Transcript TRUST:Team for Research in Ubiquitous Secure Technologies

TRUST
TRUST:Team for Research in
Ubiquitous Secure Technologies
Hot Spots in Education
Edward A. Lee
UC Berkeley
NSF STC Review
September 13th 2004
Hot Spots in Education
• CS topics that are not well covered:
–
–
–
–
concurrency
robustness
security
specialized programming languages
• domain specific
• limited expressiveness
– leveraging formal structures
• EE topics that are not well covered:
– mapping of systems theory onto embedded computers
– formal analysis of computational systems
Platforms
A platform is a set of
designs.
Relations between
platforms represent
design processes.
Platform properties
provide structure for
model-based design.
designer has to
build concurrency,
robustness, and
security from lowlevel mechanisms.
Existence Proof that Higher-Level Platforms
Can Yield More Trustworthy Systems
synchronous signal value
The SCADE tool has a code generator
that produces C or ADA code that is
compliant with the DO-178B Level A
standard, which allows it to be used in
critical avionics applications (see
http://www.rtca.org). It relies on
synchronous language semantics.
state machine giving decision logic
SCADE from http://www.esterel-technologies.com/
Better
Platforms
SCADE models
In exchange for
limited expressiveness,
we get more
understandable and
analyzable concurrency,
and behavioral
properties that can be
fully explored.
SCADE is an example of
an actor-oriented
platform.
Leveraging Formal Structures:
Example: Behavioral Type Systems
• Capture patterns of
component interaction in a
type-system-like framework.
execution
interface
communication
interface
• Describe interaction
types and component
behavior in a formal language.
• Provide a scalable calculus for
checking for component
incompatibilities and unsatisfied
assumptions.
A behavioral type signature.
• Inherit from type-system-like structure scalability to large programs,
subtyping, and behavioral polymorphism.
Leveraging Formal Structures:
Example: Mobile Code Without DOS
Model-based distributed task management:
Model-based execution harness
provides the platform for
execution of mobile code.
Model-based mobile
code build using nonTuring-complete
platforms can be
formally analyzed to
prevent denial of
service attacks.
Data and behavioral type safety will help make such models secure
Integrating Research and Education
1. Signals
2. Systems
3. State
4. Determinism
5. Composition
6. Linearity
7. Hybrid Systems
8. Freq Domain
9. Freq Response
10. LTI Systems
11. Filtering
12. Transforms
13. Sampling
14. Review
15. Examples
Required sophomore
course at Berkeley
integrates EE-flavor
system theory with CSflavor computation and
concurrency.
Outreach Research:
The Chess 2003 Superb-IT Team
Philip
Baldwin
Colin
Cochran
Mike Kofi
Okyere
Rekesh
Reddy
Antonio
Yordan
-Nones
Ismael
Sarmiento
Yang Zhao
(Mentor)
Steve Neuendorffer
(Mentor)
Xiaojun Liu
(Mentor)
Edward Lee
(Professor)
Example SUPERB Project:
Actor-Oriented Security Models
Rakesh Reddy
created a
cryptography
library for
actor-oriented
models that
included digital
signatures,
encryption and
decryption.
Above is an example developed by Christopher Hylands, who adapted Rakesh’s library for
inclusion in the Ptolemy II standard release.
Rakesh Reddy
Image “borrowed” from an Iomega advertisement for Y2K
software and disk drives, Scientific American, September 1999.
A Programmer that Ignores
Security and Robustness