Increasing System Test Coverage in Production Automation Systems

An approach is introduced, which supports a testing technician in the identification of possibly untested behavior of control software of fully integrated automated production systems (aPS). Based on an approach for guided semi-automatic system testing, execution traces are recorded during testing, allowing a subsequent coverage assessment. As the behavior of an aPS is highly dependent on the software, omitted system behavior can be identified and assessed for criticality. Through close cooperation with industry, this approach represents the first coverage assessment approach for system testing in production automation to be applied on real industrial objects and evaluated by industrial experts

Inferring Concise Specifications of APIs

Modern software relies on libraries and uses them via application programming interfaces (APIs). Correct API usage as well as many software engineering tasks are enabled when APIs have formal specifications. In this work, we analyze the implementation of each method in an API to infer a formal postcondition. Conventional wisdom is that, if one has preconditions, then one can use the strongest postcondition predicate transformer (SP) to infer postconditions. However, SP yields postconditions that are exponentially large, which makes them difficult to use, either by humans or by tools. Our key idea is an algorithm that converts such exponentially large specifications into a form that is more concise and thus more usable. This is done by leveraging the structure of the specifications that result from the use of SP. We applied our technique to infer postconditions for over 2,300 methods in seven popular Java libraries. Our technique was able to infer specifications for 75.7% of these methods, each of which was verified using an Extended Static Checker. We also found that 84.6% of resulting specifications were less than 1/4 page (20 lines) in length. Our technique was able to reduce the length of SMT proofs needed for verifying implementations by 76.7% and reduced prover execution time by 26.7%

Modularity and Architecture of PLC-based Software for Automated Production Systems: An analysis in industrial companies

Adaptive and flexible production systems require modular and reusable software especially considering their long term life cycle of up to 50 years. SWMAT4aPS, an approach to measure Software Maturity for automated Production Systems is introduced. The approach identifies weaknesses and strengths of various companie's solutions for modularity of software in the design of automated Production Systems (aPS). At first, a self assessed questionnaire is used to evaluate a large number of companies concerning their software maturity. Secondly, we analyze PLC code, architectural levels, workflows and abilities to configure code automatically out of engineering information in four selected companies. In this paper, the questionnaire results from 16 German world leading companies in machine and plant manufacturing and four case studies validating the results from the detailed analyses are introduced to prove the applicability of the approach and give a survey of the state of the art in industry

Laiteohjaimien Structured Text -kielisten ohjelmien luonti käyttäen simulointityökaluja

Model-based design is a relatively new technique of developing software for embedded systems. It aims to reduce the cost of the software development process by generating the code from a simulation model. The code is generated automatically using a tool that is developed for this purpose. This way the errors in the system can be found and eliminated early in the development process compared to traditional software development project for embedded systems. As mentioned, the tools are at the time of this study still relatively new, and especially when considering code that has to comply with functional safety standards, the code has to fulfill certain requirements and it has to be clear enough so that it can be traced back to each function of the model. This study aims to determine how well these methods can be used with software development for embedded systems in mind. More precisely, this thesis focuses on MathWorks’ Simulink as the modelling software, and CODESYS as the coding language of the programmable logic controller and ultimately the compatibility of these with each other. The workflow of a model-based design software generation process is determined and presented as the result of this study. That process includes building, testing and verifying the model, preparing it for code generation, configuring and using the code generation tool and finally verifying the generated code. An example model of a battery cell balancing system for the code generation process is built, and thus that area is also studied. In the end of this study, some different possible uses of this technique are briefly discussed as well as further possible areas of study regarding this topic.Mallipohjainen ohjelmistosuunnittelu on melko uusi tekniikka sulautettujen järjestelmien ohjelmistosuunnittelussa. Sillä tähdätään pienempiin kehityskustannuksiin luomalla järjestelmien koodi suoraan simulointiin tehdystä systeemin mallista. Koodi luodaan hyödyntäen automatisoituja työkaluja, jotka ovat kehitetty tähän tarkoitukseen. Näin toimien mahdolliset kehitysvaiheessa tulevat virheet voidaan huomata ja poistaa paljolti jo hyvin aikaisessa vaiheessa kehitystyötä verrattuna perinteiseen sulautettujen järjestelmien ohjelmistokehitykseen. Kuten mainittu, tähän tarvittavat työkalut ovat tämän työn kirjoittamisen aikaan vielä melko uusia, ja erityisesti turvallisuuskriittistä koodia ajatellen koodin on täytettävä tietyt vaatimukset ja sen on oltava riittävän selkeää, jotta tietyt osat koodista voidaan jäljittää vastaaviin osiin mallista. Tämän työn tarkoituksena on selvittää, onko nämä menetelmät käyttökelpoisia sulautettujen järjestelmien ohjelmistokehitystä varten. Erityisesti tämä työ keskittyy MathWorks:n simulointiohjelmistoon Simulink, sekä ohjelmoitavan logiikan yhteydessä käytettyyn ohjelmointikieleen CODESYS sekä näiden yhteensopivuutta tätä prosessia ajatellen. Mallipohjaisen ohjelmistosuunnitteluprosessin suositeltu työnkulku mainittuja työkaluja hyödyntäen määritellään ja esitetään työn tuloksena. Tähän prosessiin kuuluu mallin rakentaminen, sen testaaminen ja toiminnallisuuden todentaminen, sen valmistelu koodin luontia varten, koodin luontiohjelmiston määritys ja käyttö sekä lopulta luodun koodin testaaminen ja toiminnallisuuden todentaminen. Esimerkkinä rakennetaan malli, joka tasapainottaa akkukennojen jännitteitä, jonka vuoksi myös tätä aihetta tutkitaan hieman. Työn lopussa käsitellään lyhyesti mahdollisia erilaisia tätä tekniikkaa hyödyntäviä sovelluksia sekä pohditaan millä tavoin tätä aihetta voisi tutkia edelleen

Developing a distributed electronic health-record store for India

The DIGHT project is addressing the problem of building a scalable and highly available information store for the Electronic Health Records (EHRs) of the over one billion citizens of India

VIRTUAL PLC PLATFORM FOR SECURITY AND FORENSICS OF INDUSTRIAL CONTROL SYSTEMS

Industrial Control Systems (ICS) are vital in managing critical infrastructures, including nuclear power plants and electric grids. With the advent of the Industrial Internet of Things (IIoT), these systems have been integrated into broader networks, enhancing efficiency but also becoming targets for cyberattacks. Central to ICS are Programmable Logic Controllers (PLCs), which bridge the physical and cyber worlds and are often exploited by attackers. There\u27s a critical need for tools to analyze cyberattacks on PLCs, uncover vulnerabilities, and improve ICS security. Existing tools are hindered by the proprietary nature of PLC software, limiting scalability and efficiency. To overcome these challenges, I developed a Virtual PLC Platform (VPP) for forensic analyses of ICS attacks and vulnerability identification. The VPP employs the packet replay technique, using network traffic to create a PLC template. This template guides the virtual PLC in network communication, mimicking real PLCs. A Protocol Reverse Engineering Engine (PREE) module assists in reverse-engineering ICS protocols and discovering vulnerabilities. The VPP is automated, supporting PLCs from various vendors, and eliminates manual reverse engineering. This dissertation highlights the architecture and applications of the VPP in forensic analysis, reverse engineering, vulnerability discovery, and threat intelligence gathering, all crucial to bolstering the security and integrity of critical infrastructure