2006
Conference article
Unknown
Integration of an MPS modeling approach into mobius
Bondavalli A., Chiaradonna S., Lollini P., Squittieri F.
In this paper we present an extension to the Mobius Framework to deal with Multiple Phased Systems (MPS). MPS are a special class of systems whose operational life can be partitioned in a set of disjoint periods, called phases. Due to their deployment in critical applications, the dependability modeling and analysis of MPS is a task of primary relevance. In the philosophy of an extensible multiformalism multi-solution modeling framework such as Mobius, and due to its wide usage, we have developed an extension for the MPS modeling process. MPS models can be defined using our approach and solved using the simulation supports already available in Mobius.Source: Third International Conference on the Quantitative Evaluation of Systems (QEST '06), pp. 139–140, Riverside, California, 11-14/09/2006
Bondavalli A., Chiaradonna S., Lollini P., Squittieri F.
In this paper we present an extension to the Mobius Framework to deal with Multiple Phased Systems (MPS). MPS are a special class of systems whose operational life can be partitioned in a set of disjoint periods, called phases. Due to their deployment in critical applications, the dependability modeling and analysis of MPS is a task of primary relevance. In the philosophy of an extensible multiformalism multi-solution modeling framework such as Mobius, and due to its wide usage, we have developed an extension for the MPS modeling process. MPS models can be defined using our approach and solved using the simulation supports already available in Mobius.Source: Third International Conference on the Quantitative Evaluation of Systems (QEST '06), pp. 139–140, Riverside, California, 11-14/09/2006
See at: CNR ExploRA
2002
Journal article
Unknown
An adaptive approach to achieving hardware and software fault tolerance in a distributed computing environment
Bondavalli A., Chiaradonna S., Di Giandomenico F., Xu J.
This paper focuses on the problem of providing tolerance to both hardware and software faults in independent applications running on a distributed computing environment. Several hybrid-fault-tolerant architectures are identified and proposed. Given the highly varying and dynamic characteristics of the operating environment, solutions are developed mainly exploiting the adaptation property. They are based on the adaptive execution of redundant programs so as to minimise hardware resource consumption and to shorten response time, as much as possible, for a required level of fault tolerance. A method is introduced for evaluating the proposed architectures with respect to reliability, resource utilisation and response time. Examples of quantitative evaluations are also given.Source: Journal of systems architecture 47 (2002): 763–781.
Bondavalli A., Chiaradonna S., Di Giandomenico F., Xu J.
This paper focuses on the problem of providing tolerance to both hardware and software faults in independent applications running on a distributed computing environment. Several hybrid-fault-tolerant architectures are identified and proposed. Given the highly varying and dynamic characteristics of the operating environment, solutions are developed mainly exploiting the adaptation property. They are based on the adaptive execution of redundant programs so as to minimise hardware resource consumption and to shorten response time, as much as possible, for a required level of fault tolerance. A method is introduced for evaluating the proposed architectures with respect to reliability, resource utilisation and response time. Examples of quantitative evaluations are also given.Source: Journal of systems architecture 47 (2002): 763–781.
See at: CNR ExploRA
2004
Journal article
Closed Access
Dependability modeling & evaluation of multiple-phased systems using DEEM
Bondavalli A., Chiaradonna S., Di Giandomenico F., Mura I.
Multiple-Phased Systems (MPS), i.e., systems whose operational life can be partitioned in a set of disjoint periods, called ``phases'', include several classes of systems such as Phased Mission Systems and Scheduled Maintenance Systems. Because of their deployment in critical applications, the dependability modeling and analysis of Multiple-Phased Systems is a task of primary relevance. The phased behavior makes the analysis of Multiple-Phased Systems extremely complex. This paper describes the modeling methodology and the solution procedure implemented in DEEM, a dependability modeling and evaluation tool specifically tailored for Multiple Phased Systems. It describes its use for the solution of representative MPS problems. DEEM relies upon Deterministic and Stochastic Petri Nets as the modeling formalism and on Markov Regenerative Processes for the model solution. When compared to existing general-purpose tools based on similar formalisms, DEEM offers advantages on both the modeling side (sub-models neatly model the phase-dependent behaviors of MPS), and on the evaluation side (a specialized algorithm allows a considerable reduction of the solution cost and time). Thus, DEEM is able to deal with all the scenarios of MPS that have been analytically treated in the literature, at a cost which is comparable with that of the cheapest ones, completely solving the issues posed by the phased-behavior of MPS.Source: IEEE transactions on reliability 53 (2004): 509–522. doi:10.1109/TR.2004.837709
DOI: 10.1109/tr.2004.837709
Metrics:
Bondavalli A., Chiaradonna S., Di Giandomenico F., Mura I.
Multiple-Phased Systems (MPS), i.e., systems whose operational life can be partitioned in a set of disjoint periods, called ``phases'', include several classes of systems such as Phased Mission Systems and Scheduled Maintenance Systems. Because of their deployment in critical applications, the dependability modeling and analysis of Multiple-Phased Systems is a task of primary relevance. The phased behavior makes the analysis of Multiple-Phased Systems extremely complex. This paper describes the modeling methodology and the solution procedure implemented in DEEM, a dependability modeling and evaluation tool specifically tailored for Multiple Phased Systems. It describes its use for the solution of representative MPS problems. DEEM relies upon Deterministic and Stochastic Petri Nets as the modeling formalism and on Markov Regenerative Processes for the model solution. When compared to existing general-purpose tools based on similar formalisms, DEEM offers advantages on both the modeling side (sub-models neatly model the phase-dependent behaviors of MPS), and on the evaluation side (a specialized algorithm allows a considerable reduction of the solution cost and time). Thus, DEEM is able to deal with all the scenarios of MPS that have been analytically treated in the literature, at a cost which is comparable with that of the cheapest ones, completely solving the issues posed by the phased-behavior of MPS.Source: IEEE transactions on reliability 53 (2004): 509–522. doi:10.1109/TR.2004.837709
DOI: 10.1109/tr.2004.837709
Metrics:
See at:
IEEE Transactions on Reliability 
| CNR ExploRA
2006
Journal article
Open Access
Dependability evaluation of Web service-based processes
Gönczy L., Chiaradonna S., Di Giandomenico F., Pataricza A., Bondavalli A., Bartha T.
As Web service-based system integration recently became the mainstream approach to create composite services, the dependability of such systems becomes more and more crucial. Therefore, extensions of the common service composition techniques are urgently needed in order to cover dependability aspects and a core concept for the dependability estimation of the target composite service. Since Web services-based workflows fit into the class of systems composed of multiple phases, this paper attempts to apply methodologies and tools for dependability analysis of Multiple Phased Systems (MPS) to this emerging category of dependability critical systems. The paper shows how this dependability analysis constitutes a very useful support to the service provider in choosing the most appropriate service alternatives to build up its own composite service.Source: Lecture notes in computer science (2006): 166–180. doi:10.1007/11777830_12
DOI: 10.1007/11777830_12
Metrics:
Gönczy L., Chiaradonna S., Di Giandomenico F., Pataricza A., Bondavalli A., Bartha T.
As Web service-based system integration recently became the mainstream approach to create composite services, the dependability of such systems becomes more and more crucial. Therefore, extensions of the common service composition techniques are urgently needed in order to cover dependability aspects and a core concept for the dependability estimation of the target composite service. Since Web services-based workflows fit into the class of systems composed of multiple phases, this paper attempts to apply methodologies and tools for dependability analysis of Multiple Phased Systems (MPS) to this emerging category of dependability critical systems. The paper shows how this dependability analysis constitutes a very useful support to the service provider in choosing the most appropriate service alternatives to build up its own composite service.Source: Lecture notes in computer science (2006): 166–180. doi:10.1007/11777830_12
DOI: 10.1007/11777830_12
Metrics:
See at:
home.mit.bme.hu 
| doi.org | CNR ExploRA
2003
Conference article
Restricted
A Fault-Tolerant Distributed Legacy-based System and Its Evaluation
Bondavalli A., Chiaradonna S., Cotroneo D., Romano L.
In this paper, we present a complete architecture for improving the dependability of complex COTS and legacy-based systems. For long-lived applications, such as most of those being constructed nowadays via integration of legacy subsystems, fault treatment is a very important part of the fault tolerance strategy. The paper advocates the need for careful diagnosis and damage assessment, and for precise and effective recovery actions, specifically tailored to the a®ecting fault and/or to the extent of the damage in the affected component. In our proposal, threshold-based mechanisms are exploited to trigger alternative actions. The design and implementation of the resulting solution is illustrated with respect to a case study. This consists of a distributed architectural framework, handling replicated legacy-based subsystems. Replication and voting are used for error detection and masking. An experimental prototype deployed over a COTS-based LAN is described and has allowed a dependability analysis, via combined use of direct measurements and analytical modeling.Source: Dependable Computing - LADC 2003 Latin-American Symposium on Dependable Computing, pp. 303–320, São Paulo, Brazil, October 21-24, 2003
DOI: 10.1007/978-3-540-45214-0_22
Metrics:
Bondavalli A., Chiaradonna S., Cotroneo D., Romano L.
In this paper, we present a complete architecture for improving the dependability of complex COTS and legacy-based systems. For long-lived applications, such as most of those being constructed nowadays via integration of legacy subsystems, fault treatment is a very important part of the fault tolerance strategy. The paper advocates the need for careful diagnosis and damage assessment, and for precise and effective recovery actions, specifically tailored to the a®ecting fault and/or to the extent of the damage in the affected component. In our proposal, threshold-based mechanisms are exploited to trigger alternative actions. The design and implementation of the resulting solution is illustrated with respect to a case study. This consists of a distributed architectural framework, handling replicated legacy-based subsystems. Replication and voting are used for error detection and masking. An experimental prototype deployed over a COTS-based LAN is described and has allowed a dependability analysis, via combined use of direct measurements and analytical modeling.Source: Dependable Computing - LADC 2003 Latin-American Symposium on Dependable Computing, pp. 303–320, São Paulo, Brazil, October 21-24, 2003
DOI: 10.1007/978-3-540-45214-0_22
Metrics:
See at:
doi.org | link.springer.com | www.scopus.com | CNR ExploRA
2004
Journal article
Restricted
Effective fault treatment for improving the dependability of COTS- and legacy-based applications
Bondavalli A., Chiaradonna S., Cotroneo D., Romano L.
This paper proposes a novel methodology and an architectural framework for handling multiple classes of faults (namely, hardware-induced software errors in the application, process and/or host crashes or hangs, and errors in the persistent system stable storage) in a COTS and Legacy-based application. The basic idea is to use an evidence-accruing fault tolerance manager to choose and carry out one of multiple fault recovery strategies, depending upon the perceived severity of the fault. The methodology and the framework have been applied to a case study system consisting of a Legacy system, which makes use of a COTS DBMS for persistent storage facilities. A thorough performability analysis has also been conducted via combined use of direct measurements and analytical modeling. Experimental results demonstrate that effective fault treatment, consisting of careful diagnosis and damage assessment, plays a key role in leveraging the dependability of COTS and Legacy-based applications.Source: IEEE transactions on dependable and secure computing 1 (2004): 223–237. doi:10.1109/TDSC.2004.40
DOI: 10.1109/tdsc.2004.40
Metrics:
Bondavalli A., Chiaradonna S., Cotroneo D., Romano L.
This paper proposes a novel methodology and an architectural framework for handling multiple classes of faults (namely, hardware-induced software errors in the application, process and/or host crashes or hangs, and errors in the persistent system stable storage) in a COTS and Legacy-based application. The basic idea is to use an evidence-accruing fault tolerance manager to choose and carry out one of multiple fault recovery strategies, depending upon the perceived severity of the fault. The methodology and the framework have been applied to a case study system consisting of a Legacy system, which makes use of a COTS DBMS for persistent storage facilities. A thorough performability analysis has also been conducted via combined use of direct measurements and analytical modeling. Experimental results demonstrate that effective fault treatment, consisting of careful diagnosis and damage assessment, plays a key role in leveraging the dependability of COTS and Legacy-based applications.Source: IEEE transactions on dependable and secure computing 1 (2004): 223–237. doi:10.1109/TDSC.2004.40
DOI: 10.1109/tdsc.2004.40
Metrics:
See at:
IEEE Transactions on Dependable and Secure Computing | CNR ExploRA
2008
Journal article
Restricted
Analysis of a redundant architecture for critical infrastructure protection
Daidone A., Chiaradonna S., Bondavalli A., Verissimo P.
Critical infrastructures like the power grid are emerging as collection of existing separated systems of different nature which are interconnected together. Their criticality becomes more and more evident as the damage and the risks deriving from wrong behaviors (both accidental and intentionally caused) are increasing. It is becoming evident that existing (legacy) subsystem must be interconnected together following some disciplined and controlled way. This is one of the challenges taken by the European Project CRUTIAL, where an infrastructure architecture seen as a WAN of LANs is being proposed, where LANs confine existing sub-systems, protected by special interconnection and filtering devices (CIS - CRUTIAL Information Switches). Previous work led to the definition of the CIS internal and interconnection architecture, so that a set of CIS can collectively ensure that the computers controlling the physical process correctly exchange information despite accidents and malicious attacks. CIS resilience is achieved thanks to replication for intrusion tolerance and replica recovery for self-healing. This chapter analyzes the redundant architecture of the CIS, with a set of objectives: identifying the relevant parameters of the architecture; evaluating how effective is the trade-off between proactive and reactive recoveries; and finding the best parameter setup. Two measures of interest were identified, a model of the recovery strategy was constructed and the quantitative behavior of the recovery strategy was analyzed. The impact of the detection coverage, of the intrusions and of the number of CIS replicas was analyzed and discussed. The directions for refining and improving the recovery strategy were proposed.Source: Lecture notes in computer science 5135 (2008): 78–100. doi:10.1007/978-3-540-85571-2_4
DOI: 10.1007/978-3-540-85571-2_4
Metrics:
Daidone A., Chiaradonna S., Bondavalli A., Verissimo P.
Critical infrastructures like the power grid are emerging as collection of existing separated systems of different nature which are interconnected together. Their criticality becomes more and more evident as the damage and the risks deriving from wrong behaviors (both accidental and intentionally caused) are increasing. It is becoming evident that existing (legacy) subsystem must be interconnected together following some disciplined and controlled way. This is one of the challenges taken by the European Project CRUTIAL, where an infrastructure architecture seen as a WAN of LANs is being proposed, where LANs confine existing sub-systems, protected by special interconnection and filtering devices (CIS - CRUTIAL Information Switches). Previous work led to the definition of the CIS internal and interconnection architecture, so that a set of CIS can collectively ensure that the computers controlling the physical process correctly exchange information despite accidents and malicious attacks. CIS resilience is achieved thanks to replication for intrusion tolerance and replica recovery for self-healing. This chapter analyzes the redundant architecture of the CIS, with a set of objectives: identifying the relevant parameters of the architecture; evaluating how effective is the trade-off between proactive and reactive recoveries; and finding the best parameter setup. Two measures of interest were identified, a model of the recovery strategy was constructed and the quantitative behavior of the recovery strategy was analyzed. The impact of the detection coverage, of the intrusions and of the number of CIS replicas was analyzed and discussed. The directions for refining and improving the recovery strategy were proposed.Source: Lecture notes in computer science 5135 (2008): 78–100. doi:10.1007/978-3-540-85571-2_4
DOI: 10.1007/978-3-540-85571-2_4
Metrics:
See at:
doi.org | www.springerlink.com | CNR ExploRA
2009
Journal article
Restricted
Interdependency analysis in electric power systems
Chiaradonna S., Di Giandomenico F., Lollini P.
Electric Power Systems (EPS) are composed by two interdependent infrastructures: Electric Infrastructure (EI) and its Information-Technology based Control System (ITCS), which controls and manages EI. In this paper we address the interdependency analysis in EPS focusing on the cyber interdependencies between ITCS and EI, aiming to evaluate their impact on blackouts-related indicators. The obtained results contribute to better understand the EPS vulnerabilities, and are expected to provide useful guidelines towards enhanced design choices for EPS protection at architectural level.Source: Lecture notes in computer science 5508 (2009): 60–71. doi:10.1007/978-3-642-03552-4_6
DOI: 10.1007/978-3-642-03552-4_6
Metrics:
Chiaradonna S., Di Giandomenico F., Lollini P.
Electric Power Systems (EPS) are composed by two interdependent infrastructures: Electric Infrastructure (EI) and its Information-Technology based Control System (ITCS), which controls and manages EI. In this paper we address the interdependency analysis in EPS focusing on the cyber interdependencies between ITCS and EI, aiming to evaluate their impact on blackouts-related indicators. The obtained results contribute to better understand the EPS vulnerabilities, and are expected to provide useful guidelines towards enhanced design choices for EPS protection at architectural level.Source: Lecture notes in computer science 5508 (2009): 60–71. doi:10.1007/978-3-642-03552-4_6
DOI: 10.1007/978-3-642-03552-4_6
Metrics:
See at:
doi.org | link.springer.com | CNR ExploRA
2009
Journal article
Restricted
Assessing the impact of interdependencies in electric power systems
Chiaradonna S., Di Giandomenico F., Lollini P.
Electric power systems (EPS) greatly support our daily activities and are therefore among the most prominent critical infrastructures that need to be reliable and resilient in providing their services. They are rather complex and vulnerable systems, being composed by two interdependent infrastructures: the electric infrastructure (EI) and its information-technology-based control system (ITCS), which controls and manages EI. Understanding the reciprocal effect of interdependencies among interacting infrastructures is tackled by many studies in several application sectors. In this paper, we address the quantitative assessment of the impact of interdependencies in EPS, focusing on blackoutsrelated indicators. The obtained results contribute to better understand the EPS vulnerabilities and are expected to provide useful guidelines towards enhanced design choices for EPS protection at architectural level.Source: International journal of system of systems engineering (Print) 1 (2009): 367–386. doi:10.1504/IJSSE.2009.02991
DOI: 10.1504/ijsse.2009.02991
Metrics:
Chiaradonna S., Di Giandomenico F., Lollini P.
Electric power systems (EPS) greatly support our daily activities and are therefore among the most prominent critical infrastructures that need to be reliable and resilient in providing their services. They are rather complex and vulnerable systems, being composed by two interdependent infrastructures: the electric infrastructure (EI) and its information-technology-based control system (ITCS), which controls and manages EI. Understanding the reciprocal effect of interdependencies among interacting infrastructures is tackled by many studies in several application sectors. In this paper, we address the quantitative assessment of the impact of interdependencies in EPS, focusing on blackoutsrelated indicators. The obtained results contribute to better understand the EPS vulnerabilities and are expected to provide useful guidelines towards enhanced design choices for EPS protection at architectural level.Source: International journal of system of systems engineering (Print) 1 (2009): 367–386. doi:10.1504/IJSSE.2009.02991
DOI: 10.1504/ijsse.2009.02991
Metrics:
See at:
www.inderscience.com | CNR ExploRA
2006
Conference article
Unknown
Model-based dimensioning of CAUTION++
Di Giandomenico F., Chiaradonna S., Galliano E., Mura I.
Real-time adaptive management of wireless networks radio resources is a challenge that has been tackled by various EU funded projects, and that has led to the prototypal implementation of several network management systems. Dimensioning of such network management systems, which must be able to quickly react to varying traffic load conditions in the different segments of the controlled network, is of vital importance to ensure smooth transitions from normal operations states to congested ones, while achieving the best utilization of radio resources. To this purpose, a performance modeling approach is followed and is applied to a recently developed control infrastructure system for heterogeneous mobile networks. Specifically, a model that reproduces the internal processing and the communications among system components is built. The model is triggered by an increasing rate of service requests, to identify which system configurations are capable to satisfy the incoming flow of requests while respecting the time constraints of system operation.Source: 15th IST Mobile and Wireless Summit, Myconos, Greece, 4-8/06/2006
Di Giandomenico F., Chiaradonna S., Galliano E., Mura I.
Real-time adaptive management of wireless networks radio resources is a challenge that has been tackled by various EU funded projects, and that has led to the prototypal implementation of several network management systems. Dimensioning of such network management systems, which must be able to quickly react to varying traffic load conditions in the different segments of the controlled network, is of vital importance to ensure smooth transitions from normal operations states to congested ones, while achieving the best utilization of radio resources. To this purpose, a performance modeling approach is followed and is applied to a recently developed control infrastructure system for heterogeneous mobile networks. Specifically, a model that reproduces the internal processing and the communications among system components is built. The model is triggered by an increasing rate of service requests, to identify which system configurations are capable to satisfy the incoming flow of requests while respecting the time constraints of system operation.Source: 15th IST Mobile and Wireless Summit, Myconos, Greece, 4-8/06/2006
See at: CNR ExploRA
2002
Conference article
Unknown
Implementation of threshold-based diagnostic mechanisms for COTS-based applications
Romano L., Bondavalli A., Chiaradonna S., Cotroneo D.
This work investigates feasibility issues that must be addressed when threshold-based mechanism are to be used for diagnostic purposes in COTS-based distributed systems. Threshold based mechanism have typically been used for such purposes in embedded systems. A variety of solutions exist, with different characteristics of completeness, accuracy, and induced overhead. We first discuss the challenges related to applying such mechanisms to COTS-based distributed applications. We then identify alternative strategies for diagnosis, which use run-time data on COTS component service failures to trigger alarms to reconfiguration and fault treatment mechanisms. We implement those strategies in a system prototype, which is based on a substantial application, i.e. a real worldSource: IEEE SRDS2002. Reliable Distributed Systems, pp. 294–303, Japan, October 2002
Romano L., Bondavalli A., Chiaradonna S., Cotroneo D.
This work investigates feasibility issues that must be addressed when threshold-based mechanism are to be used for diagnostic purposes in COTS-based distributed systems. Threshold based mechanism have typically been used for such purposes in embedded systems. A variety of solutions exist, with different characteristics of completeness, accuracy, and induced overhead. We first discuss the challenges related to applying such mechanisms to COTS-based distributed applications. We then identify alternative strategies for diagnosis, which use run-time data on COTS component service failures to trigger alarms to reconfiguration and fault treatment mechanisms. We implement those strategies in a system prototype, which is based on a substantial application, i.e. a real worldSource: IEEE SRDS2002. Reliable Distributed Systems, pp. 294–303, Japan, October 2002
See at: CNR ExploRA
2007
Conference article
Restricted
On a modeling framework for the analysis of interdependencies in electric power systems
Chiaradonna S., Lollini P., Di Giandomenico F.
Nowadays, economy, security and quality of life heavily depend on the resiliency of a number of critical infrastructures, including the electric power system (EPS), through which vital services are provided. In existing EPS two cooperating infrastructures are involved: the electric infrastructure (EI) for the electricity generation and transportation to final users, and its information-technology based control system (ITCS) devoted to controlling and regulating the EI physical parameters and triggering reconfigurations in emergency situations. This paper proposes a modeling framework to capture EI and ITCS aspects, focusing on their interdependencies that contributed to the occurrence of several cascading failures in the past 40 years. A quite detailed analysis of the EI and ITCS structure and behavior is performed; in particular, the ITCS and EI behaviors are described by discrete and hybrid-state processes, respectively. To substantiate the approach, the implementation of a few basic modeling mechanisms inside an existing multiformalism/ multi-solution tool is also discussed.Source: DSN 2007 - IEEE/IFIP 37th Int. Conference on Dependable Systems and Networks., Edinburgh, UK, 25-28/06/2007
DOI: 10.1109/dsn.2007.68
Metrics:
Chiaradonna S., Lollini P., Di Giandomenico F.
Nowadays, economy, security and quality of life heavily depend on the resiliency of a number of critical infrastructures, including the electric power system (EPS), through which vital services are provided. In existing EPS two cooperating infrastructures are involved: the electric infrastructure (EI) for the electricity generation and transportation to final users, and its information-technology based control system (ITCS) devoted to controlling and regulating the EI physical parameters and triggering reconfigurations in emergency situations. This paper proposes a modeling framework to capture EI and ITCS aspects, focusing on their interdependencies that contributed to the occurrence of several cascading failures in the past 40 years. A quite detailed analysis of the EI and ITCS structure and behavior is performed; in particular, the ITCS and EI behaviors are described by discrete and hybrid-state processes, respectively. To substantiate the approach, the implementation of a few basic modeling mechanisms inside an existing multiformalism/ multi-solution tool is also discussed.Source: DSN 2007 - IEEE/IFIP 37th Int. Conference on Dependable Systems and Networks., Edinburgh, UK, 25-28/06/2007
DOI: 10.1109/dsn.2007.68
Metrics:
See at:
doi.org | ieeexplore.ieee.org | CNR ExploRA
2007
Contribution to conference
Unknown
A simulator for performability analysis of electrical power systems considering interdependencies
Romani F., Chiaradonna S., Di Giandomenico F., Simoncini L.
Electric Power Systems (EPS) become more and more critical for our society, but evaluating dependability and performability measures of such systems is a highly challenging task. Existing EPS are composed by two complex and tightly cooperating infrastructures: the Electric Infrastructure (EI) for the electricity generation and transportation to final users, and its Computer-based Control System (CCS), introduced in addition to existing SCADA systems and devoted to control the dynamics of EI and to trigger the reconfigurations in emergency situations. Significant dif- ficulties to analyze EPS are posed by the very high complexity of these infrastructures and by the tight coupling between them. Moreover, the complex interactions between such infrastructures make harder or just practically impossible both to analyze the overall system and to decompose it to focus on each single infrastructure. There is also a lack of well-established theories, models and tools supporting them, since studies on these topics are at an early stage of development. The European project CRUTIAL1, started on January 2006, aims to improve the studies in this field, with explicit focus on interdependencies between EI and the rest of the surrounding environment, in particular CCS. CRUTIAL also addresses new networked CCS systems for the management of the electric power grid, focusing on the issues arising from connection of artefacts controlling the physical process of electricity transportation to corporate networks (intranets) and to Internet.Source: IEEE Int. Conference on Dependable Systems and Networks, Fast Abstracts Track. DSN-2007, pp. 354–355, Edinburgh, UK, 25-28 June 2007
Romani F., Chiaradonna S., Di Giandomenico F., Simoncini L.
Electric Power Systems (EPS) become more and more critical for our society, but evaluating dependability and performability measures of such systems is a highly challenging task. Existing EPS are composed by two complex and tightly cooperating infrastructures: the Electric Infrastructure (EI) for the electricity generation and transportation to final users, and its Computer-based Control System (CCS), introduced in addition to existing SCADA systems and devoted to control the dynamics of EI and to trigger the reconfigurations in emergency situations. Significant dif- ficulties to analyze EPS are posed by the very high complexity of these infrastructures and by the tight coupling between them. Moreover, the complex interactions between such infrastructures make harder or just practically impossible both to analyze the overall system and to decompose it to focus on each single infrastructure. There is also a lack of well-established theories, models and tools supporting them, since studies on these topics are at an early stage of development. The European project CRUTIAL1, started on January 2006, aims to improve the studies in this field, with explicit focus on interdependencies between EI and the rest of the surrounding environment, in particular CCS. CRUTIAL also addresses new networked CCS systems for the management of the electric power grid, focusing on the issues arising from connection of artefacts controlling the physical process of electricity transportation to corporate networks (intranets) and to Internet.Source: IEEE Int. Conference on Dependable Systems and Networks, Fast Abstracts Track. DSN-2007, pp. 354–355, Edinburgh, UK, 25-28 June 2007
See at: CNR ExploRA
2005
Contribution to book
Unknown
Model-based evaluation as a support to the design of dependable systems
Bondavalli A., Chiaradonna S., Di Giandomenico F.
Chapter 3 focuses on model-based evaluation as a support to the analysis of dependable computer systems in all the phases of the system life cycle. An overview of the most commonly employed methodologies and tools for model-based evaluation is provided, and extensive literature is indicated as pointers to relevant research activities performed on this attractive topic over the last decades. The practical utility of this system evaluation method is shown through two examples of how analytical modeling supports design decisions and fault removal during the operational life of a system.Source: Dependable computing systems : paradigms, performance issues, and applications, edited by Diab, Hassan B.; Zomaya, Albert Y., pp. 57–86. Hoboken: John Wiley & Sons Inc., 2005
Bondavalli A., Chiaradonna S., Di Giandomenico F.
Chapter 3 focuses on model-based evaluation as a support to the analysis of dependable computer systems in all the phases of the system life cycle. An overview of the most commonly employed methodologies and tools for model-based evaluation is provided, and extensive literature is indicated as pointers to relevant research activities performed on this attractive topic over the last decades. The practical utility of this system evaluation method is shown through two examples of how analytical modeling supports design decisions and fault removal during the operational life of a system.Source: Dependable computing systems : paradigms, performance issues, and applications, edited by Diab, Hassan B.; Zomaya, Albert Y., pp. 57–86. Hoboken: John Wiley & Sons Inc., 2005
See at: CNR ExploRA
2009
Conference article
Open Access
Quantification of dependencies in electrical and information infrastructures: the CRUTIAL approach
Beccuti M., Franceschinis G., Donatelli S., Chiaradonna S., Di Giandomenico F., Lollini P., Dondossola G., Garrone F.
In this paper we present the CRUTIAL approach to model and quantify (inter)dependencies between the Electrical Infrastructure (EI) and the Information Infrastructures (II) that implements the El control and monitoring system. The quantification is achieved through the integration of two models: one that concentrates more on the structure of the power grid and its physical quantities and one that concentrates on the behaviour of the control system supported by the II. The modelling approach is exemplified on a scenario whose goal is to study the effects of a II partial failure (a denial of service attack that compromises the communication network) on the remote control of the EI.Source: Fourth International CRIS Conference on Critical Infrastructures, pp. 1–8, Linkoping, Sweden, March 27 2009-April 30 2009
DOI: 10.1109/cris.2009.5071482
Metrics:
Beccuti M., Franceschinis G., Donatelli S., Chiaradonna S., Di Giandomenico F., Lollini P., Dondossola G., Garrone F.
In this paper we present the CRUTIAL approach to model and quantify (inter)dependencies between the Electrical Infrastructure (EI) and the Information Infrastructures (II) that implements the El control and monitoring system. The quantification is achieved through the integration of two models: one that concentrates more on the structure of the power grid and its physical quantities and one that concentrates on the behaviour of the control system supported by the II. The modelling approach is exemplified on a scenario whose goal is to study the effects of a II partial failure (a denial of service attack that compromises the communication network) on the remote control of the EI.Source: Fourth International CRIS Conference on Critical Infrastructures, pp. 1–8, Linkoping, Sweden, March 27 2009-April 30 2009
DOI: 10.1109/cris.2009.5071482
Metrics:
See at:
www.di.unito.it | doi.org | CNR ExploRA
2007
Report
Unknown
CRUTIAL - D3 - Methodologies Synthesis
Di Giandomenico F., Chiaradonna S.
This deliverable deals with the modelling and analysis of interdependencies between critical infrastructures, focussing attention on two interdependent infrastructures studied in the context of CRUTIAL: the electric power infrastructure and the information infrastructures supporting management, control and maintenance functionality. The main objectives are: 1) investigate the main challenges to be addressed for the analysis and modelling of interdependencies, 2) review the modelling methodologies and tools that can be used to address these challenges and support the evaluation of the impact of interdependencies on the dependability and resilience of the service delivered to the users, and 3) present the preliminary directions investigated so far by the CRUTIAL consortium for describing and modelling interdependencies.Source: Project report, CRUTIAL, Deliverable D3, 2007
Project(s): CRUTIAL
Di Giandomenico F., Chiaradonna S.
This deliverable deals with the modelling and analysis of interdependencies between critical infrastructures, focussing attention on two interdependent infrastructures studied in the context of CRUTIAL: the electric power infrastructure and the information infrastructures supporting management, control and maintenance functionality. The main objectives are: 1) investigate the main challenges to be addressed for the analysis and modelling of interdependencies, 2) review the modelling methodologies and tools that can be used to address these challenges and support the evaluation of the impact of interdependencies on the dependability and resilience of the service delivered to the users, and 3) present the preliminary directions investigated so far by the CRUTIAL consortium for describing and modelling interdependencies.Source: Project report, CRUTIAL, Deliverable D3, 2007
Project(s): CRUTIAL
See at: CNR ExploRA
2002
Report
Open Access
Dependability modeling and evaluation of multiple phased systems using DEEM
Bondavalli A., Chiaradonna S., Di Giandomenico F., Mura I.
Multiple-Phased Systems, whose operational life can be partitioned in a set of disjoint periods, called "phases", include several classes of systems such as Phased Mission Systems and Scheduled Maintenance Systems. Because of their deployment in critical applications, the dependability modeling and analysis of Multiple-Phased Systems is a task of primary relevance. However, the phased behavior makes the analysis of Multiple-Phased Systems extremely complex. This paper describes DEEM, a dependability modeling and evaluation tool specifically tailored for Multiple Phased Systems, and its use for the solution of representative MPS problems. DEEM supports the methodology proposed in [28, 29] although not yet completely. When compared to general purpose DSPN tools [17], DEEM offers advantages on the modeling side (PhN and SN sub-models neatly model the phase-dependent behaviors of MPS), and on the evaluation side (a specialized algorithm allows a relevant reduction of the solution cost and time). Thus, DEEM is able to deal with all the scenarios of MPS that have been analytically treated in the literature, at a cost which is comparable with that of the cheapest ones [7, 26, 27, 34], completely solving the issues posed by the phased-behavior of MPS. DEEM is freely available to the academic world, for information see http://bonda.cnuce.cnr.it/DEEM.Source: ISTI Technical reports, 2002
Bondavalli A., Chiaradonna S., Di Giandomenico F., Mura I.
Multiple-Phased Systems, whose operational life can be partitioned in a set of disjoint periods, called "phases", include several classes of systems such as Phased Mission Systems and Scheduled Maintenance Systems. Because of their deployment in critical applications, the dependability modeling and analysis of Multiple-Phased Systems is a task of primary relevance. However, the phased behavior makes the analysis of Multiple-Phased Systems extremely complex. This paper describes DEEM, a dependability modeling and evaluation tool specifically tailored for Multiple Phased Systems, and its use for the solution of representative MPS problems. DEEM supports the methodology proposed in [28, 29] although not yet completely. When compared to general purpose DSPN tools [17], DEEM offers advantages on the modeling side (PhN and SN sub-models neatly model the phase-dependent behaviors of MPS), and on the evaluation side (a specialized algorithm allows a relevant reduction of the solution cost and time). Thus, DEEM is able to deal with all the scenarios of MPS that have been analytically treated in the literature, at a cost which is comparable with that of the cheapest ones [7, 26, 27, 34], completely solving the issues posed by the phased-behavior of MPS. DEEM is freely available to the academic world, for information see http://bonda.cnuce.cnr.it/DEEM.Source: ISTI Technical reports, 2002
See at:
ISTI Repository | CNR ExploRA
2004
Report
Open Access
Effective fault treatment for improving the dependability of cots- and legacy-based applications
Bondavalli A., Chiaradonna S., Cotroneo D., Romano L.
In this paper, we present a complete architecture suitable for improving the dependability of a wide class of distributed systems consisting of COTS components and Legacy systems. The paper advocates the need for careful diagnosis and damage assessment, and for precise and effective recovery actions, specifically tailored to the affecting fault and/or to the extent of the damage in the affected unit. In our pro- posal, threshold-based mechanisms are exploited to trigger alternative actions. The design and implementation of the resulting solution is illustrated with respect to a case study. This consists of a distributed architectural framework which replicates an application built from COTS components and Legacy systems. Replication and voting are used for error detection and masking. Dependability analysis has been conducted via combined use of direct measurements and analytical modeling.Source: ISTI Technical reports, pp.1–36, 2004
Bondavalli A., Chiaradonna S., Cotroneo D., Romano L.
In this paper, we present a complete architecture suitable for improving the dependability of a wide class of distributed systems consisting of COTS components and Legacy systems. The paper advocates the need for careful diagnosis and damage assessment, and for precise and effective recovery actions, specifically tailored to the affecting fault and/or to the extent of the damage in the affected unit. In our pro- posal, threshold-based mechanisms are exploited to trigger alternative actions. The design and implementation of the resulting solution is illustrated with respect to a case study. This consists of a distributed architectural framework which replicates an application built from COTS components and Legacy systems. Replication and voting are used for error detection and masking. Dependability analysis has been conducted via combined use of direct measurements and analytical modeling.Source: ISTI Technical reports, pp.1–36, 2004
See at:
ISTI Repository | CNR ExploRA
2007
Report
Open Access
Simulation Models and Implementation of a Simulator for the Performability Analysis of Electric Power Systems Considering Interdependencies
Romani F., Chiaradonna S., Di Giandomenico F., Simoncini L.
Electric Power Systems (EPS) become more and more critical for our society, since they provide vital services for the human activities. At the same time, obtaining dependable behaviour of EPS is an highly challenging task, both in terms of defining effective business management and in terms of analysis of dependability and performability attributes. A major concern when dealing with EPS is the understanding and the evaluation of the interdependencies between Electric Infrastructures (EI) and the Computer-based Control System (CCS), which controls the status and the activities of EI. Studies on these interdependencies are only at early stage of development. Major difficulties are the complexity of the infrastructures under analysis and the lack of well-established models and tools for dealing with them. This paper presents an ad-hoc simulator for the evaluation of dependability and performability measures in EPS. The system model the simulator is based on focuses on interdependencies between EI and CCS. Most existing modeling approaches in EPS do not provide explicit modeling of interdependencies among the composing subsystems, so that the cascading or escalating phenomena can not be deeply analysed. Our stochastic model is composed by separated and simple, but representative, submodels representing the dynamics of EI and different policies of reactions to disruptions and reconfigurations triggered by CCS. In this way, the simulator aims to provide explicit modeling of the interdependencies between the main subsystems, so the impact on the dependability and performability of the cascading or escalating failures can be analyzed. In this paper, we describe the simulator and highlight the design choices.Source: ISTI Technical reports, 2007
Romani F., Chiaradonna S., Di Giandomenico F., Simoncini L.
Electric Power Systems (EPS) become more and more critical for our society, since they provide vital services for the human activities. At the same time, obtaining dependable behaviour of EPS is an highly challenging task, both in terms of defining effective business management and in terms of analysis of dependability and performability attributes. A major concern when dealing with EPS is the understanding and the evaluation of the interdependencies between Electric Infrastructures (EI) and the Computer-based Control System (CCS), which controls the status and the activities of EI. Studies on these interdependencies are only at early stage of development. Major difficulties are the complexity of the infrastructures under analysis and the lack of well-established models and tools for dealing with them. This paper presents an ad-hoc simulator for the evaluation of dependability and performability measures in EPS. The system model the simulator is based on focuses on interdependencies between EI and CCS. Most existing modeling approaches in EPS do not provide explicit modeling of interdependencies among the composing subsystems, so that the cascading or escalating phenomena can not be deeply analysed. Our stochastic model is composed by separated and simple, but representative, submodels representing the dynamics of EI and different policies of reactions to disruptions and reconfigurations triggered by CCS. In this way, the simulator aims to provide explicit modeling of the interdependencies between the main subsystems, so the impact on the dependability and performability of the cascading or escalating failures can be analyzed. In this paper, we describe the simulator and highlight the design choices.Source: ISTI Technical reports, 2007
See at:
ISTI Repository | CNR ExploRA
2004
Report
Unknown
CAUTION++ - Validation report verification & validation of the CAUTION++ system
Clarkson A., Velentzas S., Kyriazakos S., Kechagias C., Hourdakis M., Elefsiniotis G., Kemppi P., Nousiainen S., Vlahodimitropoulos K., Chatzikonstantinou A., Kyriazidis F., Mura I., Moreno O., Pirinen J., Di Giandomenico F., Chiaradonna S., Lollini P., E. Dimopoulos, F. Casadevall
In order to successfully deploy a system, such as CAUTION++, system validation must take place to ensure that the implemented system matches the specified requirements. In this document, a methodology for validation of systems is presented, along with the specifics for validation testing in CAUTION++. A detailed evaluation of the Model-Based Validation methods is also presented. Validation Scenarios are given in detail, which cover all aspects of the CAUTION++ system. Furthermore the validation test forms are provided along with the results of the validation phase of the project, and conclusions drawn. This document was enhanced to also include the methods of Verification, the Verification tests and results.Source: ISTI Technical reports, pp.1–119, 2004
Clarkson A., Velentzas S., Kyriazakos S., Kechagias C., Hourdakis M., Elefsiniotis G., Kemppi P., Nousiainen S., Vlahodimitropoulos K., Chatzikonstantinou A., Kyriazidis F., Mura I., Moreno O., Pirinen J., Di Giandomenico F., Chiaradonna S., Lollini P., E. Dimopoulos, F. Casadevall
In order to successfully deploy a system, such as CAUTION++, system validation must take place to ensure that the implemented system matches the specified requirements. In this document, a methodology for validation of systems is presented, along with the specifics for validation testing in CAUTION++. A detailed evaluation of the Model-Based Validation methods is also presented. Validation Scenarios are given in detail, which cover all aspects of the CAUTION++ system. Furthermore the validation test forms are provided along with the results of the validation phase of the project, and conclusions drawn. This document was enhanced to also include the methods of Verification, the Verification tests and results.Source: ISTI Technical reports, pp.1–119, 2004
See at: CNR ExploRA