140 likes | 354 Views
Panel Perspective: Research Directions for Security and Networking in Critical Real-Time and Embedded Systems. Helen Gill, Ph.D. CISE/CNS National Science Foundation. RTAS Workshop, San Jose, CA April 4, 2006. High Confidence Systems Technical Challenge: "Systems of Embedded Systems".
E N D
Panel Perspective: Research Directions for Security and Networking in Critical Real-Time and Embedded Systems Helen Gill, Ph.D. CISE/CNS National Science Foundation RTAS Workshop, San Jose, CA April 4, 2006
High Confidence Systems Technical Challenge: "Systems of Embedded Systems" • Now: information focus, human-machine interface • Operator skill, “competent human intervention” • System, operator certification • Future: open, multi-level closed loop, mixed initiative, autonomous systems and multi-systems • Typical domains: • Medical: “plug and play” operating room of the future • Aviation: mixed manned, autonomous flight • Power systems: Future “SCADA-D/PCS” for distributed generation, renewable energy resources • National Security: common operating picture, global information grid, future combat systems
Networking: An Outsider’s View • Traditional networking perspective: Core + Edge • Core: Bulk packet delivery system • Other issues largely delegated to edge networks • Internet technology is pervasive as an enabling technology for enterprise systems but (though used for distributed real-time applications) has not penetrated real-time sensing and control networks (FlexRay, CAN, …) • “Sensor Nets” perspective – just attach sensors and actuators at the edge, provide services in network (sensor grids) • Gaps: • Topology control for complex real-time systems with wide-area characteristics (remote surgery; operating room of the future; power grid control) • Do old assumptions (statistical properties of network under multi-path) apply under topology slicing, real-time QoS? • What are the security challenges if these assumptions change (e.g., circuits; map topology to physical resources)? • Concerns: • Static “layered view”, little discourse on autonomous vs. application-determined network management, operation
Cyber Security: An Outsider’s View • Traditional cyber security perspective: information assurance • Frameworks for protection (crypto, authentication/authorization, information access control, detection, recovery) • Premise: Data-oriented, rather than process-oriented protection • Simple principles: isolation (e.g., separation kernels), non-interference, subject/object classifications and compartmentalization, (…insider threat?) • Gaps: • System-system coordination, reconfiguration, reactive systems, authorization of human information access vs. autonomous cooperative/competitive real-time operation (more than mere delegation of authorized information access) • Concerns: • Secondary focus, limited impact of cyber security research on systems research (exceptions: PKI, IDS, VPN), especially for time-critical systems • Disconnect from other QoS issues
Real-Time SystemsAn Outsider’s View • Traditional real-time sytems perspective: scheduling • Closed, single-system frameworks, persistent scheduling decisions (though growing corpus on dynamic scheduling) • Process scheduling and control perspective, extension to energy management • Hard real-time scheduling for single-system provisioning of cyclic workload, limited dependent task scheduling, best-effort soft real-time • Indirect treatment of concurrency, distributed operation • Loose relationship to changing embedded sensing and control system requirements (need to close loops at higher levels) • Must continue to build above a weak technology base: single-system RTOS x Middleware x RTVM • Gaps: • Real-time reconfiguration, real-time coordination, deep integration of networking and security services, preparation for technology diversity and change (e.g., multi-core/multi-threading models) • Concerns: • Lack of end-to-end characterization: controlled system dynamics, “discontinuous” security and network interactions, resource models, time-aware trust/”certainty” models
Worried Observations • “Eyes on the trail” phenomenon • “My community has the solution” perspective: • Power grid collapse is just a cyber security problem • Power grid collapse is just a real-time problem • Power grid collapse is just a networking/communication problem • Power grid collapse is just a control problem • … (hardware platforms, …) • High-level “wisdom” is widely believed to suffice • All we need is “dependability” (please refer to the taxonomy…) • Networked embedded control system design is just an“application problem” • “It’s all software” (unrefined concept), and better software engineering will take care of it
Some obvious steps forward • Break down the stovepipe boundaries • End-to-end, cross-disciplinary systems problems • Closing the loop “sharpens the mind” so consider real “killer apps” (e.g., safety critical), not just cell phones • Move beyond performance, information, enterprise, best-effort • Teams: mixed expertise is necessary • Ask: What core research would yield real progress? • NOT system instance by system instance • NOT tunnel vision on isolated, single-discipline solutions • Ask: What are some fundamental, shared (and complexity-removing) research questions? • Ask: What would a better technology base look like?
R&D Planning for CIP and High Confidence Systems NSTC • NSTC Committee structure • CT – Committee on Technology • Networking, IT R&D (NITRD) • Subcommittee, “blue book” • Infrastructure Subcommittee • CIP R&D Planning • National CIP R&D Plan • CIIP R&D Plan • NITRD R&D Planning - High Confidence Software and Systems (HCSS) Coordinating Group • Large Scale Networking (LSN) Coordinating Group • Cyber Security and Information Assurance (CSIA) Interagency Working Group … CT H&NS Infrastructure NITRD … CSIA HCSS LSN
NITRD HCSS Coordinating Group Assessment Actions • Backdrop: • NSF/OSTP Critical Infrastructure Protection Workshop, Leesburg, VA, September 2002, http://www.eecs.berkeley.edu/CIP/ • NSF Workshop, on CIP for SCADA, Minneapolis MN, October 2003 http://www.adventiumlabs.org/NSF-SCADA-IT-Workshop/index.html • National Academies’ study: “Sufficient Evidence? Design for Certifiably Dependable Systems”, http://www7.nationalacademies.org/cstb/project_dependable.html • National Coordination Office summary report(s) derived from workshops, industry input sessions, NAS study
NITRD HCSS Coordinating Group Assessment Actions: Workshops • High Confidence Medical Device Software and Systems (HCMDSS), • Planning Workshop, Arlington VA, November 2004, http://www.cis.upenn.edu/hasten/hcmdss-planning/ • National R&D Road-Mapping Workshop, Philadelphia, Pennsylvania, June 2005, http://www.cis.upenn.edu/hcmdss/ • High Confidence Aviation Systems • Planning Workshop on Software for Critical Aviation Systems, Seattle, WA, November 21-22, 2005 • National R&D Road-Mapping Workshop, venue TBD, August 2006
HCSS Workshops, continued • High Confidence Critical Infrastructures:“Beyond SCADA and Distributed Control Systems” • Planning • US Planning Workshop, Washington, DC, March 14-15, 2006 • EU-US Collaboration Workshop, Framework Programme 7 linkage, March 16-17, 2006 • US National R&D Road-Mapping Workshop, October, 2006
Other Current HCSS Actions: Assessment of Real-Time Operating System (RTOS) Technology Base • Starting point: single-system RTOS products, middleware appliqué for distributed systems, rudimentary open sensing and control platforms (incompatible schedulers, single-issue architectural assumptions, weak security services, …) • Needed: Clean OS-level support for open, hierarchical control systems, dynamic topology, coordinated action • So what are we doing about this? • HCSS RTOS technology assessment, vendor non-disclosure briefings: • Integrators: Adventium Laboratory, Boeing, Ford Motor Company, Lockheed Martin, MIT Lincoln Laboratory, Northrop Grumman, Raytheon. Rockwell Collins, MotoTron • Technology: Sun Microsystems, IBM, Microsoft, Honeywell, Red Hat, Wind River Systems, Green Hills, LinuxWorks, Real-Time Innovations, Inc., QNX Software Systems, Ltd., BAE Systems, Kestrel Technology, BBN Technologies
High-Confidence Software and Systems(HCSS) Agencies • Air Force Research Laboratories* • Army Research Office* • Department of Defense/ OSD • Defense Advanced Research Projects Agency • Department of Energy • Federal Aviation Administration* • Food and Drug Administration* • National Air & Space Administration • National Institutes of Health • National Institute of Science and Technology • National Science Foundation • National Security Agency • Office of Naval Research* * Cooperating agencies