AGENT-BASED MODELING OF WEB SYSTEMS IN CRITICAL INFORMATION INFRASTRUCTURES Valeria Cardellini, Emiliano Casalicchio1 Università di Roma “Tor Vergata” Salvatore Tucci2 Presidenza del Consiglio dei Ministri Keywords: Agent-based modeling, Web-based services, Web infrastructures Abstract Many critical information infrastructures use Web-based systems for deploying core services (e.g., an information service to the citizens of a large city in case of a natural disaster) because of the pervasiveness of Web technologies. Web systems have been mainly modeled up to now from a performance analysis point of view through queuing networks and discrete-time simulation approaches. However, since Web systems are a building and enabling technology of critical information infrastructures, it is also opportune to investigate how to include in the model the interactions and interdependencies with human entities and other critical infrastructures. In this paper, we analyze how the agent-based modeling approach can be applied to a Web system that provides a critical infrastructure application and to its environment.
Introduction Critical information infrastructures (CII) represent a core building block of critical infrastructures[1]. Computerization has increased the efficiency, reliability, and service provisioning of infrastructures, but it has also introduced and increased cyberinterdependency[2] among them. All the eight critical infrastructures (telecommunications, electric power systems, natural gas and oil, banking and finance, transportation, water supply systems, government services, and emergency services), which have been identified in the PCCIP[3] report, rely on computer systems and data networks, but also on the ability, determination, and expertise of human operators and emergency taskforce. The CII protection requires to investigate the cyber-interdependency, to study the behavior of computerized systems and the interaction process among computerized systems and humans, when they are under severe stress operating conditions, and to understand the emergent phenomena originated by the individual behavior of the infrastructure components. Therefore, a challenge is to provide common formalisms, methodologies, and tools to model the entire system composed of human operators, computerized control systems and the environment, the 1
Dipartimento di Informatica, Sistemi e Produzione, Università di Roma Tor Vergata Via del Politecnico 1, 00133 Roma, Italy. {cardellini, casalicchio}@ing.uniroma2.it 2 Ufficio Informatica e Telematica, Presidenza del Consiglio dei Ministri Via della Mercede 96, 00187 Roma, Italy.
[email protected]
latter considered as the source of perturbations as well as the set of all the other interacting critical infrastructures. Due to the pervasiveness of Web technologies and the massive use of the service-oriented programming paradigm to realize applications deployed on the Internet, many critical infrastructure applications currently rely on Web systems. Typical examples are the electronic services such as e-Government, e-Health, e-Commerce, e-Banking, and e-Finance. The Infrastructure Web[4], which is a monitoring and management system for critical infrastructures and a critical information infrastructure itself, is also a Web-based system. Considering a critical infrastructure application based on Web technologies, the Web system infrastructure deploying such application should be able to provide a dependable and scalable service. An example scenario in which this requirement is particularly evident consists in a Web-based service used in the context of a civic emergency management such as a natural disaster. The city government would like to have the capability of providing the citizens with both general and individualized instructions on how to protect themselves and find some primary goods even after that the event has occurred. In addition, the Web-based service could be used to provide the citizens with another means to require immediate assistance. In order to fulfill its critical mission, the Web-based system should be able to react to an unpredictable and sudden service load and to provide to the end users a reliable and prompt access to information. The above example illustrates the key requirements that the Web system infrastructure should satisfy that is, dependability, survivability, and scalability. After years of continual proposals for the provisioning of scalable and reliable Web-based services, the distributed nature of the system infrastructure and its main characteristics are settled now. In this paper, we do not focus on the architectural solutions for the system infrastructure; we rather investigate how to model the Web system and its environment, including the interactions and interdependencies with human entities and other critical infrastructures, by means of the agent-based modeling approach. Traditionally, the behavior and the performance analysis of Web-based systems, as a class of computer systems, have been studied by means of equation-based models, such as discretetime queues and queuing networks[5] or by means of discrete-time simulations. On the opposite, human behavior[6], social phenomena and the interaction pattern among human and the environment[7] have been analyzed by means of agent-based modeling and simulation. Discrete-time queues and queuing networks allow to model both the single system components and the entire system and to know the state of the system, when stressed by a defined workload, through performance parameters, such as throughput, utilization and response time. However, in the CII protection framework, we are not mainly interested in obtaining such performance metrics, but we rather aim to understand the behavior of a computerized system, viewed as an autonomous, decision-making entity (or a collection of entities), capable to learn from the environment and to react and modify the environment. In this paper, the environment is the source of input for and destination of output from a computerized system, but human entities and other critical infrastructures are not modeled in details. Critical and severe stress operating conditions can cause system faults and miss behaviors or can determine unpredicted conditions that the system is unable to manage. Agent-based modeling is a methodology apt to deal with such issues, because it is able to capture emergent phenomena and to provide natural description of a system; furthermore, it is flexible. To the best of our knowledge, in literature there is a lack of agent-based models of computerized systems as CII components. The main goal of this paper is to define an agentbased model of a Web-based system[8] used for the deployment and provisioning of a critical infrastructure application. We also evaluate the opportunity to reuse the main results from the
art of computer systems modeling and performance evaluation, combining and integrating the two different modeling approaches here considered. The structure of the paper is as follows. We first provide a survey of the agent-based modeling technique. Next, we briefly review the main characteristics of Web systems for critical infrastructure applications. Then, using an example driven approach, we define an agent-based model of a Web system. Finally, we conclude the paper with some remarks.
Agent-based modeling Agent-based modeling and simulation (ABMS) is one of the most suitable approaches to model and simulate Complex Adaptive Systems (CAS). In this kind of approach, the whole model of a target system is obtained considering a population of interacting agents. The key characteristic of an agent is that it exists as an individual entity with location, capabilities, and memory[9]. From the interaction among these agents “emerge” behaviors that are not predictable by the knowledge of a single agent. The agent-based modeling technique is largely used in bio-complexity researches. Biocomplexity is a multidisciplinary field that studies, models, and analyzes the multitude of interactions (behavioral, biological, social, chemical, and physical) between living systems and their environment[10]. Such complex systems and the interaction and interdependency among them could exhibit similitude, in complexity and behavior, to the technological critical infrastructures that drive the life in our society and that directly or indirectly interact with the environment and humans. Agent-based modeling is obtained by interconnecting agents that is, independent systems that autonomously elaborate information and resources in order to define their outputs, that become inputs for other agents. An agent is an individual entity with a location, capabilities, and memory. The entity location defines where it is in a physical space (e.g., geographic region) or in an abstract space (e.g., the Internet). What the entity can perform is defined by its capabilities. An agent can modify its internal data representation (perception capability), it can modify its environment (behavior capability), it can adapt itself to environment’s changes (intelligent reaction capability), it can share knowledge, information, and common strategies with other entity (cooperation capability), it can execute actions without external intervention (autonomy capability). Finally, the experience history (for example, overuse or aging) and data defining the entity state represents the agent’s memory. We remark that agents can be defined to be autonomous, problem-solving computational entities which are capable of effective operations in dynamic and open environments. Agents are often deployed in environments in which they interact, and maybe cooperate, with other agents (including both people and software) that have possibly conflicting aims. The environments are also modeled as agents. Agents can be easily implemented by objects: therefore, all the object-oriented and agentbased[11] technologies can be used to realize simulators of agent-based models. The most known simulation frameworks to implement agent-based model are Swarm (http://www.swarm.org) and RePast (http://repast.sourceforge.net), which are both distributed under the GNU General Public License. Swarm, developed by the Swarm Development Group (SDG), is a set of libraries that facilitate the implementation of a wide range of agent-based models. Many researchs on biological and social systems are conducted using this simulation framework, as reported on the SDG Web site. RePast (REcursive Porous Agent Simulation Toolkit) is a software framework for creating agent based simulations using programming languages such as Java, .Net and Phyton. It has
been created at the University of Chicago and is now maintained by the Repast Organization for Architecture and Development. It provides a library of classes for creating, running, displaying, and collecting data from an agent-based simulation. In addition, RePast can take snapshots of running simulations and create quicktime movies of simulations. RePast borrows many concepts from the Swarm simulation toolkit. Three approaches can be used to design an agent-based simulator of a critical infrastructure: •
from-scratch approach, where an ABM simulator is designed from scratch using ABM frameworks and/or object-oriented programming languages;
•
integration approach, where an ABM simulator is designed using existing components, that are specialized simulators (ABM oriented or not) of system components. These specialized simulators may use different modeling and simulation techniques, to represent the dynamics of the target system. Each one of these models is embedded into an agent, which interacts with others agents. Agents exchange results and cooperate in simulating the whole system;
•
hybrid approach, where some components of the complex system are modeled by embedding existing models into the functional part of an agent, while the other system component models are developed from scratch. All the simulation process is based on an agent-based simulation framework.
An example of a critical infrastructure simulator using the integration approach is EPOCHS[12], where the acronym stands for Electric Power and Communication SyncHronizing Simulator. This is a simulator realized to study the interaction between the electrical power grid and the communication grid. EPOCHS uses a multi-agent approach to integrate: a simulator (PSCAD/EMTCD) to study electromagnetic transients, a simulator (PSLF) to study electromechanical transients, and Network Simulator 2 (NS2) to analyze network communication based on the TCP/IP protocol suite. The first two simulators are based on the integration of models based on differential equations and are proprietary and commercial environments. NS2 is an open source event-driven simulator. Each simulator is considered as an agent that interacts with the others, exchanging simulation results through a proxy agent. Another agent implements the simulation engine that coordinates the whole system simulation.
Web systems for critical infrastructure applications Due to the pervasiveness of Web technologies and the massive use of the service-oriented programming, many critical infrastructure applications are increasingly dependent on the Web. Typical examples are provided by electronic services which play a strategic role in our society, such as e-Government, e-Health, e-Commerce, e-Banking, and e-Finance. From the perspective of critical-mission applications, the Web system infrastructure should be able to provide dependable and scalable services. Specifically, the key requirements that the Web system infrastructure should meet include the following ones. •
Dependability. It is the ability of the Web system to deliver a service that can justifiably be trusted. Dependability encompasses many attributes including availability, reliability, safety, confidentiality, integrity, and maintainability[13]. Security is a composite of some of the above attributes; specifically, it requires the concurrent existence of availability, confidentiality and integrity. The emphasis posed on the above dependability attributes depends on the specific application; availability is always required, although to a varying degree, while the other attributes may or may not be required. For example, for e-Commerce critical-mission applications the service availability and security are two fundamental characteristics. From the point of view of the Web system architecture, the provisioning of some form of
dependability includes, among the others, the use of redundancy, the dynamic reconfiguration of hardware and software components, the detection and substitution of faulty nodes. •
Survivability. It is the ability of the Web system to continue to fulfill its mission in the presence of attacks, failures or accidents. Dependability and survivability are actually very closed to each other, especially when looking at the methods to implement them.
•
High performance and scalability. Scalability is the ability of the Web system to accommodate for user requests that augment in number and complexity. The Web system should be able to support a large number of accesses with a service of guaranteed quality level and to scale for matching rapid and dramatic changes in the number of users, facing the sudden arrival of “flash crowds” of requests, which often cause severe server and network overload and congestion.
In the field of distributed systems, it is a common and settled position that the only viable and effective architectural solution to provide dependable and scalable Web-based services is represented by a distributed Web system composed by multiple nodes on which the missioncritical service is replicated or distributed[9]. In the remainder of this section, we briefly present some background material about Web system architectures for the provisioning of dependable and scalable Web-based services, which is helpful in understanding the modeling of Web systems that we present in this paper. Detailed descriptions of the architectures and mechanisms in distributed Web systems can be found in a survey paper[9]. Distributed Web systems can be broadly classified according to the type of distribution of the server nodes in local distribution, in which the system is composed by a tightly coupled architecture placed at a single location and whose nodes are interconnected through a highspeed LAN, and global distribution, in which the system is composed by a loosely coupled architecture whose nodes are scattered over the Internet. A locally distributed Web system is sometimes referred to as a Web cluster, such that a cluster is a parallel or distributed system consisting of a collection of interconnected whole computers used as a single, unified computing resource. Both local and global systems include (at least) a routing mechanism to direct the client request to the target node, a dispatching algorithm to select the node best suited to respond, and an executor to carry out the dispatching algorithm and support the routing mechanism. A globally distributed Web system represents the core choice to fully provide a dependable and scalable Web-based service, because it is the only viable solution to fully address network-related problems that may arise due to congestion and under-provisioning of the network infrastructures. Since the building blocks of a globally distributed Web system are multiple Web clusters scattered over a wide-area network, in the remaining of the section we briefly review the architecture of a single cluster. Figure 1 depicts a high-level view of a Web cluster organized with multiple logical and physical tiers.
Server 1
Server 2
…
Front-end tier
…
… Server N
Server 2
Server 1 Internal networking
Server 3
Internal networking
Internet
Internet connection
Server 2
Server 1
Server M
Server K
Application tier
Data tier
Figure 1 High-level view of a multi-tier Web architecture In a multi-tier configuration, the front-end servers are typically dedicated to a specific function, such as load balancing and caching and are sometimes referred to as appliance servers. The application tier is composed by application servers, which typically have the ability to host a variety of applications or be dynamically provisioned with an application when more resources of that type are needed. The range of complexity of this layer is quite large depending on the adopted software for providing the required service (e.g., sophisticated component-based distributed software such as J2EE and .Net). If present, database servers or other legacy applications may be located in the data tier and typically have the most stringent performance and dependability requirements. When a Web cluster hosts applications with security requirements, the multi-tier architecture can be even more complex than that shown in Figure 1, because security components (e.g., firewall and DMZ) are employed to protect these systems against malicious accesses such as denial-of-service attacks. From Figure 1 is evident that a multi-tier Web cluster architecture presents multiple levels of request indirections and is therefore characterized by several alternatives for its management, which have been the topic of a significant amount of research work in the field of distributed computer systems and have been also exploited in commercial solutions. An interesting issue that deserves research work and assumes a significant role in the context of critical applications that rely on Web systems regards the exploitation of autonomic technologies that exhibit self-* properties in such a way to have a Web system with the ability to manage itself and dynamically adapt to changes. Indeed, the increased complexity of the Web system architectures and the dynamic changes in the environments they operate preclude, in most cases, human intervention to optimize quality of service, recover from failures, or defend systems from security attacks. Considering this autonomic aspect, Web systems (considering not only the server-side platform but also the environment in which they operate, including the requesting clients) can be classified as complex adaptive systems. Indeed, Web systems exhibit properties that match the four main CAS properties: aggregation, nonlinearity, flow, and diversity. •
Aggregation: the Web service oriented paradigm allows to form groups of service components that cooperate to achieve a common goal (i.e., the provisioning of a complex composite service).
•
Nonlinearity: the behavior of the whole system cannot be simply extrapolated by the behavior of its single components.
•
Flows: Web systems are capable to transfer information to modify the state of the resources and to share some knowledge with other Web systems and with the environment in which they operate.
•
Diversity: Web components exhibit different behavior depending on the implemented functionalities.
Case study: a Web-based service for civic emergency management In this section, we analyze how ABMS can be applied in the context of Web systems through an example-driven approach. As a critical infrastructure application we consider the Webbased service for civic emergency management described in the introduction; however, the main concepts can be also applied to a different Web-based application. Let us consider the scenario illustrated in Figure 2: we suppose that there is a generic service requestor (SR) that accesses the Web-based service for civic emergency management, which is published by a service provider (SP) through a wired network. The service requestor may be a human operator using a Web browser or an application interacting through Web service protocols and standards[14]. The Web-based service implements some core functionalities for alerting and informing the citizens (e.g., maps and directions of evacuation); if it needs to use other Web services offered by different providers (e.g., regarding health services), it acts in its turn as service requestor. Both the service requestor and the Web service run on hardware and software platforms, ranging from a palmtop for a service requestor driven by a human operator, to a high performance system as described in the previous section for the service provider. Both the service requestor and the Web service provider access the Internet through a Local Area Network (LAN) service provider, that, in its turn, uses one or more Wide Area Network (WAN) service providers to access Internet backbones. Logical data flow SR
SP
SP
LAN provider
Web client application
Physical data flow WAN provider
Web service application
Figure 2: A Web-based service oriented system Such a system has been typically studied from a performance point of view. For example, using a component-based approach[6], it is possible to define a network delay and congestion model, a service provider platform model (modeled at different levels of detail, from a highlevel service oriented model down to the embedding disks, CPU and NIC models on the hardware side and processes or threads interaction on the software side), a software and hardware failure model. All these models allow to study the system dynamics in details and to obtain quantitative performance metrics, such as the service provider response time, the service requestor perceived delay, the resources utilization, the network delays, and the system robustness. A discrete event simulator allows to study the dynamic of the whole system when stressed by a well-defined workload.
Dealing with CII, we need a model that allows to capture system interdependencies, which are stressed when critical events occur. For example, the influence of a natural disaster on the local or wide area network providers, and on the client and service provider platforms, the influence of a service failure on other interdependent services such as transportation and health care. To conduct this kind of analysis, we believe that it is more appropriate to use an agent-based model and simulation approach. Indeed, the dynamic model of the system components helps us only in modeling and understanding the system component behavior. In our example, let us suppose that the service providers’ platforms, the requestors’ platforms, the LAN and WAN providers and communication links are influenced by the power grid and natural factors. The service requestors and providers are interdependent with the network providers, and the health care and transportation systems. Web services are interdependent among themselves. The high-level schema of an agent-based model for our example is shown in Figure 3. We identify agents for each Web System Component (WSC), i.e., Web service requestor, Web service provider, LAN provider, and WAN provider, and for each external factors, i.e., transportation and health care systems, natural factors, and power grid. The dashed lines represent the influence and interdependencies with the external factors, while the continuous lines represent the interactions and interdependencies among the Web system components. For example, a service requestor exchanges data with the service provider and the LAN provider. The WAN provider exchanges data with the LAN provider. It is clear that interdependencies exist also among the external factors (for example, between the power grid and the health care system); however, for simplicity we focus only on the Web-based system and do not consider interdependencies in which this system is not directly involved.
Data Service Requestor
Health Care System
Service Provider Transportation System
Power Grid
Data
Data
LAN Provider WAN Provider
Data
Natural Factors
Figure 3: High-level schema of the agent-based model for the civic emergency management application The agents properties of the Web system components are summarized in Table 1. The WSC location is identified by an IP address in the network space and by a geographical location (longitude and latitude). A WSC has the properties to memorize its state and eventually a history of the state values and the monitored system state values, thus to augment its knowledge. The perception capability of a WSC is given by its ability to modify its internal
state on the basis of the information extracted by monitoring the internal state and the environment. The functionalities of a WSC determine its behavior and defines the reactions to the external solicitations and the interactions with other WSCs and the external factors. Nowadays (and in the near future), WSCs (will) have even more autonomic capabilities, thus to adapt themselves to the system dynamics and the external inputs. The interaction and cooperation rules among WSCs are well defined by the communication protocols at different layers and by the implemented functionalities. WCSs have the characteristics, that, in absence of a particular malfunctioning (e.g., hardware, operating system, or application faults) the system is autonomous, knowing the task to perform and the interaction rules. In case of failure, WSCs typically need a human intervention to re-establish the normal operating conditions. Agents properties
Web system component properties
Location
Virtual
The Internet location of the Web system component (its IP interface).
Geographical
The geographical location of the Web system component (longitude and latitude).
Perception
The internal state and the external environment monitoring capabilities of the Web system component that allow to modify its internal state.
Behavior
Web system components have their own dynamics, depending on the implemented functionalities. They can modify and react to external solicitations, interact with and modify the environment.
Adaptation
Web system components can be designed as autonomic systems with adaptation capabilities to the system dynamics.
Cooperation
Web system components are capable to cooperate with other systems by exchanging data.
Autonomy
A Web system component is autonomous in the sense that it is selffunctioning until it does not crash.
Capabilities
Memory
Web system components are capable to memorize and store their state. This memory property is used to increase the system experience (selflearning).
Table 1: Matching between agents properties and Web system component properties Agent-based model In this section, we define the WSC agent-based model and the interaction flow among agents (see Figure 4). Each agent is identified by its name and described by its location, rules of behavior, memory and adaptation capabilities (for simplicity, we do not consider the other agent capabilities). •
Location is represented by the tuple (IP address, URL when available, latitude and longitude).
•
The rules of behavior (RoB) depends on which entity the agent represents. For the service requestor, the RoB define how to generate the flow of Web service requests. For the Web service provider, the RoB define how to provide the requested Web service and how to interact with other Web services. Finally, for the network service provider the main RoB include how to route (with different rules) packets and how to authenticate the registered clients.
•
The memory capabilities depend also on the Web system component represented by the agent. For the service requestor, they are the operating conditions and the service class level. For the Web service provider and the network service provider, they are the operating conditions, the load level and some performance metrics such as the throughput.
•
The adaptation capabilities are described by three values. The first is absent and means that the agent has no adaptation capabilities. The second value is internal and indicates that the agent has the capability to adapt its behavior to the internal state. The latter is external and means that the agent has the capabilities to adapt its behavior to the internal state and the environmental solicitations. Data Agent: Service Requestor name: ID_name; location: (IP address, latitude & longitude); RoB: request; memory: operating condition, service class; adaptation: internal;
Power Grid
Agent: WAN Provider name: ID_name; location:(IP, latitude & longitude); RoB: authentication, routing; memory: operating condition, load level, throughput; adaptation: external;
Data
Agent: Service Provider name: ID_name; location: (URL, IP addresses, latitude & longitude); RoB: service provisioning, service composition; memory: operating condition, load level, throughput; adaptation: external;
Health Care System
Transportation System
Data
Data
Agent: LAN Provider name: ID_name; location:(IP, latitude & longitude); RoB: authentication, routing; memory: operating condition, load level, throughput; adaptation: external; Natural Factors
Figure 4: Schema of the agent-based model for the civic emergency management application The main interactions among the agents are defined by the following rules. •
A service requestor uses both network services and Web-based services; therefore, it exchanges data with both the LAN provider and the service provider.
•
The Web service provider exchanges data with the service requestors (including end users and other service providers) and with the network providers.
•
A LAN provider offers its service to the service requestor and the Web service provider and in its turn uses backbone-access services provided by one (or more) WAN provider(s). Therefore, it exchanges data with the WAN provider, the registered service requestors and the Web service providers.
•
A WAN provider offers its service to LAN providers; therefore, it exchanges data with the latter.
We have modeled the behavior of each agent through a FSM, which provides the representation of an event-driven system. Using a FSM, we are able to represent the events that determine the transition from one state to another and the actions that result from state changes. The network delays for data transmission and the service response time as well as other performance metrics regarding the service provider platform can be included using queuing network models. The model described in this paper represents only a first step towards the agent-based modeling and simulation of a Web system used for critical infrastructure applications and it will certainly undergo a refinement process. We are currently implementing this initial model using a hybrid simulation approach.
Conclusions In this paper, we start exploring the problem of modeling technological infrastructures using the ABMS technique. In particular, we pose our attention on Web systems because Web technologies are a building block of modern information systems and represent the leading interaction paradigm of software application over the Internet. First of all, we have individuated the key requirements of a Web system infrastructure providing critical services. We have also observed that Web technologies (both at hardware and software levels) are mature enough to realize systems that, under normal operating conditions, satisfy the dependability, survivability, high-performance and scalability requirements. The problem is to investigate if the state-of-the-art high performance Web systems maintain their performance properties during critical operating conditions, which are typical of natural disaster or terrorism attack scenarios. In these cases, the technological, social and natural systems interdependencies all play a rule and pose the entire system under severe stress. To determine such interdependent effects and to study the effect of emergent phenomena, ABMS seems to be the most appropriate technique. Then, we have presented an example scenario, a Webbased service for civic emergency management, and defined an agent-based model, capable to take into account the main interdependencies existing in the whole system. However, this is a work in progress and the next step is the implementation of the proposed ABM into an agent-based simulator. We plan to use a hybrid approach; this choice will allow us to re-use existing models of system components such as the network, the service provider platform and the requestor/provider interaction.
References [1] Wenger A., Metzger J., Dunn M., Wigert I. (2004). International CIIP Handbook. ETH, The Swiss Federal Institute of Technology, Zurich, Switzerland. [2] Rinaldi S.M., Peerenboom J.P., Kelly T.K. (2001). Identifying, Understanding, and Analyzing Critical Infrastructure Interdependencies. IEEE Control Systems Magazine, Vol. 21, No. 6, pp. 11-25. IEEE, USA. ISSN: 0272-1708. [3] Marsh R.T. (1997). Critical Foundations: Protecting America’s Infrastructure. President’s Commission on Critical Infrastructure Protection. [4] Jiang G., Cybenko G., McGrath D. (2001). Infrastructure Web: Distributed Monitoring and Managing Critical Infrastructures. In Proceedings of SPIE -- Enabling Technologies for Law Enforcement and Security, Vol. 4232, pp. 104-114. [5] Menascè D.A., Almeida V.A.F. (2001). Capacity Planning for Web Services. Prentice Hall. ISBN: 0130659037 [6] Bonabeau E. (2002). Agent-based Modeling: Methods and Techniques for Simulating Human Systems. In Proc. of the Natl. Academy of Science, Vol. 99, pp. 7280-7287.
[7] Barton D.C., Eidson E.D., Schoenwald D.A., Stamber L., Reinert R.K. (2000). Aspen-EE: An Agent Based Model of Infrastructure Interdependency. Technical Report SAND20002925, SANDIA National Laboratory. [8] Cardellini V., Casalicchio E., Colajanni M., Yu P.S. (2002). The State of the Art in Locally Distributed Web-server Systems. ACM Computing Surveys, Vol. 34, No. 2, pp. 263-311. [9] Macal C.M., North M.J. (2005). Tutorial on Agent-based Modeling and Simulation. In Proceedings of the 2005 Winter Simulation Conference. [10] Mikler A., Monticino M., Callicott B., Khalil S. (2003). Agent Based Modeling of Human and Natural Systems and Their Interactions. In Proceedings of 7th Annual Swarm Researchers/Users Conference (SwarmFest 2003), Notre Dame, IN. [11] Luck M., McBurney P., Shehory O., Willmott S. (2005). Agent Technology Roadmap. AgentLink III, http://www.agentlink.org/. ISBN 0854328459 [12] Hopkinson K.M. , Giovanini R., Wang X., Birman K.P., Coury D.V., Thorp, J.S. (2006). EPOCHS: Integrated Cots Software For Agent-Based Electric Power And Communication Simulation. To appear in IEEE Transactions on Power Systems. [13] Avizienis A., Laprie J.-C., Randell B., Landwehr C. (2004). Basic Concepts and Taxonomy of Dependable and Secure Computing. IEEE Transactions on Dependable and Secure Computing, Vol. 1, No. 1, pp. 11-33. [14] Singh M.P., Huhns M.N. (2005). Service-Oriented Computing: Semantics, Processes, Agents. John Wiley & Sons. ISBN: 0470091487
Biographies Valeria Cardellini, PhD, is a research associate in the Department of Computer Science, Systems and Production at the University of Roma Tor Vergata, Italy. In 1999 she held a visiting position at the IBM T.J. Watson Research Center. Her research interests focus on the areas of performance analysis, distributed systems, modeling and simulation with particular emphasis on content and service delivery infrastructures for the Web. In these fields, she has served as a member of organizing or program committees of international conferences and a reviewer for ACM and IEEE journals and conferences. Emiliano Casalicchio PhD, is a researcher in the Department of Computer Science, Systems and Production at the University of Roma Tor Vergata, Italy. His research interests focus on the area of distributed systems performance and evaluation. Since 1998 he works on design and performance evaluation of High Performance Web Server Systems with QoS constraints. In 2004, he started a joined work with D.A. Menascè on resource allocation in grid systems with QoS constraints. He also works on modeling and simulation of peer-to-peer and publish/subscribe systems. Other research interests include modeling and simulation of critical information infrastructures and content distribution infrastructures supporting mobile users. Emiliano acts as reviewer for international conferences and journals.
Salvatore Tucci received the Laurea (master) degree in Physics from the University of Pisa, Italy in 1972. From 1973 to 1975 he held a post-graduate fellowship in Computer Science at IEI-CNR, Pisa. In 1975, he joined the Department of Computer Science at the University of Pisa as assistant professor. In 1987, he joined the Department of Computer Science, Systems and Production at the University of Roma Tor Vergata as full professor. He held visiting positions in 1987 at INRIA, Paris, and in 1981/82 at the IBM T.J. Watson Research Center, Yorktown Heights, NY. From 1990 to 1999 he was Dean of Computer Engineering curricula at the Faculty of Engineering. From 1999 is on leave as the Director of the Office for Informatics and Telecommunications of the Italian Prime Minister. His research interests include performance evaluation, parallel and distributed systems, multimedia applications, conception and design of large information systems for decision-making and
government, critical information infrastructures. He has served as a general chair and president of the organizing committee of various national and international conferences.
