The Effects of Modularity on Cascading Failures in Complex Engineering Systems

To design engineering systems that have improved reliability, it is important to understand what kind of system faults they will be susceptible to. Mitigation strategies are important to ensuring the performance of these engineering systems. Understanding how the modularity of complex engineering systems affects the risk of devastating failures such as cascading failures can help enable engineers to implement strategies in the design phase to increase reliability. The extent to which decreased system modularity propagates the spread of a cascading failure is unknown. This study analyzes how modularity in complex engineering systems affects resistance to the spread of cascading failures. In this research, synthetic networks are used to represent component models at differing degrees of modularity. These synthetic networks are then infected through epidemic spreading models that model cascading failures. The loss of functionality is determined by the percent of diseased nodes in the system, and the influence of the initial node is measured by eigenvector centrality. Increased modularity is associated with the improved ability of a system to inhibit the propagation of cascading failures over time through failure isolation within a module, measured by percent infected in the system, in comparison to less modular systems (p < 0.001). This finding indicates that the structural design of complex engineering systems could be crucial to increasing reliability in design with reference to cascading failures. Key Words: Complex engineering systems, modularity, cascading failure

Decentralized Protection Strategies against SIS Epidemics in Networks

Defining an optimal protection strategy against viruses, spam propagation or any other kind of contamination process is an important feature for designing new networks and architectures. In this work, we consider decentralized optimal protection strategies when a virus is propagating over a network through a SIS epidemic process. We assume that each node in the network can fully protect itself from infection at a constant cost, or the node can use recovery software, once it is infected. We model our system using a game theoretic framework and find pure, mixed equilibria, and the Price of Anarchy (PoA) in several network topologies. Further, we propose both a decentralized algorithm and an iterative procedure to compute a pure equilibrium in the general case of a multiple communities network. Finally, we evaluate the algorithms and give numerical illustrations of all our results.Comment: accepted for publication in IEEE Transactions on Control of Network System

From Resilience-Building to Resilience-Scaling Technologies: Directions -- ReSIST NoE Deliverable D13

This document is the second product of workpackage WP2, "Resilience-building and -scaling technologies", in the programme of jointly executed research (JER) of the ReSIST Network of Excellence. The problem that ReSIST addresses is achieving sufficient resilience in the immense systems of ever evolving networks of computers and mobile devices, tightly integrated with human organisations and other technology, that are increasingly becoming a critical part of the information infrastructure of our society. This second deliverable D13 provides a detailed list of research gaps identified by experts from the four working groups related to assessability, evolvability, usability and diversit

Defense in Depth of Resource-Constrained Devices

The emergent next generation of computing, the so-called Internet of Things (IoT), presents significant challenges to security, privacy, and trust. The devices commonly used in IoT scenarios are often resource-constrained with reduced computational strength, limited power consumption, and stringent availability requirements. Additionally, at least in the consumer arena, time-to-market is often prioritized at the expense of quality assurance and security. An initial lack of standards has compounded the problems arising from this rapid development. However, the explosive growth in the number and types of IoT devices has now created a multitude of competing standards and technology silos resulting in a highly fragmented threat model. Tens of billions of these devices have been deployed in consumers\u27 homes and industrial settings. From smart toasters and personal health monitors to industrial controls in energy delivery networks, these devices wield significant influence on our daily lives. They are privy to highly sensitive, often personal data and responsible for real-world, security-critical, physical processes. As such, these internet-connected things are highly valuable and vulnerable targets for exploitation. Current security measures, such as reactionary policies and ad hoc patching, are not adequate at this scale. This thesis presents a multi-layered, defense in depth, approach to preventing and mitigating a myriad of vulnerabilities associated with the above challenges. To secure the pre-boot environment, we demonstrate a hardware-based secure boot process for devices lacking secure memory. We introduce a novel implementation of remote attestation backed by blockchain technologies to address hardware and software integrity concerns for the long-running, unsupervised, and rarely patched systems found in industrial IoT settings. Moving into the software layer, we present a unique method of intraprocess memory isolation as a barrier to several prevalent classes of software vulnerabilities. Finally, we exhibit work on network analysis and intrusion detection for the low-power, low-latency, and low-bandwidth wireless networks common to IoT applications. By targeting these areas of the hardware-software stack, we seek to establish a trustworthy system that extends from power-on through application runtime

Mitigating Emergent Safety and Security Incidents of CPS by a Protective Shell

In today's modern world, Cyber-Physical Systems (CPS) have gained widespread prevalence, offering tremendous benefits while also increasing society's dependence on them. Given the direct interaction of CPS with the physical environment, their malfunction or compromise can pose significant risks to human life, property, and the environment. However, as the complexity of CPS rises due to heightened expectations and expanded functional requirements, ensuring their trustworthy operation solely during the development process becomes increasingly challenging. This thesis introduces and delves into the novel concept of the 'Protective Shell' – a real-time safeguard actively monitoring CPS during their operational phases. The protective shell serves as a last line of defence, designed to detect abnormal behaviour, conduct thorough analyses, and initiate countermeasures promptly, thereby mitigating unforeseen risks in real-time. The primary objective of this research is to enhance the overall safety and security of CPS by refining, partly implementing, and evaluating the innovative protective shell concept. To provide context for collaborative systems working towards higher objectives — common within CPS as system-of-systems (SoS) — the thesis introduces the 'Emergence Matrix'. This matrix categorises outcomes of such collaboration into four quadrants based on their anticipated nature and desirability. Particularly concerning are outcomes that are both unexpected and undesirable, which frequently serve as the root cause of safety accidents and security incidents in CPS scenarios. The protective shell plays a critical role in mitigating these unfavourable outcomes, as conventional vulnerability elimination procedures during the CPS design phase prove insufficient due to their inability to proactively anticipate and address these unforeseen situations. Employing the design science research methodology, the thesis is structured around its iterative cycles and the research questions imposed, offering a systematic exploration of the topic. A detailed analysis of various safety accidents and security incidents involving CPS was conducted to retrieve vulnerabilities that led to dangerous outcomes. By developing specific protective shells for each affected CPS and assessing their effectiveness during these hazardous scenarios, a generic core for the protective shell concept could be retrieved, indicating general characteristics and its overall applicability. Furthermore, the research presents a generic protective shell architecture, integrating advanced anomaly detection techniques rooted in explainable artificial intelligence (XAI) and human machine teaming. While the implementation of protective shells demonstrate substantial positive impacts in ensuring CPS safety and security, the thesis also articulates potential risks associated with their deployment that require careful consideration. In conclusion, this thesis makes a significant contribution towards the safer and more secure integration of complex CPS into daily routines, critical infrastructures and other sectors by leveraging the capabilities of the generic protective shell framework.:1 Introduction 1.1 Background and Context 1.2 Research Problem 1.3 Purpose and Objectives 1.3.1 Thesis Vision 1.3.2 Thesis Mission 1.4 Thesis Outline and Structure 2 Design Science Research Methodology 2.1 Relevance-, Rigor- and Design Cycle 2.2 Research Questions 3 Cyber-Physical Systems 3.1 Explanation 3.2 Safety- and Security-Critical Aspects 3.3 Risk 3.3.1 Quantitative Risk Assessment 3.3.2 Qualitative Risk Assessment 3.3.3 Risk Reduction Mechanisms 3.3.4 Acceptable Residual Risk 3.4 Engineering Principles 3.4.1 Safety Principles 3.4.2 Security Principles 3.5 Cyber-Physical System of Systems (CPSoS) 3.5.1 Emergence 4 Protective Shell 4.1 Explanation 4.2 System Architecture 4.3 Run-Time Monitoring 4.4 Definition 4.5 Expectations / Goals 5 Specific Protective Shells 5.1 Boeing 737 Max MCAS 5.1.1 Introduction 5.1.2 Vulnerabilities within CPS 5.1.3 Specific Protective Shell Mitigation Mechanisms 5.1.4 Protective Shell Evaluation 5.2 Therac-25 5.2.1 Introduction 5.2.2 Vulnerabilities within CPS 5.2.3 Specific Protective Shell Mitigation Mechanisms 5.2.4 Protective Shell Evaluation 5.3 Stuxnet 5.3.1 Introduction 5.3.2 Exploited Vulnerabilities 5.3.3 Specific Protective Shell Mitigation Mechanisms 5.3.4 Protective Shell Evaluation 5.4 Toyota 'Unintended Acceleration' ETCS 5.4.1 Introduction 5.4.2 Vulnerabilities within CPS 5.4.3 Specific Protective Shell Mitigation Mechanisms 5.4.4 Protective Shell Evaluation 5.5 Jeep Cherokee Hack 5.5.1 Introduction 5.5.2 Vulnerabilities within CPS 5.5.3 Specific Protective Shell Mitigation Mechanisms 5.5.4 Protective Shell Evaluation 5.6 Ukrainian Power Grid Cyber-Attack 5.6.1 Introduction 5.6.2 Vulnerabilities in the critical Infrastructure 5.6.3 Specific Protective Shell Mitigation Mechanisms 5.6.4 Protective Shell Evaluation 5.7 Airbus A400M FADEC 5.7.1 Introduction 5.7.2 Vulnerabilities within CPS 5.7.3 Specific Protective Shell Mitigation Mechanisms 5.7.4 Protective Shell Evaluation 5.8 Similarities between Specific Protective Shells 5.8.1 Mitigation Mechanisms Categories 5.8.2 Explanation 5.8.3 Conclusion 6 AI 6.1 Explainable AI (XAI) for Anomaly Detection 6.1.1 Anomaly Detection 6.1.2 Explainable Artificial Intelligence 6.2 Intrinsic Explainable ML Models 6.2.1 Linear Regression 6.2.2 Decision Trees 6.2.3 K-Nearest Neighbours 6.3 Example Use Case - Predictive Maintenance 7 Generic Protective Shell 7.1 Architecture 7.1.1 MAPE-K 7.1.2 Human Machine Teaming 7.1.3 Protective Shell Plugin Catalogue 7.1.4 Architecture and Design Principles 7.1.5 Conclusion Architecture 7.2 Implementation Details 7.3 Evaluation 7.3.1 Additional Vulnerabilities introduced by the Protective Shell 7.3.2 Summary 8 Conclusion 8.1 Summary 8.2 Research Questions Evaluation 8.3 Contribution 8.4 Future Work 8.5 Recommendatio

Symbiotic systems of bats, bat flies, and gut bacteria in a fragmented forest.

PhD Theses.The effects of habitat disturbance on parasites and microbes is poorly understood despite implications for host health and conservation. In this thesis I identify landscape properties that impact epidemiological patterns, bipartite interactions and metacommunity structure of ectoparasitic arthropods of bats and their endosymbiotic bacteria across a fragmented region from the Atlantic Forest of Brazil and I compare the performance of routine molecular identification methods using conventional laboratory procedures, to a mobile laboratory including the MinION DNA sequencer. My results show that in situ experiments on portable sequencing platforms are a viable alternative to Illumina and Sanger sequencing, although there are trade-offs between sequence quality and speed that precluded immediate uptake. I found the prevalence of the bat fly Trichobius joblingi on the bat Carollia perspicillata to be higher in forest fragments than continuous forests. I also found the infection intensity of the bat fly Paratrichobius longricus on the bat Artibeus lituratus in continuous forests to be higher in females than males. Network analyses shows modularity to be positively correlated to habitat area for ectoparasitic networks, but negatively correlated to isolation in endosymbiont networks. Metacommunity structure analysis suggests bat fly assemblages in fragmented forests follow a quasi-Gleasonean structure with respect to habitat area. Overall, my research reveals that the effects of habitat fragmentation can be observed in parasitic and endosymbiotic communities, and the persistence of specialist symbiotic species rely on the presence of specific hosts, for example ectoparasitic and endosymbiotic communities in the smallest fragments remain 5 connected by interactions with disturbance tolerant hosts. My findings have implications for conservation through monitoring trends in potential disease vectors in wild populations

Hardware-Assisted Dependable Systems

Unpredictable hardware faults and software bugs lead to application crashes, incorrect computations, unavailability of internet services, data losses, malfunctioning components, and consequently financial losses or even death of people. In particular, faults in microprocessors (CPUs) and memory corruption bugs are among the major unresolved issues of today. CPU faults may result in benign crashes and, more problematically, in silent data corruptions that can lead to catastrophic consequences, silently propagating from component to component and finally shutting down the whole system. Similarly, memory corruption bugs (memory-safety vulnerabilities) may result in a benign application crash but may also be exploited by a malicious hacker to gain control over the system or leak confidential data. Both these classes of errors are notoriously hard to detect and tolerate. Usual mitigation strategy is to apply ad-hoc local patches: checksums to protect specific computations against hardware faults and bug fixes to protect programs against known vulnerabilities. This strategy is unsatisfactory since it is prone to errors, requires significant manual effort, and protects only against anticipated faults. On the other extreme, Byzantine Fault Tolerance solutions defend against all kinds of hardware and software errors, but are inadequately expensive in terms of resources and performance overhead. In this thesis, we examine and propose five techniques to protect against hardware CPU faults and software memory-corruption bugs. All these techniques are hardware-assisted: they use recent advancements in CPU designs and modern CPU extensions. Three of these techniques target hardware CPU faults and rely on specific CPU features: ∆-encoding efficiently utilizes instruction-level parallelism of modern CPUs, Elzar re-purposes Intel AVX extensions, and HAFT builds on Intel TSX instructions. The rest two target software bugs: SGXBounds detects vulnerabilities inside Intel SGX enclaves, and “MPX Explained” analyzes the recent Intel MPX extension to protect against buffer overflow bugs. Our techniques achieve three goals: transparency, practicality, and efficiency. All our systems are implemented as compiler passes which transparently harden unmodified applications against hardware faults and software bugs. They are practical since they rely on commodity CPUs and require no specialized hardware or operating system support. Finally, they are efficient because they use hardware assistance in the form of CPU extensions to lower performance overhead

Water Supply Infrastructure Modeling and Control under Extreme Drought and/or Limited Power Availability

abstract: The phrase water-energy nexus is commonly used to describe the inherent and critical interdependencies between the electric power system and the water supply systems (WSS). The key interdependencies between the two systems are the power plant’s requirement of water for the cooling cycle and the water system’s need of electricity for pumping for water supply. While previous work has considered the dependency of WSS on the electrical power, this work incorporates into an optimization-simulation framework, consideration of the impact of short and long-term limited availability of water and/or electrical energy. This research focuses on the water supply system (WSS) facet of the multi-faceted optimization and control mechanism developed for an integrated water – energy nexus system under U.S. National Science Foundation (NSF) project 029013-0010 CRISP Type 2 – Resilient cyber-enabled electric energy and water infrastructures modeling and control under extreme mega drought scenarios. A water supply system (WSS) conveys water from sources (such as lakes, rivers, dams etc.) to the treatment plants and then to users via the water distribution systems (WDS) and/or water supply canal systems (WSCS). Optimization-simulation methodologies are developed for the real-time operation of water supply systems (WSS) under critical conditions of limited electrical energy and/or water availability due to emergencies such as extreme drought conditions, electric grid failure, and other severe conditions including natural and manmade disasters. The coupling between WSS and the power system was done through alternatively exchanging data between the power system and WSS simulations via a program control overlay developed in python. A new methodology for WDS infrastructural-operational resilience (IOR) computation was developed as a part of this research to assess the real-time performance of the WDS under emergency conditions. The methodology combines operational resilience and component level infrastructural robustness to provide a comprehensive performance assessment tool. The optimization-simulation and resilience computation methodologies developed were tested for both hypothetical and real example WDS and WSCS, with results depicting improved resilience for operations of the WSS under normal and emergency conditions.Dissertation/ThesisDoctoral Dissertation Civil, Environmental and Sustainable Engineering 201

Macroevolution: Explanation, Interpretation and Evidence

info:eu-repo/semantics/publishedVersio