Panel Perspective: Research Directions for Security and Networking in Critical Real-Time and Embedded Systems

1
Panel Perspective Research Directions for
Security and Networking in Critical Real-Time and
Embedded Systems

• Helen Gill, Ph.D.
• CISE/CNS
• National Science Foundation

RTAS Workshop, San Jose, CA April 4, 2006
2
High Confidence Systems Technical Challenge
"Systems of Embedded Systems"

• Now information focus, human-machine interface
• Operator skill, competent human intervention
• System, operator certification
• Future open, multi-level closed loop, mixed
  initiative, autonomous systems and multi-systems
• Typical domains
• Medical plug and play operating room of the
  future
• Aviation mixed manned, autonomous flight
• Power systems Future SCADA-D/PCS for
  distributed generation, renewable energy
  resources
• National Security common operating picture,
  global information grid, future combat systems

3
Networking An Outsiders View

• Traditional networking perspective Core Edge
• Core Bulk packet delivery system
• Other issues largely delegated to edge networks
• Internet technology is pervasive as an enabling
  technology for enterprise systems but (though
  used for distributed real-time applications) has
  not penetrated real-time sensing and control
  networks (FlexRay, CAN, )
• Sensor Nets perspective just attach sensors
  and actuators at the edge, provide services in
  network (sensor grids)
• Gaps
• Topology control for complex real-time systems
  with wide-area characteristics (remote surgery
  operating room of the future power grid control)
• Do old assumptions (statistical properties of
  network under multi-path) apply under topology
  slicing, real-time QoS?
• What are the security challenges if these
  assumptions change (e.g., circuits map topology
  to physical resources)?
• Concerns
• Static layered view, little discourse on
  autonomous vs. application-determined network
  management, operation

4
Cyber Security An Outsiders View

• Traditional cyber security perspective
  information assurance
• Frameworks for protection (crypto,
  authentication/authorization, information access
  control, detection, recovery)
• Premise Data-oriented, rather than
  process-oriented protection
• Simple principles isolation (e.g., separation
  kernels), non-interference, subject/object
  classifications and compartmentalization,
  (insider threat?)
• Gaps
• System-system coordination, reconfiguration,
  reactive systems, authorization of human
  information access vs. autonomous
  cooperative/competitive real-time operation (more
  than mere delegation of authorized information
  access)
• Concerns
• Secondary focus, limited impact of cyber security
  research on systems research (exceptions PKI,
  IDS, VPN), especially for time-critical systems
• Disconnect from other QoS issues

5
Real-Time SystemsAn Outsiders View

• Traditional real-time sytems perspective
  scheduling
• Closed, single-system frameworks, persistent
  scheduling decisions (though growing corpus on
  dynamic scheduling)
• Process scheduling and control perspective,
  extension to energy management
• Hard real-time scheduling for single-system
  provisioning of cyclic workload, limited
  dependent task scheduling, best-effort soft
  real-time
• Indirect treatment of concurrency, distributed
  operation
• Loose relationship to changing embedded sensing
  and control system requirements (need to close
  loops at higher levels)
• Must continue to build above a weak technology
  base single-system RTOS x Middleware x RTVM
• Gaps
• Real-time reconfiguration, real-time
  coordination, deep integration of networking and
  security services, preparation for technology
  diversity and change (e.g., multi-core/multi-threa
  ding models)
• Concerns
• Lack of end-to-end characterization controlled
  system dynamics, discontinuous security and
  network interactions, resource models, time-aware
  trust/certainty models

6
Worried Observations

• Eyes on the trail phenomenon
• My community has the solution perspective
• Power grid collapse is just a cyber security
  problem
• Power grid collapse is just a real-time problem
• Power grid collapse is just a networking/communica
  tion problem
• Power grid collapse is just a control problem
• (hardware platforms, )
• High-level wisdom is widely believed to suffice
• All we need is dependability (please refer to
  the taxonomy)
• Networked embedded control system design is just
  anapplication problem
• Its all software (unrefined concept), and
  better software engineering will take care of it

7
Some obvious steps forward

• Break down the stovepipe boundaries
• End-to-end, cross-disciplinary systems problems
• Closing the loop sharpens the mind so consider
  real killer apps (e.g., safety critical), not
  just cell phones
• Move beyond performance, information, enterprise,
  best-effort
• Teams mixed expertise is necessary
• Ask What core research would yield real
  progress?
• NOT system instance by system instance
• NOT tunnel vision on isolated, single-discipline
  solutions
• Ask What are some fundamental, shared (and
  complexity-removing) research questions?
• Ask What would a better technology base look
  like?

8
Thank You for Your Help
9
RD Planning for CIP and High Confidence Systems

• NSTC Committee structure
• CT Committee on Technology
• Networking, IT RD (NITRD)
• Subcommittee, blue book
• Infrastructure Subcommittee
• CIP RD Planning
• National CIP RD Plan
• CIIP RD Plan
• NITRD RD Planning - High Confidence Software and
  Systems (HCSS) Coordinating Group
• Large Scale Networking (LSN) Coordinating Group
• Cyber Security and Information Assurance (CSIA)
  Interagency Working Group

NSTC

CT
HNS
NITRD
Infrastructure

LSN
CSIA
HCSS
10
NITRD HCSS Coordinating Group Assessment Actions

• Backdrop
• NSF/OSTP Critical Infrastructure Protection
  Workshop, Leesburg, VA, September 2002,
  http//www.eecs.berkeley.edu/CIP/
• NSF Workshop, on CIP for SCADA, Minneapolis MN,
  October 2003
• http//www.adventiumlabs.org/NSF-SCADA-IT-Workshop
  /index.html
• National Academies study Sufficient Evidence?
  Design for Certifiably Dependable Systems,
  http//www7.nationalacademies.org/cstb/project_dep
  endable.html
• National Coordination Office summary report(s)
  derived from workshops, industry input sessions,
  NAS study

11
NITRD HCSS Coordinating Group Assessment Actions
Workshops

• High Confidence Medical Device Software and
  Systems (HCMDSS),
• Planning Workshop, Arlington VA, November 2004,
  http//www.cis.upenn.edu/hasten/hcmdss-planning/
• National RD Road-Mapping Workshop, Philadelphia,
  Pennsylvania, June 2005, http//www.cis.upenn.edu/
  hcmdss/
• High Confidence Aviation Systems
• Planning Workshop on Software for Critical
  Aviation Systems, Seattle, WA, November 21-22,
  2005
• National RD Road-Mapping Workshop, venue TBD,
  August 2006

12
HCSS Workshops, continued

• High Confidence Critical Infrastructures Beyond
  SCADA and Distributed Control Systems
• Planning
• US Planning Workshop, Washington, DC, March
  14-15, 2006
• EU-US Collaboration Workshop, Framework Programme
  7 linkage, March 16-17, 2006
• US National RD Road-Mapping Workshop, October,
  2006

13
Other Current HCSS Actions Assessment of
Real-Time Operating System (RTOS) Technology Base

• Starting point single-system RTOS products,
  middleware appliqué for distributed systems,
  rudimentary open sensing and control platforms
  (incompatible schedulers, single-issue
  architectural assumptions, weak security
  services, )
• Needed Clean OS-level support for open,
  hierarchical control systems, dynamic topology,
  coordinated action
• So what are we doing about this?
• HCSS RTOS technology assessment, vendor
  non-disclosure briefings
• Integrators Adventium Laboratory, Boeing, Ford
  Motor Company, Lockheed Martin, MIT Lincoln
  Laboratory, Northrop Grumman, Raytheon. Rockwell
  Collins, MotoTron
• Technology Sun Microsystems, IBM, Microsoft,
  Honeywell, Red Hat, Wind River Systems, Green
  Hills, LinuxWorks, Real-Time Innovations, Inc.,
  QNX Software Systems, Ltd., BAE Systems, Kestrel
  Technology, BBN Technologies

14
High-Confidence Software and Systems(HCSS)
Agencies

• Air Force Research Laboratories
• Army Research Office
• Department of Defense/ OSD
• Defense Advanced Research Projects Agency
• Department of Energy
• Federal Aviation Administration
• Food and Drug Administration
• National Air Space Administration
• National Institutes of Health
• National Institute of Science and Technology
• National Science Foundation
• National Security Agency
• Office of Naval Research
• Cooperating agencies