High-Confidence Medical Device Software and Systems June 2

High-Confidence Medical Device Software and Systems June 2 -3, 2005 Helen Gill, Ph. D. Program Director Computer and Information Science and Engineering Directorate Computer and Network Systems National Science Foundation 1

Participating HCSS Agencies High-Confidence Software and Systems • • • Air Force Research Laboratories* Army Research Office* Defense Advanced Research Projects Agency Federal Aviation Administration* Food and Drug Administration* National Air & Space Administration National Institutes of Health National Institute of Standards and Technology National Science Foundation National Security Agency Office of Naval Research* * Cooperating agencies 2

NITRD High Confidence Software and Systems (HCSS) Coordinating Group • Interagency R&D coordination • HCSS science and technology research to: Ø Provide a sound theoretical, scientific, and technological basis for assured construction of safe, secure systems Ø Develop hardware, software, and system engineering tools that incorporate ubiquitous, application-based, domain-based, and riskbased assurance Ø Reduce the effort, time, and cost of assurance and quality certification processes Ø Provide a technology base of public domain, advanced-prototype implementations of high confidence technologies to enable rapid adoption Ø Provide measures of results 3

Current NITRD/HCSS, CIP Actions • NAS Study: “Sufficient Evidence? Design for Certifiably Dependable Systems”, http: //www 7. nationalacademies. org/cstb/project_dependable. html • “Verification Grand Challenge”, Sir Tony Hoare, IFIP Working Conference, October 2005”, http: //www. csl. sri. com/users/shankar/VGC 05/ • National Critical Infrastructure Protection and Critical Information Infrastructure R&D Plans, (briefing, http: //www. ctc. org/DHSIF/Cummings. pdf ) • HCSS Coordinating Group - Industry-University workshops: – High Confidence Medical Device Software and Systems (Insup Lee, George Pappas - U. Pennsylvania) – Flight Critical and Aviation Systems – “Post-SCADA” Systems/Electric Power 4

Common “Grand Challenges” • Medical devices and systems of the future – Now: Practitioner closes the loop; sensor feeds to TV monitor, manual settings – Future: Closed-loop patient monitoring and delivery systems, “plug and play” operating rooms/ICUs/home care • Flight-critical aviation systems of the future – Now: Federated designs, pilot closes the loop – Future: Integrated designs; autonomy vs. pilot control • SCADA systems of the future – Now: Telemetry, sensor feeds to control center, centralized decision support – Future: Hierarchical, decentralized, highly-automated, market/policy driven, closed-loop + supervisory control Now: Information-centric, human closes loop, distributed a priori, soft real-time, not secured Future: Feedback control, open and hierarchical supervisory control, mobile, aggregated, soft and hard real-time, secured 5

Computer Systems Research at NSF • Long-term research in the technology base needed for demands of future systems – Assured embedded systems software and composition approaches for physical and engineered systems – Fundamental mechanisms to assure critical properties (real-time, fault tolerance, security) – Science and technology for key problem areas (control systems, sensor nets, coordinated complex systems) – High confidence system design methods and technology • High confidence systems technologies funded, examples: – – Middleware, RTOS, drivers, reconfigurable platforms Run-time integration technology for complex systems Control system concepts, software frameworks/middleware Real-time, distributed computing infrastructure 6

Embedded Software and System Control Problem Closing the loop around combined behaviors… Physical/Biological/Engineered System Control Software Latency Sensing State: Kinematic, Thermal, Electromagnetic, Optical, Chemical, … Coordination Mode, Thread switching Frequency Execution Rate Dynamic scheduling, resource management Clock rate Energy production, consumption Energy Management Hardware Platform Processing and Networking Voltage scaling Bandwidth Stability Phase Actuation Periodic calculation Latency 7

Research Roadmap Context: Embedded Systems Trends, Pressures • System complexity, (re)configurability – Mixed hard, soft real-time requirements – Subsystem, multi-system control must be coordinated – Peer-Peer, not centralized control • Adaptation/context-aware operation – Operation in unpredictably changing contexts – Higher, variable (multi-scale) performance demands, resources • Autonomous/closed-loop, mixed-initiative operation, cooperative operation – Human limitations (skill, rate, complexity, attention span, physical tolerance) – Leverage scarce human resources • Continued advances in platform technology – Integrated processing, common platform assumptions, portability/interoperability – Reconfigurability: FPGAs vs ASICs, DSPs; So. Cs; ad hoc networking – Energy and thermal management, power/voltage scaling – MEMS, bio, nanotechnology • Certification, standardization – Process, evidence 8

Challenges for Embedded Sensing and Control Systems • Multi-system/multi-modal supervisory control • Worse, dynamically “aggregated” (multi-hierarchy? ) supervisory control • Bi-directional flow of system alerts • Beyond stability: time-constrained convergence • Safe, coordinated (e. g. , multi-device) mode transition • Accommodating uncertainty among cooperating systems • Implications of tractable computation for modal structure • “Useable operational mode design” considerations 9

Challenges (2) • Building resilience into systems; safety culture • Finding unifying models of physical and software actions (bridge “logic-physics” gap) – Signal space, integration, recurrence, synchrony – State space, event/time triggering, reaction, asynchrony – Switching, coordination • Models of open systems that are logically AND physically coupled We used to think that if we knew one, we knew two, because one and one are two. We are finding that we must learn a great deal more about 'and'. Sir Arthur Eddington (1882 – 1944) 10

Challenges (3) • Automation to safely manage dynamically configured, real-time, networked systems • Resource management (power, real-time, temperature) • Open systems approaches for ad hoc “aggregated” systems • Methods for building and validating first-principles and learned models • Establishing an evidential (synthetic and analytic) basis for judging systems – Embedded system design technology that produces evidence – Lead to assurance-oriented systems culture Also, a programmatic challenge: How do we get from here to there? What mix of foundational, systems, experimental work? 11

Thank you for contributing to this Research Roadmap (R&R) activity 12

Backup 13

Organization: NSF Today Office of the Director BIO ENG MPS CISE EHR SBE GEO Offices Computer and Information Science and Engineering 14