Trustworthiness in Embedded Systems

The emergence of cooperative, programmable, networked embedded systems (NES) has yielded a new vision of distributed sensor and control applications in which heterogeneous services and devices can be assembled flexibly and rapidly to achieve critical missions. In such critical applications, and with the additional burden of privacy protection, the use of untrusted data and computations can have disastrous consequences. This ITR project will therefore investigate the design, modeling, (re)configuration, and validation of trustworthy NES applications that support the privacy of their users, the confidentiality and integrity of the data, the availability of the provided services, while implementing the required functionality and quality of service. NES applications are becoming pervasive, yet are creating tomorrow's cyber infrastructure without the necessary high confidence. Security research to date has largely addressed enterprise systems and networks. Our project aims to develop the fundamental new science of secure network embedded systems and its implications for the emerging infrastructure. Dynamically re-configurable NES applications are vulnerable, however, since the failure of one or more components in spatial proximity may damage the connectivity of larger sub-networks. Our approach will yield the following four innovations: (1) A suite of mathematical models to support the development and validation of trustworthy NES applications, (2) high confidence middleware components to assure the adaptability and survivability of NES applications, (3) a model-based co-design environment that enables the integrated modeling, analysis, generation, and (re)configuration of trustworthy NES applications in terms of middleware components, and (4) a large-scale test-bed in which we will validate the suitability of our models and methods in a realistic NES application environment. Our team consists of the University of California Berkeley (UCB), Vanderbilt University (VU), and SRI. UCB will provide their expertise in modeling distributed hybrid and embedded systems theory and platforms and will address issues of privacy in trusted NES. They will also build a large-scale testbed network of around 103 embedded network devices (Motes) to explore issues of NES application trustworthiness in a realistic environment and experimentally validate how the modeling and components developed by all groups in the project can protect mission-critical NES applications from potential abuses. VU bring their extensive experience in modeling functional capabilities of NES applications, which will yield new systems theory and high confidence composable middleware frameworks with probabilistic elements to them. SRI will focus on modeling the trustworthy aspects of NES applications and on developing methods and tools to support model-based co-design, which will enable the systematic and predictable interweaving of trustworthiness with the functional applications and middleware. The intellectual merit of this proposal centers on two key areas. First, by focusing on foundations and fundamentals, this project will create a new paradigm based on dynamics of trustworthy networks of hybrid systems and will apply it to modeling and analysis of many complex phenomena in the physical and biological sciences. Second, by focusing on methodologies, our research will generate new tools, platforms, and testbeds for the design and experimentation with dynamical and secure NES environments that can ensure trustworthiness and privacy under resource-constrained computation. Trustworthy NES applications have many broad impacts on societal, homeland, and national security that relate to sensing, collection, analysis, distribution of information, as well as monitoring to control the physical environment in which they are embedded. To address the societal implications of our work, we will hold colloquia and discussion groups with social and political sciences through Berkeley's Center for Information Technology Research in the Interest of Society (CITRIS). We will support the development and delivery of a trustworthy NES education and outreach curricula through regular classes and seminars at UCB, through VU's Summer Internship Program in Hybrid and Embedded Software (SIPHER), and through SRI's Research Training and Experience Program (STEP).