. "4. Building Trustworthy Networked Systems of Embedded Computers." Embedded, Everywhere: A Research Agenda for Networked Systems of Embedded Computers. Washington, DC: The National Academies Press, 2001.
The following HTML text is provided to enhance online
readability. Many aspects of typography translate only awkwardly to HTML.
Please use the page image
as the authoritative form to ensure accuracy.
Embedded, Everywhere: A Research Agenda for Networked Systems of Embedded Computers
tion, could lead to significant human, economic, or mission losses. Similar problems were encountered early on in manufacturing automation; here the systems are potentially larger, certainly more distributed, and operate in much less controlled environments. The constraints on EmNets—including long lifetimes, changes in constituent parts, and resource limitations—strain existing methods for evaluating and ensuring system safety. In addition, many EmNets will be operated—and perhaps even configured—by end users with little technical training. New designs may be needed that allow untrained users to operate these systems safely and effectively. Accidents related to software already are starting to increase in proportion to the growing use of software to control potentially dangerous systems (Leveson, 1995). Networking embedded systems together, as envisioned for many new applications, will only add to these problems by enabling a larger number of potentially more complex interactions among components—interactions that cannot be anticipated or properly addressed by system users. New system and software engineering frameworks are needed to deal with these problems and enhance the safety of EmNets.
Security and privacy will also be required in many systems. The amount of information that can be collected by EmNets is staggering, the variety is wide, and the potential for misuse is significant. Capabilities are needed to verify that the information cannot be compromised or used by those who have no right to it and/or to cope with the likelihood that misuse or other problems are going to occur. In addition, these systems will need to be protected from tampering and attacks mounted from outside the system. New networking technologies will introduce the potential for new types of attacks. Security can help with elements of reliability and safety as well since it involves not only satisfying objectives but also incorporates protective mechanisms.
Finally, EmNets need to be usable. The systems must be easy to learn, easy to use, and amenable to understanding, often at different levels of detail by different types of users. As these systems become more complex and open to more varieties of computer-mediated interaction, they need to be designed in such a way that end users and operators understand what a system is doing. Systems that violate users’ expectations lead to frustration at best and errors at worst; it will be important to keep user expectations in mind in design decisions as these systems become more complex and pervasive. In addition, many of these systems will not be directly used by individuals—rather, individuals will interact with EmNets in various contexts, often without realizing it. Understanding how such interactions will take place and what people’s conscious and even subconscious expectations might be is an additional challenge for usability design in EmNets.