1. 1 HASTEN: Advanced Tool Integration for Embedded Systems Assurance Insup Lee Department of Computer and Information Science University of Pennsylvania May 10, 2005

2. May 10,, 2005 HCES Review Meeting 2 Principle investigators oRajeev Alur (UPenn) oSampath Kannan (UPenn) oInsup Lee (PI, UPenn) oOleg Sokolsky (UPenn) oRobert P. Cook (GSU) oCarl Gunter (UIUC) oElsa Gunter (UIUC) oKang G. Shin (UMich)

3. May 10,, 2005 HCES Review Meeting 3 Embedded Systems  Embedded system are odevices used to control, monitor or assist the operation of appliances, gadgets, equipment, machinery or plant; oan integral part of the system.  Characteristics oTightly coupled to the physical world; i.e., interacts with (or reacts to) its environment oCorrect operation is subject to  Physical constraints imposed by the environment  Resource constraints of the device oHeterogeneity, networked at larger scale oSociological and ethical requirements  Users are not system experts  Trustworthiness, security and privacy

4. May 10,, 2005 HCES Review Meeting 4 A Variety of Application Domains  Hybrid and embedded systems oAerospace, automobiles, robotics, process control, sensor networks, smart spaces  Medical devices and instruments oPatient monitoring, MRI, infusion pumps, artificial organs  Multimedia oVirtual reality, immersive environment  Consumer electronics oMobile phones, office electronics, digital appliances  Network components oBridges, routers, switches, hubs  E-business oATM, vending machines  Distributed and grid computing oCritical infrastructure defense system, air traffic control, intelligent highway systems, emergence response system

5. May 10,, 2005 HCES Review Meeting 5 Goals of the HASTEN Project  High Assurance Systems Tools and ENvironments (HASTEN)  Develop techniques and tools for “end-to-end” software engineering of embedded software systems oRequirements capture oSpecification, analysis, simulation oImplementation generation and validation: code generation, testing oDeployed system monitoring, checking, and steering  Integrated use of tools oVertical integration (reuse models) oHorizontal integration (layered modeling and analysis)  Case studies oautomotive controllers, mobile robots, medical devices, embedded Linux

6. May 10,, 2005 HCES Review Meeting 6 Build NLFSM Example: Workflow for Policy Modeling and Verification NL Documents Paragraphs NLFSMs Manual Translation and Merging System Specification Test Script Generation Tool Properties Yes / No Outcome Certification Test Scripts Program Code Test Outcomes Certification Criteria Certifier Tester Programmer 1.Write NL Requirements 2.Extract formal system specifications (EFSMs) 3.Analyze specifications 4.Implement system 5.Create test scripts 6.Run test scripts on implementation 7.Use test results and properties to decide if implementation passes

7. May 10,, 2005 HCES Review Meeting 7 Software Development Process  Requirements capture and analysis oInformal to formal oConsistency and completeness oAssumptions and interfaces between system components oApplication-specific properties  Design specifications and analysis oFormal modeling notations oAnalysis techniques & Abstractions oInterfaces  Implementation oCode generation & synthesis oValidation  Testing  Model extraction and verification  Run-time monitoring and checking Requirements Design specification Implementation

8. May 10,, 2005 HCES Review Meeting 8 Posters and Demos  Requirements capture and analysis oExtracting Formal Models from Natural Language Policy, Nikhil Dinesh, Arvind Easwaran, Aravind Joshi, Insup Lee  Design specification and analysis oCHARON-AADL: An integrated framework for architectural and behavioral specifications, Jesung Kim, Duncan Clarke, Oleg Sokolsky oSymbolic Compositional Verification by Learning Assumptions, Won Hong Nam, Rajeev Alur  Implementation generation and verification oSound distributed code generation from hybrid system models, Madhukar Anand, Sebatian Fischmeister, Jesung Kim, Insup Lee oOn-the-fly model-checking of recursive state machines, Swarat Chaudhuri, Rajeev Alur oReal-time and probabilistic extensions to MaC, Usa Sammapun, Oleg Sokolsky, Insup Lee  Medical Device Case Studies: oGeneric Infusion Pump and Bloodbank Management System, Dave Arney, Aravind Easwaran, Sebastian Fischmeister, Jesung Kim, Insup Lee

9. May 10,, 2005 HCES Review Meeting 9 Other on-going projects  Token coherence protocol, Alur  Stochastic Charon, Alur  Policy integration for programmable embedded devices, Alur, Gunter  Understanding what can be done with steering, Kannan, Lee  Compositional real-time scheduling framework, Lee  Adding time and power consumption to the model supported by the Path Exploration Tool, Gunter  Investigating the combination of model checking, equational rewriting and general theorem proving with Maude, Spin, and Isabelle, Gunter  Etc.

10. May 10,, 2005 HCES Review Meeting 10 Technology transfer I  Schedulability analysis of embedded systems oAADL is an SAE standard for modeling of embedded systems oFormal schedulability analysis by VERSA oEclipse plugin for OSATE AADL modeling tool

11. May 10,, 2005 HCES Review Meeting 11 Technology transfer II  LMCO: MaC run-time verification tool oChecking properties of systems at run time oDynamic and timing properties  QinetiQ: finding exploitable vulnerabilities in binary code oUse MaC to provide dynamic data into static constraint solving problem  BAI Intl.: providing safety wrappers for avionics controllers oUse MaC to evaluate the wrapper at run time

12. May 10,, 2005 HCES Review Meeting 12 Applied Verification by Bob Cook  Discovered bug in Red Hat Next-generation POSIX Thread Library (NPTL); acknowledged/fixed by Red Hat  Description of tools and users oImplemented a POSIX Threads multi-platform library oJava FSM Explorer for PDAs oExperiments with code strip verification oPorting NASA Shuttle Launch Control code to multiple platforms and analyzing it  Tech transfer activities oinvited participant NASA Roadmap Workshop oFA-24 Instructor, Fort Gordon oNASA KSC Faculty Fellow, 04/05 oRequested to consult, Battle Lab, Ft. Gordon in the area of network protocol analysis

13. May 10,, 2005 HCES Review Meeting 13 HCMDSS (High-Confidence Medical Device Software and Systems) Workshop  The High Confidence Software and Systems (HCSS) Coordinating Group (CG) of the Federal Networking and Information Technology R&D (NITRD) Subcommittee, Committee on Technology of the National Science and Technology Council, invites you to submit a position paper for a workshop on High Confidence Medical Device Software and Systems (HCMDSS).  The Federal government recognizes that the rapidly increasing software complexity of medical devices makes the development of high integrity medical device software and systems a crucial issue in public health.  The purpose of the HCMDSS workshop is to provide an open, working forum for leaders and visionaries concerned with medical devices from industry, research laboratories, academia, and government with the goal of developing a roadmap to overcome crucial medical device software and systems issues and challenges facing the design, manufacture, certification, and use of medical devices.  June 2 & 3, 2005, Philadelphia, PA (www.cis.upenn.edu/hcmdss/)www.cis.upenn.edu/hcmdss/

14. May 10,, 2005 HCES Review Meeting 14 Topics of Interest  Enabling Technologies for Future Medical Devices oImplantable regulatory devices, networked biosensors, telesurgery, robotic surgery  Foundations for Integration of Medical Device Systems/Models oComponent-based foundations for accelerated design and verifiable system integration oSystem of systems (including models, medical devices, care-givers, patients)  Distributed Control & Sensing of Networked Medical Device Systems oRobust, verifiable, fault-tolerant control of uncertain, multi-modal systems  Patient Modeling & Simulation oLarge scale, high fidelity organ and patient models for design and testing  Embedded, Real-Time, Networked System Infrastructures for MDSS oArchitecture, platform, middleware, resource management, QoS (Quality of Service), PnP (Plug-and-Play) of MDSS  High-Confidence Medical Device Software Development & Assurance oCare-giver requirements solicitation and capture, design and implementation V&V (Verification and Validation) oHeterogeneity in environment, architecture, platform in medical devices  Medical Practice-driven Models and Requirements oUser-centered design, risk understanding, and use/misuse modeling in medical practice  Certification of MDSS oQuantifiable incremental certification of MDSS, role of design tools oCOTS, non-determinisitic and self-adaptive medical device systems

15. May 10,, 2005 HCES Review Meeting 15 Talks  Algorithmic software verification, Rajeev Alur  Schedulability analysis of AADL models" Oleg Sokolsky  Role-based access control in a mobile environment, Elsa Gunter