Your search keyword '"Andrea Ceccarelli"' showing total 40 results

1. ROSPaCe: Intrusion Detection Dataset for a ROS2-Based Cyber-Physical System and IoT Networks

Author

Tommaso Puccetti, Simone Nardi, Cosimo Cinquilli, Tommaso Zoppi, and Andrea Ceccarelli

Subjects

Science

Abstract

Abstract Most of the intrusion detection datasets to research machine learning-based intrusion detection systems (IDSs) are devoted to cyber-only systems, and they typically collect data from one architectural layer. Often the attacks are generated in dedicated attack sessions, without reproducing the realistic alternation and overlap of normal and attack actions. We present a dataset for intrusion detection by performing penetration testing on an embedded cyber-physical system built over Robot Operating System 2 (ROS2). Features are monitored from three architectural layers: the Linux operating system, the network, and the ROS2 services. The dataset is structured as a time series and describes the expected behavior of the system and its response to ROS2-specific attacks: it repeatedly alternates periods of attack-free operation with periods when a specific attack is being performed. This allows measuring the time to detect an attacker and the number of malicious activities performed before detection. Also, it allows training an intrusion detector to minimize both, by taking advantage of the numerous alternating periods of normal and attack operations.

Published

2024

2. Delirium Diagnosis, Complication Recognition, and Treatment Knowledge among Nurses in an Italian Local Hospital: A Cross-Sectional Study

Author

Andrea Ceccarelli, Maddalena Ballarin, Marco Montalti, Paola Ceccarelli, Silvia Mazzini, Alice Minotti, Davide Gori, and Marco Senni

Subjects

delirium, nursing training, nursing education, nursing knowledge gaps, hospital care, Nursing, RT1-120

Abstract

Delirium, a multifactorial condition with an acute onset and diverse clinical manifestations, poses a significant challenge in the care of hospitalized individuals aged 65 years and older. This study aimed to evaluate the level of knowledge among nursing healthcare personnel regarding the diagnosis, recognition of complications, and treatment of delirium. A paper questionnaire consisting of 18 multiple-choice questions was distributed to nurses in twelve operational units located in four facilities within a local hospital in a specific geographical region under the jurisdiction of the Romagna Local Health Authority in Italy. Out of 194 respondents, the overall acceptance rate was 64.2%. The findings revealed an insufficient understanding of delirium among the nursing staff, with more than 40% of respondents answering incorrectly to five out of nine questions related to delirium knowledge, diagnosis, prevention, and treatment. Notably, gender emerged as a significant determinant, with female participants exhibiting a substantial odds ratio (OR) of 3.50 (p = 0.011 and CI95% = 1.34–9.16) compared to their male counterparts, indicating a higher likelihood of receiving delirium training among females. Furthermore, prolonged tenure within the same work context was associated with a reduced likelihood of receiving delirium training compared to those with less than two years of experience (OR = 0.21, p = 0.034, and CI95% = 0.05–0.89 for 6–10 years of tenure; OR = 0.22, p = 0.038, and CI95% = 0.05–0.92 for over 10 years of tenure). This study underscores the urgent need for enhanced delirium education and improved strategies among nurses to effectively manage patients with delirium. The results advocate regular educational sessions utilizing diverse formats to comprehensively address knowledge gaps among nursing staff. This study was not registered.

Published

2024

3. The Influence of Altitude, Urbanization, and Local Vaccination Centers on Vaccine Uptake within an Italian Health District: An Analysis of 15,000 Individuals Eligible for Vaccination

Author

Andrea Ceccarelli, Giorgia Soro, Chiara Reali, Emilia Biguzzi, Roberta Farneti, Valeria Frassineti, Raffaella Angelini, Gian Luigi Belloli, Davide Gori, and Marco Montalti

Subjects

vaccine confidence, vaccine coverage, vaccination campaign, barriers, epidemiology, Medicine

Abstract

In Italy, free vaccinations for Herpes Zoster (HZ), pneumococcal (PCV), and influenza (FLU) are recommended each year for individuals turning 65. Despite this, achieving optimal vaccination coverage remains challenging. This study assesses coverage rates for HZ, PCV, and FLU in Forlì, Northern Italy, and examines how altitude, urban planning, and health organization variables (such as the presence of a vaccination center) impact vaccine uptake. Vaccination coverages were calculated for birth cohorts between 1952 and 1958 for each municipality in the Forlì area as of 1 March 2024. The geographical factors influencing the vaccination uptake were extracted from the Italian National Institute of Statistics (ISTAT) records and evaluated through a multivariate analysis. The sample analyzed included 15,272 vaccine campaign targets from Forlì’s province (185,525 citizens); the vaccine uptake rates for HZ, PCV, and FLU were 26.9%, 36.7%, and 43.5%, respectively. Gender did not appear to influence vaccine uptake. Living in a flat area appeared to increase vaccine uptake in a statistically significant way for all the vaccinations when compared to a mountainous area (HZ: OR: 1.50, PCV: OR: 1.33, FLU: OR: 1.67). The presence of a vaccine service in low-urbanized areas was shown to increase vaccine uptake for all vaccinations (HZ: OR: 1.65, PCV: OR: 1.93, FLU: OR: 1.53) compared with low-urbanized areas without a vaccination center or more urbanized areas with a vaccination center. This study emphasizes the significance of the territorial context, along with the ease of access to vaccinations and geographic barriers, as key determinants in achieving vaccination targets. Local health authorities should consider these factors when implementing vaccination campaigns.

Published

2024

4. Evaluating Object (Mis)Detection From a Safety and Reliability Perspective: Discussion and Measures

Author

Andrea Ceccarelli and Leonardo Montecchi

Subjects

Autonomous driving, object detection, safety, reliability, Electrical engineering. Electronics. Nuclear engineering, TK1-9971

Abstract

We argue that object detectors in the safety critical domain should prioritize detection of objects that are most likely to interfere with the actions of the autonomous actor. Especially, this applies to objects that can impact the actor’s safety and reliability. To quantify the impact of object (mis)detection on safety and reliability in the context of autonomous driving, we propose new object detection measures that reward the correct identification of objects that are most dangerous and most likely to affect driving decisions. To achieve this, we build an object criticality model to reward the detection of the objects based on proximity, orientation, and relative velocity with respect to the subject vehicle. Then, we apply our model on the recent autonomous driving dataset nuScenes, and we compare nine object detectors. Results show that, in several settings, object detectors that perform best according to the nuScenes ranking are not the preferable ones when the focus is shifted on safety and reliability.

Published

2023

5. Tolerate Failures of the Visual Camera With Robust Image Classifiers

Author

Muhammad Atif, Andrea Ceccarelli, Tommaso Zoppi, and Andrea Bondavalli

Subjects

Visual camera failures, deep learning, data augmentation, robustness, traffic sign recognition, Electrical engineering. Electronics. Nuclear engineering, TK1-9971

Abstract

Deep Neural Networks (DNNs) have become an enabling technology for building accurate image classifiers, and are increasingly being applied in many ICT systems such as autonomous vehicles. Unfortunately, classifiers can be deceived by images that are altered due to failures of the visual camera, preventing the proper execution of the classification process. Therefore, it is of utmost importance to build image classifiers that can guarantee accurate classification even in the presence of such camera failures. This study crafts classifiers that are robust to failures of the visual camera by augmenting the training set with artificially altered images that simulate the effects of such failures. Such a data augmentation approach improves classification accuracy with respect to the most common data augmentation approaches, even in the absence of camera failures. To provide experimental evidence for our claims, we exercise three DNN image classifiers on three image datasets, in which we inject the effects of many failures into the visual camera. Finally, we applied eXplainable AI to debate why classifiers trained with the data augmentation approach proposed in this study can tolerate failures of the visual camera.

Published

2023

6. Herpes Zoster Vaccine Uptake and Active Campaign Impact, a Multicenter Retrospective Study in Italy

Author

Andrea Ceccarelli, Federica Tamarri, Raffaella Angelini, Elizabeth Bakken, Ilaria Concari, Elsa Giannoccaro, Giada Domeniconi, Michela Morri, Chiara Reali, Francesca Righi, Silvia Serra, Gianmaria Semprini, Giulia Silvestrini, Valentina Turri, Davide Gori, and Marco Montalti

Subjects

herpes zoster, shingles, active campaign, catch-up campaign, vaccine hesitancy, vaccine uptake, Medicine

Abstract

The Herpes Zoster (HZ) vaccination has proven both safe and effective in alleviating conditions related to HZ, leading to significant cost savings in national healthcare and social systems. In Italy, it is recommended and provided free of charge to individuals aged 65 and older. To achieve broad vaccination coverage, alongside ordinary immunization campaigns, active and catch-up campaigns were implemented. This retrospective observational study aimed to observe the vaccination coverage achieved in the Romagna Local Health Authority (LHA) during the 2023 active campaign, with a secondary goal of assessing the impact of the 2022 catch-up campaign and the 2023 active campaign compared to ordinary campaigns. As of 3 July 2023, an overall vaccine uptake of 13.5% was achieved among individuals born in 1958, with variations among the four LHA centers ranging from 10.2% to 17.7%. Catch-up and active campaigns together contributed to nearly half of the achieved coverage in Center No. 1 and a quarter in Center No. 2. Notably, individuals born in 1957, not included in the Center No. 2 catch-up campaign, reached significantly lower vaccination coverage compared to other cohorts and centers. Analyzing the use of text messages for active campaigns, it was observed that cohort groups did not show substantial differences in text-message utilization for warnings. However, having relatives who had experienced HZ-related symptoms significantly reduced the reliance on text messages as warnings. These results highlighted how catch-up and active campaigns effectively increased vaccine coverage. Nevertheless, differences in uptake among different centers within the same LHA and the limited contribution of other information sources compared to text messages suggest the necessity of designing campaigns involving all available channels and stakeholders to maximize vaccine uptake.

Published

2024

7. Robust Traffic Sign Recognition Against Camera Failures

Author

Muhammad Atif, Andrea Ceccarelli, Tommaso Zoppi, Mohamad Gharib, and Andrea Bondavalli

Subjects

Traffic sign recognition, camera failures, deep learning, sliding windows, meta learning, robustness, Transportation engineering, TA1001-1280, Transportation and communications, HE1-9990

Abstract

Failures of the vehicle camera may compromise the correct acquisition of frames, that are subsequently used by autonomous driving tasks. A clear understanding of the behavior of the autonomous driving tasks under such failure conditions, together with strategies to avoid safety is jeopardized, are indeed necessary. This study analyses and improve the performance of Traffic Sign Recognition (TSR) systems for road vehicles under the possible occurrence of camera failures. Our experimental assessment relies on three public datasets, which are commonly used for benchmarking TSR systems. We artificially inject 13 different types of camera failures into the three datasets. Then, we exploit three deep neural networks (DNNs) to classify either a single frame of a traffic sign or a sequence (i.e., a sliding window) of frames. We show that sliding windows significantly improves the robustness of the classifier against altered frames. We confirm our observations through explainable AI, which allows understanding why different classifiers have different performance in case of camera failures.

Published

2022

8. Healthcare Service Quality Evaluation in a Community-Oriented Primary Care Center, Italy

Author

Andrea Ceccarelli, Alice Minotti, Marco Senni, Luca Pellegrini, Giuseppe Benati, Paola Ceccarelli, Andrea Federici, Silvia Mazzini, Chiara Reali, Francesco Sintoni, Davide Gori, and Marco Montalti

Subjects

healthcare services, quality, perceptions, Casa della Comunità, COPD, Medicine

Abstract

Community-oriented primary care (COPC) is an inclusive healthcare approach that combines individual care with a population-based outlook, striving to offer effective and equitable services. This study concentrates on assessing the perceived quality of a “Casa della Comunità” (CdC) implemented by the Romagna Local Health Authority, which embraces the COPC model. Through the examination of user experiences, the study aims to comprehend the influence of the CdC’s care delivery model on the community’s perception of service quality. From 13–18 March 2023, paper questionnaires were distributed by trained healthcare professionals and volunteers. The cross-sectional study enrolled participants aged 18 or older, capable of understanding written Italian, and willing to take part voluntarily. A total of 741 questionnaires were collected, resulting in an overall acceptance rate of 85.6%. Among the respondents, 37.9% were female, with an average age of 55.4 ± 16.2 years. While the respondents generally held a positive view of the quality, the results displayed varying levels of satisfaction across the different areas. Multivariate analysis revealed significant associations between factors such as gender, employment status, financial resources, education level, and distance from the healthcare center with the perceived quality of the facility in terms of accessibility, environment, staff, continuity of care, and overall satisfaction. The study yielded valuable insights, identifying strengths and areas for improvement and underscoring the importance of ongoing monitoring studies to enhance patient satisfaction continuously.

Published

2023

9. Development and validation of a safe communication protocol compliant to railway standards

Author

Duccio Bertieri, Andrea Ceccarelli, Tommaso Zoppi, Innocenzo Mungiello, Mario Barbareschi, and Andrea Bondavalli

Subjects

Railway, Communication protocol, Safety, Security, Safety integrity level, Verification and validation, Computer engineering. Computer hardware, TK7885-7895, Electronic computers. Computer science, QA75.5-76.95

Abstract

Abstract Railway systems are composed of a multitude of subsystems, sensors, and actuators that exchange datagrams through safety-critical communication protocols. However, the vast majority of these protocols rely on ad hoc interlacing mechanisms and safety codes which raise the heterogeneity and complexity of the overarching railway system. Therefore, Rete Ferroviaria Italiana, the company who is in charge of managing the Italian railway network, coordinated the definition of the Protocollo Vitale Standard (Standard Vital Protocol). This protocol is inspired to, and compliant with, the communication protocols adopted for the European Train Control System (ETCS) (SUBSET, UNISIG, 037, Euroradio FIS, version 2.3. 0; SUBSET, UNISIG, 098, RBC-RBC safe communication interface, 2007), and it is meant to become the standard layer to enable safe communication between components of the Italian railway system. This paper reports our experience in the design, implementation, verification, and validation of the Protocollo Vitale Standard in compliance with the European safety standards for railway systems. We first defined a safety plan and a verification and validation plan, which guide the design, development, verification, and validation activities as required by safety standards. Guidelines of such plans have been followed strictly until completion of the work, which concludes with the provision of a safety case where all safety evidences are summarized. Noticeably, we (i) selected appropriate safety mechanisms, (ii) verified the software design, (iii) implemented the software in compliance with code metrics and coding rules, (iv) conducted tests to validate the protocol against its functional and performance requirements, and ultimately (v) devised all relevant documentation and a safety case which summarizes the evidences needed for certification.

Published

2021

10. Unsupervised Algorithms to Detect Zero-Day Attacks: Strategy and Application

Author

Tommaso Zoppi, Andrea Ceccarelli, and Andrea Bondavalli

Subjects

Zero-day attacks, intrusion detection, machine learning, anomaly detection, RELOAD, security, Electrical engineering. Electronics. Nuclear engineering, TK1-9971

Abstract

In the last decade, researchers, practitioners and companies struggled for devising mechanisms to detect cyber-security threats. Among others, those efforts originated rule-based, signature-based or supervised Machine Learning (ML) algorithms that were proven effective for detecting those intrusions that have already been encountered and characterized. Instead, new unknown threats, often referred to as zero-day attacks or zero-days, likely go undetected as they are often misclassified by those techniques. In recent years, unsupervised anomaly detection algorithms showed potential to detect zero-days. However, dedicated support for quantitative analyses of unsupervised anomaly detection algorithms is still scarce and often does not promote meta-learning, which has potential to improve classification performance. To such extent, this paper introduces the problem of zero-days and reviews unsupervised algorithms for their detection. Then, the paper applies a question-answer approach to identify typical issues in conducting quantitative analyses for zero-days detection, and shows how to setup and exercise unsupervised algorithms with appropriate tooling. Using a very recent attack dataset, we debate on i) the impact of features on the detection performance of unsupervised algorithms, ii) the relevant metrics to evaluate intrusion detectors, iii) means to compare multiple unsupervised algorithms, iv) the application of meta-learning to reduce misclassifications. Ultimately, v) we measure detection performance of unsupervised anomaly detection algorithms with respect to zero-days. Overall, the paper exemplifies how to practically orchestrate and apply an appropriate methodology, process and tool, providing even non-experts with means to select appropriate strategies to deal with zero-days.

Published

2021

11. Detect Adversarial Attacks Against Deep Neural Networks With GPU Monitoring

Author

Tommaso Zoppi and Andrea Ceccarelli

Subjects

Attack detection, anomaly detection, graphics processing unit, deep Neural Networks, adversarial attacks, image classification, Electrical engineering. Electronics. Nuclear engineering, TK1-9971

Abstract

Deep Neural Networks (DNNs) are the preferred choice for image-based machine learning applications in several domains. However, DNNs are vulnerable to adversarial attacks, that are carefully-crafted perturbations introduced on input images to fool a DNN model. Adversarial attacks may prevent the application of DNNs in security-critical tasks: consequently, relevant research effort is put in securing DNNs. Typical approaches either increase model robustness, or add detection capabilities in the model, or operate on the input data. Instead, in this paper we propose to detect ongoing attacks through monitoring performance indicators of the underlying Graphics Processing Unit (GPU). In fact, adversarial attacks generate images that activate neurons of DNNs in a different way than legitimate images. This also causes an alteration of GPU activities, that can be observed through software monitors and anomaly detectors. This paper presents our monitoring and detection system, and an extensive experimental analysis that includes a total of 14 adversarial attacks, 3 datasets, and 12 models. Results show that, despite limitations on the monitoring resolution, adversarial attacks can be detected in most cases, with peaks of detection accuracy above 90%.

Published

2021

12. Adherence to Herpes Zoster (Shingles) Catch-Up Campaign at the Romagna Local Health Authority (Italy), a Multi-Center Retrospective Observational Study

Author

Andrea Ceccarelli, Susan Scrimaglia, Virginia Fossi, Luigi Ceccaroni, Andrea Federici, Chiara Reali, Raffaella Angelini, Giulia Silvestrini, Francesco Sintoni, Maria Pia Fantini, Davide Gori, Francesca Righi, and Marco Montalti

Subjects

Herpes Zoster, shingles, catch-up campaign, Zostavax, Shingrix, vaccine hesitancy, Medicine

Abstract

Herpes Zoster (shingles) is an infection that occurs when varicella-zoster virus reactivates from the latent state. Incidence and severity of Herpes Zoster disease increase with age. Antiviral drugs are the elective treatment; however, prevention of disease reactivation through effective and safe vaccines is available in Italy out-of-pocket from age 65 onwards. The Romagna Local Health Authority (northern Italy) administered catch-up vaccinations in March–May 2022 for immunizations not performed during the COVID-19 pandemic. In this study, adherence rates to the catch-up campaign and recall activities adopted in two centers were investigated. The uptakes for only the catch-up vaccinations were 11.4% and 12.4%. Having suffered from Herpes Zoster or having family members who suffered from it would not seem to be drivers of increased uptake. Although sending text-messages to all involved patients was the main motivation for vaccine uptake (85.7–95.1%), word of mouth and web/news advertising also contributed to adoption in Center No. 2. In both centers, the need for greater synergy between public health departments and general practitioners to engage their patients emerged, as did the need for additional recall measures. Studying the main drivers of vaccine hesitancy, especially at the local level, can help in targeting campaigns and catch-up activities in order to achieve widespread acceptance.

Published

2022

13. System and Network Security: Anomaly Detection and Monitoring

Author

Michele Vadursi, Andrea Ceccarelli, Elias P. Duarte, and Aniket Mahanti

Subjects

Computer engineering. Computer hardware, TK7885-7895

Published

2016

14. Detect Adversarial Attacks Against Deep Neural Networks With GPU Monitoring

Author

Andrea Ceccarelli and Tommaso Zoppi

Subjects

General Computer Science, Computer science, Attack detection, Graphics processing unit, Machine learning, computer.software_genre, graphics processing unit, deep Neural Networks, Data modeling, Image (mathematics), Adversarial system, Software, Robustness (computer science), General Materials Science, business.industry, General Engineering, anomaly detection, TK1-9971, adversarial attacks, Deep neural networks, Artificial intelligence, Performance indicator, Electrical engineering. Electronics. Nuclear engineering, business, computer, image classification

Abstract

Deep Neural Networks (DNNs) are the preferred choice for image-based machine learning applications in several domains. However, DNNs are vulnerable to adversarial attacks, that are carefully-crafted perturbations introduced on input images to fool a DNN model. Adversarial attacks may prevent the application of DNNs in security-critical tasks: consequently, relevant research effort is put in securing DNNs. Typical approaches either increase model robustness, or add detection capabilities in the model, or operate on the input data. Instead, in this paper we propose to detect ongoing attacks through monitoring performance indicators of the underlying Graphics Processing Unit (GPU). In fact, adversarial attacks generate images that activate neurons of DNNs in a different way than legitimate images. This also causes an alteration of GPU activities, that can be observed through software monitors and anomaly detectors. This paper presents our monitoring and detection system, and an extensive experimental analysis that includes a total of 14 adversarial attacks, 3 datasets, and 12 models. Results show that, despite limitations on the monitoring resolution, adversarial attacks can be detected in most cases, with peaks of detection accuracy above 90%.

Published

2021

15. Computer Safety, Reliability, and Security. SAFECOMP 2024 Workshops : DECSoS, SASSUR, TOASTS, and WAISE, Florence, Italy, September 17, 2024, Proceedings

Author

Andrea Ceccarelli, Mario Trapp, Andrea Bondavalli, Erwin Schoitsch, Barbara Gallina, Friedemann Bitsch, Andrea Ceccarelli, Mario Trapp, Andrea Bondavalli, Erwin Schoitsch, Barbara Gallina, and Friedemann Bitsch

Subjects

Computer networks, Image processing—Digital techniques, Computer vision, Information technology—Management, Software engineering, Computer science, Data protection

Abstract

This book constitutes the proceedings of the Workshops held in conjunction with the 43rd International Conference on Computer Safety, Reliability, and Security, SAFECOMP 2024, which took place in Florence, Italy, during September 2024. The 36 papers included in this book were carefully reviewed and selected from a total of 64 submissions to the following workshops: DECSoS 2024 – 19th Workshop on Dependable Smart Embedded and Cyber-Physical Systems and Systems-of-Systems SASSUR 2024 - 11th International Workshop on Next Generation of System Assurance Approaches for Critical Systems TOASTS 2024 – Towards A Safer Systems'Architecture Through Security WAISE 2024 – 7th International Workshop on Artificial Intelligence Safety Engineering

Published

2024

16. Computer Safety, Reliability, and Security : 43rd International Conference, SAFECOMP 2024, Florence, Italy, September 18–20, 2024, Proceedings

Author

Andrea Ceccarelli, Mario Trapp, Andrea Bondavalli, Friedemann Bitsch, Andrea Ceccarelli, Mario Trapp, Andrea Bondavalli, and Friedemann Bitsch

Subjects

Computer networks, Software engineering, Information technology—Management, Robotics, Microprogramming, Computer networks—Security measures

Abstract

This book constitutes the refereed proceedings of the 43rd International Conference on Computer Safety, Reliability and Security, SAFECOMP 2024, held in Florence, Italy, in September 2024. The 19 full papers included in this volume were carefully reviewed and selected from 80 submissions. They have been organized in topical sections as follows: Fault Injection and Tolerance; System and Software Safety Assurance; Automated Driving Systems; Security of safety-critical systems; Safety Verification; and Autonomous Systems.

Published

2024

17. Development and validation of a safe communication protocol compliant to railway standards

Author

Andrea Ceccarelli, Mario Barbareschi, Andrea Bondavalli, Tommaso Zoppi, Innocenzo Mungiello, Duccio Bertieri, Bertieri, D., Ceccarelli, A., Zoppi, T., Mungiello, I., Barbareschi, M., and Bondavalli, A.

Subjects

lcsh:Computer engineering. Computer hardware, Communication protocol, General Computer Science, Computer science, Railway, lcsh:TK7885-7895, 02 engineering and technology, Certification, Safety standards, lcsh:QA75.5-76.95, European Train Control System, 020210 optoelectronics & photonics, 0202 electrical engineering, electronic engineering, information engineering, Safety integrity level, Safety case, Protocol (science), business.industry, 020208 electrical & electronic engineering, Verification and validation, CENELEC, Safety, Security, Software design, lcsh:Electronic computers. Computer science, Software engineering, business, Communications protocol

Abstract

Railway systems are composed of a multitude of subsystems, sensors, and actuators that exchange datagrams through safety-critical communication protocols. However, the vast majority of these protocols rely on ad hoc interlacing mechanisms and safety codes which raise the heterogeneity and complexity of the overarching railway system. Therefore, Rete Ferroviaria Italiana, the company who is in charge of managing the Italian railway network, coordinated the definition of the Protocollo Vitale Standard (Standard Vital Protocol). This protocol is inspired to, and compliant with, the communication protocols adopted for the European Train Control System (ETCS) (SUBSET, UNISIG, 037, Euroradio FIS, version 2.3. 0; SUBSET, UNISIG, 098, RBC-RBC safe communication interface, 2007), and it is meant to become the standard layer to enable safe communication between components of the Italian railway system. This paper reports our experience in the design, implementation, verification, and validation of the Protocollo Vitale Standard in compliance with the European safety standards for railway systems. We first defined a safety plan and a verification and validation plan, which guide the design, development, verification, and validation activities as required by safety standards. Guidelines of such plans have been followed strictly until completion of the work, which concludes with the provision of a safety case where all safety evidences are summarized. Noticeably, we (i) selected appropriate safety mechanisms, (ii) verified the software design, (iii) implemented the software in compliance with code metrics and coding rules, (iv) conducted tests to validate the protocol against its functional and performance requirements, and ultimately (v) devised all relevant documentation and a safety case which summarizes the evidences needed for certification.

Published

2021

18. Unsupervised Anomaly Detectors to Detect Intrusions in the Current Threat Landscape

Author

Andrea Ceccarelli, Andrea Bondavalli, Tommaso Capecchi, and Tommaso Zoppi

Subjects

FOS: Computer and information sciences, Computer Science - Machine Learning, Computer Science - Cryptography and Security, anomaly detection, security, machine learning, attacks, Computer science, 0211 other engineering and technologies, Botnet, security, 02 engineering and technology, Intrusion detection system, computer.software_genre, Machine Learning (cs.LG), Computer Science - Networking and Internet Architecture, attacks, 0202 electrical engineering, electronic engineering, information engineering, Cluster analysis, Networking and Internet Architecture (cs.NI), 021110 strategic, defence & security studies, Anomaly (natural sciences), General Medicine, Fuzz testing, anomaly detection, Support vector machine, machine learning, Binary classification, 020201 artificial intelligence & image processing, Anomaly detection, Data mining, Cryptography and Security (cs.CR), computer

Abstract

Anomaly detection aims at identifying unexpected fluctuations in the expected behavior of a given system. It is acknowledged as a reliable answer to the identification of zero-day attacks to such extent, several ML algorithms that suit for binary classification have been proposed throughout years. However, the experimental comparison of a wide pool of unsupervised algorithms for anomaly-based intrusion detection against a comprehensive set of attacks datasets was not investigated yet. To fill such gap, we exercise seventeen unsupervised anomaly detection algorithms on eleven attack datasets. Results allow elaborating on a wide range of arguments, from the behavior of the individual algorithm to the suitability of the datasets to anomaly detection. We conclude that algorithms as Isolation Forests, One-Class Support Vector Machines and Self-Organizing Maps are more effective than their counterparts for intrusion detection, while clustering algorithms represent a good alternative due to their low computational complexity. Further, we detail how attacks with unstable, distributed or non-repeatable behavior as Fuzzing, Worms and Botnets are more difficult to detect. Ultimately, we digress on capabilities of algorithms in detecting anomalies generated by a wide pool of unknown attacks, showing that achieved metric scores do not vary with respect to identifying single attacks., Will be published on ACM Transactions Data Science

Published

2020

19. FUSION—Fog Computing and Blockchain for Trusted Industrial Internet of Things

Author

Carlo Giannelli, Christian Esposito, Marcello Cinque, Andrea Ceccarelli, Paolo Lollini, Luca Foschini, Ceccarelli, Andrea, Cinque, Marcello, Esposito, Christian, Foschini, Luca, Giannelli, Carlo, and Lollini, Paolo

Subjects

Blockchain, Computer science, Strategy and Management, Internet of Things, Computer security, computer.software_genre, Maintenance engineering, NO, 0502 economics and business, Cloud computing, Orchestration (computing), Electrical and Electronic Engineering, Architecture, Internet of Things, Cloud computing, Industries, Maintenance engineering, Software, Blockchain, fog/edge computing, Industrial Internet of Things (IIoT), Focus (computing), 05 social sciences, Industrial Internet of Things (IIoT), Container (abstract data type), Industrial Internet, fog/edge computing, Software architecture, Software-defined networking, computer, Industries, 050203 business & management, Software

Abstract

The industrial Internet of Things (IIoT) is currently foreseen as a foundation to implement the Industry 4.0 vision. However, device heterogeneity and the need of integration and configuration exposes the industrial infrastructure to potential threats, such as black-hole, man-in-the-middle, and malicious configuration attacks. In this article, we investigate how to manage distributed trust information and to enable trusted configuration actions in the IIoT, by opportunistically intermingling blockchain with the software defined networking and container orchestration technologies. In particular, we focus on how the joint and coordinated adoption of such technologies can make technicians’ interventions on industrial equipment both easier and more trusted. To this purpose, we present the design of a software architecture to simplify the management, configuration, and assessment of IIoT systems, and we discuss our experiences with the application of the proposed architecture in a railways use case.

Published

2020

20. A model to discipline autonomy in cyber-physical systems-of-systems and its application

Author

Leandro Dias da Silva, Andrea Ceccarelli, and Mohamad Gharib

Subjects

Controllability, Management science, Computer science, media_common.quotation_subject, 0202 electrical engineering, electronic engineering, information engineering, Cyber-physical system, 020207 software engineering, 020201 artificial intelligence & image processing, 02 engineering and technology, autonomy, conceptual modeling, controllability, cyber-physical systems-of-systems, simulation, Software, Autonomy, media_common

Published

2020

21. On the educated selection of unsupervised algorithms via attacks and anomaly classes

Author

Tommaso Zoppi, Lorenzo Salani, Andrea Bondavalli, and Andrea Ceccarelli

Subjects

Computer Networks and Communications, Computer science, Anomaly detection, Attacks, Data mining, Intrusion datasets, Intrusion detection, Security, Unsupervised learning, 020206 networking & telecommunications, 02 engineering and technology, Intrusion detection system, Task (project management), Identification (information), Master key, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Anomaly (physics), Safety, Risk, Reliability and Quality, Algorithm, Software, Selection (genetic algorithm)

Abstract

Anomaly detection aims at finding patterns in data that do not conform to the expected behavior. It is largely adopted in intrusion detection systems, relying on unsupervised algorithms that have the potential to detect zero-day attacks; however, efficacy of algorithms varies depending on the observed system and the attacks. Selecting the algorithm that maximizes detection capability is a challenging task with no master key. This paper tackles the challenge above by devising and applying a methodology to identify relations between attack families, anomaly classes and algorithms. The implication is that an unknown attack belonging to a specific attack family is most likely to get observed by unsupervised algorithms that are particularly effective on such attack family. This paves the way to rules for the selection of algorithms based on the identification of attack families. The paper proposes and applies a methodology based on analytical and experimental investigations supported by a tool to i) identify which anomaly classes are most likely raised by the different attack families, ii) study suitability of anomaly detection algorithms to detect anomaly classes, iii) combine previous results to relate anomaly detection algorithms and attack families, and iv) define guidelines to select unsupervised algorithms for intrusion detection.

Published

2020

22. Towards enhanced databases for High Energy Physics

Author

Maria Vittoria Garzelli, Laura Redapi, Piergiulio Lenzi, Andrea Ceccarelli, and Andrea Cioni

Subjects

Scheme (programming language), Particle physics, Point (typography), Database, business.industry, Computer science, media_common.quotation_subject, Online analytical processing, FOS: Physical sciences, Experimental data, Usability, computer.software_genre, Presentation, High Energy Physics - Phenomenology, High Energy Physics - Phenomenology (hep-ph), Physics - Data Analysis, Statistics and Probability, Computer data storage, Collider (epidemiology), business, computer, Data Analysis, Statistics and Probability (physics.data-an), computer.programming_language, media_common

Abstract

The accumulation of a large amount of new experimental data at an impressive rate at present and future collider experiments has led to important questions concerning data storage and organization, their public access and usability, as well as their efficient usage in order to discriminate between different theories. For the last fourty years, the HEPData database has been the reference database for the worldwide community of elementary particle physicists, from DIS to fixed-target and collider experts. Using as a basis a dump of HEPData*, we discuss possible paths to enhance the capabilities of databases for High Energy Physics. Our starting point is the reorganization of the data in a different scheme, which allows for the application of OLAP techniques to automatically extract information at a multidimensional level, answering to complex queries. The feedback of the DIS community is important for understanding specific needs, aiming at a more effective storage, extraction and presentation of the data and information of their interest., *the HepData dump on which this work is based was kindly provided us by K. Ellis, F. Krauss, G. Watt (IPPP Durham). 6 pages, 3 figures,to be published as PoS (DIS2019) 223, in Proceedings of the XXVII International Workshop on Deep Inelastic Scattering and Related Subjects, Torino Italy, 8 - 12 April 2019

Published

2019

23. System-of-Systems to Support Mobile Safety Critical Applications: Open Challenges and Viable Solutions

Author

Leonardo Montecchi, Paolo Lollini, Andrea Ceccarelli, Andrea Bondavalli, and Marco Mori

Subjects

Engineering, Computer Networks and Communications, Complex system, Mobile computing, 02 engineering and technology, Computer security, computer.software_genre, System of Systems, mobile computing, emergence, evolution, dynamicity, 0202 electrical engineering, electronic engineering, information engineering, Dependability, Electrical and Electronic Engineering, computer.programming_language, System of systems, business.industry, 020206 networking & telecommunications, Cascading Style Sheets, Modular design, Computer Science Applications, Risk analysis (engineering), Control and Systems Engineering, 020201 artificial intelligence & image processing, Mobile telephony, business, computer, Monolithic system, Information Systems

Abstract

A dramatic shift in system complexity is occurring, bringing monolithic system designs to be progressively replaced by modular approaches. In the latest years, this trend has been emphasized by the system of systems (SoS) concept, in which a complex system or application is the result of the integration of many independent, autonomous constituent systems (CS), brought together in order to satisfy a global goal under certain rules of engagement. The overall behavior of the SoS, emerging from such complex interactions and dependencies, poses several threats in terms of dependability, timeliness, and security, due to the challenging operating and environmental conditions caused by mobility, wireless connectivity, and the use of off-the-shelf components. Referring to our experience in mobile safety-critical applications gained from three different research projects, in this paper, we illustrate the challenges and benefits posed by the adoption of an SoS approach in designing, developing, and maintaining mobile safety-critical applications, and we report on some possible solutions.

Published

2018

24. Enhancing workers safety in worksites through augmented GNSS sensors

Author

Mauro D'Arco, Alfredo Renga, Andrea Ceccarelli, Andrea Bondavalli, Francesco Brancati, D'Arco, Mauro, Renga, Alfredo, Ceccarelli, Andrea, Brancati, Francesco, and Bondavalli, Andrea

Subjects

business.industry, Computer science, Applied Mathematics, Reliability (computer networking), 020208 electrical & electronic engineering, 010401 analytical chemistry, Real-time computing, Wearable computer, GNSS, Localization, Wearables, Safety, Accuracy, Positioning, Railway trackside workers, 02 engineering and technology, Condensed Matter Physics, Sensor fusion, 01 natural sciences, 0104 chemical sciences, GNSS applications, Assisted GPS, 0202 electrical engineering, electronic engineering, information engineering, Dependability, Electrical and Electronic Engineering, business, Geographic coordinate system, Instrumentation, Wearable technology

Abstract

Human-assistive wearable technologies can monitor the position of a worker in a critical worksite and improve his safety by raising warnings when he is in a dangerous zone. In railway worksites, it is observed that GNSS localization is not applicable due to the relevant localization errors, which are only partially attributable to the specific characteristics of the worksite. Besides, alternative solutions that rely on the support of anchors have the drawback of lengthening the set-up and dismantle time of the worksite. To provide safe localization of railway trackside workers, a system that exploits augmented-GNSS wearable sensors is proposed. Each sensor includes a GPS receiver capable of sharing its coordinates with the other sensors, and is further complemented with a low-cost multi-way distance meter to measure its distance from the other sensors. The main attention is paid to the data fusion approach adopted to improve the accuracy of the position estimate by combining the relative distance measurements to the GPS coordinates.

Published

2018

25. Differential analysis of Operating System indicators for anomaly detection in dependable systems: An experimental study

Author

Michele Vadursi, Andrea Ceccarelli, Diego Santoro, Andrea Bondavalli, and Francesco Brancati

Subjects

Engineering, Measurements on computer systems, Anomaly detection, Dependability measurement, Fault detection, OS anomalies, System monitoring, Instrumentation, Electrical and Electronic Engineering, Reliability (computer networking), Real-time computing, 0211 other engineering and technologies, 02 engineering and technology, computer.software_genre, Fault detection and isolation, 0202 electrical engineering, electronic engineering, information engineering, Dependability, 021110 strategic, defence & security studies, business.industry, Applied Mathematics, System monitoring, Measurements on computer systems, OS anomalies, Anomaly detection, Dependability measurement, Fault detection, 020208 electrical & electronic engineering, Air traffic management, Fault tolerance, Condensed Matter Physics, Identification (information), Operating system, business, computer

Abstract

Dependable complex systems often operate under variable and non-stationary conditions, which requires efficient and extensive monitoring and error detection solutions. Among the many, the paper focuses on anomaly detection techniques, which monitor the evolution of some specific indicators through time to identify anomalies, i.e. deviations from the expected operational behavior. The timely identification of anomalies in dependable, fault tolerant systems allows to timely detect errors in the services and react appropriately. In this paper, we investigate the possibility to monitor the evolution of indicators through time using the random walk model on indicators belonging to Operating Systems, specifically in our study the Linux Red Hat EL5. The approach is based on the experimental evaluation of a large set of heterogeneous indicators, which are acquired under different operating conditions, both in terms of workload and faultload, on an air traffic management target system. The statistical analysis is based on a best-fitting approach aiming to minimize the integral distance between the empirical data distribution and some reference distributions. The outcomes of the analysis show that the idea of adopting a random walk model for the development of an anomaly detection monitor for critical systems that operates at Operating System level is promising. Moreover, standard distributions such as Laplace and Cauchy, rather than Normal, should be used for setting up the thresholds of the monitor. Further studies that involve a new application, a different Operating System and a new layer (an Application Server) will allow verifying the generalization of the approach to other fault tolerant systems, monitored layers and set of indicators.

Published

2016

26. Managing Dynamicity in SoS

Author

Andrea Ceccarelli, Sara Bouchenak, Bogdan Robu, Sorin M. Iacob, Nicolas Marchand, Francesco Brancati, Patrick de Oude, Distribution, Recherche d'Information et Mobilité (DRIM), Laboratoire d'InfoRmatique en Image et Systèmes d'information (LIRIS), Institut National des Sciences Appliquées de Lyon (INSA Lyon), Institut National des Sciences Appliquées (INSA)-Université de Lyon-Institut National des Sciences Appliquées (INSA)-Université de Lyon-Centre National de la Recherche Scientifique (CNRS)-Université Claude Bernard Lyon 1 (UCBL), Université de Lyon-École Centrale de Lyon (ECL), Université de Lyon-Université Lumière - Lyon 2 (UL2)-Institut National des Sciences Appliquées de Lyon (INSA Lyon), Université de Lyon-Université Lumière - Lyon 2 (UL2), Department of Mathematics and Informatics, Università degli Studi di Firenze = University of Florence [Firenze] (UNIFI), Thales (Netherlands), GIPSA - Systèmes non linéaires et complexité (GIPSA-SYSCO), Département Automatique (GIPSA-DA), Grenoble Images Parole Signal Automatique (GIPSA-lab ), Institut polytechnique de Grenoble - Grenoble Institute of Technology (Grenoble INP )-Institut Polytechnique de Grenoble - Grenoble Institute of Technology-Centre National de la Recherche Scientifique (CNRS)-Université Grenoble Alpes [2016-2019] (UGA [2016-2019])-Institut polytechnique de Grenoble - Grenoble Institute of Technology (Grenoble INP )-Institut Polytechnique de Grenoble - Grenoble Institute of Technology-Centre National de la Recherche Scientifique (CNRS)-Université Grenoble Alpes [2016-2019] (UGA [2016-2019])-Grenoble Images Parole Signal Automatique (GIPSA-lab ), Institut polytechnique de Grenoble - Grenoble Institute of Technology (Grenoble INP )-Institut Polytechnique de Grenoble - Grenoble Institute of Technology-Centre National de la Recherche Scientifique (CNRS)-Université Grenoble Alpes [2016-2019] (UGA [2016-2019])-Institut polytechnique de Grenoble - Grenoble Institute of Technology (Grenoble INP )-Institut Polytechnique de Grenoble - Grenoble Institute of Technology-Centre National de la Recherche Scientifique (CNRS)-Université Grenoble Alpes [2016-2019] (UGA [2016-2019]), European Project: 610535,EC:FP7:ICT,FP7-ICT-2013-10,AMADEOS(2013), Université Lumière - Lyon 2 (UL2)-École Centrale de Lyon (ECL), Université de Lyon-Université de Lyon-Université Claude Bernard Lyon 1 (UCBL), Université de Lyon-Institut National des Sciences Appliquées de Lyon (INSA Lyon), Université de Lyon-Institut National des Sciences Appliquées (INSA)-Institut National des Sciences Appliquées (INSA)-Centre National de la Recherche Scientifique (CNRS)-Université Lumière - Lyon 2 (UL2)-École Centrale de Lyon (ECL), Université de Lyon-Institut National des Sciences Appliquées (INSA)-Institut National des Sciences Appliquées (INSA)-Centre National de la Recherche Scientifique (CNRS), and Università degli Studi di Firenze = University of Florence (UniFI)

Subjects

020301 aerospace & aeronautics, Engineering, business.industry, Feedback control, Control reconfiguration, 02 engineering and technology, Reliability engineering, 0203 mechanical engineering, 020204 information systems, [INFO.INFO-AU]Computer Science [cs]/Automatic Control Engineering, 0202 electrical engineering, electronic engineering, information engineering, Dependability, Artificial intelligence, business, Adaptation (computer science), Implementation, Reliability (statistics)

Abstract

International audience; SoS dynamicity refers to short-term changes in an SoS, which occur in response to changing environmental or operational parameters of the CSs. These changes may have different effects, such as SoS adaptation or the generation of emergent phenomena. This chapter starts by recalling the MAPE approach in Sect. 2 before to introduce existing monitoring approaches in Sect. 3. Finally, Sect. 4 overviews existing reconfiguration techniques for SoS dynamicity management, related to Analyzis, Planning and Execution phases and illustrates through an examples the possible implementations of dynamicity management with modelling and feedback control techniques.

Published

2016

27. A multi-criteria ranking of security countermeasures

Author

Andrea Bondavalli, Andrea Ceccarelli, Fabio Martinelli, Nicola Nostro, Ilaria Matteucci, Felicita Di Giandomenico, and Francesco Santini

Subjects

Algebraic formalism, Semiring, Computer science, Reliability (computer networking), Rank (computer programming), 020207 software engineering, 02 engineering and technology, Security assessment, Modeling, Computer security, computer.software_genre, Resource (project management), Ranking, 020204 information systems, 0202 electrical engineering, electronic engineering, information engineering, Software, computer

Abstract

We propose a multi-criteria framework for ranking controlling strategies based on several weights, such as delay-time, resource cost, and success-probability of attacks defined via quantitative threat analysis. Therefore, by assigning a different priority to weight-dimensions, we can rank controllers in an adaptive way. We exemplify our approach on the Customer Energy Management System, that acting as an interface among different systems, is open to attacks. We consider the Man in the Middle and Denial of Service attacks.

Published

2016

28. Computer Safety, Reliability, and Security : SAFECOMP 2014 Workshops: ASCoMS, DECSoS, DEVVARTS, ISSE, ReSA4CI, SASSUR. Florence, Italy, September 8-9, 2014, Proceedings

Author

Andrea Bondavalli, Andrea Ceccarelli, Frank Ortmeier, Andrea Bondavalli, Andrea Ceccarelli, and Frank Ortmeier

Subjects

Computer science, Computer engineering, Computer networks, Software engineering, Data protection

Abstract

This book constitutes the refereed proceedings of 6 workshops co-located with SAFECOMP 2014, the 33rd International Conference on Computer Safety, Reliability, and Security, held in Florence, Italy, in September 2014. The 32 revised full and 10 short papers presented were carefully reviewed and selected from 58 submissions. They are complemented with 6 introduction to each of the workshops: Architecting Safety in Collaborative Mobile Systems, ASCoMS'14; ERCIM/EWICS/ARTEMIS Workshop on Dependable Embedded and Cyberphysical Systems and Systems-of-Systems, DECSoS'14; DEvelopment, Verification and VAlidation of cRiTical Systems, DEVVARTS'14; Integration of Safety and Security Engineering, ISSE'14; Reliability and Security Aspects for Critical Infrastructure Protection, ReSA4CI'14; Next Generation of System Assurance Approaches for Safety-Critical Systems, SASSUR'14.

Published

2014

29. Continuous and Transparent User Identity Verification for Secure Internet Services

Author

Paolo Lollini, Andrea Bondavalli, Leonardo Montecchi, Francesco Brancati, Andrea Ceccarelli, and Angelo Marguglio

Subjects

Password, Web server, Biometrics, Computer science, business.industry, Usability, Computer security, computer.software_genre, Server, The Internet, Electrical and Electronic Engineering, Android (operating system), Web service, business, computer, Internet, biometrics (access control), security of data, Android smart phones, Matlab simulations, PC, biometric data, biometric solutions, client satisfaction, continuous user verification, distributed Internet services, functional behavior, model-based quantitative analysis, password, secure Internet services, secure protocol, session management, transparent user identity verification, user session expiration, username, Authentication, Bioinformatics, Protocols, Servers, Smart phones, Web services, Security, authentication, mobile environments, web servers

Abstract

Session management in distributed Internet services is traditionally based on username and password, explicit logouts and mechanisms of user session expiration using classic timeouts. Emerging biometric solutions allow substituting username and password with biometric data during session establishment, but in such an approach still a single verification is deemed sufficient, and the identity of a user is considered immutable during the entire session. Additionally, the length of the session timeout may impact on the usability of the service and consequent client satisfaction. This paper explores promising alternatives offered by applying biometrics in the management of sessions. A secure protocol is defined for perpetual authentication through continuous user verification. The protocol determines adaptive timeouts based on the quality, frequency and type of biometric data transparently acquired from the user. The functional behavior of the protocol is illustrated through Matlab simulations, while model-based quantitative analysis is carried out to assess the ability of the protocol to contrast security attacks exercised by different kinds of attackers. Finally, the current prototype for PCs and Android smartphones is discussed.

Published

2015

30. On trustworthy measurements when testing dependable systems: a discussion and experiences

Author

Andrea Ceccarelli and Andrea Bondavalli

Subjects

Engineering, General Computer Science, business.industry, media_common.quotation_subject, System testing, Fault injection, Scientific literature, Body of knowledge, Systems engineering, dependability, fault injection, experimental evaluation, measurement theory, uncertainty, repeatability, intrusiveness, Dependability, Relevance (information retrieval), Quality (business), business, Reliability (statistics), media_common

Abstract

The scientific literature and the industrial practice agree since many years on the fundamental role of experimental evaluation testing of critical systems for the assessment of the dependability attributes, and consequently on the relevance of achieving trustworthy measurements. This paper discusses and motivates with the support of three case studies, the possible role of the body of knowledge offered by measurement theory metrology to quantitatively assess the quality of measuring instruments, i.e., the tools, and the results collected. The paper first introduces notions of metrology and contextualises them for the dependability evaluation of systems. Successively it presents three case studies developed by the authors where attention to principles from measurement theory and the metrological assessment of tools and results are carried out. The paper ultimately reviews the main guidelines identified discussing their application in the case studies.

Published

2015

31. Insider Threat Assessment: a Model-Based Methodology

Author

Andrea Bondavalli, Nicola Nostro, Francesco Brancati, and Andrea Ceccarelli

Subjects

Computer science, business.industry, Internet privacy, Insider threat, Crisis management, Computer security, computer.software_genre, Insider, Information sensitivity, security, insider threats, risk assessment, attack path, Information and Communications Technology, Scale (social sciences), General Earth and Planetary Sciences, Dependability, business, Dissemination, computer, General Environmental Science

Abstract

Security is a major challenge for today's companies, especially ICT ones which manage large scale cyber-critical systems. Amongst the multitude of attacks and threats to which a system is potentially exposed, there are insider attackers i.e., users with legitimate access which abuse or misuse of their power, thus leading to unexpected security violation (e.g., acquire and disseminate sensitive information). These attacks are very difficult to detect and mitigate due to the nature of the attackers, which often are company's employees motivated by socio-economical reasons, and to the fact that attackers operate within their granted restrictions. It is a consequence that insider attackers constitute an actual threat for ICT organizations. In this paper we present our methodology, together with the application of existing supporting libraries and tools from the state-of-the-art, for insider threats assessment and mitigation. The ultimate objective is to define the motivations and the target of an insider, investigate the likeliness and severity of potential violations, and finally identify appropriate countermeasures. The methodology also includes a maintenance phase during which the assessment can be updated to reflect system changes. As case study, we apply our methodology to the crisis management system Secure!, which includes different kinds of users and consequently is potentially exposed to a large set of insider threats.

Published

2014

32. On security countermeasures ranking through threat analysis

Author

Andrea Bondavalli, Fabio Martinelli, Ilaria Matteucci, Andrea Ceccarelli, Felicita Di Giandomenico, and Nicola Nostro

Subjects

Engineering, Security analysis, Quantitative security, business.industry, Attack Model, Threat Analysis, Security Countermeasures, Computer security, computer.software_genre, Security, Security Modelling, Security Analysis, Security controlling strategies, Critical infrastructure, Threat, Energy management system, Ranking, Key (cryptography), Dependability, business, Threat assessment, computer

Abstract

Security analysis and design are key activities for the protection of critical systems and infrastructures. Traditional approaches consist first in applying a qualitative threat assessment that identifies the attack points. Results are then used as input for the security design such that appropriate countermeasures are selected. In this paper we propose a novel approach for the selection and ranking of security controlling strategies which is driven by quantitative threat analysis based on attack graphs. It consists of two main steps: i) a threat analysis, performed to evaluate attack points and paths identifying those that are feasible, and to rank attack costs from the perspective of an attacker; ii) controlling strategies, to derive the appropriate monitoring rules and the selection of countermeasures are evaluated, based upon the provided values and ranks. Indeed, the exploitation of such threat analysis allows to compare different controlling strategies and to select the one that fits better the given set of functional and security requirements. To exemplify our approach, we adopt part of an electrical power system, the Customer Energy Management System (CEMS), as reference scenario where the steps of threat analysis and security strategies are applied. © 2014 Springer International Publishing.

Published

2014

33. Timed Broadcast via Off-The-Shelf WLAN Distributed Coordination Function for Safety-Critical Systems

Author

Jesper Grønbæk, Boris Malinowsky, Edgar Nett, Andrea Bondavalli, Andrea Ceccarelli, and Hans-Peter Schwefel

Subjects

business.industry, Computer science, Distributed computing, Time division multiple access, 020206 networking & telecommunications, 02 engineering and technology, Distributed coordination function, 020202 computer hardware & architecture, Safety-critical, Synchronous protocols, Packet loss, Bounded function, Stochastic simulation, 0202 electrical engineering, electronic engineering, information engineering, Wireless, Dependability, Unicast, business, Computer network

Abstract

Low cost wireless solutions for safety-critical applications are attractive to leverage safety-critical operation in new application areas. This work assesses the feasibility of providing synchronous and time bounded communication to standard IEEE 802.11 devices with low effort modifications. An existing protocol for time bounded communication in wireless systems is adapted to a generic safety-critical application with low bandwidth requirements, but strict bounds on time behavior. Experimental and simulation studies are conducted in which the protocol is implemented on top of IEEE 802.11e Distributed Coordination Function (DCF). The experimental results for packet loss ratio, communication delays, and broadcast completion are used to calibrate a stochastic simulation model that allows to extrapolate the expected long-term performance of the protocol. Both the experimental results and the simulation extrapolation show that necessary availability requirements can be met with 802.11e prioritization in the investigated cross-traffic and interference scenarios.

Published

2012

34. Improving Robustness of Network Fault Diagnosis to Uncertainty in Observations

Author

Hans-Peter Schwefel, Andrea Bondavalli, Andrea Ceccarelli, and Jesper Grønbæk

Subjects

Ubiquitous computing, Observational error, Noise measurement, Computer science, business.industry, Machine learning, computer.software_genre, Robustness (computer science), Dependability, Measurement uncertainty, Artificial intelligence, Hidden Markov model, business, computer, Uncertainty analysis

Abstract

Performing decentralized network fault diagnosis based on network traffic is challenging. Besides inherent stochastic behaviour of observations, measurements may be subject to errors degrading diagnosis timeliness and accuracy. In this paper we present a novel approach in which we aim to mitigate issues of measurement errors by quantifying uncertainty. The uncertainty information is applied in the diagnostic component to improve its robustness. Three diagnosis components have been proposed based on the Hidden Markov Model formalism: (H0) representing a classical approach, (H1) a static compensation of (H0) to uncertainties and (H2) dynamically adapting diagnosis to uncertainty information. From uncertainty injection scenarios of added measurement noise we demonstrate how using uncertainty information can provide a structured approach of improving diagnosis.

Published

2010

35. Towards a Framework for Self-Adaptive Reliable Network Services in Highly-Uncertain Environments

Author

Andrea Bondavalli, Jesper Grønbæk, Andrea Ceccarelli, Leonardo Montecchi, and Hans-Peter Schwefel

Subjects

Ubiquitous computing, Risk analysis (engineering), Wireless ad hoc network, Computer science, Reliability (computer networking), Dependability, Self adaptive, Architecture, Resilience (network), Computer security, computer.software_genre, computer, Data modeling

Abstract

In future inhomogeneous, pervasive and highly dynamic networks, end-nodes may often only rely on unreliable and uncertain observations to diagnose hidden network states and decide upon possible remediation actions. Inherent challenges exists to identify good and timely decision strategies to improve resilience of end-node services. In this paper we present a framework, called ODDR (Observation, Diagnosis, Decision, Remediation), for improving resilience of network based services through integration of self-adaptive monitoring services, network diagnosis, decision actions, and finally execution (and monitoring) of remediation actions. We detail the motivations to the ODDR design, then we present its architecture, and finally we describe our current activities towards the realization and assessment of the framework services and the main results currently achieved.

Published

2010

36. Design and Evaluation of a Safe Driver Machine Interface

Author

Bondavalli, A., Andrea Ceccarelli, Grønbæk, J., Iovino, D., Kárná, L., Klapka, Š, Madsen, T. K., Magyar, M., Majzik, I., and Salzo, A.

Abstract

Udgivelsesdato: 01/01/09

Published

2009

37. ALARP (A Railway Automatic Track Warning System Based on Distributed Personal Mobile Terminals)

Author

Lorenzo Falai, Andrea Ceccarelli, Michael Schultheis, Boris Malinowsky, Antonio Andrea Seminatore, and Luca Ghelardoni

Subjects

safety, Engineering, Warning system, business.industry, Reliability (computer networking), Real-time computing, Automatic train control, Poison control, ATWS, SIL, Computer security, computer.software_genre, Track (rail transport), Automation, railway, ALARP, Dependability, General Materials Science, business, computer, track warning system

Abstract

The ALARP (A railway automatic track warning system based on distributed personal mobile terminals) project has the aim to study, design and implement an innovative more efficient Automated Track Warning Systems with the intent of overcome the limits of current state-of-the-art solutions. The ALARP system provides a solution which is low cost, non-invasive, easy to install and totally independent from the existing signaling. It is responsible of advising workers of a train approaching and has the functionality of localizing the workers inside the worksite and of guiding them to a safe area.

38. Model-Driven Fault Injection in Java Source Code

Author

Leonardo Montecchi, Elder Rodrigues, and Andrea Ceccarelli

Subjects

Source code, Java, Computer science, business.industry, Programming language, media_common.quotation_subject, Software faults, fault libraries, metamodel, OCL, code patterns, 020207 software engineering, 02 engineering and technology, Fault injection, Hardware_PERFORMANCEANDRELIABILITY, computer.software_genre, Extensibility, Metamodeling, Workflow, Software, 020204 information systems, 0202 electrical engineering, electronic engineering, information engineering, Code (cryptography), business, computer, computer.programming_language, media_common

Abstract

The injection of software faults in source code requires accurate knowledge of the programming language, both to craft faults and to identify injection locations. As such, fault injection and code mutation tools are typically tailored for a specific language and have limited extensibility. In this paper we present a model-driven approach to craft and inject software faults in source code. While its concrete application is presented for Java, the workflow we propose does not depend on a specific programming language. Following Model-Driven Engineering principles, the faults and the criteria to select injection locations are described using structured, machine-readable specifications based on a domain-specific language. Then, automated transformations craft artifacts based on OCL and Java, which represent the faults to be injected and are able to select the candidate injection locations. Finally, artifacts are executed against the target source code, performing the injection in the desired locations. We devise a supporting tool and exercise the approach injecting 13 different kinds of software faults in the Java source code of six different projects.

39. An interoperable testing environment for ERTMS/ETCS control systems

Author

Stefano Marrone, Renato De Guglielmo, Valeria Vittorini, Beniamino Di Martino, Gregorio Barberio, Nicola Mazzocca, Ugo Gentile, Aniello Amato, Luigi Velardi, Adriano Peron, Roberto Nardone, Andrea Bondavalli, Andrea Ceccarelli, Frank Ortmeier, Barberio, Gregorio, DI MARTINO, Beniamino, Mazzocca, Nicola, Velardi, Luigi, Amato, Aniello, De Guglielmo, Renato, Gentile, Ugo, Marrone, Stefano, Nardone, Roberto, Peron, Adriano, Vittorini, Valeria, and Di Martino, Beniamino

Subjects

Computer science, Integration testing, Interface (computing), Functional Testing, Interoperability, Functional testing, Computer Science (all), Functional requirement, System level testing, Model Driven Engineering, Model-Based System Testing, Railway Control System, Test Case Generation, Theoretical Computer Science, Control system, Systems engineering, Model-driven architecture, computer, Simulation, computer.programming_language

Abstract

Verification of functional requirements of critical control systems requires a hard testing activity regulated by international standards. As testing often forms more than fifty percent of the total development cost, to support the verification processes by automated solutions is a key factor for achieving lower effort and costs and reducing time to market. The ultimate goal of the ongoing work here described is the development of an interoperable testing environment supporting the system level testing of railway ERTMS/ETCS control systems. The testing environment will provide a standardized interface to enable the integration testing between sub-systems developed by different companies/suppliers. We present the first outcomes obtained within the ARTEMIS project CRYSTAL which tackles the challenge to establish and push forward an Interoperability Specification (IOS) as an open European standard for the development of safety-critical embedded systems.

Published

2014

40. Critical systems verification in MetaMORP(h)OSY

Author

Rocco Aversa, Francesco Moscato, Beniamino Di Martino, Bondavalli Andrea, Ceccarelli Andrea, Ortmeier Frank, Aversa, Rocco, DI MARTINO, Beniamino, and Moscato, Francesco

Subjects

business.industry, Computer science, Reliability (computer networking), Model transformation, Multi-agent system, Complex system, Formal Model, Object (computer science), Reliability, Model Driven Engineering, Reachability, Model-driven architecture, Software engineering, business, computer, computer.programming_language

Abstract

Multi Agent Systems (MAS) methodologies are emerging as a new approach for modeling and developing complex distributed sys- tems. When complex constraints have to be veried on critical systems Model Driven Engineering (MDE) methodologies allow for the design and implementation of systems correct by construction. Usually verication is enforced by formal analysis. This paper presents MetaMORP(h)OSY (Meta-modeling of Mas Object-based with Real-time specication in Project Of complex SYstems) methodology and framework. They pro- vide a mean for building MAS models used to verify properties (and requirements) of Critical Systems following a MDE approach. In partic- ular, this work describes model transformation algorithms used in Meta- MORP(h)OSY to verify real-time and timed reachability requirements.

Published

2014