buttonTrust
 

Contents

  • Research
  • Security Technology
  • Systems Science You are here
  • Social Science
  • Integrative Testbeds
  • References

    • Systems Science (Coordinator: Douglas Schmidt)

    Achieving compositional design of large scale secure systems requires significant advancement in systems science. To that end, we will structure our research in this area into four research challenges:
    1. Complex Interdependency Modeling and Analysis,
    2. Secure Networked Embedded Systems,
    3. Model-Based Integration of Secure Systems and
    4. Software Tools for Design and Information Management.

    Complex Interdependency Modeling and Analysis: Venkatachalam Anantharam (team leader), Ruzena Bajcsy, Gabor Karsai, Edward Lee, Daniel McFadden, Pamela Samuelson, Shankar Sastry, Douglas Schmidt, Janos Sztipanovits, Lang Tong, Steven Weber, Stephen Wicker

    The nation's electric power, telecommunications, and transportation networks are critical infrastructures that have both direct benefits and vulnerable interdependencies. These interdependencies are pervasive: telecommunication, electric power, and transportation networks interact with water supplies, health care, emergency response, and other systems. The vulnerability of these interdependencies is often painfully evident. For example, in 1991 a cut telecommunications fiber blocked 60% of the long-distance calls into and out of New York City, which in turn disabled air-traffic functions in New York, Boston, and Washington, DC and disrupted trading at the Stock Exchange [NEU95]. Furthermore, critical infrastructure network integration continues to evolve, governed more by an economic invisible hand than by conscious design. To address these challenges, we will employ the following to approaches to reduce the vulnerability of these complex adaptive networks to disruptive failure:
    • Modeling Approaches that capture structure and interdependencies in layered networks [LBSK01,KLNS00].
    • Analysis Techniques that identify potential for improved performance in networks, as well as potential for catastrophic failure [DSSK98].
    • Design Technologies that guide development of networks benefiting from layered interdependencies and eliminating the possibility of catastrophic failure [BCH03,CHB02].
    • Operational Tools that support automated and human decision making in network management before and during disruption and that support repair after disruption.
    We will test this new science and technology on real-world models built from case studies and simulations. A unique element of our research program is the inclusion of "the human element," characterizing user and operator judgment and decision making. We have recently developed methods and tools for formally specifying and composing domain-specific modeling languages using meta-modeling technology and meta-programmable modeling tools. Using this foundation, we will build an integrated system and security modeling infrastructure, which enables users to integrate security modeling views with domain specific system modeling views enabling model-based trusted system integration.

    Secure Networked Embedded Systems: Ruzena Bajcsy, David Culler, Rajit Manohar, Adrian Perrig, Vijay Raghavan, Michael Reiter, Shankar Sastry, Emin Gun Sirer, Dawn Song, Janos Sztipanovits, Stephen Wicker (team leader)

    The security of embedded software is crucial in human-centered automation, including monitoring critical infrastructures, civilian flight control systems, vehicle electronics, and so on. Embedded, networked computing and communication devices are pervasive in the distributed cyber-infrastructure, thanks to their utility for distributed monitoring and control, so-called Supervisory Control and Data Acquisition Systems (SCADAs) [SSS03,SSBG03,ECPS02]. Embedded networks present novel security issues, because in-network processing and aggregate operations are essential, so conventional end-to-end pairwise approaches break down. Also, in deeply embedded networks, new code must be propagated through the network, rather than installed directly on each device. Our focus areas of research are:
    • Automated design, verification, and validation : We will develop design principles, patterns, and practices that allow simultaneous design and propagation of constraints among different domain specific design teams, which enable:
      1. Verified design, in a mathematical or formal sense;
      2. Validated design, in an engineering sense; and
      3. Certifiable design, to allow regulatory agencies to certify the production software [BWBF03,BBDDKZS02,MZT03,KMS02,TZA03a,VAT03].
    • Secure, composable, and adaptive software : We will build systems and basic middleware services that can support secure embedded systems, with modularity (integrated in a secure fashion), support a variety of performance tradeoffs, support in-network processing, support autonomous adaptation to system conditions, support assurance of a high level of security [KW03,SSWL02,Schm02,PS00a,PS00b,CPS03], and differentiate between malicious intrusion and system failures.
    Software technology. We plan to use model-based generative and aspect-oriented programming to automatically manufacture highly optimized systems using high-level design models and domain-specific configuration knowledge [KSLB03,SK02]. This will extend the component-based design methodology embodied in our TinyOS [LMGP04,BP*04,HC02], which is now used by hundreds of research groups worldwide with TinySec deeply integrated into it.

    Hardware architectures. The Berkeley motes as sensor network devices are now widely used in industry and research as a basis for network embedded systems. We will explore hardware security assists beyond what is commercially available. Recent research suggests that asynchronous hardware architectures like Sensor Network Asynchronous Processor (SNAP) hold significant benefits for the power-sensitive, event- based computations found in sensor networks and event driven operating systems like TinyOS. We will explore the impact of this architecture on security.

    Systems support. We will develop an integrated system architecture for secure, reliable, self-configuring sensor networks building on our extensive work on operating systems like TinyOS. Adrian Perrig has shown that several fundamental systems services, such as cluster formation, routing, and aggregation can be designed to enhance security [CP04,PSP03,PSWCT02]. We will also develop distributed network control algorithms for faster deployment and greater flexibility.

    Model-Based Integration of Secure Systems: Venkatachalam Anantharam, Ruzena Bajcsy, Gabor Karsai, Edward Lee, Daniel McFadden, Pamela Samuelson, Shankar Sastry, Douglas Schmidt, Janos Sztipanovits (team leader), Steven Weber, Stephen Wicker, Jeannnette Wing

    As computing and communication rapidly becomes the universal integrator for large-scale systems, the focus of system integration technology is shifting to embedded software [KSLB03], which is software that is tightly integrated with the physical world. Model-based system integration technology supports this shift by building on three core technology components:
    1. model-based design, which focuses on the formal representation, composition, and manipulation of models during the design process [LBSK01,KLNS00],
    2. model transformation technology [KASS03,SK02], which translates high level models into executable systems, and
    3. Quality of Service (QoS)-enabled component middleware, which supports component integration on and across Distributed Real-time Environment (DRE) computing platforms [SSBG03,PSC03,WSGRNLSG03].
    We have pioneered the theoretical foundations and tools for model-based system development using formal representation, composition and manipulation of models [KMLGS04,LBSK01], called Model-Integrated Computing (MIC) [SK97,KSLB03]. We have also applied our MIC techniques to component middleware [GSNGW03] to resolve key validation challenges associated with configuring and deploying complex DRE systems. The challenge now is to develop domain-specific modeling languages for large scale systems to capture security aspects of systems, composable with component middleware and systems modeling aspects.

    Vanderbilt has recently developed a technology for the formal specification and the practical implementation of model transformation tools using a formal, precise, unambiguous graph transformation approach [KASS03]. These can be used in the analysis of models and for weaving QoS aspects such as error handling and security with functional and behavioral properties. We will use these foundations and tools to create a model-based methodology for integrating security aspects into the model-based development processes for systems.

    We have developed component middleware [PSC03,WSGRNLSG03] that resides between the applications and the underlying operating systems and networks and is responsible for

    1. functionally bridging the gap between DRE applications and the lower-level hardware/software infrastructure to formalize and coordinate how parts of applications are composed and how they interoperate and
    2. monitoring, enabling, and validating the dynamic reconfiguration of DRE system resources to ensure appropriate end-to-end QoS, even in the face of failures and attacks.
    We will build a trusted component integration platform that will enable runtime middleware components to monitor and enforce adaptive resource management policies so that DRE applications degrade gracefully under attack. We will also develop assume-guarantee techniques for reasoning compositionally about probabilistic DRE middleware and application interfaces for QoS properties of DRE applications.

    Software Tools for Design and Information Management: Venkatachalam Anantharam, Ruzena Bajcsy, Kenneth Birman (team leader), Gabor Karsai, Edward Lee, Daniel McFadden, Pamela Samuelson, Shankar Sastry, Douglas Schmidt, Janos Sztipanovits, Steven Weber, Stephen Wicker

    Our software tools effort focuses on the development of new software tools for monitoring and controlling large sensor infrastructures. Few "robust" communications architectures [MSE04] are known for scalability. We are finding that by adopting probabilistic goals, we can break through this barrier. Our new approach combines peer-to-peer protocols with what are called epidemic or gossip algorithms. By demonstrating a new generation of robust software platforms that scale extremely well, combine rigorous semantics with good performance, and have user-friendly API's, we can enable the creation of a tremendous variety of new control and monitoring solutions for nationally critical infrastructure.

    Previous: SecurityTechnology
    Next: Social Science

    You are not logged in
    © 2005-2008 Trust