Usage Control in Action: Controlling Resource Usage in a Grid-Based Supply Chain

Trust and Security for Next Generation Grids, www.gridtrust.eu

Usage Control in Action: Usage Control in Action: Controlling Resource Usage in a Controlling Resource Usage in a

Grid-Based Supply ChainGrid-Based Supply Chain

Lorenzo BlasiLorenzo Blasi

HP Italy Innovation CenterHP Italy Innovation Center

February 2009February 2009


AgendaAgenda

• Business context / Grid proposalBusiness context / Grid proposal

• Solving the Vehicle Routing ProblemSolving the Vehicle Routing Problem

• Security issues / GridTrust solutionSecurity issues / GridTrust solution

• ArchitectureArchitecture

• Future evolutionFuture evolution


AgendaAgenda







Business Context / ProducersBusiness Context / Producers

• Competitiveness in the Pharmaceuticals market has Competitiveness in the Pharmaceuticals market has increasedincreasedappearance of "generic" pharma productspressure from public institutionspharma products can now be sold in large retailers

• Producers' and Distributors' margins decreaseProducers' and Distributors' margins decrease• Transportation costs have big influence on final Transportation costs have big influence on final

product priceproduct price• To reduce costs and maintain profit margins big To reduce costs and maintain profit margins big

industries have created their own e-procurement industries have created their own e-procurement auctioning system for transportation servicesauctioning system for transportation services

• This leverages competition by searching the lowest This leverages competition by searching the lowest possible price on each single transportation taskpossible price on each single transportation task


Business Context / TransportersBusiness Context / Transporters

• Small transporters, to avoid being crushed between raising Small transporters, to avoid being crushed between raising prices and competitive pressureprices and competitive pressuremust increase the optimization level of their business

• The Transporters' Association proposes to its members a The Transporters' Association proposes to its members a common Grid system that can optimize both routes and common Grid system that can optimize both routes and scheduling of their whole vehicles' fleetsscheduling of their whole vehicles' fleets

• Daily optimization is already a big leap forward for most Daily optimization is already a big leap forward for most transporters, but a Grid allows more than that:transporters, but a Grid allows more than that: to re-optimize the allocation of transportation tasks to

vehicles every time that a quotation for a new one has to be produced, thus calculating the lowest possible price for each offer


The Transporters’ Association GridThe Transporters’ Association Grid

• UsersUsers Transporters

• Service ProvidersService Providers 3rd parties, e.g. Utility computing vendors

• Managing ApplicationManaging Application TAportal, used by Transporters’ Association

• Computing ApplicationComputing Application TAportal used by Transporters to submit computational jobs

• Supporting softwareSupporting software An implementation of Operational Research optimization

algorithms (VrpSolve library) A standard format for representing the problem’s input/output

data Example optimizer application


AgendaAgenda







The Vehicle Routing Problem The Vehicle Routing Problem (VRPTW) input data(VRPTW) input data

• A fleet of A fleet of MM vehicles of capacity vehicles of capacity CC

• A central depot with coordinates (A central depot with coordinates (xx00, , yy00))

• A list of N transportation tasks, where each A list of N transportation tasks, where each task task TTii is defined by: is defined by:Destination vertex vi with coordinates (xi, yi)Quantity qi of goods to be deliveredTime window (ri, di) within which the node

should be served ri defines the ready time or start time

di defines the due date or end time

Service time si for unloading goods


VRPTW problem and goalVRPTW problem and goal

• Can be formulated as a mathematical programming problem: Can be formulated as a mathematical programming problem: objective function + constraintsobjective function + constraints

• ProblemProblem: find a set of NV vehicle routes, originating from and : find a set of NV vehicle routes, originating from and terminating at the depot, such thatterminating at the depot, such that

Each vehicle services one route Each vertex vi i=1..N is visited only once Quantity of goods on each vehicle never exceeds its capacity C Start time of each route is >= r0 End time of each route is <= d0 Time of beginning of service at vertex i is >= ri If arrival time ti at vertex i is < ri then the vehicle waits for a waiting time wi= (ri - ti) Time of ending of service at vertex i is <= di

• GoalGoal: minimize NV and then the total distance TD: minimize NV and then the total distance TD• Complexity: NP-hard (for optimal solution)Complexity: NP-hard (for optimal solution)• Benchmark problems of size up to 100 customers have been Benchmark problems of size up to 100 customers have been

proposed [Solomon 1987]proposed [Solomon 1987]


Example: Solomon benchmark R103Example: Solomon benchmark R103VEHICLEVEHICLENUMBER CAPACITYNUMBER CAPACITY 25 20025 200

CUSTOMERCUSTOMERCUST NO. XCOORD. YCOORD. DEMAND READY TIME DUE DATE SERVICE TIMECUST NO. XCOORD. YCOORD. DEMAND READY TIME DUE DATE SERVICE TIME 0 35 35 0 0 230 0 0 35 35 0 0 230 0 1 41 49 10 0 204 10 1 41 49 10 0 204 10 2 35 17 7 0 202 10 2 35 17 7 0 202 10 3 55 45 13 0 197 10 3 55 45 13 0 197 10 4 55 20 19 149 159 10 4 55 20 19 149 159 10 5 15 30 26 0 199 10 5 15 30 26 0 199 10 6 25 30 3 99 109 10 6 25 30 3 99 109 10 7 20 50 5 0 198 10 7 20 50 5 0 198 10 8 10 43 9 95 105 10 8 10 43 9 95 105 10 9 55 60 16 97 107 10 9 55 60 16 97 107 10 10 30 60 16 124 134 10 10 30 60 16 124 134 10 11 20 65 12 67 77 10 11 20 65 12 67 77 10 12 50 35 19 0 205 10 12 50 35 19 0 205 10 13 30 25 23 159 169 10 13 30 25 23 159 169 10 14 15 10 20 0 187 10 14 15 10 20 0 187 10 15 30 5 8 61 71 10 15 30 5 8 61 71 10 16 10 20 19 0 190 10 16 10 20 19 0 190 10 17 5 30 2 157 167 10 17 5 30 2 157 167 10 18 20 40 12 0 204 10 18 20 40 12 0 204 10 19 15 60 17 0 187 10 19 15 60 17 0 187 10 20 45 65 9 0 188 10 20 45 65 9 0 188 10 21 45 20 11 0 201 10 21 45 20 11 0 201 10 22 45 10 18 97 107 10 22 45 10 18 97 107 10 23 55 5 29 68 78 10 23 55 5 29 68 78 10 24 65 35 3 0 190 10 24 65 35 3 0 190 10 25 65 20 6 172 182 10 25 65 20 6 172 182 10


MACS - Multiple Ants Colony MACS - Multiple Ants Colony SystemsSystems

• MACS-VRPTW algorithm [Gambardella et al 1999] MACS-VRPTW algorithm [Gambardella et al 1999] allows multi-objective optimizationallows multi-objective optimization

• Algorithm defines two ant colonies, ACS-TIME and Algorithm defines two ant colonies, ACS-TIME and ACS-VEIACS-VEI

• Each ants colony is dedicated to optimizing a different Each ants colony is dedicated to optimizing a different objective functionobjective functionACS-VEI minimizes the number of vehiclesACS-TIME minimizes the total travel time (cost)

• The two ants colonies cooperate exchanging The two ants colonies cooperate exchanging information through the update of a single pheromone information through the update of a single pheromone matrixmatrix

• Number of vehicles minimization takes precedence Number of vehicles minimization takes precedence over travel time minimization (when comparing over travel time minimization (when comparing solutions)solutions)


R103 routesR103 routes

The strange rings / butterfly wings are due to the need to

avoid or minimize waiting time in nodes where the goods are

not yet ready


Ants Colony System algorithmsAnts Colony System algorithms

• Ant Colony Algorithms are inspired by observation of Ant Colony Algorithms are inspired by observation of real ants [Dorigo Maniezzo Colorni 1991]real ants [Dorigo Maniezzo Colorni 1991]

• Real ants are insects organized in coloniesReal ants are insects organized in colonies

• Ants search for food by parallel exploration of the Ants search for food by parallel exploration of the environmentenvironment

• Ants coordinate their activity by an indirect form of Ants coordinate their activity by an indirect form of communication based on pheromone layingcommunication based on pheromone laying

• Ants follow pheromone trails and lay more of it on Ants follow pheromone trails and lay more of it on their waytheir way


AgendaAgenda







Security IssuesSecurity Issues

• By default, in a business environment,By default, in a business environment,Users and Service ProvidersUsers and Service ProvidersDon’t KNOW each otherDon’t TRUST each other

• The Transporter Association mustThe Transporter Association mustEnsure that only its members use the Grid resources

Guarantee a secure environment for competing transporters using the same resources

Guarantee Service Providers that their security policies will not be violated by Grid (transporters) users

A

B

C


GridTrust SolutionGridTrust Solution

• Ensure that only TA members use the Grid resourcesEnsure that only TA members use the Grid resourcesTA members form a Virtual Organization

• Guarantee a secure environment for Guarantee a secure environment for competingcompeting transporters using the same resourcestransporters using the same resourcesSelect only (Grid)Trusted SPs which have suitable

security policies

• Guarantee SPs that their security policies will not be Guarantee SPs that their security policies will not be violated by Grid usersviolated by Grid usersUsage Control Service enforces SP policies

A

B

C


Secure VO Operation:Secure VO Operation:granting access to servicesgranting access to services

VO

Service1

Denied

Service2

Non-VO user

VO userSP1Service1

OK

OK

SP2

PKI

A


Secure VO Operation:Secure VO Operation:selecting secure servicesselecting secure services

VO Manager

VO

SRB

Select S

Ps

SP1

SP2

Join VO

Join VO

Search SPs

Register

VBE Manager

B


Secure VO Operation:Secure VO Operation:usage controlusage control

TRS

VO

Application2VO user

SP1Application

1

Denied

OK

SP2

Applications can open the HP libs if the user

reputation is > 0.7

Applications can open files only in the user

home directory

C


AgendaAgenda




• Scenario / ArchitectureScenario / Architecture



ScenarioScenario

• Transporters’ Association (TA) Administrator Transporters’ Association (TA) Administrator sets up TA Grid Portal and VOsets up TA Grid Portal and VOCreate VOSelect and add Computational providersAdd VO users

• A good transporterA good transporterSubmitting jobs to solve routing problem

• A malicious transporterA malicious transporterTrying to steal data from competitorsTrying to steal data from providers


What if a bad transporter wants to What if a bad transporter wants to steal data from competitors?steal data from competitors?

• Transporters using the same Grid services are in Transporters using the same Grid services are in competition between themcompetition between them

• All transporters are interested in competitors’ data, so let’s All transporters are interested in competitors’ data, so let’s suppose that one of them wants to play badsuppose that one of them wants to play bad

• The bad transporter writes an application (BadApp01) The bad transporter writes an application (BadApp01) which tries to steal data of sibling applications in execution which tries to steal data of sibling applications in execution on the same Grid computational nodeon the same Grid computational node

• The starting idea is that data for all calculations on the The starting idea is that data for all calculations on the same node are hosted in temporary directories under the same node are hosted in temporary directories under the same rootsame root

• BadApp01BadApp01 so tries to navigate in sibling directories and so tries to navigate in sibling directories and pack all their contents in a single jar which will be then sent pack all their contents in a single jar which will be then sent back as the application output, but…back as the application output, but…

• ……UCON policies of the computational node don’t allow it!UCON policies of the computational node don’t allow it!


What if a bad transporter wants to What if a bad transporter wants to steal data from providers?steal data from providers?

• Routing optimization algorithm ideally uses a map, which has an Routing optimization algorithm ideally uses a map, which has an associated DT matrix giving Distance (or Time) between any pair of associated DT matrix giving Distance (or Time) between any pair of locationslocations

• Solution precision depends on the quality of the DT matrix dataSolution precision depends on the quality of the DT matrix data• DT matrix (map) data is precious and local to each SPDT matrix (map) data is precious and local to each SP• SPs make money from DT matrix data and allow clients to access it SPs make money from DT matrix data and allow clients to access it

only after payment of a feeonly after payment of a fee• Reselling DT matrix data is prohibited by the license agreementReselling DT matrix data is prohibited by the license agreement• The bad transporter writes an application (BadApp02) which tries to The bad transporter writes an application (BadApp02) which tries to

steal DT matrix data and make it available over the net, with the steal DT matrix data and make it available over the net, with the idea of reselling itidea of reselling it

• BadApp02BadApp02 is built as a web server, accepting connections from is built as a web server, accepting connections from Internet clients and providing DT matrix data as answer to requests, Internet clients and providing DT matrix data as answer to requests, but…but…

• ……UCON policies of the computational node don’t allow it!UCON policies of the computational node don’t allow it!


ArchitectureArchitecture

• TA portal / VOM operated by VO adminTA portal / VOM operated by VO admin

• VO userVO user

• Computational providers (GRAM+UCON)Computational providers (GRAM+UCON)

• VBE Manager + CAVBE Manager + CA

• SRB + TRS + PPMSRB + TRS + PPM

• Graphical Reputation MonitorGraphical Reputation Monitor


Service DeploymentService Deploymentfor the Supply Chain Demofor the Supply Chain Demo

SRB

C-UCONVO MGT

GridTrust CA

TRS

PPM


Libraries

GRAM

UCON

Libraries

GRAM

UCON

VBEM

GRAM SP registr GRAM SP registr

registerregister

register

create VO

SearchSPSelectSP

SRB

PPMTR

VO User

SearchSP

JoinVO

JoinUserToVO

TransporterAssociationPortal

VO library

VOM

Submit job

JoinSPToVO

JoinVBE

TR Monitor GUI

VO Admin

create VOJoinUserToVO

JoinSPToVO

CA

JavaAppl

DATA

Feedback


AgendaAgenda







Future evolution of the scenarioFuture evolution of the scenario

• Auctioning systemAuctioning system

• Transporter’s automated bidding systemTransporter’s automated bidding system Get new task from each auction Add task to current task list Re-route whole fleet Calculate incremental cost Produce bid

• N transporters in parallelN transporters in parallel

• To give a sample size to the scenario imagine:To give a sample size to the scenario imagine: 10 producers create an auction for each of their 50 daily transportation tasks 30 transporters that bid on every auction it is 500 auctions per day (nearly one every minute in working

hours), spawning 15.000 jobs of routing optimization every day


Auction based supply chainAuction based supply chain

• Fist-Price Sealed-Bid reverse auction modelFist-Price Sealed-Bid reverse auction model• Producers (auction proponents) produce RfQs for transportation tasksProducers (auction proponents) produce RfQs for transportation tasks• Transporters can recalculate routing exploiting routing computational Transporters can recalculate routing exploiting routing computational

services running on Grid resourcesservices running on Grid resources• Auctioning system’s offers selection is based on customer requirements: best Auctioning system’s offers selection is based on customer requirements: best

time / lowest price / transporter’s reputation / a combination of the abovetime / lowest price / transporter’s reputation / a combination of the above• Producers create a Producers create a Delivery VODelivery VO (auction and delivery management) (auction and delivery management)• Transporters use Routing VO to compute best routes for answering the Transporters use Routing VO to compute best routes for answering the

auctionauction


Thanks!Thanks!

For more information please contact: For more information please contact: Lorenzo Blasi - HP Italy Innovation CenterLorenzo Blasi - HP Italy Innovation Center

[email protected]@hp.com

Documents

Usage Control in Action: Controlling Resource Usage in a Grid-Based Supply Chain