Your search keyword '"Andrea Ceccarelli"' showing total 42 results

1. Detect Adversarial Attacks Against Deep Neural Networks With GPU Monitoring

Author

Andrea Ceccarelli and Tommaso Zoppi

Subjects

General Computer Science, Computer science, Attack detection, Graphics processing unit, Machine learning, computer.software_genre, graphics processing unit, deep Neural Networks, Data modeling, Image (mathematics), Adversarial system, Software, Robustness (computer science), General Materials Science, business.industry, General Engineering, anomaly detection, TK1-9971, adversarial attacks, Deep neural networks, Artificial intelligence, Performance indicator, Electrical engineering. Electronics. Nuclear engineering, business, computer, image classification

Abstract

Deep Neural Networks (DNNs) are the preferred choice for image-based machine learning applications in several domains. However, DNNs are vulnerable to adversarial attacks, that are carefully-crafted perturbations introduced on input images to fool a DNN model. Adversarial attacks may prevent the application of DNNs in security-critical tasks: consequently, relevant research effort is put in securing DNNs. Typical approaches either increase model robustness, or add detection capabilities in the model, or operate on the input data. Instead, in this paper we propose to detect ongoing attacks through monitoring performance indicators of the underlying Graphics Processing Unit (GPU). In fact, adversarial attacks generate images that activate neurons of DNNs in a different way than legitimate images. This also causes an alteration of GPU activities, that can be observed through software monitors and anomaly detectors. This paper presents our monitoring and detection system, and an extensive experimental analysis that includes a total of 14 adversarial attacks, 3 datasets, and 12 models. Results show that, despite limitations on the monitoring resolution, adversarial attacks can be detected in most cases, with peaks of detection accuracy above 90%.

Published

2021

2. Unsupervised Anomaly Detectors to Detect Intrusions in the Current Threat Landscape

Author

Andrea Ceccarelli, Andrea Bondavalli, Tommaso Capecchi, and Tommaso Zoppi

Subjects

FOS: Computer and information sciences, Computer Science - Machine Learning, Computer Science - Cryptography and Security, anomaly detection, security, machine learning, attacks, Computer science, 0211 other engineering and technologies, Botnet, security, 02 engineering and technology, Intrusion detection system, computer.software_genre, Machine Learning (cs.LG), Computer Science - Networking and Internet Architecture, attacks, 0202 electrical engineering, electronic engineering, information engineering, Cluster analysis, Networking and Internet Architecture (cs.NI), 021110 strategic, defence & security studies, Anomaly (natural sciences), General Medicine, Fuzz testing, anomaly detection, Support vector machine, machine learning, Binary classification, 020201 artificial intelligence & image processing, Anomaly detection, Data mining, Cryptography and Security (cs.CR), computer

Abstract

Anomaly detection aims at identifying unexpected fluctuations in the expected behavior of a given system. It is acknowledged as a reliable answer to the identification of zero-day attacks to such extent, several ML algorithms that suit for binary classification have been proposed throughout years. However, the experimental comparison of a wide pool of unsupervised algorithms for anomaly-based intrusion detection against a comprehensive set of attacks datasets was not investigated yet. To fill such gap, we exercise seventeen unsupervised anomaly detection algorithms on eleven attack datasets. Results allow elaborating on a wide range of arguments, from the behavior of the individual algorithm to the suitability of the datasets to anomaly detection. We conclude that algorithms as Isolation Forests, One-Class Support Vector Machines and Self-Organizing Maps are more effective than their counterparts for intrusion detection, while clustering algorithms represent a good alternative due to their low computational complexity. Further, we detail how attacks with unstable, distributed or non-repeatable behavior as Fuzzing, Worms and Botnets are more difficult to detect. Ultimately, we digress on capabilities of algorithms in detecting anomalies generated by a wide pool of unknown attacks, showing that achieved metric scores do not vary with respect to identifying single attacks., Will be published on ACM Transactions Data Science

Published

2020

3. FUSION—Fog Computing and Blockchain for Trusted Industrial Internet of Things

Author

Carlo Giannelli, Christian Esposito, Marcello Cinque, Andrea Ceccarelli, Paolo Lollini, Luca Foschini, Ceccarelli, Andrea, Cinque, Marcello, Esposito, Christian, Foschini, Luca, Giannelli, Carlo, and Lollini, Paolo

Subjects

Blockchain, Computer science, Strategy and Management, Internet of Things, Computer security, computer.software_genre, Maintenance engineering, NO, 0502 economics and business, Cloud computing, Orchestration (computing), Electrical and Electronic Engineering, Architecture, Internet of Things, Cloud computing, Industries, Maintenance engineering, Software, Blockchain, fog/edge computing, Industrial Internet of Things (IIoT), Focus (computing), 05 social sciences, Industrial Internet of Things (IIoT), Container (abstract data type), Industrial Internet, fog/edge computing, Software architecture, Software-defined networking, computer, Industries, 050203 business & management, Software

Abstract

The industrial Internet of Things (IIoT) is currently foreseen as a foundation to implement the Industry 4.0 vision. However, device heterogeneity and the need of integration and configuration exposes the industrial infrastructure to potential threats, such as black-hole, man-in-the-middle, and malicious configuration attacks. In this article, we investigate how to manage distributed trust information and to enable trusted configuration actions in the IIoT, by opportunistically intermingling blockchain with the software defined networking and container orchestration technologies. In particular, we focus on how the joint and coordinated adoption of such technologies can make technicians’ interventions on industrial equipment both easier and more trusted. To this purpose, we present the design of a software architecture to simplify the management, configuration, and assessment of IIoT systems, and we discuss our experiences with the application of the proposed architecture in a railways use case.

Published

2020

4. Prepare for trouble and make it double! Supervised – Unsupervised stacking for anomaly-based intrusion detection

Author

Tommaso Zoppi and Andrea Ceccarelli

Subjects

FOS: Computer and information sciences, Computer Science - Cryptography and Security, Computer Science - Artificial Intelligence, Computer Networks and Communications, Computer science, Process (engineering), Stacker, Zero-day attacks, Anomaly detection, Intrusion detection, Machine learning, Stacking, Supervised, Unsupervised, 02 engineering and technology, Intrusion detection system, computer.software_genre, 0202 electrical engineering, electronic engineering, information engineering, Network intrusion detection, business.industry, 020206 networking & telecommunications, Benchmarking, Computer Science Applications, Complement (complexity), Artificial Intelligence (cs.AI), Hardware and Architecture, 020201 artificial intelligence & image processing, Artificial intelligence, Suspect, business, Cryptography and Security (cs.CR), computer

Abstract

In the last decades, researchers, practitioners and companies struggled in devising mechanisms to detect malicious activities originating security threats. Amongst the many solutions, network intrusion detection emerged as one of the most popular to analyze network traffic and detect ongoing intrusions based on rules or by means of Machine Learners (MLs), which process such traffic and learn a model to suspect intrusions. Supervised MLs are very effective in detecting known threats, but struggle in identifying zero-day attacks (unknown during learning phase), which instead can be detected through unsupervised MLs. Unfortunately, there are no definitive answers on the combined use of both approaches for network intrusion detection. In this paper we first expand the problem of zero-day attacks and motivate the need to combine supervised and unsupervised algorithms. We propose the adoption of meta-learning, in the form of a two-layer Stacker, to create a mixed approach that detects both known and unknown threats. Then we implement and empirically evaluate our Stacker through an experimental campaign that allows i) debating on meta-features crafted through unsupervised base-level learners, ii) electing the most promising supervised meta-level classifiers, and iii) benchmarking classification scores of the Stacker with respect to supervised and unsupervised classifiers. Last, we compare our solution with existing works from the recent literature. Overall, our Stacker reduces misclassifications with respect to (un)supervised ML algorithms in all the 7 public datasets we considered, and outperforms existing studies in 6 out of those 7 datasets. In particular, it turns out to be more effective in detecting zero-day attacks than supervised algorithms, limiting their main weakness but still maintaining adequate capabilities in detecting known attacks., Comment: This is a pre-print version. Full version available at Elsevier JNCA

Published

2021

5. Towards enhanced databases for High Energy Physics

Author

Maria Vittoria Garzelli, Laura Redapi, Piergiulio Lenzi, Andrea Ceccarelli, and Andrea Cioni

Subjects

Scheme (programming language), Particle physics, Point (typography), Database, business.industry, Computer science, media_common.quotation_subject, Online analytical processing, FOS: Physical sciences, Experimental data, Usability, computer.software_genre, Presentation, High Energy Physics - Phenomenology, High Energy Physics - Phenomenology (hep-ph), Physics - Data Analysis, Statistics and Probability, Computer data storage, Collider (epidemiology), business, computer, Data Analysis, Statistics and Probability (physics.data-an), computer.programming_language, media_common

Abstract

The accumulation of a large amount of new experimental data at an impressive rate at present and future collider experiments has led to important questions concerning data storage and organization, their public access and usability, as well as their efficient usage in order to discriminate between different theories. For the last fourty years, the HEPData database has been the reference database for the worldwide community of elementary particle physicists, from DIS to fixed-target and collider experts. Using as a basis a dump of HEPData*, we discuss possible paths to enhance the capabilities of databases for High Energy Physics. Our starting point is the reorganization of the data in a different scheme, which allows for the application of OLAP techniques to automatically extract information at a multidimensional level, answering to complex queries. The feedback of the DIS community is important for understanding specific needs, aiming at a more effective storage, extraction and presentation of the data and information of their interest., *the HepData dump on which this work is based was kindly provided us by K. Ellis, F. Krauss, G. Watt (IPPP Durham). 6 pages, 3 figures,to be published as PoS (DIS2019) 223, in Proceedings of the XXVII International Workshop on Deep Inelastic Scattering and Related Subjects, Torino Italy, 8 - 12 April 2019

Published

2019

6. Identification of critical situations via Event Processing and Event Trust Analysis

Author

Andrea Ceccarelli, Massimiliano Leone Itria, Paolo Lollini, Gabriele Giunta, Andrea Bondavalli, and Melinda Kocsis-Magyar

Subjects

Decision support system, Situation awareness, Computer science, Process (engineering), Event (computing), Complex event processing, 020207 software engineering, Information needs, 02 engineering and technology, computer.software_genre, Human-Computer Interaction, Identification (information), Artificial Intelligence, Hardware and Architecture, 020204 information systems, crisis management, complex event processing, 0202 electrical engineering, electronic engineering, information engineering, Anomaly detection, Data mining, computer, Software, Information Systems

Abstract

In crisis management systems, situational awareness is usually at the basis of guiding the intervention process, and it is required to rapidly process data acquired from information sources on the field such as sensors or even humans. Given the variety and heterogeneity of sources and the amount of information that can be collected, together with the urgency of taking decisions, such information needs to be rapidly collected, filtered and aggregated in a form that can be used in subsequent machine-assisted decision support processes. At the same time, uncertainties in the input data or approximations in the processing phase may lead to an incorrect interpretation of the real situation in progress, which may generate mismanagements and severe consequences. This paper presents an event processor for crisis management systems that combines heterogeneous input sources to detect a critical situation. Complex Event Processing technology is applied for correlating data and creating events that describe the critical situation. Anomaly detection techniques are then used to analyze such events and detect possible anomalies, i.e., events not pertaining to the identified critical situation. The devised event processor creates trusted events that describe a critical situation merging inputs from heterogeneous and potentially untrusted sources. A prototype of the solution has been implemented and exercised within the crisis management system developed during the Secure! project. The experimental validation activities performed make use of different input sources, such as Twitter and sensors deployed on field (a Doppler radar for people detection and accelerometers for vibrations detection). The objective of the experimental campaign is to show (i) the adequacy of the solution to rapidly process the information and describe the critical situation, and (ii) its capability in detecting anomalous events that could impair the accuracy of the description of the critical situation.

Published

2016

7. Message from the LADC 2018 Program Committee Chairs

Author

R. Matias and Andrea Ceccarelli

Subjects

Computer science, Dependability, Computer security, computer.software_genre, computer

Published

2018

8. System-of-Systems to Support Mobile Safety Critical Applications: Open Challenges and Viable Solutions

Author

Leonardo Montecchi, Paolo Lollini, Andrea Ceccarelli, Andrea Bondavalli, and Marco Mori

Subjects

Engineering, Computer Networks and Communications, Complex system, Mobile computing, 02 engineering and technology, Computer security, computer.software_genre, System of Systems, mobile computing, emergence, evolution, dynamicity, 0202 electrical engineering, electronic engineering, information engineering, Dependability, Electrical and Electronic Engineering, computer.programming_language, System of systems, business.industry, 020206 networking & telecommunications, Cascading Style Sheets, Modular design, Computer Science Applications, Risk analysis (engineering), Control and Systems Engineering, 020201 artificial intelligence & image processing, Mobile telephony, business, computer, Monolithic system, Information Systems

Abstract

A dramatic shift in system complexity is occurring, bringing monolithic system designs to be progressively replaced by modular approaches. In the latest years, this trend has been emphasized by the system of systems (SoS) concept, in which a complex system or application is the result of the integration of many independent, autonomous constituent systems (CS), brought together in order to satisfy a global goal under certain rules of engagement. The overall behavior of the SoS, emerging from such complex interactions and dependencies, poses several threats in terms of dependability, timeliness, and security, due to the challenging operating and environmental conditions caused by mobility, wireless connectivity, and the use of off-the-shelf components. Referring to our experience in mobile safety-critical applications gained from three different research projects, in this paper, we illustrate the challenges and benefits posed by the adoption of an SoS approach in designing, developing, and maintaining mobile safety-critical applications, and we report on some possible solutions.

Published

2018

9. Model-based Evaluation of Scalability and Security Tradeoffs: a Case Study on a Multi-Service Platform

Author

Giuseppe Vella, Antonio Caruso, Andrea Ceccarelli, Nicola Nostro, Leonardo Montecchi, and Andrea Bondavalli

Subjects

performance evaluation, scalability, web-services, security evaluation, security tradeoffs, General Computer Science, Computer science, Distributed computing, media_common.quotation_subject, Computer security, computer.software_genre, Security testing, Adaptability, System model, Theoretical Computer Science, Dependability, media_common, Reusability, business.industry, Computer security model, Countermeasure, Information and Communications Technology, Scalability, Performance evaluation, The Internet, business, computer, Computer Science(all)

Abstract

Current ICT infrastructures are characterized by increasing requirements of reliability, security, performance, availability, adaptability. A relevant issue is represented by the scalability of the system with respect to the increasing number of users and applications, thus requiring a careful dimensioning of resources. Furthermore, new security issues to be faced arise from exposing applications and data to the Internet, thus requiring an attentive analysis of potential threats and the identification of stronger security mechanisms to be implemented, which may produce a negative impact on system performance and scalability properties. The paper presents a model-based evaluation of scalability and security tradeoffs of a multi-service web-based platform, by evaluating how the introduction of security mechanisms may lead to a degradation of performance properties. The evaluation focuses on the OPENNESS platform, a web-based platform providing different kind of services, to different categories of users. The evaluation aims at identifying the bottlenecks of the system, under different configurations, and assess the impact of security countermeasures which were identified by a thorough threat analysis activity previously carried out on the target system. The modeling activity has been carried out using the Stochastic Activity Networks (SANs) formalism, making full use of its characteristics of modularity and reusability. The analysis model is realized through the composition of a set of predefined template models, which facilitates the construction of the overall system model, and the evaluation of different configuration by composing them in different ways.

Published

2015

10. Message from the Technical Program Co-Chairs

Author

Andrea Ceccarelli

Subjects

Multimedia, Computer science, computer.software_genre, computer

Published

2017

11. Continuous Biometric Verification for Non-Repudiation of Remote Services

Author

Andrea Bondavalli, Andrea Ceccarelli, and Enrico Schiavone

Subjects

021110 strategic, defence & security studies, Authentication, Non-repudiation,biometrics,security,authentication,continuous authentication,protocol,biometric signature, business.industry, Computer science, Internet privacy, 0211 other engineering and technologies, Services computing, Usability, 02 engineering and technology, Service provider, Computer security, computer.software_genre, Non-repudiation, Information and Communications Technology, 0202 electrical engineering, electronic engineering, information engineering, Dependability, 020201 artificial intelligence & image processing, Information flow (information theory), business, computer

Abstract

As our society massively relies on ICT, security services are becoming essential to protect users and entities involved. Amongst such services, non-repudiation provides evidences of actions, protects against their denial, and helps solving disputes between parties. For example, it prevents denial of past behaviors as having sent or received messages. Noteworthy, if the information flow is continuous, evidences should be produced for the entirety of the flow and not only at specific points. Further, non-repudiation should be guaranteed by mechanisms that do not reduce the usability of the system or application. To meet these challenges, in this paper, we propose two solutions for non-repudiation of remote services based on multi-biometric continuous authentication. We present an application scenario that discusses how users and service providers are protected with such solutions. We also discuss the technological readiness of biometrics for non-repudiation services: the outcome is that, under specific assumptions, it is actually ready.

Published

2017

12. A Tool for Evolutionary Threat Analysis of Smart Grids

Author

Andrea Ceccarelli, Tommaso Zoppi, and Marco Mori

Subjects

Engineering, Focus (computing), Smart grid, business.industry, Reliability (computer networking), Smart city, Interoperability, Dependability, Energy planning, business, Computer security, computer.software_genre, computer

Abstract

Cyber-security is becoming more and more relevant with the advent of large-scale systems made of independent and autonomous constituent systems that interoperate to achieve complex goals. Providing security in such cyber-physical systems means, among other features, identifying threats generated by novel detrimental behaviors. This paper presents a tool based on a methodology that is intended to support city evolution and energy planning with a focus on threats due to novel and existing interconnections among different components. More in detail, we report a tool demonstration which shows the application of a tool devised to (i) deal with security threats arising due to evolutions in a Smart City - intended as a complex cyber-physical system -, and (ii) consequently perform threat analysis.

Published

2017

13. Exploring Anomaly Detection in Systems of Systems

Author

Tommaso Zoppi, Andrea Ceccarelli, and Andrea Bondavalli

Subjects

System of systems, 021110 strategic, defence & security studies, Computer science, Distributed computing, Reliability (computer networking), Interoperability, 0211 other engineering and technologies, 020206 networking & telecommunications, 02 engineering and technology, Intrusion detection system, Computer security, computer.software_genre, Systems-of-Systems, Anomaly Detection, Monitoring, 0202 electrical engineering, electronic engineering, information engineering, Systems design, Dependability, Malware, Anomaly detection, computer

Abstract

The loosely coupled interoperability of heterogeneous existing systems, together with the ongoing replacement of monolithic systems design with Off-The-Shelf (OTS) approaches, promotes a new architectural paradigm that is called System of Systems (SoS). In SoSs, independent and autonomous constituent systems (CSs) cooperate to achieve higher-level goals. Some inherent challenges are that boundaries of the SoS may be partially unknown and the components may be governed by different authorities, affecting the ability to observe the system as a whole. Further, novel challenges related to dependability and security are introduced, such as the detection of emerging and possibly unexpected behaviors resulting from the interconnection of previous disconnected CSs. In this paper we explore these challenges questioning if a novel mindset to error, malware or intrusion detection is needed when dealing with SoSs. With the support of a state of the art review, we first identify the design principles and the performance targets of a monitoring and anomaly detection framework. Then we discuss these principles at the light of SoS fundamentals. Ultimately, we propose an approach to design a monitoring and anomaly detection framework for SoSs aggregating i) monitoring approaches ii) SoS properties, and iii) anomaly detection techniques.

Published

2017

14. Design, implementation, and assessment of a usable multi-biometric continuous authentication system

Author

Andrea Bondavalli, Ariadne Maria Brito Rizzoni Carvalho, Andrea Ceccarelli, and Enrico Schiavone

Subjects

021110 strategic, defence & security studies, Authentication, General Computer Science, Biometrics, Computer science, business.industry, Fingerprint (computing), 0211 other engineering and technologies, Usability, 02 engineering and technology, Keystroke logging, Computer security, computer.software_genre, USable, Login, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, Assessment, Continuous authentication, Design, Face, Fingerprint, Identity verification, Implementation, Keystroke, Multi-biometric, Prototype, Security, Transparent, 0202 electrical engineering, electronic engineering, information engineering, Dependability, 020201 artificial intelligence & image processing, business, computer

Abstract

Authentication mechanisms typically verify the user identity only at login, or with tedious explicit authentication requests that improve security at the expense of usability. However, especially f...

Published

2019

15. Usability Assessment in a Multi-Biometric Continuous Authentication System

Author

Andrea Ceccarelli, Andrea Bondavalli, Enrico Schiavone, and Ariadne Maria Brito Rizzoni Carvalho

Subjects

021110 strategic, defence & security studies, Database, Cognitive walkthrough, Pluralistic walkthrough, Computer science, business.industry, 0211 other engineering and technologies, Usability inspection, Usability, 02 engineering and technology, computer.software_genre, Usability lab, Usability goals, Human–computer interaction, Heuristic evaluation, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, business, computer, Web usability

Abstract

Multimodal biometric continuous authentication systems allow to improve security, making user identity verification a continuous process rather than a one-time occurrence. Unfortunately, the usability of these systems and their adequacy for working activities are often questioned. This paper presents a usability study for a multimodal biometric continuous authentication system capable of continuously and transparently verifying user identity through face, fingerprint and keystroke traits. We evaluate the system's usability obtained varying configuration parameters. This allows identifying the more suitable parameters configuration for different usability and security requirements. The experimental campaign relies on 60 users performing pre-defined tasks while our continuous authentication system is running. Users' opinions on system usability were collected with a post questionnaire. Our findings show that users were able to complete ordinary tasks securely and without additional effort, and that they have accepted the authentication system, which only requires minimal training.

Published

2016

16. A Hazus-Based Method for Assessing Robustness of Electricity Supply to Critical Smart Grid Consumers during Flood Events

Author

Alexandr Vasenev, Lorena Montoya, and Andrea Ceccarelli

Subjects

021110 strategic, defence & security studies, HAZUS, EWI-27538, Mains electricity, METIS-320922, Flood myth, Computer science, 020209 energy, SCS-Cybersecurity, 0211 other engineering and technologies, 02 engineering and technology, Computer security, computer.software_genre, Grid, IR-102807, Smart grid, Risk analysis (engineering), Robustness (computer science), 0202 electrical engineering, electronic engineering, information engineering, Dependability, computer

Abstract

Ensuring an external electricity supply to critical city components during flood events requires adequate urban grid planning. The proliferation of smart grid technologies means that such planning needs to assess how smart grids might function during floods. This paper proposes a method to qualitatively investigate robustness of electricity supply to smart grid consumers during flood events. This method builds on the Hazus methodology and aims to provide inputs for the risk analysis of urban grids.

Published

2016

17. On the impact of emergent properties on SoS security

Author

Tommaso Zoppi, Andrea Bondavalli, Marco Mori, and Andrea Ceccarelli

Subjects

System of systems, Engineering, business.industry, Scale (chemistry), Reliability (computer networking), Interoperability, 020206 networking & telecommunications, 02 engineering and technology, Computer security, computer.software_genre, Domain (software engineering), Intervention (law), Smart city, 0202 electrical engineering, electronic engineering, information engineering, Dependability, 020201 artificial intelligence & image processing, business, computer

Abstract

Cyber security is becoming more and more relevant with the advent of System of Systems (SoSs). The latter are large scale systems made of independent and autonomous Constituent Systems which interoperate to achieve higher level goals also with the intervention of humans. Providing security in a cyber-physical SoS means, among other features, forecasting and anticipating evolving SoS functionalities and consequently detecting emerging phenomena resulting from the interactions among entailed Constituent Systems. This paper clarifies the relations occurring among SoS evolution, emergence phenomena and security requirements. We show how to enact an evolution step by means of changing SoS functionalities and how to perform the threat analysis consequently. An illustrative scenario in the Smart City domain shows how to dynamically generate security guarantees according to the evolving SoS thus supporting the enactment of mitigation strategies from SoS administrators.

Published

2016

18. Threat navigator: grouping and ranking malicious external threats to current and future urban smart grids

Author

Anhtuan Le, Andrea Ceccarelli, Dan Ionita, Lorena Montoya, and Alexandr Vasenev

Subjects

Risk analysis, Engineering, EWI-27019, business.industry, SCS-Cybersecurity, Sample (statistics), Computer security, computer.software_genre, Task (project management), Smart grid, Ranking, IR-100453, METIS-316929, Dependability, Set (psychology), business, Threat assessment, computer

Abstract

Deriving value judgements about threat rankings for large and entangled systems, such as those of urban smart grids, is a challenging task. Suitable approaches should account for multiple threat events posed by different classes of attackers who target system components. Given the complexity of the task, a suitable level of guidance for ranking more relevant and filtering out the less relevant threats is desirable. This requires a method able to distill the list of all possible threat events in a traceable and repeatable manner, given a set of assumptions about the attackers. The Threat Navigator proposed in this paper tackles this issue. Attacker profiles are described in terms of Focus (linked to Actor-to-Asset relations) and Capabilities (Threat-to-Threat dependencies). The method is demonstrated on a sample urban Smart Grid. The ranked list of threat events obtained is useful for a risk analysis that ultimately aims at finding cost-effective mitigation strategies.

Published

2016

19. Differential analysis of Operating System indicators for anomaly detection in dependable systems: An experimental study

Author

Michele Vadursi, Andrea Ceccarelli, Diego Santoro, Andrea Bondavalli, and Francesco Brancati

Subjects

Engineering, Measurements on computer systems, Anomaly detection, Dependability measurement, Fault detection, OS anomalies, System monitoring, Instrumentation, Electrical and Electronic Engineering, Reliability (computer networking), Real-time computing, 0211 other engineering and technologies, 02 engineering and technology, computer.software_genre, Fault detection and isolation, 0202 electrical engineering, electronic engineering, information engineering, Dependability, 021110 strategic, defence & security studies, business.industry, Applied Mathematics, System monitoring, Measurements on computer systems, OS anomalies, Anomaly detection, Dependability measurement, Fault detection, 020208 electrical & electronic engineering, Air traffic management, Fault tolerance, Condensed Matter Physics, Identification (information), Operating system, business, computer

Abstract

Dependable complex systems often operate under variable and non-stationary conditions, which requires efficient and extensive monitoring and error detection solutions. Among the many, the paper focuses on anomaly detection techniques, which monitor the evolution of some specific indicators through time to identify anomalies, i.e. deviations from the expected operational behavior. The timely identification of anomalies in dependable, fault tolerant systems allows to timely detect errors in the services and react appropriately. In this paper, we investigate the possibility to monitor the evolution of indicators through time using the random walk model on indicators belonging to Operating Systems, specifically in our study the Linux Red Hat EL5. The approach is based on the experimental evaluation of a large set of heterogeneous indicators, which are acquired under different operating conditions, both in terms of workload and faultload, on an air traffic management target system. The statistical analysis is based on a best-fitting approach aiming to minimize the integral distance between the empirical data distribution and some reference distributions. The outcomes of the analysis show that the idea of adopting a random walk model for the development of an anomaly detection monitor for critical systems that operates at Operating System level is promising. Moreover, standard distributions such as Laplace and Cauchy, rather than Normal, should be used for setting up the thresholds of the monitor. Further studies that involve a new application, a different Operating System and a new layer (an Application Server) will allow verifying the generalization of the approach to other fault tolerant systems, monitored layers and set of indicators.

Published

2016

20. Presenting the Proper Data to the Crisis Management Operator: A Relevance Labelling Strategy

Author

Tommaso Zoppi, Andrea Bondavalli, Francesco Lo Piccolo, Vito Morreale, Andrea Ceccarelli, Paolo Lollini, and Gabriele Giunta

Subjects

Engineering, Correctness, business.industry, 020206 networking & telecommunications, Mistake, 02 engineering and technology, Crisis management, Sensor fusion, Computer security, computer.software_genre, 020204 information systems, Component-based software engineering, 0202 electrical engineering, electronic engineering, information engineering, crisis management system, human sensors, data filtering, relevance labeling, data fusion, Twitter, Dependability, business, Mobile device, computer, Situation analysis

Abstract

The large availability of smart portable devices and the growing interest in developing Internet of Things (IoT) oriented software components make several heterogeneous data available for analysis purposes. In the context of Crisis Management Systems, this means that people owning mobile devices when involved in natural disasters or terroristic attacks may be considered information sources as the classical ones, e.g., sensors or surveillance cameras. Including the information from the citizens in the situational analysis processes comes with two main issues that need to be addressed: i) the source could deliver wrong data (voluntarily or by mistake) that damage the integrity and the correctness of the analysis, and ii) a significant amount of heterogeneous data need to be selected, filtered and aggregated, to provide to the operator a real-time snapshot of the situation depicted using only credible and relevant information. In this paper, we define and implement a relevance labeling strategy able to process information coming from heterogeneous sources aimed at crisis situations and to provide to the human operator all the details he needs. We include provisions for detecting and removing redundancies and misleading data that can slow down or compromise the process and the a-posteriori analysis. The filtering strategy is last applied to events collected for the Secure! crisis management service-based system, showing its application to three scenarios related to real crisis situations happened in the last year.

Published

2016

21. A multi-criteria ranking of security countermeasures

Author

Andrea Bondavalli, Andrea Ceccarelli, Fabio Martinelli, Nicola Nostro, Ilaria Matteucci, Felicita Di Giandomenico, and Francesco Santini

Subjects

Algebraic formalism, Semiring, Computer science, Reliability (computer networking), Rank (computer programming), 020207 software engineering, 02 engineering and technology, Security assessment, Modeling, Computer security, computer.software_genre, Resource (project management), Ranking, 020204 information systems, 0202 electrical engineering, electronic engineering, information engineering, Software, computer

Abstract

We propose a multi-criteria framework for ranking controlling strategies based on several weights, such as delay-time, resource cost, and success-probability of attacks defined via quantitative threat analysis. Therefore, by assigning a different priority to weight-dimensions, we can rank controllers in an adaptive way. We exemplify our approach on the Customer Energy Management System, that acting as an interface among different systems, is open to attacks. We consider the Man in the Middle and Denial of Service attacks.

Published

2016

22. Workshop on Recent Advances in the DependabIlity AssessmeNt of Complex systEms (RADIANCE)

Author

Ariadne Maria Brito Rizzoni Carvalho, Andrea Ceccarelli, Andras Zentai, and Nuno Antunes

Subjects

Black box (phreaking), Computer science, business.industry, Complex system, Certification, Fault injection, Software prototyping, Computer security, computer.software_genre, Systems engineering, Dependability, business, computer, Verification and validation, Agile software development

Abstract

The workshop on Recent Advances in the DependabIlity AssessmeNt of Complex systEms (RADIANCE), in its first edition, aims to discuss novel dependability assessment approaches for complex systems and to promote their adoption in real-world settings through industrial and academic research. The main objective is to promote and foster discussion on novel ideas, constituting a forum where researchers can share both real problems and innovative solutions for the assessment of complex systems. The workshop focuses on assessing complex evolving systems, where increasing complexity and changes are due to the introduction of new components and sensors, and to the extensive usage of software OTS components or black box components in general. In this macro area, the workshop welcomed a broad list of applications ranging from agile development in critical systems to model-driven assessment approaches as well as new needs for verification, validation and certification of dynamic and evolving systems, which also includes solutions for automating the verification and validation processes. Finally, the workshop was interested in

Published

2015

23. A Multi-layer Anomaly Detector for Dynamic Service-Based Systems

Author

Tommaso Zoppi, Andrea Bondavalli, Andrea Ceccarelli, and Massimiliano Leone Itria

Subjects

Event (computing), Computer science, Application server, Node (networking), Real-time computing, Detector, Dependability, Anomaly detection, Fault injection, computer.software_genre, computer

Abstract

Revealing anomalies to support error detection in complex systems is a promising approach when traditional detection mechanisms e.g., based on event logs, probes and heartbeats are considered inadequate or not applicable. The detection capability of such complex system can be enhanced observing different layers to achieve richer information that describes the system status. Relying on an algorithm for statistical anomaly detection, in this paper we present the definition and implementation of an anomaly detector able to monitor data acquired from multiple layers, namely the Operating system and the Application Server, of a remote physical or virtual node. As case study, such monitoring system is applied to a node of the Secure! crisis management service-based system. Results show the monitor performance, the intrusiveness of the probes, and ultimately the improved detection capability achieved observing data from the different layers.

Published

2015

24. Continuous User Identity Verification for Trusted Operators in Control Rooms

Author

Andrea Bondavalli, Andrea Ceccarelli, and Enrico Schiavone

Subjects

Authentication, Biometrics, Workstation, Computer science, business.industry, Reliability (computer networking), Control (management), Computer security, computer.software_genre, Control room, law.invention, Operator (computer programming), law, Dependability, business, computer, Biometrics,Verification,Trust,Security,Control rooms,Biometria,Verifica,Sicurezza,Sala Controllo, Computer network

Abstract

Human operators in control rooms are often responsible of issuing critical commands, and in charge of managing sensitive data. Insiders must be prevented to operate on the system: they may benefit of their position in the control room to fool colleagues, and gain access to machines or accounts. This paper proposes an authentication system for deterring and detecting malicious access to the workstations of control rooms. Specifically tailored for the operators in the control room of the crisis management system Secure!, the solution aims to guarantee authentication and non-repudiation of operators, reducing the risk that unauthorized personnel including intruders misuses a workstation. A continuous multi-biometric authentication mechanism is developed and applied in which biometric data is acquired transparently from the operator and verified continuously through time. This paper presents the authentication system design and prototype, its execution and experimental results.

Published

2015

25. Continuous and Transparent User Identity Verification for Secure Internet Services

Author

Paolo Lollini, Andrea Bondavalli, Leonardo Montecchi, Francesco Brancati, Andrea Ceccarelli, and Angelo Marguglio

Subjects

Password, Web server, Biometrics, Computer science, business.industry, Usability, Computer security, computer.software_genre, Server, The Internet, Electrical and Electronic Engineering, Android (operating system), Web service, business, computer, Internet, biometrics (access control), security of data, Android smart phones, Matlab simulations, PC, biometric data, biometric solutions, client satisfaction, continuous user verification, distributed Internet services, functional behavior, model-based quantitative analysis, password, secure Internet services, secure protocol, session management, transparent user identity verification, user session expiration, username, Authentication, Bioinformatics, Protocols, Servers, Smart phones, Web services, Security, authentication, mobile environments, web servers

Abstract

Session management in distributed Internet services is traditionally based on username and password, explicit logouts and mechanisms of user session expiration using classic timeouts. Emerging biometric solutions allow substituting username and password with biometric data during session establishment, but in such an approach still a single verification is deemed sufficient, and the identity of a user is considered immutable during the entire session. Additionally, the length of the session timeout may impact on the usability of the service and consequent client satisfaction. This paper explores promising alternatives offered by applying biometrics in the management of sessions. A secure protocol is defined for perpetual authentication through continuous user verification. The protocol determines adaptive timeouts based on the quality, frequency and type of biometric data transparently acquired from the user. The functional behavior of the protocol is illustrated through Matlab simulations, while model-based quantitative analysis is carried out to assess the ability of the protocol to contrast security attacks exercised by different kinds of attackers. Finally, the current prototype for PCs and Android smartphones is discussed.

Published

2015

26. System and Network Security: Anomaly Detection and Monitoring

Author

Elias P. Duarte, Andrea Ceccarelli, Michele Vadursi, and Aniket Mahanti

Subjects

Computer engineering. Computer hardware, Engineering, Signal processing, Article Subject, General Computer Science, Network security, business.industry, 020209 energy, Computer Science (all), Real-time computing, 02 engineering and technology, Computer security, computer.software_genre, TK7885-7895, Electrical and Electronic Engineering, Signal Processing, 0202 electrical engineering, electronic engineering, information engineering, Anomaly detection, business, computer

Published

2016

27. Labelling relevant events to support the crisis management operator

Author

Andrea Bondavalli, Francesco Lo Piccolo, Gabriele Giunta, Tommaso Zoppi, Vito Morreale, Andrea Ceccarelli, and Paolo Lollini

Subjects

Engineering, Correctness, business.industry, Data stream mining, 02 engineering and technology, Crisis management, Computer security, computer.software_genre, Crisis Management System, Human Sensors, Heterogeneous Data, Data Filtering, Relevance Labelling, Twitter, 020204 information systems, 0202 electrical engineering, electronic engineering, information engineering, Dependability, 020201 artificial intelligence & image processing, Relevance (information retrieval), business, computer, Wireless sensor network, Mobile device, Software, Situation analysis

Abstract

Thanks to the large availability of portable devices and the growing interest in the Internet of Things, during crises, social networks, or alerts sent through mobile devices or sensor networks are available and can be matched each other to perform situational analysis. However, the inclusion of multiple heterogeneous sources in situational analyses leads to 2 main issues: (1) a source could deliver (voluntarily or erroneously) wrong data damaging the integrity and the correctness of the analysis, and (2) a significant amount of heterogeneous data need to be processed. As a consequence, the crisis management operator faces a large amount of potentially unreliable data. In this paper, we present a relevance labelling strategy to process information gathered from heterogeneous data streams to select the most relevant events. These are presented to the crisis management operator with the highest priority. Our strategy is evaluated using events collected by the Secure! crisis management system, considering 3 real crisis scenarios happened in Italy in 2015. Results show that our strategy is able to correctly identify sets of relevant events, supporting the activities of the crisis management operator.

Published

2017

28. Insider Threat Assessment: a Model-Based Methodology

Author

Andrea Bondavalli, Nicola Nostro, Francesco Brancati, and Andrea Ceccarelli

Subjects

Computer science, business.industry, Internet privacy, Insider threat, Crisis management, Computer security, computer.software_genre, Insider, Information sensitivity, security, insider threats, risk assessment, attack path, Information and Communications Technology, Scale (social sciences), General Earth and Planetary Sciences, Dependability, business, Dissemination, computer, General Environmental Science

Abstract

Security is a major challenge for today's companies, especially ICT ones which manage large scale cyber-critical systems. Amongst the multitude of attacks and threats to which a system is potentially exposed, there are insider attackers i.e., users with legitimate access which abuse or misuse of their power, thus leading to unexpected security violation (e.g., acquire and disseminate sensitive information). These attacks are very difficult to detect and mitigate due to the nature of the attackers, which often are company's employees motivated by socio-economical reasons, and to the fact that attackers operate within their granted restrictions. It is a consequence that insider attackers constitute an actual threat for ICT organizations. In this paper we present our methodology, together with the application of existing supporting libraries and tools from the state-of-the-art, for insider threats assessment and mitigation. The ultimate objective is to define the motivations and the target of an insider, investigate the likeliness and severity of potential violations, and finally identify appropriate countermeasures. The methodology also includes a maintenance phase during which the assessment can be updated to reflect system changes. As case study, we apply our methodology to the crisis management system Secure!, which includes different kinds of users and consequently is potentially exposed to a large set of insider threats.

Published

2014

29. A Testbed for Evaluating Anomaly Detection Monitors through Fault Injection

Author

Tommaso Zoppi, Andrea Bondavalli, Giuseppe Vella, Fabio Duchi, and Andrea Ceccarelli

Subjects

business.industry, computer.internet_protocol, Application server, Computer science, Distributed computing, Control reconfiguration, Service-oriented architecture, Fault injection, computer.software_genre, Application layer, Embedded system, Server, Dependability, Anomaly detection, business, computer, SOA, anomaly detection, application server, fault injection, monitoring, testing

Abstract

Amongst the features of Service Oriented Architectures (SOAs), their flexibility, dynamicity, and scalability make them particularly attractive for adoption in the ICT infrastructure of organizations. Such features come at the cost of improved difficulty in monitoring the SOA for error detection: i) faults may manifest themselves differently due to services and SOA evolution, and ii) interactions between a service and its monitors may need reconfiguration at each service update. This calls for monitoring solutions that operate at different layers than the application layer (services layer). In this paper we present our ongoing work towards the definition of a monitoring framework for SOAs and services, which relies on anomaly detection performed at the Application Server (AS) and the Operating System (OS) layers to identify events whose manifestation or effect is not adequately described a-priori. Specifically the paper introduces the key concepts of our work and presents the case study built to exercise and set-up our monitor. The case study uses Life ray as application layer and it includes fault injection and data collection instruments to perform extended testing campaigns.

Published

2014

30. Cost-Effective Testing for Critical Off-the-Shelf Services

Author

Francesco Rossi, Andrea Bondavalli, Giuseppe Vella, Andrea Ceccarelli, Nuno Antunes, and Fabio Duchi

Subjects

Computer science, business.industry, Functional testing, Robustness testing, Usability, Certification, computer.software_genre, Reliability engineering, Component-based software engineering, Dependability, Software verification and validation, Web service, Software engineering, business, computer, testing, monitoring, critical applications, verification and validation, certification, assessment

Abstract

Defining cost-effective verification and validation tools is one of the biggest research challenges of the area. Such tools speedup and reduce the cost of the assessment of Off-The-Shelf (OTS) software components that must undergo proper certification or approval processes to be used in critical scenarios. Previously we introduced the design of framework for testing of critical OTS applications and services, to improve reusability, thus aiming to reduce testing time and costs. In this paper we present an implementation of the framework that allows applying, in a cost-effective fashion, functional testing, robustness testing and penetration testing to web services. We present details on the implementation and we describe the procedure to use the framework to conduct testing campaigns in web services. Finally, the framework usability and utility is demonstrated based on a case study.

Published

2014

31. On security countermeasures ranking through threat analysis

Author

Andrea Bondavalli, Fabio Martinelli, Ilaria Matteucci, Andrea Ceccarelli, Felicita Di Giandomenico, and Nicola Nostro

Subjects

Engineering, Security analysis, Quantitative security, business.industry, Attack Model, Threat Analysis, Security Countermeasures, Computer security, computer.software_genre, Security, Security Modelling, Security Analysis, Security controlling strategies, Critical infrastructure, Threat, Energy management system, Ranking, Key (cryptography), Dependability, business, Threat assessment, computer

Abstract

Security analysis and design are key activities for the protection of critical systems and infrastructures. Traditional approaches consist first in applying a qualitative threat assessment that identifies the attack points. Results are then used as input for the security design such that appropriate countermeasures are selected. In this paper we propose a novel approach for the selection and ranking of security controlling strategies which is driven by quantitative threat analysis based on attack graphs. It consists of two main steps: i) a threat analysis, performed to evaluate attack points and paths identifying those that are feasible, and to rank attack costs from the perspective of an attacker; ii) controlling strategies, to derive the appropriate monitoring rules and the selection of countermeasures are evaluated, based upon the provided values and ranks. Indeed, the exploitation of such threat analysis allows to compare different controlling strategies and to select the one that fits better the given set of functional and security requirements. To exemplify our approach, we adopt part of an electrical power system, the Customer Energy Management System (CEMS), as reference scenario where the steps of threat analysis and security strategies are applied. © 2014 Springer International Publishing.

Published

2014

32. Meeting the challenges in the design and evaluation of a trackside real-time safety-critical system

Author

Andrea Ceccarelli, Leonardo Montecchi, Andrea Bondavalli, and Paolo Lollini

Subjects

Warning system, Computer science, business.industry, Reliability (computer networking), Global Positioning System, Mobile communication, Monitoring, Reliability, safety, security, Synchronization, ALARP, architecture, challenges, evaluation, railway, real-time, Safety-critical, Computer security, computer.software_genre, Track (rail transport), Risk analysis (engineering), Synchronization (computer science), Dependability, Train, Mobile telephony, business, computer

Abstract

Highly distributed, autonomous and self-powered systems operating in harsh, outdoors environments face several threats in terms of dependability, timeliness and security, due to the challenging operating conditions determined by the environment. Despite such difficulties, there is an increasing demand to deploy these systems to support critical services, thus calling for severe timeliness, safety, and security requirements. Several challenges need to be faced and overcome. First, the designed architecture must be able to cope with the environmental challenges and satisfy dependability, timeliness and security requirements. Second, the assessment of the system must be carried on despite potentially incomplete field-data, and complex cascading effects that small modifications in system properties and operating conditions may have on the targeted metrics. In this paper we present our experience from the EU-funded project ALARP (A railway automatic track warning system based on distributed personal mobile terminals), which aims to build and validate a distributed, real-time, safety-critical system that detects trains approaching a railway worksite and notifies their arrivals to railway trackside workers. The paper describes the challenges we faced, and the solutions we adopted, when architecting and evaluating the ALARP system.

Published

2013

33. Experimental analysis of the first order time difference of indicators used in the monitoring of complex systems

Author

Andrea Bondavalli, Andrea Ceccarelli, Diego Santoro, Francesco Brancati, and Michele Vadursi

Subjects

Computer science, Gaussian, Real-time computing, Air traffic management, System monitoring, Random walk, computer.software_genre, symbols.namesake, Histogram, Range (statistics), symbols, Dependability, Anomaly detection, system monitoring, random walk, systems of systems, Data mining, computer

Abstract

Complex and real time systems often operate under variable and non-stationary conditions, thus requiring efficient and extensive monitoring and error detection solutions. Amongst the many, we focus on anomaly detection techniques, which require measuring the evolution of the monitored indicators through time to identify anomalies i.e., deviations from the expected operational behavior. In this paper, we investigate the possibility to model the evolution of indicators through time using the random walk model. In particular, we focus on the detection of system anomalies at the application level (software errors), based on the monitoring of indicators at the Operating System level. The approach is based on the experimental evaluation of a large set of heterogeneous indicators, acquired under different operating conditions, both in terms of workload and fault load, on an air traffic management target system. The results of the analysis show that for a large number of cases, the histogram of the first order time differences well approximates a Gaussian distribution, independently of the nature of the indicator and its statistical distribution. Such outcomes suggest that the idea of adopting a Gaussian random walk model for several monitoring indicators has an experimental support and deserves be further investigated on a wider scale, in order to determine its range of applicability and representativeness.

Published

2013

34. A methodology and supporting techniques for the quantitative assessment of insider threats

Author

Nicola Nostro, Andrea Bondavalli, Francesco Brancati, and Andrea Ceccarelli

Subjects

Computer science, Multitude, Computer security, computer.software_genre, Insider, Information sensitivity, security, insider threats, risk assessment, attack path, Work (electrical), Information and Communications Technology, Scale (social sciences), Dependability, Risk assessment, computer, Dissemination

Abstract

Security is a major challenge for today's companies, especially ICT ones which manages large scale cyber-critical systems. Amongst the multitude of attacks and threats to which a system is potentially exposed, there are insiders attackers i.e., users with legitimate access which abuse or misuse of their power, thus leading to unexpected security violation (e.g., acquire and disseminate sensitive information). These attacks are very difficult to detect and mitigate due to the nature of the attackers, which often are company's employees motivated by socio-economical reasons, and to the fact that attackers operate within their granted restrictions: it is a consequence that insiders attackers constitute an actual threat for ICT organizations. In this paper we present our ongoing work towards a methodology and supporting libraries and tools for insider threats assessment and mitigation. The ultimate objective is to quantitatively evaluate the possibility that a user will perform an attack, the severity of potential violations, the costs, and finally select the countermeasures. The methodology also includes a maintenance phase during which the assessment is updated on the basis of system evolution. The paper discusses future works towards the completion of our methodology.

Published

2013

35. Improving Security of Internet Services through Continuous and Transparent User Identity Verification

Author

Ernesto La Mattina, Andrea Bondavalli, Francesco Brancati, and Andrea Ceccarelli

Subjects

Password, Authentication, Biometrics, business.industry, Computer science, Usability, computer.software_genre, Computer security, The Internet, Session (computer science), Web service, business, Mobile device, computer, Computer network

Abstract

Session management in distributed Internet services is traditionally based on username and password, and explicit logouts and timeouts that expire due to idle activity of the user. Emerging biometric solutions allow substituting username and password with biometric data, but still a single verification is deemed sufficient, and the identity of a user is considered immutable during the entire session. Additionally, the length of the timeout may impact on the usability of the service and consequent client satisfaction. This paper explores promising alternatives offered by biometrics for the management of sessions. A secure protocol is defined for perpetual authentication through continuous user verification. The protocol determines adaptive timeouts selected on the basis of the quality, frequency and type of biometric data acquired transparently from the user. Protocol behavior is shown through simulations.

Published

2012

36. Providing Safety-Critical and Real-Time Services for Mobile Devices in Uncertain Environment

Author

Lorenzo Falai, Andrea Bondavalli, Francesco Brancati, and Andrea Ceccarelli

Subjects

Engineering, Warning system, safety, real-time, mobile device, business.industry, Mobile computing, Services computing, Computer security, computer.software_genre, Track (rail transport), ALARP, Middleware (distributed applications), Embedded system, Dependability, business, computer, Mobile device

Abstract

Executing critical services through small, portable devices in harsh environment with uncontrolled system boundaries requires resilient and self-adaptive services and networks, which are able to track the current status of the system, to estimate its uncertainties and to react accordingly. Achieving the required dependability, timeliness and security levels is an architectural challenge due to the intrinsic asynchrony of the system and the complexity of its fault model. In this paper we present the design of a resilient middleware and architecture for real-time, safety-critical and distributed mobile devices which operates in an uncertain environment. Such mobile devices, called Mobile Terminals (MTs), are developed as part of the ALARP (A railway automatic track warning system based on distributed personal mobile terminals) project which aims to design and develop a safety-critical Automatic Track Warning System (ATWS) for railway trackside workers. The MTs are wearable devices which operate in a railway worksite, to execute the real-time and safety critical service of notifying to the railway worker a train approaching the worksite or the occurrence of hazardous situation (e.g., workers missing or not responding).

Published

2012

37. A Testing Service for Lifelong Validation of Dynamic SOA

Author

Marco Vieira, Andrea Bondavalli, and Andrea Ceccarelli

Subjects

Test strategy, Engineering, OASIS SOA Reference Model, computer.internet_protocol, business.industry, Robustness testing, Software performance testing, Service-oriented architecture, computer.software_genre, Robustness (computer science), Systems engineering, Dependability, Web service, business, computer

Abstract

Service Oriented Architectures (SOAs) are increasingly being used to support the information infrastructures of organizations. SOAs are dynamic and evolve after deployment in order to adapt to changes in the requirements and infrastructure. Consequently, traditional validation approaches based on offline testing conducted before deployment are not adequate anymore, demanding for new techniques that allow testing the SOA during its whole lifecycle. In this paper we propose a SOA testing approach based on a composite service that is able to trace SOA evolution and automatically test the various services according to specific testing policies. The paper describes the architecture of the testing service and presents a concrete implementation focused on robustness testing. Results from a case study demonstrate the effectiveness of the proposed approach in discovering and testing the robustness of SOA services.

Published

2011

38. Improving Robustness of Network Fault Diagnosis to Uncertainty in Observations

Author

Hans-Peter Schwefel, Andrea Bondavalli, Andrea Ceccarelli, and Jesper Grønbæk

Subjects

Ubiquitous computing, Observational error, Noise measurement, Computer science, business.industry, Machine learning, computer.software_genre, Robustness (computer science), Dependability, Measurement uncertainty, Artificial intelligence, Hidden Markov model, business, computer, Uncertainty analysis

Abstract

Performing decentralized network fault diagnosis based on network traffic is challenging. Besides inherent stochastic behaviour of observations, measurements may be subject to errors degrading diagnosis timeliness and accuracy. In this paper we present a novel approach in which we aim to mitigate issues of measurement errors by quantifying uncertainty. The uncertainty information is applied in the diagnostic component to improve its robustness. Three diagnosis components have been proposed based on the Hidden Markov Model formalism: (H0) representing a classical approach, (H1) a static compensation of (H0) to uncertainties and (H2) dynamically adapting diagnosis to uncertainty information. From uncertainty injection scenarios of added measurement noise we demonstrate how using uncertainty information can provide a structured approach of improving diagnosis.

Published

2010

39. Towards a Framework for Self-Adaptive Reliable Network Services in Highly-Uncertain Environments

Author

Andrea Bondavalli, Jesper Grønbæk, Andrea Ceccarelli, Leonardo Montecchi, and Hans-Peter Schwefel

Subjects

Ubiquitous computing, Risk analysis (engineering), Wireless ad hoc network, Computer science, Reliability (computer networking), Dependability, Self adaptive, Architecture, Resilience (network), Computer security, computer.software_genre, computer, Data modeling

Abstract

In future inhomogeneous, pervasive and highly dynamic networks, end-nodes may often only rely on unreliable and uncertain observations to diagnose hidden network states and decide upon possible remediation actions. Inherent challenges exists to identify good and timely decision strategies to improve resilience of end-node services. In this paper we present a framework, called ODDR (Observation, Diagnosis, Decision, Remediation), for improving resilience of network based services through integration of self-adaptive monitoring services, network diagnosis, decision actions, and finally execution (and monitoring) of remediation actions. We detail the motivations to the ODDR design, then we present its architecture, and finally we describe our current activities towards the realization and assessment of the framework services and the main results currently achieved.

Published

2010

40. A Self-Aware Clock for Pervasive Computing Systems

Author

Andrea Ceccarelli, Andrea Bondavalli, and Lorenzo Falai

Subjects

Context-aware pervasive systems, Ubiquitous computing, Computer science, Middleware (distributed applications), Distributed computing, Logical clock, Mobile computing, Dependability, computer.software_genre, computer, Synchronization, Clock synchronization

Abstract

The paper addresses the challenges and opportunities of instrumenting pervasive computing systems with a logical clock, aware of the quality of synchronization with respect to a time reference. Pervasive computing systems are: i) mobile; ii) dynamic; and iii) composed of a large number of distributed components; in systems with these characteristics the availability of a "smart" clock that is: i) capable to use different mechanisms for the synchronization with the global distributed time reference; and ii) aware of the current quality of synchronization with such time reference, can be very useful in order to build dependable middleware services and applications

Published

2007

41. ALARP (A Railway Automatic Track Warning System Based on Distributed Personal Mobile Terminals)

Author

Lorenzo Falai, Andrea Ceccarelli, Michael Schultheis, Boris Malinowsky, Antonio Andrea Seminatore, and Luca Ghelardoni

Subjects

safety, Engineering, Warning system, business.industry, Reliability (computer networking), Real-time computing, Automatic train control, Poison control, ATWS, SIL, Computer security, computer.software_genre, Track (rail transport), Automation, railway, ALARP, Dependability, General Materials Science, business, computer, track warning system

Abstract

The ALARP (A railway automatic track warning system based on distributed personal mobile terminals) project has the aim to study, design and implement an innovative more efficient Automated Track Warning Systems with the intent of overcome the limits of current state-of-the-art solutions. The ALARP system provides a solution which is low cost, non-invasive, easy to install and totally independent from the existing signaling. It is responsible of advising workers of a train approaching and has the functionality of localizing the workers inside the worksite and of guiding them to a safe area.

42. Model-Driven Fault Injection in Java Source Code

Author

Leonardo Montecchi, Elder Rodrigues, and Andrea Ceccarelli

Subjects

Source code, Java, Computer science, business.industry, Programming language, media_common.quotation_subject, Software faults, fault libraries, metamodel, OCL, code patterns, 020207 software engineering, 02 engineering and technology, Fault injection, Hardware_PERFORMANCEANDRELIABILITY, computer.software_genre, Extensibility, Metamodeling, Workflow, Software, 020204 information systems, 0202 electrical engineering, electronic engineering, information engineering, Code (cryptography), business, computer, computer.programming_language, media_common

Abstract

The injection of software faults in source code requires accurate knowledge of the programming language, both to craft faults and to identify injection locations. As such, fault injection and code mutation tools are typically tailored for a specific language and have limited extensibility. In this paper we present a model-driven approach to craft and inject software faults in source code. While its concrete application is presented for Java, the workflow we propose does not depend on a specific programming language. Following Model-Driven Engineering principles, the faults and the criteria to select injection locations are described using structured, machine-readable specifications based on a domain-specific language. Then, automated transformations craft artifacts based on OCL and Java, which represent the faults to be injected and are able to select the candidate injection locations. Finally, artifacts are executed against the target source code, performing the injection in the desired locations. We devise a supporting tool and exercise the approach injecting 13 different kinds of software faults in the Java source code of six different projects.