As defined in the FY 1997 Blue Book:
"HCS research will develop technologies that provide users with
high levels of security, protection, reliability, and restorability of
information services. Such systems are resistant to system failure and
malicious penetration or damage and readily respond to interference by
adaptation or recovery. These systems include both physical components,
wired and wireless technologies, the data they contain and transmit, and
the software that manipulates these data. HCS R&D focuses on (1)
system reliability (such as management of networks under load, failure,
or intrusion; emergency response; firewalls; secure enclaves; and formal
methods), (2) security and privacy (including personal identification,
access control, authentication, encryption and other privacy assurance
techniques, public key infrastructures, and trusted agents for secure
distributed computing), and (3) testing and evaluation. Key applications
include national security, law enforcement, life- and safety-critical
requirements, personal privacy, and protection of critical elements of
the National Information Infrastructure."
High confidence systems imply a level of reliability, privacy, and security necessary for a wide variety of applications, including:
 |
National defense secure systems
|
|
Electronic commerce
|
|
Remote operation of scientific instruments such as synchrotron
light sources, telescopes, surgical instruments, undersea and
outer space vehicles, and data collection systems
|
|
Health care patient record exchange systems and telemedicine |
Fields of high confidence systems research include fault tolerance, real time operation, security, and functional correctness. HCS research requires integrating these fields and creating standard metrics for properties such as safety, security, performance, and reliability. Developers need theories and tools to predict the confidence of different architectures to be able to use high confidence methods to compose high confidence components. The limits of composability must be explored to determine if there are collections of high confidence properties (e.g., security and performance) that cannot be derived from compositional principles.
A challenge is to develop an integrated security fabric in which trusted components can interact closely and rapidly, while mutually suspicious agents can cooperate through security gateways. Central to this challenge for security is scalability of such an integrated security fabric. Scalability is also critical for other properties of high confidence such as performance. Methods and tools such as automated and semi-automated verifiers have not been demonstrated for complex distributed systems, and as systems get ever more complex the issue of scalability becomes critical.
Mechanical verification tools already used for verifying important kernels must be extended to make them easier to use and interoperable for distributed operating systems. Research support for the development of educational programs for safety-critical systems is of vital importance. Areas once considered separate (safety, security, functional correctness, performance in real time, and fault tolerance) are parts of this emerging area. To improve the educational environment for high confidence systems, industry, government, and academia must organize curricula, case studies, electronic textbooks on the Internet, and shared software.
The HCS research includes support of the development of a suite of prototypical high confidence system specifications so that students in different universities can work on similar sets of reasonably realistic problems. This requires research into formulating the problems representative of problems faced in industry and government that are simple enough that students can develop at least partial solutions in a year.
A high confidence system has clearly defined usage and environmental parameter ranges. The benefits from using the system must exceed the costs of non-use, failures, and misuse. The user community must have a high level of confidence that a system will not perform incorrectly due to system errors, faults in the environment, or attempts to compromise the system. New technologies developed to ease the creation of critical high confidence systems can also be used to increase confidence and trust in all computing systems.
 |
 |