1 / 14

Panel Perspective: Research Directions for Security and Networking in Critical Real-Time and Embedded Systems

Panel Perspective: Research Directions for Security and Networking in Critical Real-Time and Embedded Systems. Helen Gill, Ph.D. CISE/CNS National Science Foundation. RTAS Workshop, San Jose, CA April 4, 2006. High Confidence Systems Technical Challenge: "Systems of Embedded Systems".

kolya
Télécharger la présentation

Panel Perspective: Research Directions for Security and Networking in Critical Real-Time and Embedded Systems

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Panel Perspective: Research Directions for Security and Networking in Critical Real-Time and Embedded Systems Helen Gill, Ph.D. CISE/CNS National Science Foundation RTAS Workshop, San Jose, CA April 4, 2006

  2. High Confidence Systems Technical Challenge: "Systems of Embedded Systems" • Now: information focus, human-machine interface • Operator skill, “competent human intervention” • System, operator certification • Future: open, multi-level closed loop, mixed initiative, autonomous systems and multi-systems • Typical domains: • Medical: “plug and play” operating room of the future • Aviation: mixed manned, autonomous flight • Power systems: Future “SCADA-D/PCS” for distributed generation, renewable energy resources • National Security: common operating picture, global information grid, future combat systems

  3. Networking: An Outsider’s View • Traditional networking perspective: Core + Edge • Core: Bulk packet delivery system • Other issues largely delegated to edge networks • Internet technology is pervasive as an enabling technology for enterprise systems but (though used for distributed real-time applications) has not penetrated real-time sensing and control networks (FlexRay, CAN, …) • “Sensor Nets” perspective – just attach sensors and actuators at the edge, provide services in network (sensor grids) • Gaps: • Topology control for complex real-time systems with wide-area characteristics (remote surgery; operating room of the future; power grid control) • Do old assumptions (statistical properties of network under multi-path) apply under topology slicing, real-time QoS? • What are the security challenges if these assumptions change (e.g., circuits; map topology to physical resources)? • Concerns: • Static “layered view”, little discourse on autonomous vs. application-determined network management, operation

  4. Cyber Security: An Outsider’s View • Traditional cyber security perspective: information assurance • Frameworks for protection (crypto, authentication/authorization, information access control, detection, recovery) • Premise: Data-oriented, rather than process-oriented protection • Simple principles: isolation (e.g., separation kernels), non-interference, subject/object classifications and compartmentalization, (…insider threat?) • Gaps: • System-system coordination, reconfiguration, reactive systems, authorization of human information access vs. autonomous cooperative/competitive real-time operation (more than mere delegation of authorized information access) • Concerns: • Secondary focus, limited impact of cyber security research on systems research (exceptions: PKI, IDS, VPN), especially for time-critical systems • Disconnect from other QoS issues

  5. Real-Time SystemsAn Outsider’s View • Traditional real-time sytems perspective: scheduling • Closed, single-system frameworks, persistent scheduling decisions (though growing corpus on dynamic scheduling) • Process scheduling and control perspective, extension to energy management • Hard real-time scheduling for single-system provisioning of cyclic workload, limited dependent task scheduling, best-effort soft real-time • Indirect treatment of concurrency, distributed operation • Loose relationship to changing embedded sensing and control system requirements (need to close loops at higher levels) • Must continue to build above a weak technology base: single-system RTOS x Middleware x RTVM • Gaps: • Real-time reconfiguration, real-time coordination, deep integration of networking and security services, preparation for technology diversity and change (e.g., multi-core/multi-threading models) • Concerns: • Lack of end-to-end characterization: controlled system dynamics, “discontinuous” security and network interactions, resource models, time-aware trust/”certainty” models

  6. Worried Observations • “Eyes on the trail” phenomenon • “My community has the solution” perspective: • Power grid collapse is just a cyber security problem • Power grid collapse is just a real-time problem • Power grid collapse is just a networking/communication problem • Power grid collapse is just a control problem • … (hardware platforms, …) • High-level “wisdom” is widely believed to suffice • All we need is “dependability” (please refer to the taxonomy…) • Networked embedded control system design is just an“application problem” • “It’s all software” (unrefined concept), and better software engineering will take care of it

  7. Some obvious steps forward • Break down the stovepipe boundaries • End-to-end, cross-disciplinary systems problems • Closing the loop “sharpens the mind” so consider real “killer apps” (e.g., safety critical), not just cell phones • Move beyond performance, information, enterprise, best-effort • Teams: mixed expertise is necessary • Ask: What core research would yield real progress? • NOT system instance by system instance • NOT tunnel vision on isolated, single-discipline solutions • Ask: What are some fundamental, shared (and complexity-removing) research questions? • Ask: What would a better technology base look like?

  8. Thank You for Your Help

  9. R&D Planning for CIP and High Confidence Systems NSTC • NSTC Committee structure • CT – Committee on Technology • Networking, IT R&D (NITRD) • Subcommittee, “blue book” • Infrastructure Subcommittee • CIP R&D Planning • National CIP R&D Plan • CIIP R&D Plan • NITRD R&D Planning - High Confidence Software and Systems (HCSS) Coordinating Group • Large Scale Networking (LSN) Coordinating Group • Cyber Security and Information Assurance (CSIA) Interagency Working Group … CT H&NS Infrastructure NITRD … CSIA HCSS LSN

  10. NITRD HCSS Coordinating Group Assessment Actions • Backdrop: • NSF/OSTP Critical Infrastructure Protection Workshop, Leesburg, VA, September 2002, http://www.eecs.berkeley.edu/CIP/ • NSF Workshop, on CIP for SCADA, Minneapolis MN, October 2003 http://www.adventiumlabs.org/NSF-SCADA-IT-Workshop/index.html • National Academies’ study: “Sufficient Evidence? Design for Certifiably Dependable Systems”, http://www7.nationalacademies.org/cstb/project_dependable.html • National Coordination Office summary report(s) derived from workshops, industry input sessions, NAS study

  11. NITRD HCSS Coordinating Group Assessment Actions: Workshops • High Confidence Medical Device Software and Systems (HCMDSS), • Planning Workshop, Arlington VA, November 2004, http://www.cis.upenn.edu/hasten/hcmdss-planning/ • National R&D Road-Mapping Workshop, Philadelphia, Pennsylvania, June 2005, http://www.cis.upenn.edu/hcmdss/ • High Confidence Aviation Systems • Planning Workshop on Software for Critical Aviation Systems, Seattle, WA, November 21-22, 2005 • National R&D Road-Mapping Workshop, venue TBD, August 2006

  12. HCSS Workshops, continued • High Confidence Critical Infrastructures:“Beyond SCADA and Distributed Control Systems” • Planning • US Planning Workshop, Washington, DC, March 14-15, 2006 • EU-US Collaboration Workshop, Framework Programme 7 linkage, March 16-17, 2006 • US National R&D Road-Mapping Workshop, October, 2006

  13. Other Current HCSS Actions: Assessment of Real-Time Operating System (RTOS) Technology Base • Starting point: single-system RTOS products, middleware appliqué for distributed systems, rudimentary open sensing and control platforms (incompatible schedulers, single-issue architectural assumptions, weak security services, …) • Needed: Clean OS-level support for open, hierarchical control systems, dynamic topology, coordinated action • So what are we doing about this? • HCSS RTOS technology assessment, vendor non-disclosure briefings: • Integrators: Adventium Laboratory, Boeing, Ford Motor Company, Lockheed Martin, MIT Lincoln Laboratory, Northrop Grumman, Raytheon. Rockwell Collins, MotoTron • Technology: Sun Microsystems, IBM, Microsoft, Honeywell, Red Hat, Wind River Systems, Green Hills, LinuxWorks, Real-Time Innovations, Inc., QNX Software Systems, Ltd., BAE Systems, Kestrel Technology, BBN Technologies

  14. High-Confidence Software and Systems(HCSS) Agencies • Air Force Research Laboratories* • Army Research Office* • Department of Defense/ OSD • Defense Advanced Research Projects Agency • Department of Energy • Federal Aviation Administration* • Food and Drug Administration* • National Air & Space Administration • National Institutes of Health • National Institute of Science and Technology • National Science Foundation • National Security Agency • Office of Naval Research* * Cooperating agencies

More Related