1 / 21

Systems and Software Research for Safety-Critical Aviation Systems

Systems and Software Research for Safety-Critical Aviation Systems. Helen Gill, Ph.D. CISE/CNS National Science Foundation. Aviation Context for Safety-Critical Software and Systems Research. Vehicle technology research Platforms: materials, fuel-efficiency, range, …

rayya
Download Presentation

Systems and Software Research for Safety-Critical Aviation Systems

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Systems and Software Research for Safety-Critical Aviation Systems Helen Gill, Ph.D. CISE/CNS National Science Foundation

  2. Aviation Context forSafety-Critical Software and Systems Research • Vehicle technology research • Platforms: materials, fuel-efficiency, range, … • Hypersonics, supersonics, subsonics, rotorcraft, … • Software-integrated systems, software control • Today’s US airspace and flight experience • UAV progress: Access5, Unite Alliance, National Institute of Aerospace • High altitude, long endurance vehicles • Growing civilian usage • Commercial aviation: • Industry under economic duress • Concentration at hubs • CIP/TSA waiting queues • Airspace configuration and management progress: …?

  3. Aviation Context (continued) • Tomorrow’s civilian airspace? (capacity/structure) • Large scale, long range transport, transatlantic/global regulation? • Shuttles/commuters, business jet cooperatives, air taxis, … • Mandatory technology increase for general aviation • Wider UAV deployment, (mixed airspace?) • Technology-enabled: GPS/satellite navigation, CA systems.… • Consequences for software certification: • More systems components will be safety-critical • Increased automation required to support capacity (reduced separation) • Technology push to increase pace, decrease cost of certification • More aircraft configurations to certify • Global compliance requirements

  4. Aviation Systems as Critical Infrastructure TECHNOLOGY READINESS LEVELS* TRL 1: Basic principles observed and reported TRL 2: Technology concept and/or application formulated TRL 3: Analytical and experimental critical function and/or characteristic proof-of-concept TRL 4: Component and/or breadboard validation in laboratory environment TRL 5: Component and/or breadboard validation in relevant environment TRL 6: System/subsystem model or prototype demonstration in a relevant environment (ground or space) TRL 7: System prototype demonstration in a space environment TRL 8: Actual system completed and “flight qualified” through test and demonstration (ground or space) TRL 9: Actual system “flight proven” through successful mission operations • Requirement for secure, available systems • Robustness • No essential flaws in safety design • Software: • How can we be sure? • System and Software: • How can we be sure? • What is the future for evaluated products? *A White Paper, April 6, 1995, John C. Mankins, Advanced Concepts Office Office of Space Access and Technology NASA

  5. Federal Activities towards Critical Infrastructure Protection • HSPD-7 • ISACs, NIPP, SCCs, etc. • CIP R&D Planning • National CIP R&D Plan • CIIP R&D Plan • NSTC Committee structure • CT – Committee on Technology • Networking, IT R&D Subcommittee • Infrastructure Subcommittee • Critical Information Infrastructure Protection Interagency Working Group (to be renamed) • NITRD High Confidence Software and Systems Coordinating Group NSTC … CT H&NS Infrastructure NITRD … CIIP HCSS HEC

  6. National CIP R&D PlanApril 8, 2005 NCIP R&D Roadmap identifies three strategic goals: • National Common Operating Picture • Secure National Communication Network • Resilient, Self-Healing, Self-Diagnosing Infrastructure • Themes: • Detection and Sensor Systems • Protection and Prevention • Entry and Access Portals • Insider Threats • Analysis and Decision Support Systems • Response, Recovery, and Reconstitution • New and Emerging Threats and Vulnerabilities • Advanced Infrastructure Architectures and Systems Design • Human and Social Issues http://www.bfrl.nist.gov/PSSIWG/documents/2004NCIP_R&D_Plan_FINAL.pdf

  7. Some “Grand Challenges” • Medical devices and systems of the future • Now: Practitioner closes the loop; sensor feeds to TV monitor, manual settings • Future: Closed-loop patient monitoring and delivery systems, “plug and play” operating rooms/ICUs/home care • Flight-critical aviation systems of the future • Now: Federated designs, pilot closes the loop • Future: Integrated designs; autonomy vs. pilot control • SCADA systems of the future • Now: Telemetry, sensor feeds to control center, centralized decision support • Future: Hierarchical, decentralized, highly-automated, market/policy driven, closed-loop + supervisory control Now: Information-centric, human-closes-loop, distributed a priori, soft real-time, not secured Future: Feedback control, open and hierarchical supervisory control, mobile, aggregated, soft and hard real-time, secured

  8. Technology Grand Challenges • Property and mechanism composition for dependable systems of all kinds: single, composite, and ad hoc aggregations of (RT, FT, secure) • Cooperative distributed/aggregated systems (systems technology for aggregated systems) • Robust, self-checking, self-healing, controllable systems (computation and control) • Evidence-based design and composition technology, to produce systems with certifiably dependable behavior Dependable technology for an already- emerging class of future, critical systems

  9. Cross-cutting Technical Challenges • Future distributed, real-time embedded system characteristics/requirements: • Open, reconfigurable topology, group membership • Styles: Integrated, peer-to-peer, “plug and play”, service-oriented • Fixed & mobile, RF/optical/wired/ wireless networking modalities • Mixed-initiative and highly autonomous operation • Complex multi-modal behavior, discrete-continuous (hybrid) control • Reconfigurable, multi-hierarchy supervisory control; vertical and horizontal interoperation • End-to-end security, “self-healing” • System certification • Status: many experimental systems, some science • Interesting results, but not yet a principled science/engineering base • Focus on situation awareness, sensor nets, and simulation, not control infrastructure

  10. Embedded Software and System Control Problem Closing the loop around combined behaviors… Physical/Biological/Engineered System Control Software Latency Latency Sensing State: Kinematic, Thermal, Electromagnetic, Optical, Chemical,… Coordination Mode, Thread switching Stability Phase Actuation Energy production, consumption Periodic calculation Frequency Execution Rate Dynamic scheduling, resource management Clock rate Energy Management Voltage scaling Hardware Platform Processing and Networking Latency Bandwidth

  11. Research Goal: Assured Systems Software Technology Base • Coordinated control systems applications • Unmanned autonomous air vehicles, automotive applications • SCADA systems for power grid, pipeline control • Remote, tele-operated surgery? • OR, ICU, EMT of the future? • Nano/bio devices? • … • Key areas for potential research • Open control platforms • Reconfigurable coordinated control • Computational and networking substrate • Assured RTOS, networking,… • Middleware • Virtual machines

  12. Specific Challenges for Hybrid Systems • Multi-system/multi-modal supervisory control • Dynamically “aggregated” multi-hierarchy supervisory control • Beyond stability: time-bounded convergence • Safe complex transition • Accommodating multi-system uncertainty • Implications of tractable computational methods for modal structure • “Useable design” considerations for modal structure

  13. Report Card: Software Certification TRL ? • Analysis tools (4?) • Signficant progress, acceptance of static analysis • C, C++, Java remain challenging • Model checking viable for bug-finding • System software technology base (2) • “Evaluated products” not in sight, NIAP notwithstanding; lack of systematic safety evaluation • RTOS, VM, middleware chaos • Lack of integration of security, safety, fault tolerance, real-time technology • Certification for adaptive systems (1) • Model acquisition • Mode transition, reconfiguration

  14. Certification Challenges: Tools for Assured Applications • Comprehensive safety design, analysis • Failure modes and effects analysis tool chain, system and software • Software design for failure modes

  15. HCSS and NSF/CISE Actions

  16. NITRD HCSS Coordinating Group Assessment Actions National workshops on: • High Confidence Medical Device Software and Systems (HCMDSS), • Planning Workshop, Arlington VA, November 2004, http://www.cis.upenn.edu/hasten/hcmdss-planning/ • National R&D Road-mapping Workshop, Philadelphia, Pennsylvania, June 2005, http://www.cis.upenn.edu/hcmdss/ • High Confidence Aviation Systems (title TBD) • Planning Workshop, Seattle, WA, November 21-22, 2005 • National R&D Road-mapping Workshop, venue TBD, June/July 2006 • High Confidence Critical Infrastructures:“The Electric Power Grid: Beyond SCADA” • Planning • EU-US Planning meeting, October, 2005 • US Planning Workshop, Washington, DC, November-December, 2005 • Workshops • US National R&D Road-mapping Workshop, venue TBD, March, 2006 • EU-US Workshop, Framework Program 7 linkage

  17. NITRD HCSS Coordinating Group Assessment Actions (continued) • Backdrop: • NSF/OSTP Critical Infrastructure Protection Workshop, Leesburg, VA, September 2002, http://www.eecs.berkeley.edu/CIP/ • NSF Workshop, on CIP for SCADA, Minneapolis MN, October 2003 http://www.adventiumlabs.org/NSF-SCADA-IT-Workshop/index.html • National Academies’ study: “Sufficient Evidence? Design for Certifiably Dependable Systems”, http://www7.nationalacademies.org/cstb/project_dependable.html • HCSS real-time operating systems research needs assessment: • Real-time embedded systems information technology base evaluation and prospectus: September-October 2005 • Scope: secure RTOS, virtual machines, middleware • Industry input (NDA): • System integration houses, labs, FFRDCs, • RTOS/middleware vendor perspective, OMG • National Coordination Office summary report(s) derived from workshops, industry input sessions, NAS study

  18. Conclusion: A Possible PSERC Research Agenda? • Exploit renewables and distributed generation/micro-grid research as CIP breakthrough opportunity. Why? • Concept development hotbed for systems of secure, distributed, real-time embedded systems • Vector for change via new and emerging markets, decentralization • Fosters US competitiveness in control systems and embedded systems technologies • Foster multi-disciplinary work that includes the IT research community. Why? • Leverage; investment multiplier • NSF CISE-ENG grass-roots enthusiasm for cooperation in this area (Tomsovic, Baheti, Schwartzkopf, Rodriguez, Rotea, Gill, …) • Initial NSF/DoE/DHS cooperation for secure electric power systems (Cyber Trust) • Who else will do this?

  19. So Far: NSF CISE Investments in Critical Infrastructure, Power Systems • CISE/CNS Computer Systems Research Program • Embedded and Hybrid Systems disciplinary area • (Watch for new emphasis areas in FY 2006 announcement) • CISE/CNS Networking Research • “Clean Slate” Internet research initiative • Planning grant: study on real-time networking for critical infrastructures • NSF Science and Technology Center: TRUST • UC Berkeley, with Vanderbilt, Cornell, Stanford, CMU, … • http://trust.eecs.berkeley.edu/ • Engineering Research Centers: current competition • Information Technology Research, competition ended, active grants remain (EU-US linkages, G.3 and D.4): • Center for Hybrid and Embedded Systems (CHESS), UC Berkeley • Secure and Robust IT Architectures to Improve Survivability of the Power Grid, CMU/WSU • Multi-Layered Architecture for Reliable and Secure Large-Scale Networks, CMU • Infrastructure Programs: • Major Research Infrastructure: Laboratory to Study FACTS Device Interactions, U. of Missouri at Rolla • Cyber Trust (FY 2005 Center-Scale portfolio, TBA 2-3 weeks)

  20. Thank you

  21. High-Confidence Software and Systems(HCSS) Agencies • Air Force Research Laboratories* • Army Research Office* • Defense Advanced Research Projects Agency • Department of Energy • Federal Aviation Administration* • Food and Drug Administration* • National Air & Space Administration • National Institutes of Health • National Institute of Science and Technology • National Science Foundation • National Security Agency • Office of Naval Research* * Cooperating agencies

More Related