2023
Conference article
Open Access
Cross-coverage testing of functionally equivalent programs
Bertolino A., De Angelis G., Di Giandomenico F., Lonetti F.
Cross-coverage of a program P refers to the test coverage measured over a different program Q that is functionally equivalent to P. The novel concept of cross-coverage can find useful applications in the test of redundant software. We apply here cross-coverage for test suite augmentation and show that additional test cases generated from the coverage of an equivalent program, referred to as cross tests, can increase the coverage of a program in more effective way than a random baseline. We also observe that -contrary to traditional coverage testing-cross coverage could help finding (artificially created) missing functionality faults.Source: AST 2023 - IEEE/ACM International Conference on Automation of Software Test, pp. 101–111, Melbourne, Australia, 15-16/05/2023
DOI: 10.1109/ast58925.2023.00014
Metrics:
Bertolino A., De Angelis G., Di Giandomenico F., Lonetti F.
Cross-coverage of a program P refers to the test coverage measured over a different program Q that is functionally equivalent to P. The novel concept of cross-coverage can find useful applications in the test of redundant software. We apply here cross-coverage for test suite augmentation and show that additional test cases generated from the coverage of an equivalent program, referred to as cross tests, can increase the coverage of a program in more effective way than a random baseline. We also observe that -contrary to traditional coverage testing-cross coverage could help finding (artificially created) missing functionality faults.Source: AST 2023 - IEEE/ACM International Conference on Automation of Software Test, pp. 101–111, Melbourne, Australia, 15-16/05/2023
DOI: 10.1109/ast58925.2023.00014
Metrics:
See at:
ISTI Repository 
| ieeexplore.ieee.org 
| CNR ExploRA
2023
Journal article
Open Access
Safety and cybersecurity assessment techniques for critical industries: a mapping study
Babeshko I., Di Giandomenico F.
The paper presents a mapping study of safety and cybersecurity assessment techniques used in critical industries such as nuclear power plants, the oil and gas sector, autonomous vehicles, railways, etc., with particular emphasis on instrumentation and control systems (I&C). Modern I&Cs are complex electronic systems comprising thousands of components, therefore their reliability and safety when employed in critical application domains are challenging. With the development and integration of Industry 4.0 technologies such systems become more open for communication and flexible usage due to gradual interconnection with public networks and the Internet, but new cybersecurity and safety challenges are introduced. This paper states research questions and provides analysis results of recent relevant sources. Initially, 320 records (acquired between 2018 and 2022 inclusive) were identified. Later on, 187 studies were processed to check eligibility criteria. Overall, this mapping study includes 49 papers, after examining the pre-defined criteria and guidelines. The results of the analysis performed allow to systemize techniques being utilized in practice right now, as well as to identify trends of further techniques development. In fact, although the techniques used are not novel and most of them have been used for decades, our study shows that there are still some new trends in this field. In particular, the unified safety and cybersecurity assessment technique is a promising research direction, worth further investigation.Source: IEEE access 11 (2023): 83781–83793. doi:10.1109/ACCESS.2023.3297446
DOI: 10.1109/access.2023.3297446
Metrics:
Babeshko I., Di Giandomenico F.
The paper presents a mapping study of safety and cybersecurity assessment techniques used in critical industries such as nuclear power plants, the oil and gas sector, autonomous vehicles, railways, etc., with particular emphasis on instrumentation and control systems (I&C). Modern I&Cs are complex electronic systems comprising thousands of components, therefore their reliability and safety when employed in critical application domains are challenging. With the development and integration of Industry 4.0 technologies such systems become more open for communication and flexible usage due to gradual interconnection with public networks and the Internet, but new cybersecurity and safety challenges are introduced. This paper states research questions and provides analysis results of recent relevant sources. Initially, 320 records (acquired between 2018 and 2022 inclusive) were identified. Later on, 187 studies were processed to check eligibility criteria. Overall, this mapping study includes 49 papers, after examining the pre-defined criteria and guidelines. The results of the analysis performed allow to systemize techniques being utilized in practice right now, as well as to identify trends of further techniques development. In fact, although the techniques used are not novel and most of them have been used for decades, our study shows that there are still some new trends in this field. In particular, the unified safety and cybersecurity assessment technique is a promising research direction, worth further investigation.Source: IEEE access 11 (2023): 83781–83793. doi:10.1109/ACCESS.2023.3297446
DOI: 10.1109/access.2023.3297446
Metrics:
See at:
ieeexplore.ieee.org | ISTI Repository | CNR ExploRA
2023
Journal article
Open Access
Security-informed safety analysis of autonomous transport systems considering AI-powered cyberattacks and protection
Illiashenko O., Kharchenko V., Babeshko I., Fesenko H., Di Giandomenico F.
The entropy-oriented approach called security- or cybersecurity-informed safety (SIS or CSIS, respectively) is discussed and developed in order to analyse and evaluate the safety and dependability of autonomous transport systems (ATSs) such as unmanned aerial vehicles (UAVs), unmanned maritime vehicles (UMVs), and satellites. This approach allows for extending and integrating the known techniques FMECA (Failure Modes, Effects, and Criticality Analysis) and IMECA (Intrusion MECA), as well as developing the new SISMECA (SIS-based Intrusion Modes, Effects, and Criticality Analysis) technique. The ontology model and templates for SISMECA implementation are suggested. The methodology of safety assessment is based on (i) the application and enhancement of SISMECA considering the particularities of various ATSs and roles of actors (regulators, developers, operators, customers); (ii) the development of a set of scenarios describing the operation of ATS in conditions of cyberattacks and physical influences; (iii) AI contribution to system protection for the analysed domains; (iv) scenario-based development and analysis of user stories related to different cyber-attacks, as well as ways to protect ATSs from them via AI means/platforms; (v) profiling of AI platform requirements by use of characteristics based on AI quality model, risk-based assessment of cyberattack criticality, and efficiency of countermeasures which actors can implement. Examples of the application of SISMECA assessment are presented and discussed.Source: Entropy (Basel, Online) 25 (2023). doi:10.3390/e25081123
DOI: 10.3390/e25081123
Metrics:
Illiashenko O., Kharchenko V., Babeshko I., Fesenko H., Di Giandomenico F.
The entropy-oriented approach called security- or cybersecurity-informed safety (SIS or CSIS, respectively) is discussed and developed in order to analyse and evaluate the safety and dependability of autonomous transport systems (ATSs) such as unmanned aerial vehicles (UAVs), unmanned maritime vehicles (UMVs), and satellites. This approach allows for extending and integrating the known techniques FMECA (Failure Modes, Effects, and Criticality Analysis) and IMECA (Intrusion MECA), as well as developing the new SISMECA (SIS-based Intrusion Modes, Effects, and Criticality Analysis) technique. The ontology model and templates for SISMECA implementation are suggested. The methodology of safety assessment is based on (i) the application and enhancement of SISMECA considering the particularities of various ATSs and roles of actors (regulators, developers, operators, customers); (ii) the development of a set of scenarios describing the operation of ATS in conditions of cyberattacks and physical influences; (iii) AI contribution to system protection for the analysed domains; (iv) scenario-based development and analysis of user stories related to different cyber-attacks, as well as ways to protect ATSs from them via AI means/platforms; (v) profiling of AI platform requirements by use of characteristics based on AI quality model, risk-based assessment of cyberattack criticality, and efficiency of countermeasures which actors can implement. Examples of the application of SISMECA assessment are presented and discussed.Source: Entropy (Basel, Online) 25 (2023). doi:10.3390/e25081123
DOI: 10.3390/e25081123
Metrics:
See at:
ISTI Repository | www.mdpi.com | CNR ExploRA
2023
Journal article
Open Access
Model-based security testing in IoT systems: a rapid review
Lonetti F., Bertolino A., Di Giandomenico F.
Context: Security testing is a challenging and effort-demanding task in IoT scenarios. The heterogeneous devices expose different vulnerabilities that can influence the methods and cost of security testing. Model-based security testing techniques support the systematic generation of test cases for the assessment of security requirements by leveraging the specifications of the IoT system model and of the attack templates. Objective: This paper aims to review the adoption of model-based security testing in the context of IoT, and then provides the first systematic and up-to-date comprehensive classification and analysis of research studies in this topic. Method: We conducted a systematic literature review analysing 803 publications and finally selecting 17 primary studies, which satisfied our inclusion criteria and were classified according to a set of relevant analysis dimensions. Results: We report the state-of-the-art about the used formalisms, the test techniques, the objectives, the target applications and domains; we also identify the targeted security attacks, and discuss the challenges, gaps and future research directions. Conclusion: Our review represents the first attempt to systematically analyze and classify existing studies on model-based security testing for IoT. According to the results, model-based security testing has been applied in core IoT domains. Models complexity and the need of modeling evolving scenarios that include heterogeneous open software and hardware components remain the most important shortcomings. Our study shows that model-based security testing of IoT applications is a promising research direction. The principal future research directions deal with: extending the existing modeling formalisms in order to capture all peculiarities and constraints of complex and large scale IoT networks; the definition of context-aware and dynamic evolution modelling approaches of IoT entities; and the combination of model-based testing techniques with other security test strategies such as penetration testing or learning techniques for model inference.Source: Information and software technology 164 (2023). doi:10.1016/j.infsof.2023.107326
DOI: 10.1016/j.infsof.2023.107326
Metrics:
Lonetti F., Bertolino A., Di Giandomenico F.
Context: Security testing is a challenging and effort-demanding task in IoT scenarios. The heterogeneous devices expose different vulnerabilities that can influence the methods and cost of security testing. Model-based security testing techniques support the systematic generation of test cases for the assessment of security requirements by leveraging the specifications of the IoT system model and of the attack templates. Objective: This paper aims to review the adoption of model-based security testing in the context of IoT, and then provides the first systematic and up-to-date comprehensive classification and analysis of research studies in this topic. Method: We conducted a systematic literature review analysing 803 publications and finally selecting 17 primary studies, which satisfied our inclusion criteria and were classified according to a set of relevant analysis dimensions. Results: We report the state-of-the-art about the used formalisms, the test techniques, the objectives, the target applications and domains; we also identify the targeted security attacks, and discuss the challenges, gaps and future research directions. Conclusion: Our review represents the first attempt to systematically analyze and classify existing studies on model-based security testing for IoT. According to the results, model-based security testing has been applied in core IoT domains. Models complexity and the need of modeling evolving scenarios that include heterogeneous open software and hardware components remain the most important shortcomings. Our study shows that model-based security testing of IoT applications is a promising research direction. The principal future research directions deal with: extending the existing modeling formalisms in order to capture all peculiarities and constraints of complex and large scale IoT networks; the definition of context-aware and dynamic evolution modelling approaches of IoT entities; and the combination of model-based testing techniques with other security test strategies such as penetration testing or learning techniques for model inference.Source: Information and software technology 164 (2023). doi:10.1016/j.infsof.2023.107326
DOI: 10.1016/j.infsof.2023.107326
Metrics:
See at:
ISTI Repository | www.sciencedirect.com | CNR ExploRA
2022
Conference article
Open Access
Solution bundles of Markov performability models through adaptive cross approximation
Masetti G., Robol L., Chiaradonna S., Di Giandomenico F.
A technique to approximate solution bundles, i.e., solutions of a parametric model where parameters are treated as independent variables instead of constants, is presented for Markov models. Analyses based on an approximated solution bundle are more efficient than those that solve the model for all combinations of parameters' values separately. In this paper the idea is to properly adapt low rank tensor approximation techniques, and in particular Adaptive Cross Approximation, to the evaluation of performability attributes. Application on exemplary case studies confirms the advantages of the new solution technique with respect to solving the model for all time and parameters' combinations.Source: DSN 2022 - 52nd Annual IEEE/IFIP International Conference on Dependable Systems and Networks, pp. 381–392, Baltimora, USA, 27-30/06/2022
DOI: 10.1109/dsn53405.2022.00046
Metrics:
Masetti G., Robol L., Chiaradonna S., Di Giandomenico F.
A technique to approximate solution bundles, i.e., solutions of a parametric model where parameters are treated as independent variables instead of constants, is presented for Markov models. Analyses based on an approximated solution bundle are more efficient than those that solve the model for all combinations of parameters' values separately. In this paper the idea is to properly adapt low rank tensor approximation techniques, and in particular Adaptive Cross Approximation, to the evaluation of performability attributes. Application on exemplary case studies confirms the advantages of the new solution technique with respect to solving the model for all time and parameters' combinations.Source: DSN 2022 - 52nd Annual IEEE/IFIP International Conference on Dependable Systems and Networks, pp. 381–392, Baltimora, USA, 27-30/06/2022
DOI: 10.1109/dsn53405.2022.00046
Metrics:
See at:
ISTI Repository | doi.org | ieeexplore.ieee.org | CNR ExploRA
2022
Journal article
Open Access
Implicit reward structures for implicit reliability models
Masetti G., Robol L., Chiaradonna S., Di Giandomenico F.
A new methodology for effective definition and efficient evaluation of dependability-related properties is proposed. The analysis targets the systems composed of a large number of components, each one modeled implicitly through high-level formalisms, such as stochastic Petri nets. Since the component models are implicit, the reward structure that characterizes the dependability properties has to be implicit as well. Therefore, we present a new formalism to specify those reward structures. The focus here is on component models that can be mapped to stochastic automata with one or several absorbing states so that the system model can be mapped to a stochastic automata network with one or several absorbing states. Correspondingly, the new reward structure defined on each component's model is mapped to a reward vector so that the dependability-related properties of the system are expressed through a newly introduced measure defined starting from those reward vectors. A simple, yet representative, case study is adopted to show the feasibility of the method.Source: IEEE transactions on reliability (2022). doi:10.1109/TR.2022.3190915
DOI: 10.1109/tr.2022.3190915
Metrics:
Masetti G., Robol L., Chiaradonna S., Di Giandomenico F.
A new methodology for effective definition and efficient evaluation of dependability-related properties is proposed. The analysis targets the systems composed of a large number of components, each one modeled implicitly through high-level formalisms, such as stochastic Petri nets. Since the component models are implicit, the reward structure that characterizes the dependability properties has to be implicit as well. Therefore, we present a new formalism to specify those reward structures. The focus here is on component models that can be mapped to stochastic automata with one or several absorbing states so that the system model can be mapped to a stochastic automata network with one or several absorbing states. Correspondingly, the new reward structure defined on each component's model is mapped to a reward vector so that the dependability-related properties of the system are expressed through a newly introduced measure defined starting from those reward vectors. A simple, yet representative, case study is adopted to show the feasibility of the method.Source: IEEE transactions on reliability (2022). doi:10.1109/TR.2022.3190915
DOI: 10.1109/tr.2022.3190915
Metrics:
See at:
ISTI Repository | ieeexplore.ieee.org | CNR ExploRA
2022
Journal article
Open Access
TAPAS: a tool for stochastic evaluation of large interdependent composed models with absorbing states
Masetti G., Robol L., Chiaradonna S., Di Giandomenico F.
TAPAS is a new tool for efficient evaluation of dependability and performability attributes of systems composed of many interconnected components. The tool solves homogeneous continuous time Markov chains described by stochastic automata network models structured in submodels with absorbing states. The measures of interest are defined by a reward structure based on submodels composed through transition-based synchronization. The tool has been conceived in a modular and flexible fashion, to easily accommodate new features. Currently, it implements an array of state-based solvers that addresses the state explosion problem through powerful mathematical techniques, including Kronecker algebra, Tensor Trains and Exponential Sums. A simple, yet representative, case study is adopted, to present the tool and to show the feasibility of the supported methods, in particular frommemory consumption point of view.Source: Performance evaluation review 49 (2022): 41–46. doi:10.1145/3543146.3543157
DOI: 10.1145/3543146.3543157
Metrics:
Masetti G., Robol L., Chiaradonna S., Di Giandomenico F.
TAPAS is a new tool for efficient evaluation of dependability and performability attributes of systems composed of many interconnected components. The tool solves homogeneous continuous time Markov chains described by stochastic automata network models structured in submodels with absorbing states. The measures of interest are defined by a reward structure based on submodels composed through transition-based synchronization. The tool has been conceived in a modular and flexible fashion, to easily accommodate new features. Currently, it implements an array of state-based solvers that addresses the state explosion problem through powerful mathematical techniques, including Kronecker algebra, Tensor Trains and Exponential Sums. A simple, yet representative, case study is adopted, to present the tool and to show the feasibility of the supported methods, in particular frommemory consumption point of view.Source: Performance evaluation review 49 (2022): 41–46. doi:10.1145/3543146.3543157
DOI: 10.1145/3543146.3543157
Metrics:
See at:
ISTI Repository | dl.acm.org | ACM SIGMETRICS Performance Evaluation Review | CNR ExploRA
2022
Journal article
Open Access
Redundancy-based intrusion tolerance approaches moving from classical fault tolerance methods
Di Giandomenico F., Masetti G., Chiaradonna S.
Borrowing from well known fault tolerant approaches based on redundancy to mask the effect of faults, redundancy-based intrusion tolerance schemes are proposed in this paper, where redundancy of ICT components is exploited as a first defense line against a subset of compromised components within the redundant set, due to cyberattacks. Features to enhance defense and tolerance capabilities are first discussed, covering diversity-based redundancy, confusion techniques, protection mechanisms, locality policies and rejuvenation phases. Then, a set of intrusion tolerance variations of classical fault tolerant schemes (including N Version Programming and Recovery Block, as well as a few hybrid approaches) is proposed, by enriching each original scheme with one or more of the previously introduced defense mechanisms. As a practical support to the system designer in making an appropriate choice among the available solutions, for each developed scheme a schematic summary is provided, in terms of resources and defense facilities needed to tolerate f value failures and k omission failures, as well as observations regarding time requirements. To provide an example of more detailed analysis, useful to set up an appropriate intrusion tolerance configuration, a trade-off study between cost and additional redundancy employed for confusion purposes is also carried out.Source: International Journal of Applied Mathematics and Computer Science 32 (2022): 701–719. doi:10.34768/amcs-2022-0048
DOI: 10.34768/amcs-2022-0048
Project(s): BIECO
Metrics:
Di Giandomenico F., Masetti G., Chiaradonna S.
Borrowing from well known fault tolerant approaches based on redundancy to mask the effect of faults, redundancy-based intrusion tolerance schemes are proposed in this paper, where redundancy of ICT components is exploited as a first defense line against a subset of compromised components within the redundant set, due to cyberattacks. Features to enhance defense and tolerance capabilities are first discussed, covering diversity-based redundancy, confusion techniques, protection mechanisms, locality policies and rejuvenation phases. Then, a set of intrusion tolerance variations of classical fault tolerant schemes (including N Version Programming and Recovery Block, as well as a few hybrid approaches) is proposed, by enriching each original scheme with one or more of the previously introduced defense mechanisms. As a practical support to the system designer in making an appropriate choice among the available solutions, for each developed scheme a schematic summary is provided, in terms of resources and defense facilities needed to tolerate f value failures and k omission failures, as well as observations regarding time requirements. To provide an example of more detailed analysis, useful to set up an appropriate intrusion tolerance configuration, a trade-off study between cost and additional redundancy employed for confusion purposes is also carried out.Source: International Journal of Applied Mathematics and Computer Science 32 (2022): 701–719. doi:10.34768/amcs-2022-0048
DOI: 10.34768/amcs-2022-0048
Project(s): BIECO
Metrics:
See at:
ISTI Repository | www.amcs.uz.zgora.pl | doi.org | CNR ExploRA
2022
Conference article
Open Access
Random bad state estimator to address false data injection in critical infrastructures
Masetti G., Chiaradonna S., Robol L., Di Giandomenico F.
Given their crucial role for a society and economy, an essential component of critical infrastructures is the Bad State Estimator (BSE), responsible for detecting malfunctions affecting elements of the physical infrastructure. In the past, the BSE has been conceived to mainly cope with accidental faults, under assumptions characterizing their occurrence. However, evolution of the addressed systems category consisting in pervasiveness of ICT-based control towards increasing smartness, paired with the openness of the operational environment, contributed to expose critical infrastructures to intentional attacks, e.g. exploited through False Data Injection (FDI). In the flow of studies focusing on enhancements of the traditional BSE to account for FDI attacks, this paper proposes a new solution that introduces randomness elements in the diagnosis process, to improve detection abilities and mitigate potentially catastrophic common-mode errors. Differently from existing alternatives, the strength of this new technique is that it does not require any additional components or alternative source of information with respect to the classic BSE. Numerical experiments conducted on two IEEE transmission grid tests, taken as representative use cases, show the applicability and benefits of the new solution.Source: PRDC 2022 - 27th IEEE Pacific Rim International Symposium on Dependable Computing, pp. 98–108, Beijing, China, 28/11/2022 - 01/12/2022
DOI: 10.1109/prdc55274.2022.00024
Metrics:
Masetti G., Chiaradonna S., Robol L., Di Giandomenico F.
Given their crucial role for a society and economy, an essential component of critical infrastructures is the Bad State Estimator (BSE), responsible for detecting malfunctions affecting elements of the physical infrastructure. In the past, the BSE has been conceived to mainly cope with accidental faults, under assumptions characterizing their occurrence. However, evolution of the addressed systems category consisting in pervasiveness of ICT-based control towards increasing smartness, paired with the openness of the operational environment, contributed to expose critical infrastructures to intentional attacks, e.g. exploited through False Data Injection (FDI). In the flow of studies focusing on enhancements of the traditional BSE to account for FDI attacks, this paper proposes a new solution that introduces randomness elements in the diagnosis process, to improve detection abilities and mitigate potentially catastrophic common-mode errors. Differently from existing alternatives, the strength of this new technique is that it does not require any additional components or alternative source of information with respect to the classic BSE. Numerical experiments conducted on two IEEE transmission grid tests, taken as representative use cases, show the applicability and benefits of the new solution.Source: PRDC 2022 - 27th IEEE Pacific Rim International Symposium on Dependable Computing, pp. 98–108, Beijing, China, 28/11/2022 - 01/12/2022
DOI: 10.1109/prdc55274.2022.00024
Metrics:
See at:
ISTI Repository | doi.org | ieeexplore.ieee.org | CNR ExploRA
2021
Journal article
Open Access
Enhancing sustainability of the railway infrastructure: Trading energy saving and unavailability through efficient switch heating policies
Chiaradonna S., Masetti G., Di Giandomenico F., Righetti F., Vallati C.
Railway is currently envisioned as the most promising transportation system for both people and freight to reduce atmospheric emission and combat climate change. In this context, ensuring the energy efficiency of the railway systems is paramount in order to sustain their future expandability with minimum carbon footprint. Recent advancements in computing and communication technologies are expected to play a significant role to enable novel integrated control and management strategies in which heterogeneous data is exploited to noticeably increase energy efficiency. In this paper we focus on exploiting the convergence of heterogeneous information to improve energy efficiency of railway systems, in particular on the heating system for the railroad switches, one of the major energy intensive components. To this aim, we define new policies to efficiently manage the heating of these switches exploiting also external information such as weather and forecast data. In order to assess the performance of each strategy, a stochastic model representing the structure and operation of the railroad switch heating system and environmental conditions (both weather profiles and specific failure events) has been developed and exercised in a variety of representative scenarios. The obtained results allow to understand both strengths and limitations of each energy management policy, and serves as a useful support to make the choice of the best technique to employ to save on energy consumption, given the system conditions at hand.Source: Sustainable computing: informatics and systems (Print) 30 (2021). doi:10.1016/j.suscom.2021.100519
DOI: 10.1016/j.suscom.2021.100519
Metrics:
Chiaradonna S., Masetti G., Di Giandomenico F., Righetti F., Vallati C.
Railway is currently envisioned as the most promising transportation system for both people and freight to reduce atmospheric emission and combat climate change. In this context, ensuring the energy efficiency of the railway systems is paramount in order to sustain their future expandability with minimum carbon footprint. Recent advancements in computing and communication technologies are expected to play a significant role to enable novel integrated control and management strategies in which heterogeneous data is exploited to noticeably increase energy efficiency. In this paper we focus on exploiting the convergence of heterogeneous information to improve energy efficiency of railway systems, in particular on the heating system for the railroad switches, one of the major energy intensive components. To this aim, we define new policies to efficiently manage the heating of these switches exploiting also external information such as weather and forecast data. In order to assess the performance of each strategy, a stochastic model representing the structure and operation of the railroad switch heating system and environmental conditions (both weather profiles and specific failure events) has been developed and exercised in a variety of representative scenarios. The obtained results allow to understand both strengths and limitations of each energy management policy, and serves as a useful support to make the choice of the best technique to employ to save on energy consumption, given the system conditions at hand.Source: Sustainable computing: informatics and systems (Print) 30 (2021). doi:10.1016/j.suscom.2021.100519
DOI: 10.1016/j.suscom.2021.100519
Metrics:
See at:
ISTI Repository | Sustainable Computing Informatics and Systems | www.sciencedirect.com | CNR ExploRA
2021
Journal article
Open Access
On identity-aware replication in stochastic modeling for simulation-based dependability analysis of large interconnected systems
Chiaradonna S., Di Giandomenico F., Masetti G.
This paper focuses on the generation of stochastic models for dependability and performability analysis, through mechanisms for the automatic replication of template models when identity of replicas cannot be anonymous. The major objective of this work is to support the modeler in selecting the most appropriate replication mechanism, given the characteristics of the system under analysis. To this purpose, three most used solutions to identity-aware replication are considered and a formal framework to allow representing them in a consistent way is first defined. Then, a comparison of their behavior is extensively carried out, with focus on efficiency, both from a theoretical perspective and from a quantitative viewpoint. For the latter, a specific implementation of the considered replication mechanisms in the Möbius modeling environment and a case study representative of realistic interconnected infrastructures are developed.Source: Performance evaluation 147 (2021). doi:10.1016/j.peva.2021.102192
DOI: 10.1016/j.peva.2021.102192
Metrics:
Chiaradonna S., Di Giandomenico F., Masetti G.
This paper focuses on the generation of stochastic models for dependability and performability analysis, through mechanisms for the automatic replication of template models when identity of replicas cannot be anonymous. The major objective of this work is to support the modeler in selecting the most appropriate replication mechanism, given the characteristics of the system under analysis. To this purpose, three most used solutions to identity-aware replication are considered and a formal framework to allow representing them in a consistent way is first defined. Then, a comparison of their behavior is extensively carried out, with focus on efficiency, both from a theoretical perspective and from a quantitative viewpoint. For the latter, a specific implementation of the considered replication mechanisms in the Möbius modeling environment and a case study representative of realistic interconnected infrastructures are developed.Source: Performance evaluation 147 (2021). doi:10.1016/j.peva.2021.102192
DOI: 10.1016/j.peva.2021.102192
Metrics:
See at:
ISTI Repository | Performance Evaluation | www.sciencedirect.com | CNR ExploRA
2021
Conference article
Open Access
Supervisory synthesis of configurable behavioural contracts with modalities
Basile D., Ter Beek M. H., Degano P., Legay A., Ferrari G. L., Gnesi S., Di Giandomenico F.
Service contracts characterise the desired behavioural compliance of a composition of services, typically defined by the fulfilment of all service requests through service offers. Contract automata are a formalism for specifying behavioural service contracts. Based on the notion of synthesis of the most permissive controller from Supervisory Control Theory, a safe orchestration of contract automata can be computed that refines a composition into a compliant one. This short paper summarises the contributions published in [8], where we endow contract automata with two orthogonal layers of variability: (i) at the structural level, constraints over service requests and offers define different configurations of a contract automaton, depending on which requests and offers are selected or discarded; and (ii) at the behavioural level, service requests of different levels of criticality can be declared, which induces the novel notion of semi-controllability. The synthesis of orchestrations is thus extended to respect both the structural and the behavioural variability constraints. Finally, we show how to efficiently compute the orchestration of all configurations from only a subset of these configurations. A recently redesigned and refactored tool supports the developed theory.Source: FORTE 2021 - 41st IFIP WG 6.1 International Conference on Formal Techniques for Distributed Objects, Components, and Systems, pp. 177–181, Online conference, 14-18/06/2021
DOI: 10.1007/978-3-030-78089-0_10
Metrics:
Basile D., Ter Beek M. H., Degano P., Legay A., Ferrari G. L., Gnesi S., Di Giandomenico F.
Service contracts characterise the desired behavioural compliance of a composition of services, typically defined by the fulfilment of all service requests through service offers. Contract automata are a formalism for specifying behavioural service contracts. Based on the notion of synthesis of the most permissive controller from Supervisory Control Theory, a safe orchestration of contract automata can be computed that refines a composition into a compliant one. This short paper summarises the contributions published in [8], where we endow contract automata with two orthogonal layers of variability: (i) at the structural level, constraints over service requests and offers define different configurations of a contract automaton, depending on which requests and offers are selected or discarded; and (ii) at the behavioural level, service requests of different levels of criticality can be declared, which induces the novel notion of semi-controllability. The synthesis of orchestrations is thus extended to respect both the structural and the behavioural variability constraints. Finally, we show how to efficiently compute the orchestration of all configurations from only a subset of these configurations. A recently redesigned and refactored tool supports the developed theory.Source: FORTE 2021 - 41st IFIP WG 6.1 International Conference on Formal Techniques for Distributed Objects, Components, and Systems, pp. 177–181, Online conference, 14-18/06/2021
DOI: 10.1007/978-3-030-78089-0_10
Metrics:
See at:
ISTI Repository | link.springer.com | CNR ExploRA
2021
Contribution to conference
Open Access
TAPAS: a tool for stochastic evaluation of large interdependent composed models with absorbing states
Masetti G., Robol L., Chiaradonna S., Di Giandomenico F.
TAPAS is a new tool for efficient evaluation of dependability and performability attributes of systems composed of many interconnected components. The tool solves homogeneous continuous time Markov chains described by stochastic automata network models structured in submodels with absorbing states. The measures of interest are defined by a reward structure based on submodels composed through transition-based synchronization. The tool has been conceived in a modular and flexible fashion, to easily accommodate new features. Currently, it implements an array of state-based solvers that addresses the state explosion problem through powerful mathematical techniques, including Kronecker algebra, Tensor Trains and Exponential Sums. A simple, yet representative, case study is adopted, to present the tool and to show the feasibility of the supported methods, in particular from memory consumption point of view.Source: TOSME Workshop - Tools for Stochastic Modelling and Evaluation (performance, dependability, security and verification), Online workshop, 12/11/2021
Masetti G., Robol L., Chiaradonna S., Di Giandomenico F.
TAPAS is a new tool for efficient evaluation of dependability and performability attributes of systems composed of many interconnected components. The tool solves homogeneous continuous time Markov chains described by stochastic automata network models structured in submodels with absorbing states. The measures of interest are defined by a reward structure based on submodels composed through transition-based synchronization. The tool has been conceived in a modular and flexible fashion, to easily accommodate new features. Currently, it implements an array of state-based solvers that addresses the state explosion problem through powerful mathematical techniques, including Kronecker algebra, Tensor Trains and Exponential Sums. A simple, yet representative, case study is adopted, to present the tool and to show the feasibility of the supported methods, in particular from memory consumption point of view.Source: TOSME Workshop - Tools for Stochastic Modelling and Evaluation (performance, dependability, security and verification), Online workshop, 12/11/2021
See at:
ISTI Repository | www.performance2021.deib.polimi.it | CNR ExploRA
2020
Conference article
Open Access
30 years of simulation-based quantitative analysis tools: a comparison experiment between Möbius and Uppaal SMC
Basile D., Ter Beek M. H., Di Giandomenico F., Fantechi A., Gnesi S., Spagnolo G. O.
We provide a brief comparison of the modelling and analysis capabilities of two different formalisms and their associated simulation-based tools, acquired from experimenting with these methods and tools on one specific case study. The case study is a cyber-physical system from an industrial railway project, namely a railroad switch heater, and the quantitative properties concern energy consumption and reliability. We modelled and analysed the case study with stochastic activity networks and Möbius on the one hand and with stochastic hybrid automata and Uppaal SMC on the other hand. We give an overview of the performed experiments and highlight specific features of the two methodologies. This yields some pointers for future research and improvements.Source: ISoLA 2020 - 9th International Symposium on Leveraging Applications of Formal Methods, Verification and Validation: Verification Principles, pp. 368–384, Rhodes, Greece, 20-30/10/2020
DOI: 10.1007/978-3-030-61362-4_21
Metrics:
Basile D., Ter Beek M. H., Di Giandomenico F., Fantechi A., Gnesi S., Spagnolo G. O.
We provide a brief comparison of the modelling and analysis capabilities of two different formalisms and their associated simulation-based tools, acquired from experimenting with these methods and tools on one specific case study. The case study is a cyber-physical system from an industrial railway project, namely a railroad switch heater, and the quantitative properties concern energy consumption and reliability. We modelled and analysed the case study with stochastic activity networks and Möbius on the one hand and with stochastic hybrid automata and Uppaal SMC on the other hand. We give an overview of the performed experiments and highlight specific features of the two methodologies. This yields some pointers for future research and improvements.Source: ISoLA 2020 - 9th International Symposium on Leveraging Applications of Formal Methods, Verification and Validation: Verification Principles, pp. 368–384, Rhodes, Greece, 20-30/10/2020
DOI: 10.1007/978-3-030-61362-4_21
Metrics:
See at:
ISTI Repository | doi.org | link.springer.com | CNR ExploRA
2020
Conference article
Open Access
Analyzing Forward Robustness of Feedforward Deep Neural Networks with LeakyReLU Activation Function Through Symbolic Propagation
Masetti G., Di Giandomenico F.
FeedForward Deep Neural Networks (DNNs) robustness is a relevant property to study, since it allows to establish whether the classification performed by DNNs is vulnerable to small perturbations in the provided input, and several verification approaches have been developed to assess such robustness degree. Recently, an approach has been introduced to evaluate forward robustness, based on symbolic computations and designed for the ReLU activation function. In this paper, a generalization of such a symbolic approach for the widely adopted LeakyReLU activation function is developed. A preliminary numerical campaign, briefly discussed in the paper, shows interesting results.Source: Joint European Conference on Machine Learning and Knowledge Discovery in Databases, pp. 460–474, 14/09/2020
DOI: 10.1007/978-3-030-65965-3_31
Metrics:
Masetti G., Di Giandomenico F.
FeedForward Deep Neural Networks (DNNs) robustness is a relevant property to study, since it allows to establish whether the classification performed by DNNs is vulnerable to small perturbations in the provided input, and several verification approaches have been developed to assess such robustness degree. Recently, an approach has been introduced to evaluate forward robustness, based on symbolic computations and designed for the ReLU activation function. In this paper, a generalization of such a symbolic approach for the widely adopted LeakyReLU activation function is developed. A preliminary numerical campaign, briefly discussed in the paper, shows interesting results.Source: Joint European Conference on Machine Learning and Knowledge Discovery in Databases, pp. 460–474, 14/09/2020
DOI: 10.1007/978-3-030-65965-3_31
Metrics:
See at:
ISTI Repository | doi.org | link.springer.com | CNR ExploRA
2020
Conference article
Open Access
Trading dependability and energy consumption in critical infrastructures: Focus on the rail switch heating system
Chiaradonna S., Di Giandomenico F., Masetti G.
Traditionally, critical infrastructures demand for high dependability, being the services they provide essential to human beings and the society at large. However, more recent attention to cautious usage of energy resources is changing this vision and calls for solutions accounting for appropriate multi-requirements combinations when developing a critical infrastructure. In such a context, analysis supports able to assist the designer in envisioning a satisfactory trade-off among the multi-requirements for the system at hand are highly helpful. In this paper, the focus is on the railway sector and the contribution is a stochastic model-based analysis framework to quantitatively assess trade-offs between dependability indicators and electrical energy consumption incurred by the rail switch heating system.Moving from a preliminary study that concentrated on energy consumption only, the analysis framework has been extended to become a solid support to devise appropriate tuning of the heating policy that guarantees satisfactory trade-offs between dependability and energy consumption. An evaluation campaign in a variety of climate scenarios demonstrates the feasibility and utility of the developed framework.Source: 25th IEEE Pacific Rim International Symposium on Dependable Computing, pp. 150–159, Perth, Australia, 01/12/2021
DOI: 10.1109/prdc50213.2020.00026
Metrics:
Chiaradonna S., Di Giandomenico F., Masetti G.
Traditionally, critical infrastructures demand for high dependability, being the services they provide essential to human beings and the society at large. However, more recent attention to cautious usage of energy resources is changing this vision and calls for solutions accounting for appropriate multi-requirements combinations when developing a critical infrastructure. In such a context, analysis supports able to assist the designer in envisioning a satisfactory trade-off among the multi-requirements for the system at hand are highly helpful. In this paper, the focus is on the railway sector and the contribution is a stochastic model-based analysis framework to quantitatively assess trade-offs between dependability indicators and electrical energy consumption incurred by the rail switch heating system.Moving from a preliminary study that concentrated on energy consumption only, the analysis framework has been extended to become a solid support to devise appropriate tuning of the heating policy that guarantees satisfactory trade-offs between dependability and energy consumption. An evaluation campaign in a variety of climate scenarios demonstrates the feasibility and utility of the developed framework.Source: 25th IEEE Pacific Rim International Symposium on Dependable Computing, pp. 150–159, Perth, Australia, 01/12/2021
DOI: 10.1109/prdc50213.2020.00026
Metrics:
See at:
ISTI Repository | doi.org | ieeexplore.ieee.org | CNR ExploRA
2020
Contribution to conference
Open Access
Enhancing sustainability of the railway infrastructure through efficient energy management policies
Chiaradonna S., Masetti G., Di Giandomenico F., Righetti F., Vallati C.
Railway is currently envisioned as the most promising transportation system for both people and freight to reduce atmospheric emission and combat climate change. In this context, ensuring the energy efficiency of the railway systems is paramount in order to sustain their future expandability with minimum carbon footprint. Recent advancements in computing and communication technologies are expected to play a significant role to enable novel integrated control and management strategies in which heterogeneous data is exploited to noticeably increase energy efficiency. In this paper we focus on exploiting the convergence of heterogeneous information to improve energy efficiency of railway systems, in particular on the heating system for the railroad switches, one of the major energy intensive components. To this aim, we define new policies to efficiently manage the heating of these switches exploiting also external information such as weather and forecast data. In order to assess the performance of each strategy, a stochastic model representing the structure and operation of the railroad switch heating system and environmental conditions (both weather profiles and specific failure events) has been developed and exercised in a variety of representative scenarios. The obtained results allow to understand both strengths and limitations of each energy management policy, and serves as a useful support to make the choice of the best technique to employ to save on energy consumption, given the system conditions at hand.Source: 11th International Green and Sustainable Computing Conference, Virtual Conference, 19/10/2020, 22/10/2020
Chiaradonna S., Masetti G., Di Giandomenico F., Righetti F., Vallati C.
Railway is currently envisioned as the most promising transportation system for both people and freight to reduce atmospheric emission and combat climate change. In this context, ensuring the energy efficiency of the railway systems is paramount in order to sustain their future expandability with minimum carbon footprint. Recent advancements in computing and communication technologies are expected to play a significant role to enable novel integrated control and management strategies in which heterogeneous data is exploited to noticeably increase energy efficiency. In this paper we focus on exploiting the convergence of heterogeneous information to improve energy efficiency of railway systems, in particular on the heating system for the railroad switches, one of the major energy intensive components. To this aim, we define new policies to efficiently manage the heating of these switches exploiting also external information such as weather and forecast data. In order to assess the performance of each strategy, a stochastic model representing the structure and operation of the railroad switch heating system and environmental conditions (both weather profiles and specific failure events) has been developed and exercised in a variety of representative scenarios. The obtained results allow to understand both strengths and limitations of each energy management policy, and serves as a useful support to make the choice of the best technique to employ to save on energy consumption, given the system conditions at hand.Source: 11th International Green and Sustainable Computing Conference, Virtual Conference, 19/10/2020, 22/10/2020
See at:
ISTI Repository | CNR ExploRA
2020
Conference article
Open Access
Failure management strategies for IoT-based railways systems
Righetti F., Vallati C., Anastasi G., Masetti G., Di Giandomenico F.
Railways monitoring and control are currently performed by different heterogeneous vertical systems working in isolation without or with limited cooperation among them. Such configuration, widely adopted in practical deployments today, is in contrast with the integrated vision of systems that are at the foundation of the smart-city concept. In order to overcome the current fractured ecosystem that monitors and controls railways functionalities, the adoption of a novel integrated approach is mandatory to create an all-in-one railway system. To this aim, new IoT-based communication technologies, like wireless or Power Line Communication technologies, are considered the main enablers to integrate in a very rapid and easy manner existing vertical systems. In this work, we analyse the architecture of future railways systems based on a mix of wireless and Power Line Communication technologies. In our analysis, we aim at studying possible failure management strategies on rail-road switches to improve the level of reliability, crucial requirement for systems that demand maximum resiliency as they manage a critical function of the infrastructure. In particular, we propose a set of solutions aimed at detecting and handling network and sensor failures to ensure continuity in the execution of the basic control functions. The proposed approach is evaluated by means of simulations and demonstrated to be effective in ensuring a good level of performance even when failures occur.Source: 2020 IEEE International Conference on Smart Computing, pp. 386–391, Bologna, 14-17/09/2020
DOI: 10.1109/smartcomp50058.2020.00082
Metrics:
Righetti F., Vallati C., Anastasi G., Masetti G., Di Giandomenico F.
Railways monitoring and control are currently performed by different heterogeneous vertical systems working in isolation without or with limited cooperation among them. Such configuration, widely adopted in practical deployments today, is in contrast with the integrated vision of systems that are at the foundation of the smart-city concept. In order to overcome the current fractured ecosystem that monitors and controls railways functionalities, the adoption of a novel integrated approach is mandatory to create an all-in-one railway system. To this aim, new IoT-based communication technologies, like wireless or Power Line Communication technologies, are considered the main enablers to integrate in a very rapid and easy manner existing vertical systems. In this work, we analyse the architecture of future railways systems based on a mix of wireless and Power Line Communication technologies. In our analysis, we aim at studying possible failure management strategies on rail-road switches to improve the level of reliability, crucial requirement for systems that demand maximum resiliency as they manage a critical function of the infrastructure. In particular, we propose a set of solutions aimed at detecting and handling network and sensor failures to ensure continuity in the execution of the basic control functions. The proposed approach is evaluated by means of simulations and demonstrated to be effective in ensuring a good level of performance even when failures occur.Source: 2020 IEEE International Conference on Smart Computing, pp. 386–391, Bologna, 14-17/09/2020
DOI: 10.1109/smartcomp50058.2020.00082
Metrics:
See at:
ISTI Repository | doi.org | ieeexplore.ieee.org | CNR ExploRA
2019
Report
Unknown
Progetto SIGS - Architettura del Sistema (D3.1)
Baronti P., Barsocchi P., Ferro E., Furfari F., Di Giandomenico F., La Rosa D., Mavilia F., Miori V., Potortì F., Ancillotti E., Bolettieri S., Borgia E., Bruno R., Piscione P., Valerio L.
In questo documento presentiamo i risultati dell'Attività 3.1: "Definizione dell'architettura del sistema ICT per la gestione del sistema edificio". In particolare, viene definita l'architettura generale della piattaforma ICT per la raccolta e gestione dei dati da dispositivi IoT. Inoltre, sono presentate le tecnologie principali che costituiscono la piattaforma ICT, sia in termini di protocolli di comunicazione che di piattaforma software per la gestione ed erogazione di servizi ad applicazioni distribuite. Infine, vengono presentati i modelli di interazione fra le varie componenti che costituiscono la piattaforma ICT e gli attori del sistema.Source: Project report, SIGS, Deliverable D3.1, 2019
Baronti P., Barsocchi P., Ferro E., Furfari F., Di Giandomenico F., La Rosa D., Mavilia F., Miori V., Potortì F., Ancillotti E., Bolettieri S., Borgia E., Bruno R., Piscione P., Valerio L.
In questo documento presentiamo i risultati dell'Attività 3.1: "Definizione dell'architettura del sistema ICT per la gestione del sistema edificio". In particolare, viene definita l'architettura generale della piattaforma ICT per la raccolta e gestione dei dati da dispositivi IoT. Inoltre, sono presentate le tecnologie principali che costituiscono la piattaforma ICT, sia in termini di protocolli di comunicazione che di piattaforma software per la gestione ed erogazione di servizi ad applicazioni distribuite. Infine, vengono presentati i modelli di interazione fra le varie componenti che costituiscono la piattaforma ICT e gli attori del sistema.Source: Project report, SIGS, Deliverable D3.1, 2019
See at: CNR ExploRA
2019
Report
Unknown
Progetto SIGS - Sistema di raccolta ed elaborazioni dati (D3.2)
Baronti P., Barsocchi P., Ferro E., Furfari F., Di Giandomenico F., La Rosa D., Mavilia F., Miori V., Potortì F., Ancillotti E., Bolettieri S., Borgia E., Bruno R., Piscione P., Valerio L.
In questo documento presentiamo i risultati dell'Attività 3.2: "Sviluppo della sensoristica per il monitoraggio dei consumi energetici" e dell'Attività 3.3: "Sviluppo del middleware di comunicazione e di gestione di grossi volumi da sensori eterogenei ". In particolare, vengono presentati i vari standard di comunicazione radio per dispositivi IoT che sono stati integrati nella nostra piattaforma, e per ogni tecnologia vengono descritti i sensori ed attuatori che sono integrati nella piattaforma. Inoltre, viene descritta l'architettura software dei componenti che permettono di integrare le diverse tecnologie di comunicazione IoT (ZigBee, ZWave e 6LoWPAN) con il Middleware di comunicazione e gestione dei dati di tipo publish/subscribe che è stato adottato come riferimento per la piattaforma ICT di raccolta e gestione dei dati. Infine, viene descritta l'architettura software della dashboard, cioè una applicazione web il cui scopo principale è la visualizzazione e manipolazione, attraverso un'interfaccia web, delle serie temporali e dei metadati dei dispositivi (sensori e attuatori) di una rete di sensori.Source: Project report, SIGS, Deliverable D3.2, 2019
Baronti P., Barsocchi P., Ferro E., Furfari F., Di Giandomenico F., La Rosa D., Mavilia F., Miori V., Potortì F., Ancillotti E., Bolettieri S., Borgia E., Bruno R., Piscione P., Valerio L.
In questo documento presentiamo i risultati dell'Attività 3.2: "Sviluppo della sensoristica per il monitoraggio dei consumi energetici" e dell'Attività 3.3: "Sviluppo del middleware di comunicazione e di gestione di grossi volumi da sensori eterogenei ". In particolare, vengono presentati i vari standard di comunicazione radio per dispositivi IoT che sono stati integrati nella nostra piattaforma, e per ogni tecnologia vengono descritti i sensori ed attuatori che sono integrati nella piattaforma. Inoltre, viene descritta l'architettura software dei componenti che permettono di integrare le diverse tecnologie di comunicazione IoT (ZigBee, ZWave e 6LoWPAN) con il Middleware di comunicazione e gestione dei dati di tipo publish/subscribe che è stato adottato come riferimento per la piattaforma ICT di raccolta e gestione dei dati. Infine, viene descritta l'architettura software della dashboard, cioè una applicazione web il cui scopo principale è la visualizzazione e manipolazione, attraverso un'interfaccia web, delle serie temporali e dei metadati dei dispositivi (sensori e attuatori) di una rete di sensori.Source: Project report, SIGS, Deliverable D3.2, 2019
See at: CNR ExploRA