| 11. |
- Ding, Jianguo, et al.
(författare)
-
CPS-based Threat Modeling for Critical Infrastructure Protection
- 2017
-
Ingår i: Performance Evaluation Review. - : ACM Publications. - 0163-5999 .- 1557-9484. ; 45:2, s. 129-132
-
Tidskriftsartikel (refereegranskat)abstract
- Cyber-Physical Systems (CPSs) are augmenting traditionalCritical Infrastructures (CIs) with data-rich operations. Thisintegration creates complex interdependencies that exposeCIs and their components to new threats. A systematicapproach to threat modeling is necessary to assess CIs’ vulnerabilityto cyber, physical, or social attacks. We suggest anew threat modeling approach to systematically synthesizeknowledge about the safety management of complex CIs andsituational awareness that helps understanding the nature ofa threat and its potential cascading-effects implications.
|
|
| 12. |
- Ding, Jianguo, et al.
(författare)
-
Towards Threat Modeling for CPS-based Critical Infrastructure Protection
- 2015
-
Ingår i: Proceedings of the International Emergency Management Society (TIEMS), 22nd TIEMS Annual Conference. - Brussels : TIEMS, The International Emergency Management Society. - 9789490297138
-
Konferensbidrag (refereegranskat)abstract
- With the evolution of modern Critical Infrastructures (CI), more Cyber-Physical systems are integrated into the traditional CIs. This makes the CIs a multidimensional complex system, which is characterized by integrating cyber-physical systems into CI sectors (e.g., transportation, energy or food & agriculture). This integration creates complex interdependencies and dynamics among the system and its components. We suggest using a model with a multi-dimensional operational specification to allow detection of operational threats. Embedded (and distributed) information systems are critical parts of the CI where disruption can lead to serious consequences. Embedded information system protection is therefore crucial. As there are many different stakeholders of a CI, comprehensive protection must be viewed as a cross-sector activity to identify and monitor the critical elements, evaluate and determine the threat, and eliminate potential vulnerabilities in the CI. A systematic approach to threat modeling is necessary to support the CI threat and vulnerability assessment. We suggest a Threat Graph Model (TGM) to systematically model the complex CIs. Such modeling is expected to help the understanding of the nature of a threat and its impact on throughout the system. In order to handle threat cascading, the model must capture local vulnerabilities as well as how a threat might propagate to other components. The model can be used for improving the resilience of the CI by encouraging a design that enhances the system's ability to predict threats and mitigate their damages. This paper surveys and investigates the various threats and current approaches to threat modeling of CI. We suggest integrating both a vulnerability model and an attack model, and we incorporate the interdependencies within CI cross CI sectors. Finally, we present a multi-dimensional threat modeling approach for critical infrastructure protection.
|
|
| 13. |
- Grindal, Mats, et al.
(författare)
-
An Evaluation of Combination Strategies for Test Case Selection
- 2006
-
Ingår i: Empirical Software Engineering. - : Springer. - 1382-3256 .- 1573-7616. ; 11:4, s. 583-611
-
Tidskriftsartikel (refereegranskat)abstract
- This paper presents results from a comparative evaluation of five combination strategies. Combination strategies are test case selection methods that combine “interesting” values of the input parameters of a test subject to form test cases. This research comparatively evaluated five combination strategies; the All Combination strategy (AC), the Each Choice strategy (EC), the Base Choice strategy (BC), Orthogonal Arrays (OA) and the algorithm from the Automatic Efficient Test Generator (AETG). AC satisfies n-wise coverage, EC and BC satisfy 1-wise coverage, and OA and AETG satisfy pair-wise coverage. The All Combinations strategy was used as a “gold standard” strategy; it subsumes the others but is usually too expensive for practical use. The others were used in an experiment that used five programs seeded with 128 faults. The combination strategies were evaluated with respect to the number of test cases, the number of faults found, failure size, and number of decisions covered. The strategy that requires the least number of tests, Each Choice, found the smallest number of faults. Although the Base Choice strategy requires fewer test cases than Orthogonal Arrays and AETG, it found as many faults. Analysis also shows some properties of the combination strategies that appear significant. The two most important results are that the Each Choice strategy is unpredictable in terms of which faults will be revealed, possibly indicating that faults are found by chance, and that the Base Choice and the pair-wise combination strategies to some extent target different types of faults.
|
|
| 14. |
- Jiang, Yuning, 1993-, et al.
(författare)
-
Complex Dependencies Analysis : Technical Description of Complex Dependencies in Critical Infrastructures, i.e. Smart Grids. Work Package 2.1 of the ELVIRA Project
- 2018
-
Rapport (övrigt vetenskapligt/konstnärligt)abstract
- This document reports a technical description of ELVIRA project results obtained as part of Work-package 2.1 entitled “Complex Dependencies Analysis”. In this technical report, we review attempts in recent researches where connections are regarded as influencing factors to IT systems monitoring critical infrastructure, based on which potential dependencies and resulting disturbances are identified and categorized. Each kind of dependence has been discussed based on our own entity based model. Among those dependencies, logical and functional connections have been analysed with more details on modelling and simulation techniques.
|
|
| 15. |
- Lindström, Birgitta, et al.
(författare)
-
Model-Checking with Insufficient Memory Resources
- 2006
-
Rapport (övrigt vetenskapligt/konstnärligt)abstract
- Resource limitations is a major problem in model checking. Space and time requirements of model-checking algorithms grow exponentially with respect to the number of variables and parallel automata of the analyzed model. We present a method that is the result of experiences from a case study. It has enabled us to analyze models with much bigger state-spaces than what was possible without our method. The basic idea is to build partitions of the state-space of an analyzed system by iterative invocations of a model-checker. In each iteration the partitions are extended to represent a larger part of the state space, and if needed the partitions are further partitioned. Thereby the analysis problem is divided into a set of subproblems that can be analyzed independently of each other. We present how the method, implemented as a meta algorithm on-top of the Uppaal tool, has been applied in the case study.
|
|
| 16. |
- Lindström, Birgitta, 1958-
(författare)
-
Testability of Dynamic Real-Time Systems
- 2009
-
Doktorsavhandling (övrigt vetenskapligt/konstnärligt)abstract
- This dissertation concerns testability of event-triggered real-time systems. Real-time systems are known to be hard to test because they are required to function correct both with respect to what the system does and when it does it. An event-triggered real-time system is directly controlled by the events that occur in the environment, as opposed to a time-triggered system, which behavior with respect to when the system does something is constrained, and therefore more predictable. The focus in this dissertation is the behavior in the time domain and it is shown how testability is affected by some factors when the system is tested for timeliness.This dissertation presents a survey of research that focuses on software testability and testability of real-time systems. The survey motivates both the view of testability taken in this dissertation and the metric that is chosen to measure testability in an experiment. We define a method to generate sets of traces from a model by using a meta algorithm on top of a model checker. Defining such a method is a necessary step to perform the experiment. However, the trace sets generated by this method can also be used by test strategies that are based on orderings, for example execution orders.An experimental study is presented in detail. The experiment investigates how testability of an event-triggered real-time system is affected by some constraining properties of the execution environment. The experiment investigates the effect on testability from three different constraints regarding preemptions, observations and process instances. All of these constraints were claimed in previous work to be significant factors for the level of testability. Our results support the claim for the first two of the constraints while the third constraint shows no impact on the level of testability.Finally, this dissertation discusses the effect on the event-triggered semantics when the constraints are applied on the execution environment. The result from this discussion is that the first two constraints do not change the semantics while the third one does. This result indicates that a constraint on the number of process instances might be less useful for some event-triggered real-time systems.
|
|
| 17. |
- Saadatmand, Mehrdad, et al.
(författare)
-
Special issue on testing extra-functional properties
- 2020
-
Ingår i: Software testing, verification & reliability. - : John Wiley & Sons. - 0960-0833 .- 1099-1689. ; 30:1
-
Tidskriftsartikel (övrigt vetenskapligt/konstnärligt)
|
|
| 18. |
- Atif, Yacine, 1967-, et al.
(författare)
-
A fuzzy logic approach to influence maximization in social networks
- 2020
-
Ingår i: Journal of Ambient Intelligence and Humanized Computing. - : Springer. - 1868-5137 .- 1868-5145. ; 11:6, s. 2435-2451
-
Tidskriftsartikel (refereegranskat)abstract
- Within a community, social relationships are paramount to profile individuals’ conduct. For instance, an individual within a social network might be compelled to embrace a behaviour that his/her companion has recently adopted. Such social attitude is labelled social influence, which assesses the extent by which an individual’s social neighbourhood adopt that individual’s behaviour. We suggest an original approach to influence maximization using a fuzzy-logic based model, which combines influence-weights associated with historical logs of the social network users, and their favourable location in the network. Our approach uses a two-phases process to maximise influence diffusion. First, we harness the complexity of the problem by partitioning the network into significantly-enriched community-structures, which we then use as modules to locate the most influential nodes across the entire network. These key users are determined relatively to a fuzzy-logic based technique that identifies the most influential users, out of which the seed-set candidates to diffuse a behaviour or an innovation are extracted following the allocated budget for the influence campaign. This way to deal with influence propagation in social networks, is different from previous models, which do not compare structural and behavioural attributes among members of the network. The performance results show the validity of the proposed partitioning-approach of a social network into communities, and its contribution to “activate” a higher number of nodes overall. Our experimental study involves both empirical and real contemporary social-networks, whereby a smaller seed set of key users, is shown to scale influence to the high-end compared to some renowned techniques, which employ a larger seed set of key users and yet they influence less nodes in the social network.
|
|
| 19. |
- Eriksson, Anders, et al.
(författare)
-
Model transformation impact on test artifacts : An empirical study
- 2012
-
Ingår i: Proceedings of the Workshop on Model-Driven Engineering, Verification and Validation, MoDeVVa 2012. - New York, NY, USA : Association for Computing Machinery (ACM). - 9781450318013 ; , s. 5-10
-
Konferensbidrag (refereegranskat)abstract
- Development environments that support Model-Driven Development often focus on model-level functional testing, enabling verification of design models against their specifications. However, developers of safety-critical software systems are also required to show that tests cover the structure of the implementation. Unfortunately, the implementation structure can diverge from the model depending on choices such as the model compiler or target language. Therefore, structural coverage at the model level may not guarantee coverage of the implementation. We present results from an industrial experiment that demonstrates the model-compiler effect on test artifacts in xtUML models when these models are transformed into C++. Test artifacts, i.e., predicates and clauses, are used to satisfy the structural code coverage criterion, in this case MCDC, which is required by the US Federal Aviation Administration. The results of the experiment show not only that the implementation contains more test artifacts than the model, but also that the test artifacts can be deterministically enumerated during translation. The analysis identifies two major sources for these additional test artifacts. © 2012 ACM.
|
|
| 20. |
- Eriksson, Anders, et al.
(författare)
-
Transformation rules for platform independent testing : An empirical study
- 2013
-
Ingår i: Proceedings of the Sixth IEEE International Conference on Software Testing, Verification and Validation, ICST 2013. - : IEEE conference proceedings. - 9781467359610 - 9780769549682 ; , s. 202-211
-
Konferensbidrag (refereegranskat)abstract
- Most Model-Driven Development projects focus on model-level functional testing. However, our recent study found an average of 67% additional logic-based test requirements from the code compared to the design model. The fact that full coverage at the design model level does not guarantee full coverage at the code level indicates that there are semantic behaviors in the model that model-based tests might miss, e.g., conditional behaviors that are not explicitly expressed as predicates and therefore not tested by logic-based coverage criteria. Avionics standards require that the structure of safety critical software is covered according to logic-based coverage criteria, including MCDC for the highest safety level. However, the standards also require that each test must be derived from the requirements. This combination makes designing tests hard, time-consuming and expensive to design. This paper defines a new model that uses transformation rules to help testers define tests at the platform independent model level. The transformation rules have been applied to six large avionic applications. The results show that the new model reduced the difference between model and code with respect to the number of additional test requirements from an average of67% to 0% in most cases and less than 1% for all applications. © 2013 IEEE.
|
|
