Search

Your search keyword '"Andrea Ceccarelli"' showing total 49 results
Start Over Author "Andrea Ceccarelli" Publisher ieee
49 results on '"Andrea Ceccarelli"'

1. Evaluating Object (Mis)Detection From a Safety and Reliability Perspective: Discussion and Measures

Author

Andrea Ceccarelli and Leonardo Montecchi

Subjects
Autonomous driving, object detection, safety, reliability, Electrical engineering. Electronics. Nuclear engineering, TK1-9971
Abstract

We argue that object detectors in the safety critical domain should prioritize detection of objects that are most likely to interfere with the actions of the autonomous actor. Especially, this applies to objects that can impact the actor’s safety and reliability. To quantify the impact of object (mis)detection on safety and reliability in the context of autonomous driving, we propose new object detection measures that reward the correct identification of objects that are most dangerous and most likely to affect driving decisions. To achieve this, we build an object criticality model to reward the detection of the objects based on proximity, orientation, and relative velocity with respect to the subject vehicle. Then, we apply our model on the recent autonomous driving dataset nuScenes, and we compare nine object detectors. Results show that, in several settings, object detectors that perform best according to the nuScenes ranking are not the preferable ones when the focus is shifted on safety and reliability.

Published
2023
Full Text
View/download PDF

2. Tolerate Failures of the Visual Camera With Robust Image Classifiers

Author

Muhammad Atif, Andrea Ceccarelli, Tommaso Zoppi, and Andrea Bondavalli

Subjects
Visual camera failures, deep learning, data augmentation, robustness, traffic sign recognition, Electrical engineering. Electronics. Nuclear engineering, TK1-9971
Abstract

Deep Neural Networks (DNNs) have become an enabling technology for building accurate image classifiers, and are increasingly being applied in many ICT systems such as autonomous vehicles. Unfortunately, classifiers can be deceived by images that are altered due to failures of the visual camera, preventing the proper execution of the classification process. Therefore, it is of utmost importance to build image classifiers that can guarantee accurate classification even in the presence of such camera failures. This study crafts classifiers that are robust to failures of the visual camera by augmenting the training set with artificially altered images that simulate the effects of such failures. Such a data augmentation approach improves classification accuracy with respect to the most common data augmentation approaches, even in the absence of camera failures. To provide experimental evidence for our claims, we exercise three DNN image classifiers on three image datasets, in which we inject the effects of many failures into the visual camera. Finally, we applied eXplainable AI to debate why classifiers trained with the data augmentation approach proposed in this study can tolerate failures of the visual camera.

Published
2023
Full Text
View/download PDF

3. Robust Traffic Sign Recognition Against Camera Failures

Author

Muhammad Atif, Andrea Ceccarelli, Tommaso Zoppi, Mohamad Gharib, and Andrea Bondavalli

Subjects
Traffic sign recognition, camera failures, deep learning, sliding windows, meta learning, robustness, Transportation engineering, TA1001-1280, Transportation and communications, HE1-9990
Abstract

Failures of the vehicle camera may compromise the correct acquisition of frames, that are subsequently used by autonomous driving tasks. A clear understanding of the behavior of the autonomous driving tasks under such failure conditions, together with strategies to avoid safety is jeopardized, are indeed necessary. This study analyses and improve the performance of Traffic Sign Recognition (TSR) systems for road vehicles under the possible occurrence of camera failures. Our experimental assessment relies on three public datasets, which are commonly used for benchmarking TSR systems. We artificially inject 13 different types of camera failures into the three datasets. Then, we exploit three deep neural networks (DNNs) to classify either a single frame of a traffic sign or a sequence (i.e., a sliding window) of frames. We show that sliding windows significantly improves the robustness of the classifier against altered frames. We confirm our observations through explainable AI, which allows understanding why different classifiers have different performance in case of camera failures.

Published
2022
Full Text
View/download PDF

4. Unsupervised Algorithms to Detect Zero-Day Attacks: Strategy and Application

Author

Tommaso Zoppi, Andrea Ceccarelli, and Andrea Bondavalli

Subjects
Zero-day attacks, intrusion detection, machine learning, anomaly detection, RELOAD, security, Electrical engineering. Electronics. Nuclear engineering, TK1-9971
Abstract

In the last decade, researchers, practitioners and companies struggled for devising mechanisms to detect cyber-security threats. Among others, those efforts originated rule-based, signature-based or supervised Machine Learning (ML) algorithms that were proven effective for detecting those intrusions that have already been encountered and characterized. Instead, new unknown threats, often referred to as zero-day attacks or zero-days, likely go undetected as they are often misclassified by those techniques. In recent years, unsupervised anomaly detection algorithms showed potential to detect zero-days. However, dedicated support for quantitative analyses of unsupervised anomaly detection algorithms is still scarce and often does not promote meta-learning, which has potential to improve classification performance. To such extent, this paper introduces the problem of zero-days and reviews unsupervised algorithms for their detection. Then, the paper applies a question-answer approach to identify typical issues in conducting quantitative analyses for zero-days detection, and shows how to setup and exercise unsupervised algorithms with appropriate tooling. Using a very recent attack dataset, we debate on i) the impact of features on the detection performance of unsupervised algorithms, ii) the relevant metrics to evaluate intrusion detectors, iii) means to compare multiple unsupervised algorithms, iv) the application of meta-learning to reduce misclassifications. Ultimately, v) we measure detection performance of unsupervised anomaly detection algorithms with respect to zero-days. Overall, the paper exemplifies how to practically orchestrate and apply an appropriate methodology, process and tool, providing even non-experts with means to select appropriate strategies to deal with zero-days.

Published
2021
Full Text
View/download PDF

5. Detect Adversarial Attacks Against Deep Neural Networks With GPU Monitoring

Author

Tommaso Zoppi and Andrea Ceccarelli

Subjects
Attack detection, anomaly detection, graphics processing unit, deep Neural Networks, adversarial attacks, image classification, Electrical engineering. Electronics. Nuclear engineering, TK1-9971
Abstract

Deep Neural Networks (DNNs) are the preferred choice for image-based machine learning applications in several domains. However, DNNs are vulnerable to adversarial attacks, that are carefully-crafted perturbations introduced on input images to fool a DNN model. Adversarial attacks may prevent the application of DNNs in security-critical tasks: consequently, relevant research effort is put in securing DNNs. Typical approaches either increase model robustness, or add detection capabilities in the model, or operate on the input data. Instead, in this paper we propose to detect ongoing attacks through monitoring performance indicators of the underlying Graphics Processing Unit (GPU). In fact, adversarial attacks generate images that activate neurons of DNNs in a different way than legitimate images. This also causes an alteration of GPU activities, that can be observed through software monitors and anomaly detectors. This paper presents our monitoring and detection system, and an extensive experimental analysis that includes a total of 14 adversarial attacks, 3 datasets, and 12 models. Results show that, despite limitations on the monitoring resolution, adversarial attacks can be detected in most cases, with peaks of detection accuracy above 90%.

Published
2021
Full Text
View/download PDF

8. Detect Adversarial Attacks Against Deep Neural Networks With GPU Monitoring

Author

Andrea Ceccarelli and Tommaso Zoppi

Subjects
General Computer Science, Computer science, Attack detection, Graphics processing unit, Machine learning, computer.software_genre, graphics processing unit, deep Neural Networks, Data modeling, Image (mathematics), Adversarial system, Software, Robustness (computer science), General Materials Science, business.industry, General Engineering, anomaly detection, TK1-9971, adversarial attacks, Deep neural networks, Artificial intelligence, Performance indicator, Electrical engineering. Electronics. Nuclear engineering, business, computer, image classification
Abstract

Deep Neural Networks (DNNs) are the preferred choice for image-based machine learning applications in several domains. However, DNNs are vulnerable to adversarial attacks, that are carefully-crafted perturbations introduced on input images to fool a DNN model. Adversarial attacks may prevent the application of DNNs in security-critical tasks: consequently, relevant research effort is put in securing DNNs. Typical approaches either increase model robustness, or add detection capabilities in the model, or operate on the input data. Instead, in this paper we propose to detect ongoing attacks through monitoring performance indicators of the underlying Graphics Processing Unit (GPU). In fact, adversarial attacks generate images that activate neurons of DNNs in a different way than legitimate images. This also causes an alteration of GPU activities, that can be observed through software monitors and anomaly detectors. This paper presents our monitoring and detection system, and an extensive experimental analysis that includes a total of 14 adversarial attacks, 3 datasets, and 12 models. Results show that, despite limitations on the monitoring resolution, adversarial attacks can be detected in most cases, with peaks of detection accuracy above 90%.

Published
2021

11. On failures of RGB cameras and their effects in autonomous driving applications

Author

Andrea Ceccarelli and Francesco Secci

Subjects
Computer science, business.industry, Real-time computing, Intelligent decision support system, Driving simulator, 020302 automobile design & engineering, 02 engineering and technology, 01 natural sciences, Task (project management), 010309 optics, Software, 0203 mechanical engineering, Safety risk, 0103 physical sciences, RGB color model, Driving simulation, business
Abstract

RGB cameras are arguably one of the most relevant sensors for autonomous driving applications. It is undeniable that failures of vehicle cameras may compromise the autonomous driving task, possibly leading to unsafe behaviors when images that are subsequently processed by the driving system are altered. To support the definition of safe and robust vehicle architectures and intelligent systems, in this paper we define the failure modes of a vehicle camera, together with an analysis of effects and known mitigations. Further, we build a software library for the generation of the corresponding failed images and we feed them to the trained agent of an autonomous driving simulator: the misbehavior of the trained agent allows a better understanding of failures effects and especially of the resulting safety risk.

Published
2020

12. Into the Unknown: Unsupervised Machine Learning Algorithms for Anomaly-Based Intrusion Detection

Author

Andrea Bondavalli, Andrea Ceccarelli, and Tommaso Zoppi

Subjects
Computer science, Telecommunication security, 020207 software engineering, 02 engineering and technology, Intrusion detection system, Binary classification, 020204 information systems, 0202 electrical engineering, electronic engineering, information engineering, Unsupervised learning, Anomaly detection, Anomaly (physics), Focus (optics), Algorithm, Zero-day attack
Abstract

Anomaly detection aims at identifying patterns in data that do not conform to the expected behavior, relying on machine-learning algorithms that are suited for binary classification. It has been arising as one of the most promising techniques to suspect intrusions, zero-day attacks and, under certain conditions, failures. This tutorial aims to instruct the attendees to the principles, application and evaluation of anomaly-based techniques for intrusion detection, with a focus on unsupervised algorithms, which are able to classify normal and anomalous behaviors without relying on input data with labeled attacks.

Published
2020

13. Governance & Autonomy: Towards a Governance-based Analysis of Autonomy in Cyber-Physical Systems-of-Systems

Author

Mohamad Gharib, Andrea Bondavalli, Andrea Ceccarelli, and Paolo Lollini

Subjects
FOS: Computer and information sciences, 050210 logistics & transportation, Computer science, business.industry, media_common.quotation_subject, Corporate governance, 05 social sciences, Cyber-physical system, Automotive industry, Autonomy, Governance, Cyber-Physical Systems of Systems, CPSoS, SoS, Conceptual Modeling, Potential conflict, Domain (software engineering), Software Engineering (cs.SE), Computer Science - Software Engineering, Risk analysis (engineering), 0502 economics and business, Conceptual model, ComputerSystemsOrganization_SPECIAL-PURPOSEANDAPPLICATION-BASEDSYSTEMS, 0501 psychology and cognitive sciences, Function (engineering), business, 050107 human factors, Autonomy, media_common
Abstract

One of the main challenges in integrating Cyber-Physical System-of-Systems (CPSoS) to function as a single unified system is the autonomy of its Cyber-Physical Systems (CPSs), which may lead to a lack of coordination among CPSs and results in various kinds of conflicts. We advocate that to efficiently integrate CPSs within the CPSoS, we may need to adjust the autonomy of some CPSs in a way that allows them to coordinate their activities to avoid any potential conflict among one another. To achieve that, we need to incorporate the notion of governance within the design of CPSoS, which defines rules that can be used for clearly specifying who and how can adjust the autonomy of a CPS. In this paper, we try to tackle this problem by proposing a new conceptual model that can be used for performing a governance-based analysis of autonomy for CPSs within CPSoS. We illustrate the utility of the model with an example from the automotive domain., Comment: preprint - accepted to the IEEE 15th International Conference of System of Systems Engineering (SoSE)

Published
2020

14. Practical Experience Report: Implementation, Verification and Validation of a Safe and Secure Communication Protocol for the Railway Domain

Author

Innocenzo Mungiello, Andrea Ceccarelli, Duccio Bertieri, Andrea Bondavalli, Tommaso Zoppi, Mario Barbareschi, Bertieri, D., Zoppi, T., Mungiello, I., Ceccarelli, A., Barbareschi, M., and Bondavalli, A.

Subjects
Source code, Computer science, business.industry, Railway, media_common.quotation_subject, 020208 electrical & electronic engineering, 020207 software engineering, 02 engineering and technology, Certification, Software quality, Network management, Secure communication, CENELEC, Security, 0202 electrical engineering, electronic engineering, information engineering, V&V, Safety case, Safety, Software engineering, business, Communications protocol, media_common, Coding (social sciences)
Abstract

Different communication protocols are currently being used for the railway domain. However, most of these protocols rely on many interlacing mechanisms and safety codes which raise their complexity. Therefore, companies operating in the railway domain, guided by the Italian railway network manager, devised the Protocollo Vitale Standard, a light network protocol that stems from the Euroradio and RBC-RBC (Radio Block Centre) protocols. In this paper we report our practical experience in the implementation of the Protocollo Vitale Standard in compliance with a CENELEC SIL4 safety target. The implementation of this protocol required assembling a V&V&S plan to specify all the V&V activities that need to be carried out before, during and after the implementation of the protocol. Moreover, coding styles, standards and code quality metrics are defined, and cross-checked at various stages of the implementation. To complete our work, we conducted tests and performance analyses on the source code, while currently we are devising an adequate safety case aiming at a future certification.

Published
2019

15. The SAMBA Approach for Self-Adaptive Model-Based Online Testing of Services Orchestrations

Author

Eliane Martins, Andrea Ceccarelli, and Lucas Leal

Subjects
computer.internet_protocol, Computer science, Distributed computing, Design pattern, Control (management), 020207 software engineering, 02 engineering and technology, Service-oriented architecture, Fault injection, Software deployment, Server, Control system, Mutation (genetic algorithm), 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, computer
Abstract

Service Oriented Architecture (SOA) is a popular design pattern that allows building applications composed of loosely-coupled and autonomous services. Such services may evolve and change at runtime, often outside the control of the owner of the application. Consequently, typical validation approaches, like offline testing performed before services deployment, are necessary but not sufficient: offline testing cannot assure the correct behavior of the SOA during its execution. To cope with the evolution of services and their orchestrations, in this paper we present a Self-Adaptive Model-BAsed online testing framework called SAMBA. SAMBA aims to assess the proper behavior of a SOA during its lifecycle executing model-based online testing at runtime, under the coordination of a MAPE-K control loop. SAMBA is assessed in a case study, where its detection capability are proved through functional, mutation and fault injection tests.

Published
2019

17. Exploiting MDE for Platform-Independent Testing of Service Orchestrations

Author

Eliane Martins, Andrea Ceccarelli, Leonardo Montecchi, and Lucas Leal

Subjects
Model-based testing, Service (systems architecture), Computer science, business.industry, computer.internet_protocol, Design pattern, Interoperability, 020207 software engineering, samba, testing, modelling, 02 engineering and technology, Service-oriented architecture, Test case, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Software verification and validation, Model-driven architecture, Software engineering, business, computer, computer.programming_language
Abstract

Service Oriented Architecture (SOA) is a common design pattern that allows building applications composed of several services. It promotes features as interoperability, scalability, and software reuse. Services composing a SOA system may evolve and change during runtime, often outside the control of the owner of the application, which makes the verification and validation processes complex. Among all the automated techniques to validate the behavior of an SOA application, is Model-Based Testing (MBT). MBT requires an accurate model of the application in order to generate suitable test cases. However, the intrinsic of a SOA application sets significant challenges to MBT effectiveness. In this paper we discuss the challenges in the testing of SOA applications, and we propose the use of Model-Driven Engineering (MDE) to improve the flexibility of testing tools. Finally, we outline our plan for realizing MDE-driven MBT within an existing online testing framework.

Published
2019

18. A Model-Based Approach for Analyzing the Autonomy Levels for Cyber-Physical Systems-of-Systems

Author

Mohamad Gharib, Leandro Dias da Silva, Hanna Kavalionak, and Andrea Ceccarelli

Subjects
Computer science, Reliability (computer networking), media_common.quotation_subject, Cyber-physical system, 020207 software engineering, Cascading Style Sheets, Context (language use), 02 engineering and technology, Unified Modeling Language, Risk analysis (engineering), 0202 electrical engineering, electronic engineering, information engineering, Dependability, 020201 artificial intelligence & image processing, Function (engineering), computer, Autonomy, computer.programming_language, media_common
Abstract

A Cyber-Physical System-of-Systems (CPSoS) can be defined as a System-of-Systems (SoS), where its Constituent Systems (CSs) are Cyber-Physical Systems (CPSs). A main challenge in integrating CPSoS to function as a single integrated system is the autonomy of its components, which may result in conflicts due to the lack of coordination among its CPSs. In this paper, we advocate that in order to facilitate the integration of CPSs within the overall context of their CPSoS, we may need to adjust their level of autonomy in a way that enables them to coordinate their activities to avoid any conflict among one another. Reducing such conflicts surely contributes to the dependability of the CPSoS. In particular, we propose a novel model-based approach for modeling and analyzing the autonomy levels of CPSs based on their awareness concerning their operational environment as well as their capability to safely perform their activity. We illustrate the utility of the approach with an example concerning a cooperative driver overtaking assistance system.

Published
2018

21. RADIANCE Welcome

Author

Nuno Antunes, Ariadne M. B. R. Carvalho, and Andrea Ceccarelli

Published
2017

22. Assessing the Impact of Cascading Failures in Urban Electricity Networks

Author

Andrea Ceccarelli, Paolo Lollini, and Leonardo Montecchi

Subjects
Computer science, business.industry, 020209 energy, Reliability (computer networking), Distributed computing, Complex system, 02 engineering and technology, Cascading failure, Power (physics), Smart grid, 0202 electrical engineering, electronic engineering, information engineering, Dependability, Electricity, Power-system protection, business
Abstract

The shape of Critical Infrastructures (CIs) has changed drastically in recent years, leading them to become interconnected systems with complex interactions. This will be especially true for future power grids, known as "Smart Grids". In such complex systems, one of the main challenges consists in understanding the possible impact of failures on the overall system, and avoiding cascading or escalading effects. In this paper we present an extensible framework for the analysis of failures propagation in power networks, based on model templates developed using the Stochastic Activity Networks formalism. The approach is applied to a case study of a power network, derived from a real system. The obtained results demonstrate the effectiveness of the approach in assessing the impact of failures on the network, both when considering random failures and when performing what-if analyses on specific nodes.

Published
2017

23. Usability Assessment in a Multi-Biometric Continuous Authentication System

Author

Andrea Ceccarelli, Andrea Bondavalli, Enrico Schiavone, and Ariadne Maria Brito Rizzoni Carvalho

Subjects
021110 strategic, defence & security studies, Database, Cognitive walkthrough, Pluralistic walkthrough, Computer science, business.industry, 0211 other engineering and technologies, Usability inspection, Usability, 02 engineering and technology, computer.software_genre, Usability lab, Usability goals, Human–computer interaction, Heuristic evaluation, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, business, computer, Web usability
Abstract

Multimodal biometric continuous authentication systems allow to improve security, making user identity verification a continuous process rather than a one-time occurrence. Unfortunately, the usability of these systems and their adequacy for working activities are often questioned. This paper presents a usability study for a multimodal biometric continuous authentication system capable of continuously and transparently verifying user identity through face, fingerprint and keystroke traits. We evaluate the system's usability obtained varying configuration parameters. This allows identifying the more suitable parameters configuration for different usability and security requirements. The experimental campaign relies on 60 users performing pre-defined tasks while our continuous authentication system is running. Users' opinions on system usability were collected with a post questionnaire. Our findings show that users were able to complete ordinary tasks securely and without additional effort, and that they have accepted the authentication system, which only requires minimal training.

Published
2016

24. A Hazus-Based Method for Assessing Robustness of Electricity Supply to Critical Smart Grid Consumers during Flood Events

Author

Alexandr Vasenev, Lorena Montoya, and Andrea Ceccarelli

Subjects
021110 strategic, defence & security studies, HAZUS, EWI-27538, Mains electricity, METIS-320922, Flood myth, Computer science, 020209 energy, SCS-Cybersecurity, 0211 other engineering and technologies, 02 engineering and technology, Computer security, computer.software_genre, Grid, IR-102807, Smart grid, Risk analysis (engineering), Robustness (computer science), 0202 electrical engineering, electronic engineering, information engineering, Dependability, computer
Abstract

Ensuring an external electricity supply to critical city components during flood events requires adequate urban grid planning. The proliferation of smart grid technologies means that such planning needs to assess how smart grids might function during floods. This paper proposes a method to qualitatively investigate robustness of electricity supply to smart grid consumers during flood events. This method builds on the Hazus methodology and aims to provide inputs for the risk analysis of urban grids.

Published
2016

25. Challenging Anomaly Detection in Complex Dynamic Systems

Author

Andrea Bondavalli, Andrea Ceccarelli, and Tommaso Zoppi

Subjects
System of systems, business.industry, Computer science, Distributed computing, Complex system, Dependability, Cloud computing, Anomaly detection, Context (language use), Relevance (information retrieval), business, Know-how, Data science
Abstract

Software infrastructures are becoming more and more complex, making performance and dependability monitoring in wide and dynamic contexts such as Distributed Systems, Systems of Systems (SoS) and Cloud environments an unachievable goal. Consequently, it is very difficult to know how all the specific parts, services and modules of these systems behave. This negatively impacts our ability in detecting anomalies, because the boundaries between normal and anomalous behaviors are not always known. The paper describes the context and the targeted problem highlighting the research directions that the student will follow in the next years. In particular, after introducing the relevance of this work with respect to the academic and the industrial state of the art, we carefully define the problem and summarize the main challenges that arise according to such problem definition.

Published
2016

27. On the impact of emergent properties on SoS security

Author

Tommaso Zoppi, Andrea Bondavalli, Marco Mori, and Andrea Ceccarelli

Subjects
System of systems, Engineering, business.industry, Scale (chemistry), Reliability (computer networking), Interoperability, 020206 networking & telecommunications, 02 engineering and technology, Computer security, computer.software_genre, Domain (software engineering), Intervention (law), Smart city, 0202 electrical engineering, electronic engineering, information engineering, Dependability, 020201 artificial intelligence & image processing, business, computer
Abstract

Cyber security is becoming more and more relevant with the advent of System of Systems (SoSs). The latter are large scale systems made of independent and autonomous Constituent Systems which interoperate to achieve higher level goals also with the intervention of humans. Providing security in a cyber-physical SoS means, among other features, forecasting and anticipating evolving SoS functionalities and consequently detecting emerging phenomena resulting from the interactions among entailed Constituent Systems. This paper clarifies the relations occurring among SoS evolution, emergence phenomena and security requirements. We show how to enact an evolution step by means of changing SoS functionalities and how to perform the threat analysis consequently. An illustrative scenario in the Smart City domain shows how to dynamically generate security guarantees according to the evolving SoS thus supporting the enactment of mitigation strategies from SoS administrators.

Published
2016

28. Introduction to RADIANCE 2016

Author

Andras Zentai, Ariadne Maria Brito Rizzoni Carvalho, Andrea Ceccarelli, and Nuno Antunes

Subjects
Engineering drawing, Theoretical computer science, Software, Distance measurement, Computer science, business.industry, Informatics, Engineering informatics, Complex system, Radiance, business
Published
2016

29. Presenting the Proper Data to the Crisis Management Operator: A Relevance Labelling Strategy

Author

Tommaso Zoppi, Andrea Bondavalli, Francesco Lo Piccolo, Vito Morreale, Andrea Ceccarelli, Paolo Lollini, and Gabriele Giunta

Subjects
Engineering, Correctness, business.industry, 020206 networking & telecommunications, Mistake, 02 engineering and technology, Crisis management, Sensor fusion, Computer security, computer.software_genre, 020204 information systems, Component-based software engineering, 0202 electrical engineering, electronic engineering, information engineering, crisis management system, human sensors, data filtering, relevance labeling, data fusion, Twitter, Dependability, business, Mobile device, computer, Situation analysis
Abstract

The large availability of smart portable devices and the growing interest in developing Internet of Things (IoT) oriented software components make several heterogeneous data available for analysis purposes. In the context of Crisis Management Systems, this means that people owning mobile devices when involved in natural disasters or terroristic attacks may be considered information sources as the classical ones, e.g., sensors or surveillance cameras. Including the information from the citizens in the situational analysis processes comes with two main issues that need to be addressed: i) the source could deliver wrong data (voluntarily or by mistake) that damage the integrity and the correctness of the analysis, and ii) a significant amount of heterogeneous data need to be selected, filtered and aggregated, to provide to the operator a real-time snapshot of the situation depicted using only credible and relevant information. In this paper, we define and implement a relevance labeling strategy able to process information coming from heterogeneous sources aimed at crisis situations and to provide to the human operator all the details he needs. We include provisions for detecting and removing redundancies and misleading data that can slow down or compromise the process and the a-posteriori analysis. The filtering strategy is last applied to events collected for the Secure! crisis management service-based system, showing its application to three scenarios related to real crisis situations happened in the last year.

Published
2016

30. A Holistic Viewpoint-Based SysML Profile to Design Systems-of-Systems

Author

Paolo Lollini, Bernhard Fromel, Andrea Ceccarelli, Andrea Bondavalli, and Marco Mori

Subjects
System of systems, Engineering, 021103 operations research, business.industry, 0211 other engineering and technologies, Conceptual model (computer science), 020207 software engineering, Context (language use), Cascading Style Sheets, 02 engineering and technology, Ontology (information science), Systems Modeling Language, 0202 electrical engineering, electronic engineering, information engineering, Systems engineering, Dependability, Visual modeling, business, computer, computer.programming_language
Abstract

In recent decades more and more efforts have been devoted in supporting the design of Systems-of-Systems (SoSs). These systems are composed of autonomous Constituent Systems (CSs) which are integrated together to achieve a higher level goal that cannot be achieved by any of its CSs in isolation. Designing such an SoS is a multidisciplinary problem which involves considering emergent phenomena, assuring the achievement of dependability and security requirements, guaranteeing system responsiveness, supporting dynamicity and evolution and multi-criticality of provided services. We believe that a first step towards a viable design approach is to provide a conceptual model of SoSs which captures SoS concepts (e.g., methods, characteristics, and technologies related to SoSs) and their inter-relationships. Such a conceptual model should enhance the understandability of SoSs to stakeholders and provide the basis for further automated analysis. In this context, the AMADEOS European project is bringing together researchers and practitioners to provide the support to design SoSs starting from the definition of a domain specific ontology serving as a vocabulary for SoSs. Our contribution consists of semi-formalizing the key SoS concepts and relationships defined in AMADEOS adopting a SysML visual modeling language. We propose a SysML profile for SoSs and we show its applicability in a Smart Grid scenario.

Published
2016

31. Workshop on Recent Advances in the DependabIlity AssessmeNt of Complex systEms (RADIANCE)

Author

Ariadne Maria Brito Rizzoni Carvalho, Andrea Ceccarelli, Andras Zentai, and Nuno Antunes

Subjects
Black box (phreaking), Computer science, business.industry, Complex system, Certification, Fault injection, Software prototyping, Computer security, computer.software_genre, Systems engineering, Dependability, business, computer, Verification and validation, Agile software development
Abstract

The workshop on Recent Advances in the DependabIlity AssessmeNt of Complex systEms (RADIANCE), in its first edition, aims to discuss novel dependability assessment approaches for complex systems and to promote their adoption in real-world settings through industrial and academic research. The main objective is to promote and foster discussion on novel ideas, constituting a forum where researchers can share both real problems and innovative solutions for the assessment of complex systems. The workshop focuses on assessing complex evolving systems, where increasing complexity and changes are due to the introduction of new components and sensors, and to the extensive usage of software OTS components or black box components in general. In this macro area, the workshop welcomed a broad list of applications ranging from agile development in critical systems to model-driven assessment approaches as well as new needs for verification, validation and certification of dynamic and evolving systems, which also includes solutions for automating the verification and validation processes. Finally, the workshop was interested in

Published
2015

32. A Testbed for Evaluating Anomaly Detection Monitors through Fault Injection

Author

Tommaso Zoppi, Andrea Bondavalli, Giuseppe Vella, Fabio Duchi, and Andrea Ceccarelli

Subjects
business.industry, computer.internet_protocol, Application server, Computer science, Distributed computing, Control reconfiguration, Service-oriented architecture, Fault injection, computer.software_genre, Application layer, Embedded system, Server, Dependability, Anomaly detection, business, computer, SOA, anomaly detection, application server, fault injection, monitoring, testing
Abstract

Amongst the features of Service Oriented Architectures (SOAs), their flexibility, dynamicity, and scalability make them particularly attractive for adoption in the ICT infrastructure of organizations. Such features come at the cost of improved difficulty in monitoring the SOA for error detection: i) faults may manifest themselves differently due to services and SOA evolution, and ii) interactions between a service and its monitors may need reconfiguration at each service update. This calls for monitoring solutions that operate at different layers than the application layer (services layer). In this paper we present our ongoing work towards the definition of a monitoring framework for SOAs and services, which relies on anomaly detection performed at the Application Server (AS) and the Operating System (OS) layers to identify events whose manifestation or effect is not adequately described a-priori. Specifically the paper introduces the key concepts of our work and presents the case study built to exercise and set-up our monitor. The case study uses Life ray as application layer and it includes fault injection and data collection instruments to perform extended testing campaigns.

Published
2014

33. Qualitative comparison of aerospace standards: An objective approach

Author

Nuno Silva and Andrea Ceccarelli

Subjects
DO-178C, Risk analysis (engineering), business.industry, Computer science, Process (engineering), Software standard, DO-254, Objective approach, Systems engineering, Dependability, Aerospace, business, DO-178B
Abstract

Aerospace development processes are regulated by hardware, software or system-level standards. These standards describe the phases of the life-cycle, and the techniques that guarantee or assess the safety of systems and components. Standards are mostly written independently one from the others, and despite major similarities, they also include several distinctions which force companies to apply different expertise, training, personnel and procedures for each of them. This increases the difficulty in adopting new or different standards, ultimately resulting in increased costs. This paper investigates the differences between relevant aerospace standards, namely, the standards investigated include ARP4754A/4761, DO-178B/C, DO-254, ED-153, FAA HBK006A, Galileo Software Standard (GSWS) and the ECSS series, through comparison of lifecycle and major requirements. Evidence is given of main commonalities between the standards, but also of several, non-negligible specificities, what make it more challenging to define a unique development process, and set of activities and competences required to achieve the standards compliance.

Published
2013

34. Meeting the challenges in the design and evaluation of a trackside real-time safety-critical system

Author

Andrea Ceccarelli, Leonardo Montecchi, Andrea Bondavalli, and Paolo Lollini

Subjects
Warning system, Computer science, business.industry, Reliability (computer networking), Global Positioning System, Mobile communication, Monitoring, Reliability, safety, security, Synchronization, ALARP, architecture, challenges, evaluation, railway, real-time, Safety-critical, Computer security, computer.software_genre, Track (rail transport), Risk analysis (engineering), Synchronization (computer science), Dependability, Train, Mobile telephony, business, computer
Abstract

Highly distributed, autonomous and self-powered systems operating in harsh, outdoors environments face several threats in terms of dependability, timeliness and security, due to the challenging operating conditions determined by the environment. Despite such difficulties, there is an increasing demand to deploy these systems to support critical services, thus calling for severe timeliness, safety, and security requirements. Several challenges need to be faced and overcome. First, the designed architecture must be able to cope with the environmental challenges and satisfy dependability, timeliness and security requirements. Second, the assessment of the system must be carried on despite potentially incomplete field-data, and complex cascading effects that small modifications in system properties and operating conditions may have on the targeted metrics. In this paper we present our experience from the EU-funded project ALARP (A railway automatic track warning system based on distributed personal mobile terminals), which aims to build and validate a distributed, real-time, safety-critical system that detects trains approaching a railway worksite and notifies their arrivals to railway trackside workers. The paper describes the challenges we faced, and the solutions we adopted, when architecting and evaluating the ALARP system.

Published
2013

35. A monitoring and testing framework for critical off-the-shelf applications and services

Author

Marco Vieira, Nuno Antunes, Andrea Ceccarelli, Andrea Bondavalli, and Francesco Brancati

Subjects
Functional safety, Test strategy, Computer science, business.industry, System testing, testing, monitoring, critical applications, verification and validation, certification, Assessment, Certification, Safety Assessment, Reliability Analysis, Critical Systems and Applications, Functional Safety, Dependability Validation, Dependable Software Systems, Embedded Systems, System Certification, Component-based software engineering, Dependability, Software verification and validation, Software engineering, business, Formal verification
Abstract

One of the biggest verification and validation challenges is the definition of approaches and tools to support system assessment while minimizing costs and delivery time. This includes the integration of OTS software components in critical systems that must undergo proper certification or approval processes. In the particular case of testing, due to the differences and peculiarities of components, developers often build ad-hoc and poorly-reusable testing tools, which results in increased time and costs. This paper introduces a framework for testing and monitoring of critical OTS applications and services. The framework includes i) a box that is instrumented for monitoring OS and application level variables, ii) an adaptable toolset for testing the target components, and iii) tools for data storing, retrieval and analyzes. A prototype of the framework is under development, and future testing scenarios are designed to show the applicability and effectiveness of the framework.

Published
2013

36. Improving Security of Internet Services through Continuous and Transparent User Identity Verification

Author

Ernesto La Mattina, Andrea Bondavalli, Francesco Brancati, and Andrea Ceccarelli

Subjects
Password, Authentication, Biometrics, business.industry, Computer science, Usability, computer.software_genre, Computer security, The Internet, Session (computer science), Web service, business, Mobile device, computer, Computer network
Abstract

Session management in distributed Internet services is traditionally based on username and password, and explicit logouts and timeouts that expire due to idle activity of the user. Emerging biometric solutions allow substituting username and password with biometric data, but still a single verification is deemed sufficient, and the identity of a user is considered immutable during the entire session. Additionally, the length of the timeout may impact on the usability of the service and consequent client satisfaction. This paper explores promising alternatives offered by biometrics for the management of sessions. A secure protocol is defined for perpetual authentication through continuous user verification. The protocol determines adaptive timeouts selected on the basis of the quality, frequency and type of biometric data acquired transparently from the user. Protocol behavior is shown through simulations.

Published
2012

37. GPS and Electronic Fence Data Fusion for Positioning within Railway Worksite Scenarios

Author

Jesper Grønbæk, Hans-Peter Schwefel, Andrea Ceccarelli, and Joao Figueiras

Subjects
Engineering, Identification (information), Warning system, business.industry, Real-time computing, Global Positioning System, Context (language use), Railway engineering, Kalman filter, Sensor fusion, business, Mobile device, Simulation
Abstract

Context-dependent decisions in safety-critical applications require careful consideration of accuracy and timeliness of the underlying context information. Relevant examples include location-dependent actions in mobile distributed systems. This paper considers localization functions for personalized warning systems for railway workers, where the safety aspects require timely and precise identification whether a worker is located in a dangerous (red) or safe (green) zone within the worksite. The paper proposes and analyzes a data fusion approach based on low-cost GPS receivers integrated on mobile devices, combined with electronic fences strategically placed in the adjacent boundaries between safe and unsafe geographic zones. An approach based on the combination of a Kalman Filter for GPS-based trajectory estimation and a Hidden Markov Model for inclusion of mobility constraints and fusion with information from the electronic fences is developed and analyzed. Different accuracy metrics are proposed and the benefit obtained from the fusion with electronic fences is quantitatively analyzed in the scenarios of a single mobile entity: By having fence information, the correct zone estimation can increase by 30%, while false alarms can be reduced one order of magnitude in the tested scenario.

Published
2012

38. Timed Broadcast via Off-The-Shelf WLAN Distributed Coordination Function for Safety-Critical Systems

Author

Jesper Grønbæk, Boris Malinowsky, Edgar Nett, Andrea Bondavalli, Andrea Ceccarelli, and Hans-Peter Schwefel

Subjects
business.industry, Computer science, Distributed computing, Time division multiple access, 020206 networking & telecommunications, 02 engineering and technology, Distributed coordination function, 020202 computer hardware & architecture, Safety-critical, Synchronous protocols, Packet loss, Bounded function, Stochastic simulation, 0202 electrical engineering, electronic engineering, information engineering, Wireless, Dependability, Unicast, business, Computer network
Abstract

Low cost wireless solutions for safety-critical applications are attractive to leverage safety-critical operation in new application areas. This work assesses the feasibility of providing synchronous and time bounded communication to standard IEEE 802.11 devices with low effort modifications. An existing protocol for time bounded communication in wireless systems is adapted to a generic safety-critical application with low bandwidth requirements, but strict bounds on time behavior. Experimental and simulation studies are conducted in which the protocol is implemented on top of IEEE 802.11e Distributed Coordination Function (DCF). The experimental results for packet loss ratio, communication delays, and broadcast completion are used to calibrate a stochastic simulation model that allows to extrapolate the expected long-term performance of the protocol. Both the experimental results and the simulation extrapolation show that necessary availability requirements can be met with 802.11e prioritization in the investigated cross-traffic and interference scenarios.

Published
2012

39. A Testing Service for Lifelong Validation of Dynamic SOA

Author

Marco Vieira, Andrea Bondavalli, and Andrea Ceccarelli

Subjects
Test strategy, Engineering, OASIS SOA Reference Model, computer.internet_protocol, business.industry, Robustness testing, Software performance testing, Service-oriented architecture, computer.software_genre, Robustness (computer science), Systems engineering, Dependability, Web service, business, computer
Abstract

Service Oriented Architectures (SOAs) are increasingly being used to support the information infrastructures of organizations. SOAs are dynamic and evolve after deployment in order to adapt to changes in the requirements and infrastructure. Consequently, traditional validation approaches based on offline testing conducted before deployment are not adequate anymore, demanding for new techniques that allow testing the SOA during its whole lifecycle. In this paper we propose a SOA testing approach based on a composite service that is able to trace SOA evolution and automatically test the various services according to specific testing policies. The paper describes the architecture of the testing service and presents a concrete implementation focused on robustness testing. Results from a case study demonstrate the effectiveness of the proposed approach in discovering and testing the robustness of SOA services.

Published
2011

40. Localization errors of low-cost GPS devices in railway worksite-like scenarios

Author

Michele Vadursi, Florjan Gogaj, Andrea Bondavalli, Andrea Ceccarelli, and Andrea Seminatore

Subjects
Engineering, Warning system, business.industry, Assisted GPS, Real-time computing, Global Positioning System, Mobile computing, Dependability, Railway engineering, business, Track (rail transport), ALARP, Simulation
Abstract

Many well-known and efficient technologies for satellite-based localization in open space there exist; however, their accuracy and availability depend on several factors, such as the characteristics of the devices used, the surrounding environment, and the distance from reference stations. In the ALARP (A railway automatic track warning system based on distributed personal mobile terminals) system, it is required to accurately localize workers in railway worksites using low-cost GPS devices. In this paper we present an experimental campaign aimed to quantify the systematic and random contribution to localization errors of cheap GPS devices in railway worksite-like scenarios. The evaluation is performed comparing data from low-cost GPS devices to data collected using a highly accurate reference system. Results provide information to understand the feasibility of GPS-based solutions for the ALARP requirements on localization, and constitute a basis for the definition of a further, more extensive testing campaign.

Published
2011

41. RACME: A Framework to Support V&V and Certification

Author

Andrea Bondavalli, Lorenzo Falai, Andrea Ceccarelli, and Lorenzo Vinerbi

Subjects
Documentation, business.industry, Computer science, Process (engineering), Reliability (computer networking), Systems engineering, Dependability, Certification, State (computer science), Software engineering, business, Verification and validation
Abstract

Verification and Validation (V&V) processes are largely applied to critical systems, and often imposed by certification needs. Many V&V processes are defined in the state of the art, for different kind of systems and different kinds of dependability requirements. A very large set of techniques and tools have been developed to execute specific tasks within these V&V processes. However, few instruments that guide and support the overall V&V process can be identified in the literature. The RACME (Resiltech Assessment and Certification MEthodology) framework aims at filling this gap. RACME guides the entire V&V process to support the V&V experts, interconnecting the results of the various activities, organizing the relevant inputs and outputs, detecting inconsistencies, and finally offering support to the construction of the documents required (for certification purposes). We present the RACME motivation, specification and the current prototype, finally, we apply our prototype as support to the V&V expert during a long-term project.

Published
2011

42. A Service Discovery Approach for Testing Dynamic SOAs

Author

Andrea Bondavalli, Marco Vieira, and Andrea Ceccarelli

Subjects
OASIS SOA Reference Model, Computer science, computer.internet_protocol, Distributed computing, Service discovery, Services computing, Dependability, Service-oriented architecture, User interface, Software architecture, computer, Architectural style
Abstract

Service Oriented Architectures (SOAs) are composed of distributed services that interact through standard interfaces, and evolve transparently to other services and users. Although such dynamicity makes SOA a promising architectural style, it prevents organizations from having complete knowledge of the SOA and of its (possibly untrusted) services. This constitutes an important restriction to the applicability of the SOA architectural style to real-time and (business-)critical services, consequently requiring new solutions to automatically discover the services that compose the SOA and to assess their behavior during execution. In this paper we present an approach for services discovery in dynamic SOAs. The discovery algorithm we propose merges information provided by different services providers and is implemented in a testing service that becomes an intrinsic part of the SOA. The practical case study presented shows the effectiveness of the solution.

Published
2011

43. Experimental Validation of a Synchronization Uncertainty-Aware Software Clock

Author

Andrea Bondavalli, Francesco Brancati, Michele Vadursi, and Andrea Ceccarelli

Subjects
Software, System under test, business.industry, Computer science, Node (networking), Real-time computing, Fast Ethernet, Digital clock manager, business, Clock synchronization, Synchronization, CPU multiplier
Abstract

A software clock capable of self-evaluating its synchronization uncertainty is experimentally validated for a specific implementation on a node synchronized through NTP. The validation methodology takes advantage of an external node equipped with a GPS-synchronized clock acting as a reference, which is connected to the node hosting the system under test through a fast Ethernet connection. Experiments are carried out for different values of the software clock parameters and different types of workload, and address the possible occurrence of faults in the system under test and in the NTP synchronization mechanism. The validation methodology is designed to be as less intrusive as possible and to grant a resolution of the order of few hundreds of microseconds. The experimental results show very good performance of R&SAClock, and their analysis gives precious hints for further improvements.

Published
2010

44. Assuring Resilient Time Synchronization

Author

Andrea Ceccarelli, Andrea Bondavalli, and Lorenzo Falai

Subjects
Variable (computer science), Ubiquitous computing, Computer science, Distributed computing, Reliability (computer networking), Component (UML), Real-time computing, Dependability, System monitoring, Clock synchronization, Synchronization
Abstract

In many distributed and pervasive systems the clocks of nodes are required to be synchronized to a unique global time. Due to unpredictable system and environment characteristics, the distance of a local clock from global time is a variable factor very hard to predict. Systems usually adopt measures to guarantee an upper bound on such distance from global time that are very often quite far from typical execution scenarios and thus are of practical little use. As a consequence, while in many circumstances reliable information on the actual distance from global time would improve system behaviour, unfortunately such information is usually not available. In this paper we propose the Reliable and Self-Aware Clock (R&SAClock), a low-intrusive software service that is able to compute a conservative estimation of distance from an external global time. R&SAClock acts as a new clock that couples information gained from synchronization mechanisms with information collected from the local clock to provide both current time and a self-adaptive reliable estimation of distance from global time. This paper describes the R&SAClock as a system component: we define its main functions, services and time-related mechanisms. Finally details of an implementation of the R&SAClock for the NTP synchronization mechanism and Linux OS are shown.

Published
2008

45. A Resilient SIL 2 Driver Machine Interface for Train Control Systems

Author

István Majzik, Gergely Pintér, D. Iovino, F. Caneschi, Andrea Bondavalli, and Andrea Ceccarelli

Subjects
Error detection, Hardware architecture, Engineering, Safety Integrity Levels, Automatic control, business.industry, Automatic train control, Reliability engineering, Fault handling, Software, Control system, Embedded system, Wireless, Dependability, Driver Machine Interface, Railway systems, User interface, business
Abstract

In railway train-borne equipment, the Driver Machine Interface (DMI) acts like a bridge between the train driver and the onboard automatic train control system (European Vital Computer, EVC). While the DMI is required to operate in a critical context, current DMIs have no safety requirements. This implies that the EVC may automatically stop the train whenever the DMI is suspected to misbehave, leading to delay of the train, inconvenience for passengers and consequent possible profit loss. For these reasons a DMI with higher safety requirements is worth to be taken into account, even if it implies higher costs. The SAFEDMI European project aims at developing (i) a DMI at Safety Integrity Level 2 (SIL 2) using off-the-shelf components and a simple hardware architecture to reduce costs, and (ii) a SIL 2 wireless communication support for maintenance. This paper describes the architecture of a DMI which satisfies these objectives. The main hardware and software characteristics will be shown, including the proposed error detection techniques and the related fault handling (characterized by a new operational mode that allows DMI to restart silently, thus reducing unexpected train stops).

Published
2008

46. Foundations of Measurement Theory Applied to the Evaluation of Dependability Attributes

Author

Andrea Bondavalli, Lorenzo Falai, Michele Vadursi, and Andrea Ceccarelli

Subjects
Quantitative evaluation, Computer science, Experimental evaluation, Quality of service, media_common.quotation_subject, Stress measurement, Metrology, Reliability engineering, Measurement theory, Null (SQL), Risk analysis (engineering), Dependability, Quality (business), Reliability (statistics), media_common
Abstract

Increasing interest is being paid to quantitative evaluation based on measurements of dependability attributes and metrics of computer systems and infrastructures. Despite measurands are generally sensibly identified, different approaches make it difficult to compare different results. Moreover, measurement tools are seldom recognized for what they are: measuring instruments. In this paper, many measurement tools, present in the literature, are critically evaluated at the light of metrology concepts and rules. With no claim of being exhaustive, the paper emph{i)} investigates if and how deeply such tools have been validated in accordance to measurement theory, and emph{ii)} tries to evaluate (if possible) their measurement properties. The intention is to take advantage of knowledge available in a recognized discipline such as metrology and to propose criteria and indicators taken from such discipline to improve the quality of measurements performed in evaluation of dependability attributes

Published
2007

47. Towards Making NekoStat a Proper Measurement Tool for the Validation of Distributed Systems

Author

Lorenzo Falai, Andrea Bondavalli, Michele Vadursi, and Andrea Ceccarelli

Subjects
Computer science, Distributed algorithm, Java collections framework, Distributed computing, Component (UML), Synchronization (computer science), Dependability, Reliability (statistics), Clock synchronization, Metrology
Abstract

NekoStat is a Java framework and tool developed for qualitative and quantitative evaluation of dependability attributes of distributed algorithms. In this paper, NekoStat is analyzed along the lines of metrology. First the relevant metrological properties that a tool such as NekoStat should possess are introduced. The lack of a rigorous metrological characterization of the accuracy of collected measures is noticed as there is no estimation of how biased the collected data can be. To solve this, a new component, called OffsetDetector, is introduced and described. OffsetDetector allows to estimate the uncertainty of collected data and enables NekoStat to be aware of the accuracy level of the local clocks during distributed executions. The collected time measurements can thus be distinguished depending on the synchronization quality at the instant they were collected. In this way, the trustworthiness in the results is widely enhanced as shown through a case study illustrated in the paper

Published
2007

48. A Self-Aware Clock for Pervasive Computing Systems

Author

Andrea Ceccarelli, Andrea Bondavalli, and Lorenzo Falai

Subjects
Context-aware pervasive systems, Ubiquitous computing, Computer science, Middleware (distributed applications), Distributed computing, Logical clock, Mobile computing, Dependability, computer.software_genre, computer, Synchronization, Clock synchronization
Abstract

The paper addresses the challenges and opportunities of instrumenting pervasive computing systems with a logical clock, aware of the quality of synchronization with respect to a time reference. Pervasive computing systems are: i) mobile; ii) dynamic; and iii) composed of a large number of distributed components; in systems with these characteristics the availability of a "smart" clock that is: i) capable to use different mechanisms for the synchronization with the global distributed time reference; and ii) aware of the current quality of synchronization with such time reference, can be very useful in order to build dependable middleware services and applications

Published
2007

49. Model-Driven Fault Injection in Java Source Code

Author

Leonardo Montecchi, Elder Rodrigues, and Andrea Ceccarelli

Subjects
Source code, Java, Computer science, business.industry, Programming language, media_common.quotation_subject, Software faults, fault libraries, metamodel, OCL, code patterns, 020207 software engineering, 02 engineering and technology, Fault injection, Hardware_PERFORMANCEANDRELIABILITY, computer.software_genre, Extensibility, Metamodeling, Workflow, Software, 020204 information systems, 0202 electrical engineering, electronic engineering, information engineering, Code (cryptography), business, computer, computer.programming_language, media_common
Abstract

The injection of software faults in source code requires accurate knowledge of the programming language, both to craft faults and to identify injection locations. As such, fault injection and code mutation tools are typically tailored for a specific language and have limited extensibility. In this paper we present a model-driven approach to craft and inject software faults in source code. While its concrete application is presented for Java, the workflow we propose does not depend on a specific programming language. Following Model-Driven Engineering principles, the faults and the criteria to select injection locations are described using structured, machine-readable specifications based on a domain-specific language. Then, automated transformations craft artifacts based on OCL and Java, which represent the faults to be injected and are able to select the candidate injection locations. Finally, artifacts are executed against the target source code, performing the injection in the desired locations. We devise a supporting tool and exercise the approach injecting 13 different kinds of software faults in the Java source code of six different projects.

Full Text
View/download PDF

Catalog

Books, media, physical & digital resources
See catalog results