On Systematic Design of Protectors for Employing OTS Items

Off-the-shelf (OTS) components are increasingly used in application areas with stringent dependability requirements. Component wrapping is a well known structuring technique used in many areas. We propose a general approach to developing protective wrappers that assist in integrating OTS items with a focus on the overall system dependability. The wrappers are viewed as redundant software used to detect errors or suspicious activity and to execute appropriate recovery when possible; wrapper development is considered as a part of system integration activities. Wrappers are to be rigorously specified and executed at run time as a means of protecting OTS items against faults in the rest of the system, and the system against the OTS item's faults. Possible symptoms of erroneous behaviour to be detected by a protective wrapper and possible actions to be undertaken in response are listed and discussed. The information required for wrapper development is provided by traceability analysis. Possible approaches to implementing “protectors” in the standard current component technologies are briefly outline

Observational models of requirements evolution

Requirements Evolution is one of the main issues that affect development activities as well as system features (e.g., system dependability). Although researchers and practitioners recognise the importance of requirements evolution, research results and experience are still patchy. This points out a lack of methodologies that address requirements evolution. This thesis investigates the current understanding of requirements evolution and explores new directions in requirements evolution research. The empirical analysis of industrial case studies highlights software requirements evolution as an important issue. Unfortunately, traditional requirements engineering methodologies provide limited support to capture requirements evolution. Heterogeneous engineering provides a comprehensive account of system requirements. Heterogeneous engineering stresses a holistic viewpoint that allows us to understand the underlying mechanisms of evolution of socio-technical systems. Requirements, as mappings between socio-technical solutions and problems, represent an account of the history of socio-technical issues arising and being solved within industrial settings. The formal extension of a heterogeneous account of requirements provides a framework to model and capture requirements evolution. The application of the proposed framework provides further evidence that it is possible to capture and model evolutionary information about requirements. The discussion of scenarios of use stresses practical necessities for methodologies addressing requirements evolution. Finally, the identification of a broad spectrum of evolutions in socio-technical systems points out strong contingencies between system evolution and dependability. This thesis argues that the better our understanding of socio-techn..

Applying Lessons from Cyber Attacks on Ukrainian Infrastructures to Secure Gateways onto the Industrial Internet of Things

Previous generations of safety-related industrial control systems were ‘air gapped’. In other words, process control components including Programmable Logic Controllers (PLCs) and smart sensor/actuators were disconnected and isolated from local or wide area networks. This provided a degree of protection; attackers needed physical access to compromise control systems components. Over time this ‘air gap’ has gradually been eroded. Switches and gateways have subsequently interfaced industrial protocols, including Profibus and Modbus, so that data can be drawn from safety-related Operational Technology into enterprise information systems using TCP/IP. Senior management uses these links to monitor production processes and inform strategic planning. The Industrial Internet of Things represents another step in this evolution – enabling the coordination of physically distributed resources from a centralized location. The growing range and sophistication of these interconnections create additional security concerns for the operation and management of safety-critical systems. This paper uses lessons learned from recent attacks on Ukrainian critical infrastructures to guide a forensic analysis of an IIoT switch. The intention is to identify and mitigate vulnerabilities that would enable similar attacks to be replicated across Europe and North America

Comparison Between Ring and Radial Configurations of the University of Trieste Campus MV Distribution Grid

Distribution systems are being pushed towards smarter architectures, management strategies, and controls. To develop new platforms and algorithms for distribution systems management, the University of Trieste is using its medium voltage MW-scale ring distribution system as a demonstrator. In addition to the installation of a real-time monitoring system, power system studies and analyses are required. The paper presents and compares some results concerning the power system operation in both closed (normal operation) and open (post fault operation) configurations, where the latter are identified by means of a quantitative dependability analysis. In particular, the voltage profile, the currents, and the losses in the system are studied, evaluating the impact of faults capable of opening the ring

Developing a distributed electronic health-record store for India

The DIGHT project is addressing the problem of building a scalable and highly available information store for the Electronic Health Records (EHRs) of the over one billion citizens of India