TRUST:Team for Research in Ubiquitous Secure Technologies Hot Spots in Education Edward A. Lee UC Berkeley NSF STC Review September 13th 2004
Hot Spots in Education CS topics that are not well covered: concurrency robustness security specialized programming languages domain specific limited expressiveness leveraging formal structures EE topics that are not well covered: mapping of systems theory onto embedded computers formal analysis of computational systems
Platforms A platform is a set of designs. designer has to build concurrency, robustness, and security from low-level mechanisms. A platform is a set of designs. Relations between platforms represent design processes. Platform properties provide structure for model-based design.
Existence Proof that Higher-Level Platforms Can Yield More Trustworthy Systems The SCADE tool has a code generator that produces C or ADA code that is compliant with the DO-178B Level A standard, which allows it to be used in critical avionics applications (see http://www.rtca.org). It relies on synchronous language semantics. synchronous signal value state machine giving decision logic SCADE from http://www.esterel-technologies.com/
Better Platforms SCADE models In exchange for limited expressiveness, we get more understandable and analyzable concurrency, and behavioral properties that can be fully explored. SCADE is an example of an actor-oriented platform.
Leveraging Formal Structures: Example: Behavioral Type Systems Capture patterns of component interaction in a type-system-like framework. Describe interaction types and component behavior in a formal language. Provide a scalable calculus for checking for component incompatibilities and unsatisfied assumptions. Inherit from type-system-like structure scalability to large programs, subtyping, and behavioral polymorphism. communication interface execution interface A behavioral type signature.
Leveraging Formal Structures: Example: Mobile Code Without DOS Model-based distributed task management: Model-based mobile code build using non-Turing-complete platforms can be formally analyzed to prevent denial of service attacks. Model-based execution harness provides the platform for execution of mobile code. Data and behavioral type safety will help make such models secure
Integrating Research and Education 1. Signals 2. Systems 3. State 4. Determinism 5. Composition 6. Linearity 7. Hybrid Systems 8. Freq Domain 9. Freq Response 10. LTI Systems 11. Filtering 12. Transforms 13. Sampling 14. Review 15. Examples Required sophomore course at Berkeley integrates EE-flavor system theory with CS-flavor computation and concurrency.
Outreach Research: The Chess 2003 Superb-IT Team Colin Cochran Rekesh Reddy Philip Baldwin Mike Kofi Okyere Antonio Yordan -Nones Ismael Sarmiento Yang Zhao (Mentor) Xiaojun Liu (Mentor) Edward Lee (Professor) Steve Neuendorffer (Mentor)
Example SUPERB Project: Actor-Oriented Security Models Rakesh Reddy created a cryptography library for actor-oriented models that included digital signatures, encryption and decryption. Above is an example developed by Christopher Hylands, who adapted Rakesh’s library for inclusion in the Ptolemy II standard release. Rakesh Reddy
A Programmer that Ignores Security and Robustness Image “borrowed” from an Iomega advertisement for Y2K software and disk drives, Scientific American, September 1999.