Messaging in Multicellular Computing

Multicellular organisms treat DNA transfer between cells as taboo. Multicellular computing should treat transferring code between computers similarly.

Living cells send messages to one another via complex molecules. Some of these molecule (DNA) are analogous to code, some (proteins) are analogous to data, and some (RNA) can act in both roles.  Computers send messages via complex strings of bytes. The bytes may represent either executable code or data and some may act in both roles.  The dividing line between code and data has become more and more difficult to discern. Explicitly executable files (e.g., .exe on Wintel hardware/OS) are directly executed by the native platform. Yet executable binary code may be hidden in various seemingly innocuous formats such as .jpg and SMS messages (see below). And some strings may be merely data until some interpreter available on the computer makes that data executable. Text, for example, may represent executable code in JavaScript, PHP, Perl, Python, Ruby and many other scripting languages. In certain circumstances, such code can be executed without the knowledge of the user.

The need for a Taboo against transferring code

Some especially sensitive application areas such as government, military and financial IT do their best to prohibit code transfer. Their best is not good enough. Recent nation-state attacks include Chinese attacks against the US Department of Defense, Stuxnet a joint US/Israeli exploit against Iranian nuclear sites, and Flame a very large and multi-function US malware package that exploits flaws in Windows Update. Banks and other financial institutions are hacked far more often than the public realizes. Commercial databases containing credit card and other private information of consumers continue to be compromised all too often.  In July 2013, four Russians and a Ukrainian were charged with stealing about 160 million credit and debit card numbers.

The computers compromised in the above cases were managed by IT professionals. These professionals were in most cases quite competent. The failure was in trusting their ability to deal with the complexity of their systems and the resultant inevitability of chinks in their armor. And that complexity results in large part from the overly generalized functionality of the computer's operating systems, databases, networking and overall software architectures.

The culture of computing all too often takes for granted that code must be malleable  They find it difficult even to imagine a world in which it is technically impossible to alter code in a computer. The PC revolution in particular was founded upon the legal fiction that Microsoft "owns" the code on every Windows computer and has the right to modify it at will.  Hence Windows Update is a legally protected and vital part of the Windows software ecology. The business model of end-user PCs, laptops and tablets, and now smartphones absolutely depends upon the easy movement of code from the vendors to the users! The massive growth of smartphones and their apps is especially rife with vulnerabilities. Given the culture of smartphones, for example, one cannot imagine a taboo against downloading apps.

Nonetheless, loading code, if it cannot be prohibited entirely, should be a special, and carefully managed process much better managed than it is at present.  Apple's AppStore policies for iPod/Phone/Pad apps are a good start, but only a start.  And Google's free-for-all policy for Android apps seem tailor-made to replicate the Windows ecosystem's vulnerabilities.

Enforcing a taboo against easy movement of code will be further complicated by the fact that it is difficult to distinguish code from data. Code in the guise of data may sneak in as a supposedly innocuous file like a .jpg image and get executed as a result of a buffer-overrun exploit [1]. In smart phones code may sneak in using an SMS messaging exploit [2]. Fortunately, the importance of a taboo against transferring code is becoming more obvious, so perhaps we can expect the computing industry to incrementally improve its enforcement capabilities.

Increasing specialization in computing tends to reduce the need, hence the acceptability, of code transfer. Compatibility within the Windows monoculture with its common APIs permits meaningful, if dangerous, code transfers. Unfortunately Android is becoming a similarly insecure monoculture. Outside of a monoculture, it simply makes no sense to base multicellular computing messages on transmitted code. Specialized computers in communities of collaborating machines function in very different ways and in different contexts. Code for a router is meaningless in a PDA or a parallel computation engine. It is neither practical nor useful for a machine requesting a service to send code that specifies how that service is to be carried out. Only the receiving computer can know how best to provide the service.

Communication by non-executable messages

As code transfer loses popularity, the growing trend of using Web Services in the "Cloud" is gaining popularity. Rather than each computer supporting a wide range of function, they increasingly rely on the specialized services of other machines. Thus Web Services mimic living system's use of polymorphic message sending. The receiving computer, not the sender, determines the meaning of all Web Services messages. So the multicellular computing world seems already to be evolving the same basic architecture that evolved in biology. Future orchestrated collaborations between computers on the Internet likely will be based upon one variety or another of Service Oriented Architecture. Heavyweight SOA, based upon SOAP, WSDL and a host of other industry standards, is gaining favor in corporate IT systems. Lighter weight mashups, e.g., those based on AJAX are growing rapidly in the Internet at large. In either case, useful Web Services are emerging on the net and multicellular combinations of Web Services are becoming more common.

Whichever new protocols emerge, we must coexist for many years with legacy systems that use proprietary communication protocols, old EDI protocols, HTML protocols, and many less common formats. If biology is any guide, many of these will never fully disappear. They will become frozen historical accidents to puzzle future students of the history of computing.

Message semantics is key - how will shared meaning evolve?

The form of future collaborations between computers seems on its way to being settled, i.e., by some sort of Cloud Web Service conventions based on XML. But the substance is not. Polymorphic messages encoded in XML are syntactically self-describing but not semantically self-describing [3]. If polymorphic messages are to be the basis of communication, there has to be some agreement on the meaning of the messages. Messaging semantics will be sorted out by the efforts of various standards bodies, by acceptance of conventions, and by much evolutionary trial and error. Yet none of these are completely satisfactory - standards are slow, conventions conflict, and evolution is messy. Nonetheless, if biology is any guide, evolution will dominate.

Messaging semantics in multicellular organisms evolve under constraints from all aspects of the message process at once. An individual organism begins with a fertilized egg that divides. Its daughter cells all share the same DNA. These daughter cells differentiate, staying physically co-located. Hence, the organism's DNA codes for all aspects of the messaging behavior, both the behavior of the "sending" cell, i.e., how and when it synthesizes and exports a given messenger molecule, and the shape and lifetime of the messenger molecule [4]. The behavior of the "receiving" cells, i.e., those that have binding sites for a given molecule, depends upon which biochemical pathways are triggered by receipt of the molecule. If the semantics of a given message transfer are not beneficial or at least neutral to the health of the whole organism, the whole organism is at higher risk of death before it can pass the DNA on to the next generation. Thus survival of the fittest, which operates at the whole organism level, simultaneously punishes poor "syntax" and muddled "semantics" by culling mistakes at either end of the communication.

A single corporate network infrastructure may play an evolutionary role similar to that of a single multicellular organism. That is, it is a unitary, logically contiguous, dedicated collection of computers that supports the whole organization, for good or ill. Its routers, firewalls, VPN links, LDAP servers, DMZs, and specialized application servers must share an agreed upon and internally compatible architecture and implementation. And the semantics of pairwise collaborations must be sensible. The corporate IT staff work to ensure this, although the staff itself may be the point of failure. If the system is not up to the job, disaster may well ensue for the whole organization. A corporation with a seriously flawed Web Services infrastructure may simply go out of business, thus failing to pass on its ineffective infrastructure architecture and semantics. Bank mergers are a classic case. A bank's competitiveness often depends in large part upon its IT infrastructure, which is a carefully (or not so carefully) crafted multicellular computing organism. The weaker bank, when acquired by a stronger one, typically must remake its IT infrastructure to be compatible with the winning bank's architecture. This sort of system evolves its messaging architecture in a manner similar to that of a multicellular organism, by a remorseless process of survival of the fittest.

The evolution of message semantics in the open Internet is more complicated, not to say haphazard. A person's computer may play a different role in many different sets of multi-computer collaborations, some for private uses and some in their role as an employee, customer, or supplier in business relationships. This is similar to the more fluid and ambiguous semantics in ecologies of organisms where a single organism plays many different roles in different ecological collaborations. Predators recognize prey, and vice versa, by all sorts of chemical signals. So, chemical signals mean one thing between individuals of the same species and another to their predators or prey. For example, the musky smells of animals travel on the wind. Thus predators attack from downwind so as not to warn the prey. The 'come hither' scent of a desert mouse is intended to attract a mate. That it also attracts a hungry snake is not simply an unfortunate accident. The snake co-evolves with the mouse. In a similar manner, especially valuable services (Google, eBay, Amazon, Twitter) support an API with defined semantics that attracts third party services. Or services with plentiful and demographically valuable users attract competing services that will offer the same API with the same semantics to attract those users. Successful poachers of either sort can then add to the API and the semantics in an attempt to freeze out competitors. Nonetheless, such co-evolution can result in richer and more useful semantics.

Alan Kay [5] proposes that the semantics travel with the message by using objects as the message carrier rather than just data. An object carries both data and the code that provides some of the meaning. Security issues would be handled by assuming that the machines are specialized as object engines that provide separate address spaces for all objects so that one cannot interfere with another. However, object collaboration still requires some shared understanding of the semantics of the polymorphic messages. Reflexive systems, those in which metadata is available with which objects can "reason" about message interfaces of other objects, might be agreed upon and such reasoning might support the bootstrapping of enough semantics to dramatically speed the evolution of useful ways of collaboration. Or, SOA brokers could match up "compatible" parties. This object approach might offer real advantages, however it is a radical departure from the way our current machines work and would require substantial evangelism and investment to succeed. Nonetheless, one day perhaps some classes of computer applications might work very well in such general object engines

[1] Note that new hardware capabilities from Intel and AMD allow memory to be marked no execute which may eventually make buffer-overruns less of a problem.

[2] In July, 2009, a security researcher discovered a way to use SMS messages to completely take over an iPhone without any interaction with the phone's owner. (See interview with Charlie Miller, the discoverer of the iPhone exploit). He also found exploits for Android and Windows Mobile smart phones. He explains the basics of the iPhone exploit thus: "You can send a long [SMS] message in a series of messages and the phone will reconstruct it into a one long string. It accesses an array based on a value from the data. In the case where it thinks it reads -1, it actually accesses the memory before the array, not in the array. By setting things up just right and being tricky, you can actually leverage this to gain complete control of the device. The entire attack takes just over 500 messages, although the victim doesn't know they are being sent because they don't show up on the phone. Most of these messages have to do with setting things up 'just right.' Sixteen of them actually access the array out of bounds."

[3] XML does not encode semantics. Only the syntax is self describing. When people read XML, they subconsciously perceive the tags as carrying semantic information because the tags are usually human-readable words. The receiving computers cannot derive any meaning from those words. Semantics remains in the minds of the reader and writer of the text, not in the XML itself. Imagine, as a thought experiment, reading XML in which all the tags have been encrypted. The encryption removes none of the information in the XML but does remove the illusion of semantics.

[4] Intracellular mechanisms degrade almost all proteins including messenger molecules, some quite rapidly. A molecular message's half-life determines its range and the duration of its effect -- that is, messenger half-life is an explicit aspect of message management that evolves along with the functioning of the sending and receiving cells and of the organism as a whole.

[5] This paragraph is based on a personal communication with Alan Kay. Multicellular computing was the context for that discussion. He has long championed the view that 'dumb' data should be avoided. In principle, I agree with him. The difficulty is in how to prevent the embedded "smarts" from providing an avenue of entry to viruses and other malware.


Last revised 5/28/2014