A New Concept of Digital Twin Supporting Optimization and Resilience of Factories of the Future

In the context of Industry 4.0, a growing use is being made of simulation-based decision-support tools commonly named Digital Twins. Digital Twins are replicas of the physical manufacturing assets, providing means for the monitoring and control of individual assets. Although extensive research on Digital Twins and their applications has been carried out, the majority of existing approaches are asset specific. Little consideration is made of human factors and interdependencies between different production assets are commonly ignored. In this paper, we address those limitations and propose innovations for cognitive modeling and co-simulation which may unleash novel uses of Digital Twins in Factories of the Future. We introduce a holistic Digital Twin approach, in which the factory is not represented by a set of separated Digital Twins but by a comprehensive modeling and simulation capacity embracing the full manufacturing process including external network dependencies. Furthermore, we introduce novel approaches for integrating models of human behavior and capacities for security testing with Digital Twins and show how the holistic Digital Twin can enable new services for the optimization and resilience of Factories of the Future. To illustrate this approach, we introduce a specific use-case implemented in field of Aerospace System Manufacturing.The present work was developed under the EUREKA–ITEA3 Project CyberFactory#1 (ITEA-17032), co-funded by Project CyberFactory#1PT (ANI|P2020 40124), from FEDER Funds through NORTE2020 program and from National Funds through FCT under the project UID/EEA/00760/2019 and by the Federal Ministry of Education and Research (BMBF, Germany, funding No. 01IS18061C).info:eu-repo/semantics/publishedVersio

Metaverse Security and Privacy: An Overview

Metaverse is a living space and cyberspace that realizes the process of virtualizing and digitizing the real world. It integrates a plethora of existing technologies with the goal of being able to map the real world, even beyond the real world. Metaverse has a bright future and is expected to have many applications in various scenarios. The support of the Metaverse is based on numerous related technologies becoming mature. Hence, there is no doubt that the security risks of the development of the Metaverse may be more prominent and more complex. We present some Metaverse-related technologies and some potential security and privacy issues in the Metaverse. We present current solutions for Metaverse security and privacy derived from these technologies. In addition, we also raise some unresolved questions about the potential Metaverse. To summarize, this survey provides an in-depth review of the security and privacy issues raised by key technologies in Metaverse applications. We hope that this survey will provide insightful research directions and prospects for the Metaverse's development, particularly in terms of security and privacy protection in the Metaverse.Comment: IEEE BigData 2022. 10 pages, 2 figure

The Digitization of Design and Manufacturing: A State-of-the-Art Report on the Transition from Strategic Vision to Implementation in Industry

Almost a decade ago, the research community embarked on a journey to realize the old vision of Industry 4.0. Part of this vision was to digitize design and manufacturing systems and processes, aimed at advancing their vertical and horizontal integration into decentralized ecosystems across the entire product development value chain. This process was to include the provision of new data-driven operation and business models, advances in cybersecurity, and the development of a bespoke Industry 4.0 workforce. In this paper, the authors review the state-of-the-art in regard to the progress made to date, from initial vision towards implementation in industry. They identify critical research challenges and gaps that need to be addressed to further advance this transition. The paper closes with a strategic perspective on how the authors anticipate Industry 4.0 to evolve over the next 5 years

FuzzTheREST - Intelligent Automated Blackbox RESTful API Fuzzer

In recent years, the pervasive influence of technology has deeply intertwined with human life, impacting diverse fields. This relationship has evolved into a dependency, with software systems playing a pivotal role, necessitating a high level of trust. Today, a substantial portion of software is accessed through Application Programming Interfaces, particularly web APIs, which predominantly adhere to the Representational State Transfer architecture. However, this architectural choice introduces a wide range of potential vulnerabilities, which are available and accessible at a network level. The significance of Software testing becomes evident when considering the widespread use of software in various daily tasks that impact personal safety and security, making the identification and assessment of faulty software of paramount importance. In this thesis, FuzzTheREST, a black-box RESTful API fuzzy testing framework, is introduced with the primary aim of addressing the challenges associated with understanding the context of each system under test and conducting comprehensive automated testing using diverse inputs. Operating from a black-box perspective, this fuzzer leverages Reinforcement Learning to efficiently uncover vulnerabilities in RESTful APIs by optimizing input values and combinations, relying on mutation methods for input exploration. The system's value is further enhanced through the provision of a thoroughly documented vulnerability discovery process for the user. This proposal stands out for its emphasis on explainability and the application of RL to learn the context of each API, thus eliminating the necessity for source code knowledge and expediting the testing process. The developed solution adheres rigorously to software engineering best practices and incorporates a novel Reinforcement Learning algorithm, comprising a customized environment for API Fuzzy Testing and a Multi-table Q-Learning Agent. The quality and applicability of the tool developed are also assessed, relying on the results achieved on two case studies, involving the Petstore API and an Emotion Detection module which was part of the CyberFactory#1 European research project. The results demonstrate the tool's effectiveness in discovering vulnerabilities, having found 7 different vulnerabilities and the agents' ability to learn different API contexts relying on API responses while maintaining reasonable code coverage levels.Ultimamente, a influência da tecnologia espalhou-se pela vida humana de uma forma abrangente, afetando uma grande diversidade dos seus aspetos. Com a evolução tecnológica esta acabou por se tornar uma dependência. Os sistemas de software começam assim a desempenhar um papel crucial, o que em contrapartida obriga a um elevado grau de confiança. Atualmente, uma parte substancial do software é implementada em formato de Web APIs, que na sua maioria seguem a arquitetura de transferência de estado representacional. No entanto, esta introduz uma série vulnerabilidade. A importância dos testes de software torna-se evidente quando consideramos o amplo uso de software em várias tarefas diárias que afetam a segurança, elevando ainda mais a importância da identificação e mitigação de falhas de software. Nesta tese é apresentado o FuzzTheREST, uma framework de teste fuzzy de APIs RESTful num modelo caixa preta, com o objetivo principal de abordar os desafios relacionados com a compreensão do contexto de cada sistema sob teste e a realização de testes automatizados usando uma variedade de possíveis valores. Este fuzzer utiliza aprendizagem por reforço de forma a compreender o contexto da API que está sob teste de forma a guiar a geração de valores de teste, recorrendo a métodos de mutação, para descobrir vulnerabilidades nas mesmas. Todo o processo desempenhado pelo sistema é devidamente documentado para que o utilizador possa tomar ações mediante os resultados obtidos. Esta explicabilidade e aplicação de inteligência artificial para aprender o contexto de cada API, eliminando a necessidade de analisar código fonte e acelerando o processo de testagem, enaltece e distingue a solução proposta de outras. A solução desenvolvida adere estritamente às melhores práticas de engenharia de software e inclui um novo algoritmo de aprendizagem por reforço, que compreende um ambiente personalizado para testagem Fuzzy de APIs e um Agente de QLearning com múltiplas Q-tables. A qualidade e aplicabilidade da ferramenta desenvolvida também são avaliadas com base nos resultados obtidos em dois casos de estudo, que envolvem a conhecida API Petstore e um módulo de Deteção de Emoções que fez parte do projeto de investigação europeu CyberFactory#1. Os resultados demonstram a eficácia da ferramenta na descoberta de vulnerabilidades, tendo identificado 7 vulnerabilidades distintas, e a capacidade dos agentes em aprender diferentes contextos de API com base nas respostas da mesma, mantendo níveis de cobertura aceitáveis

Design Principles for Shared Digital Twins in Distributed Systems

Digital Twins offer considerable potential for cross-company networks. Recent research primarily focuses on using Digital Twins within the limits of a single organization. However, Shared Digital Twins extend application boundaries to cross-company utilization through their ability to act as a hub to share data. This results in the need to consider additional design dimensions which help practitioners design Digital Twins tailored for inter-company use. The article addresses precisely that issue as it investigates how Shared Digital Twins should be designed to achieve business success. For this purpose, the article proposes a set of design principles for Shared Digital Twins stemming from a qualitative interview study with 18 industry experts. The interview study is the primary data source for formulating and evaluating the design principles

Digital twins in cyber effects modelling of IoT/CPS points of low resilience

The exponential increase of data volume and velocity have necessitated a tighter linkage of physical and cyber components in modern Cyber–physical systems (CPS) to achieve faster response times and autonomous component reconfiguration. To attain this degree of efficiency, the integration of virtual and physical components reinforced by artificial intelligence also promises to improve the resilience of these systems against organised and often skillful adversaries. The ability to visualise, validate, and illustrate the benefits of this integration, while taking into account improvements in cyber modelling and simulation tools and procedures, is critical to that adoption. Using Cyber Modelling and Simulation (M&S) this study evaluates the scale and complexity required to achieve an acceptable level of cyber resilience testing in an IoT-enabled critical national infrastructure (CNI). This research focuses on the benefits and challenges of integrating cyber modelling and simulation (M&S) with digital twins and threat source characterisation methodologies towards a cost-effective security and resilience assessment. Using our dedicated DT environment, we show how adversaries can utilise cyber–physical systems as a point of entry to a broader network in a scenario where they are trying to attack a port

A review of cyber-ranges and test-beds:current and future trends

Cyber situational awareness has been proven to be of value in forming a comprehensive understanding of threats and vulnerabilities within organisations, as the degree of exposure is governed by the prevailing levels of cyber-hygiene and established processes. A more accurate assessment of the security provision informs on the most vulnerable environments that necessitate more diligent management. The rapid proliferation in the automation of cyber-attacks is reducing the gap between information and operational technologies and the need to review the current levels of robustness against new sophisticated cyber-attacks, trends, technologies and mitigation countermeasures has become pressing. A deeper characterisation is also the basis with which to predict future vulnerabilities in turn guiding the most appropriate deployment technologies. Thus, refreshing established practices and the scope of the training to support the decision making of users and operators. The foundation of the training provision is the use of Cyber-Ranges (CRs) and Test-Beds (TBs), platforms/tools that help inculcate a deeper understanding of the evolution of an attack and the methodology to deploy the most impactful countermeasures to arrest breaches. In this paper, an evaluation of documented CR and TB platforms is evaluated. CRs and TBs are segmented by type, technology, threat scenarios, applications and the scope of attainable training. To enrich the analysis of documented CR and TB research and cap the study, a taxonomy is developed to provide a broader comprehension of the future of CRs and TBs. The taxonomy elaborates on the CRs/TBs dimensions, as well as, highlighting a diminishing differentiation between application areas

Abductive Design of BDI Agent-based Digital Twins of Organizations

For a Digital Twin - a precise, virtual representation of a physical counterpart - of a human-like system to be faithful and complete, it must appeal to a notion of anthropomorphism (i.e., attributing human behaviour to non-human entities) to imitate (1) the externally visible behaviour and (2) the internal workings of that system. Although the Belief-Desire-Intention (BDI) paradigm was not developed for this purpose, it has been used successfully in human modeling applications. In this sense, we introduce in this thesis the notion of abductive design of BDI agent-based Digital Twins of organizations, which builds on two powerful reasoning disciplines: reverse engineering (to recreate the visible behaviour of the target system) and goal-driven eXplainable Artificial Intelligence (XAI) (for viewing the behaviour of the target system through the lens of BDI agents). Precisely speaking, the overall problem we are trying to address in this thesis is to “Find a BDI agent program that best explains (in the sense of formal abduction) the behaviour of a target system based on its past experiences . To do so, we propose three goal-driven XAI techniques: (1) abductive design of BDI agents, (2) leveraging imperfect explanations and (3) mining belief-based explanations. The resulting approach suggests that using goal-driven XAI to generate Digital Twins of organizations in the form of BDI agents can be effective, even in a setting with limited information about the target system’s behaviour

An investigation of self-learning and self-protection for Adaptive Digital Twins

Adaptive Digital Twins are applicable to a number of fields, including the cybersecurity of industial control systems. This thesis prototypes a Self-Learning adaptive digital twin and posits an architecture for the creation of digital twins based on the learnings gained from the prototype. The prototype shows the efficacy of control theoretical approaches for adaptive digital twins for both modelling and protecting a system, and the architecture posits a generalised method for developing adaptive digital twins