Reasoning with Data Flows and Policy Propagation Rules

Data-oriented systems and applications are at the centre of current developments of the World Wide Web. In these scenarios, assessing what policies propagate from the licenses of data sources to the output of a given data-intensive system is an important problem. Both policies and data flows can be described with Semantic Web languages. Although it is possible to define Policy Propagation Rules (PPR) by associating policies to data flow steps, this activity results in a huge number of rules to be stored and managed. In a recent paper, we introduced strategies for reducing the size of a PPR knowledge base by using an ontology of the possible relations between data objects, the Datanode ontology, and applying the (A)AAAA methodology, a knowledge engineering approach that exploits Formal Concept Analysis (FCA). In this article, we investigate whether this reasoning is feasible and how it can be performed. For this purpose, we study the impact of compressing a rule base associated with an inference mechanism on the performance of the reasoning process. Moreover, we report on an extension of the (A)AAAA methodology that includes a coherency check algorithm, that makes this reasoning possible. We show how this compression, in addition to being beneficial to the management of the knowledge base, also has a positive impact on the performance and resource requirements of the reasoning process for policy propagation

Techniques for locating service faults in mobile ad hoc networks

Fault localization in general refers to a technique for identifying the likely root causes of failures observed in systems formed from components. Fault localization in systems deployed on mobile ad hoc networks (MANETs) is a particularly challenging task because those systems are subject to a wider variety and higher incidence of faults than those deployed in xed networks, the resources available to track fault symptoms are severely limited, and many of the sources of faults in MANETs are by their nature transient. We present a method for localizing the faults occurring in service-based systems hosted on MANETs. The method is based on the use of dependence data that are discovered dynamically through decentralized observations of service interactions. We employ both Bayesian and timing-based reasoning techniques to analyze the data in the context of a speci c fault propagation model, deriving a ranked list of candidate fault locations. We present the results of an extensive set of experiments exploring a wide range of operational conditions to evaluate the accuracy of our method

Why We Cannot (Yet) Ensure the Cybersecurity of Safety-Critical Systems

There is a growing threat to the cyber-security of safety-critical systems. The introduction of Commercial Off The Shelf (COTS) software, including Linux, specialist VOIP applications and Satellite Based Augmentation Systems across the aviation, maritime, rail and power-generation infrastructures has created common, vulnerabilities. In consequence, more people now possess the technical skills required to identify and exploit vulnerabilities in safety-critical systems. Arguably for the first time there is the potential for cross-modal attacks leading to future ‘cyber storms’. This situation is compounded by the failure of public-private partnerships to establish the cyber-security of safety critical applications. The fiscal crisis has prevented governments from attracting and retaining competent regulators at the intersection of safety and cyber-security. In particular, we argue that superficial similarities between safety and security have led to security policies that cannot be implemented in safety-critical systems. Existing office-based security standards, such as the ISO27k series, cannot easily be integrated with standards such as IEC61508 or ISO26262. Hybrid standards such as IEC 62443 lack credible validation. There is an urgent need to move beyond high-level policies and address the more detailed engineering challenges that threaten the cyber-security of safety-critical systems. In particular, we consider the ways in which cyber-security concerns undermine traditional forms of safety engineering, for example by invalidating conventional forms of risk assessment. We also summarise the ways in which safety concerns frustrate the deployment of conventional mechanisms for cyber-security, including intrusion detection systems

Locating faults in MANET-hosted software systems

We present a method to locate faults in service-based software systems hosted on mobile ad hoc networks (MANETs). In such systems, computations are structured as interdependent services distributed across the network, collaborating to satisfy client requests. Faults, which may occur at either or both the service and network layers, propagate by cascading through some subset of the services, from their root causes back to the clients that initiate requests. Fault localization in this environment is especially challenging because the systems are typically subject to a wider variety and higher incidence of faults than those deployed in fixed networks, the resources available to collect and store analysis data are severely limited, and many of the sources of faults are by their nature transient. Our method makes use of service-dependence and fault data that are harvested in the network through decentralized, run-time observations of service interactions and fault symptoms. We have designed timing- and Bayesian-based reasoning techniques to analyze the data in the context of a specific fault propagation model. The analysis provides a ranked list of candidate fault locations. Through extensive simulations, we evaluate the performance of our method in terms of its accuracy in correctly ranking root causes under a wide range of operational conditions

A framework for smart production-logistics systems based on CPS and industrial IoT

Industrial Internet of Things (IIoT) has received increasing attention from both academia and industry. However, several challenges including excessively long waiting time and a serious waste of energy still exist in the IIoT-based integration between production and logistics in job shops. To address these challenges, a framework depicting the mechanism and methodology of smart production-logistics systems is proposed to implement intelligent modeling of key manufacturing resources and investigate self-organizing configuration mechanisms. A data-driven model based on analytical target cascading is developed to implement the self-organizing configuration. A case study based on a Chinese engine manufacturer is presented to validate the feasibility and evaluate the performance of the proposed framework and the developed method. The results show that the manufacturing time and the energy consumption are reduced and the computing time is reasonable. This paper potentially enables manufacturers to deploy IIoT-based applications and improve the efficiency of production-logistics systems

Modelling Contracts and Workflows for Verification and Enactment

The work presented in this thesis concerns some aspects related to the Modelling of Contracts and Workflows for Verification and Enactment. We have sought to gain some insight into the nature of contracts and workflows. in order that we may model them. primarily, for the purposes of verifying certain properties and for enacting them. Workflows help coordinate the enactment of business processes. A notable aspect of workflow technologies is the lack of formal semantics for workflow models. In this thesis, we consider the characterisation of workflow using a number of formal tools, viz. Milner's CCS, Cleaveland et ai's Prioritised CCS (which we abbreviate to PCCS) and the Situation Calculus (thanks mainly to Reiter), which is based on First-Order Logic. Using these, we provide formalisations of production workflows, which are somewhat rigid, inflexible structures, akin to production lines. We do so, in order that we may fiJo: their operational meaning for the purposes of verification and enactment. We define the Liesbet meta-model for production workflow to provide a reference ontology for the task of formalisation. We have also implemented a framework for the verification and enactment of Liesbet workflow models. Regarding verification, we are particularly interested in the key property of soundness, which is concerned with an absence of locking and redundant tasks in a workflow model. Our framework is capable of verifying this property of workflow models, as well as arbitrary temporally-extended constraints', which are constraints whose satisfaction is determined over successive states of enactment of a model. We also consider the definition of more flexible workflows, including collaborative workflows, using an approach that we have conceived called Institutional Workflow Modelling (IWM). The essence of IWM lies (in part) in the identification that the structure of a workflow model necessarily entails the existence of counts as relations. These relations prescribe how the occurrence of certain actions, in the context of a particular workflow model. count as the occurrence of other actions. We have also been interested in the modelling of contracts; and have found IWM to be useful as a foundational basis for contract modelling. ????????? Another fu.ndamental aspect of our IWM-based approach is a correspondence, which we have identified, between counts as relations and methods in Hierarchical Task Network (HTN)-based planning. Thus, we are able to advocate the use of an HTN-based planning framework for the verification of flexible workflows and contracts. We have implemented such a framework, whose planner is called Theodore. We define a sjmilar notion of soundness for flexible workflows and contracts, which the Theodore-based framework is able to verify, along with arbitrary temporallyextended constraints.Imperial Users onl

Intra-Domain Pathlet Routing

Internal routing inside an ISP network is the foundation for lots of services that generate revenue from the ISP's customers. A fine-grained control of paths taken by network traffic once it enters the ISP's network is therefore a crucial means to achieve a top-quality offer and, equally important, to enforce SLAs. Many widespread network technologies and approaches (most notably, MPLS) offer limited (e.g., with RSVP-TE), tricky (e.g., with OSPF metrics), or no control on internal routing paths. On the other hand, recent advances in the research community are a good starting point to address this shortcoming, but miss elements that would enable their applicability in an ISP's network. We extend pathlet routing by introducing a new control plane for internal routing that has the following qualities: it is designed to operate in the internal network of an ISP; it enables fine-grained management of network paths with suitable configuration primitives; it is scalable because routing changes are only propagated to the network portion that is affected by the changes; it supports independent configuration of specific network portions without the need to know the configuration of the whole network; it is robust thanks to the adoption of multipath routing; it supports the enforcement of QoS levels; it is independent of the specific data plane used in the ISP's network; it can be incrementally deployed and it can nicely coexist with other control planes. Besides formally introducing the algorithms and messages of our control plane, we propose an experimental validation in the simulation framework OMNeT++ that we use to assess the effectiveness and scalability of our approach.Comment: 13 figures, 1 tabl

A Taxonomy of Data Grids for Distributed Data Sharing, Management and Processing

Data Grids have been adopted as the platform for scientific communities that need to share, access, transport, process and manage large data collections distributed worldwide. They combine high-end computing technologies with high-performance networking and wide-area storage management techniques. In this paper, we discuss the key concepts behind Data Grids and compare them with other data sharing and distribution paradigms such as content delivery networks, peer-to-peer networks and distributed databases. We then provide comprehensive taxonomies that cover various aspects of architecture, data transportation, data replication and resource allocation and scheduling. Finally, we map the proposed taxonomy to various Data Grid systems not only to validate the taxonomy but also to identify areas for future exploration. Through this taxonomy, we aim to categorise existing systems to better understand their goals and their methodology. This would help evaluate their applicability for solving similar problems. This taxonomy also provides a "gap analysis" of this area through which researchers can potentially identify new issues for investigation. Finally, we hope that the proposed taxonomy and mapping also helps to provide an easy way for new practitioners to understand this complex area of research.Comment: 46 pages, 16 figures, Technical Repor