Dependable By Construction: Cyber-Physical Systems to Bet Your Life On

Cyber-physical systems will touch many aspects of life, and lives will depend on them: on the road, in the air, on rails, and in the operating room. We are concerned with the efficient construction of cyber-physical systems, and of the assurances required to place lives within their scope of control. We have been investigating a framework for an approach to safetyand securitycritical systems known as Multiple Independent Levels of Security/Safety (MILS). We are optimistic that the concepts will be applicable to cyber-physical systems in general. Our approach includes the use of an explicit assurance case, decomposed along architectural lines, supporting system-level claims of safety and security, that leverages the previously established claims for the components and for the architecture. We pose a grand challenge for cyber-physical systems based on a vision that has emerged from our work with MILS.