sensor data breaks its strongest correlations

• Variable space is too high dimensional

• Signal processing techniques may provide an efficient correlation model