Expert Elicitation for Reliable System Design

This paper reviews the role of expert judgement to support reliability assessments within the systems engineering design process. Generic design processes are described to give the context and a discussion is given about the nature of the reliability assessments required in the different systems engineering phases. It is argued that, as far as meeting reliability requirements is concerned, the whole design process is more akin to a statistical control process than to a straightforward statistical problem of assessing an unknown distribution. This leads to features of the expert judgement problem in the design context which are substantially different from those seen, for example, in risk assessment. In particular, the role of experts in problem structuring and in developing failure mitigation options is much more prominent, and there is a need to take into account the reliability potential for future mitigation measures downstream in the system life cycle. An overview is given of the stakeholders typically involved in large scale systems engineering design projects, and this is used to argue the need for methods that expose potential judgemental biases in order to generate analyses that can be said to provide rational consensus about uncertainties. Finally, a number of key points are developed with the aim of moving toward a framework that provides a holistic method for tracking reliability assessment through the design process.Comment: This paper commented in: [arXiv:0708.0285], [arXiv:0708.0287], [arXiv:0708.0288]. Rejoinder in [arXiv:0708.0293]. Published at http://dx.doi.org/10.1214/088342306000000510 in the Statistical Science (http://www.imstat.org/sts/) by the Institute of Mathematical Statistics (http://www.imstat.org

Robust requirements gathering for ontologies in smart water systems

Urban environments are urgently required to become smarter in order to overcome sustainability and resilience challenges whilst remaining economically viable. This involves a vast increase in the penetration of ICT resources, both physical and virtual, with the requirement to factor in built environment, socio-economic and human artefacts. This paper therefore proposes a methodology for eliciting, testing, and deploying, requirements in the field of urban cybernetics. This extends best practice requirements engineering principles in order to meet the demands of this growing niche. The paper follows a case study approach of applying the methodology in the smart water domain, where it achieves positive results. The approach heavily utilises iteration alongside domain experts, but also mandates the integration of technical domain experts to ensure software requirements are met. A key novelty of the approach is prioritising a balance between: a) knowledge engineers’ tenacity for logical accuracy, b) software engineers’ need for speed, simplicity, and integration with other components, and c) the domain experts’ needs in order to invoke ownership and hence nurture adoption of the resulting ontology

Developing Secure and Safe Systems with Knowledge Acquisition for Automated Specification

On spetsiaalsed tehnikad, mida kasutatakse riskihalduses nii turvalisuse kui ohutuse konstrueerimise domeenides. Nende tehnikate väljundid, mida tuntakse artefaktidena, on üksteisest eraldatud, mis toob kaasa mitmeid probleeme, kuna domeenid on sõltumatud ja ei ole domeeni, mis ühendaks neid mõlemat. Probleemi keskmes on see, et turvalisus- ja ohutusinsenerid töötavad erinevates meeskondades kogu süsteemiarenduse elutsükli jooksul, mille tulemusena riskid ja ohud on ebapiisavalt kaetud. Käesolevas magistritöös rakendatakse struktuurset lähenemist, turvalisuse ja ohutuse integreerimiseks läbi SaS (Safety and Security) domeeni mudeli loomise, mis integreerib neid mõlemaid. Lisaks töö käigus näidatakse, et on võimalik kasutada eesmärgipõhist KAOS (Knowledge Acquisition in autOmated Specification) keelt ohtude ja riskide analüüsiks, nii et kaetud saavad nii ohutus- kui ka turvadomeen, muutes nende väljundid e. artefaktid hästi struktureerituks, mille tulemusena toimub põhjalik analüüs ja suureneb usaldatavus. Me pakume välja lahenduse, mis sisaldab sellise domeeni mudeli loomist, milles on integreeritud ohtutuse ja turvalisuse domeenid. See annab parema võrdlus- ja integreerimisvõimaluse, leidmaks kahe domeeni vahelise kesktee ning ühendavad definitsioonid läbi nende kaardistamise üldises ontoloogias. Selline lahendus toob kokku turvalisuse ja ohutusedomeenide integratsiooni ühtsesse mudelisse, mille tulemusena tekib ohutus- ja turvalisustehnikate vahel vastastikune mõjustus ning toodab väljundeid, mida peetakse usaldusartefaktideks ning kasutab KAOSt domeeni mudeliga, mis on ehitatud juhtumianalüüsi põhjal. Peale vastloodud mudeli rakendumist viiakse läbi katse, milles analüüsitakse sedasama juhtumit, võrdlemaks selle tulemusi teiste juba olemasolevate mudelite tulemustega, et uurida sellise domeeni mõttekust. Struktureeritud lähenemine võib seega toimida liidesena, mis lihtsustab aktiivset interaktsiooni riski- ja ohuhalduses, aidates leida lahendusi probleemidele ja vastuoludele, mille lahendamiseks on vaja integreerida ohutuse ja turvalisuse domeenid ja kasutada unifitseeritud süsteemianalüüsi tehnikat, mille tulemusena tekib analüüsi tsentraalsus.There are special techniques languages that are used in risk management in both domains of safety engineering and security engineering. The outputs, known as artifacts, of these techniques are separated from each other leading to several difficulties due to the fact that domains are independent and that there is no one unifying domain for the two. The problem is that safety engineers and security engineers work in separated teams from throughout the system development life cycle, which results in incomplete coverage of risks and threats. The thesis applies a structured approach to integration between security and safety by creating a SaS (Safety and Security) domain model. Furthermore, it demonstrates that it is possible to use goal-oriented KAOS (Knowledge Acquisition in automated Specification) language in threat and hazard analysis to cover both safety and security domains making their outputs, or artifacts, well-structured and comprehensive, which results in dependability due to the comprehensiveness of the analysis. The structured approach can thereby act as an interface for active interactions in risk and hazard management in terms of universal coverage, finding solutions for differences and contradictions which can be overcome by integrating the safety and security domains and using a unified system analysis technique (KAOS) that will result in analysis centrality

Security Analysis of System Behaviour - From "Security by Design" to "Security at Runtime" -

The Internet today provides the environment for novel applications and processes which may evolve way beyond pre-planned scope and purpose. Security analysis is growing in complexity with the increase in functionality, connectivity, and dynamics of current electronic business processes. Technical processes within critical infrastructures also have to cope with these developments. To tackle the complexity of the security analysis, the application of models is becoming standard practice. However, model-based support for security analysis is not only needed in pre-operational phases but also during process execution, in order to provide situational security awareness at runtime. This cumulative thesis provides three major contributions to modelling methodology. Firstly, this thesis provides an approach for model-based analysis and verification of security and safety properties in order to support fault prevention and fault removal in system design or redesign. Furthermore, some construction principles for the design of well-behaved scalable systems are given. The second topic is the analysis of the exposition of vulnerabilities in the software components of networked systems to exploitation by internal or external threats. This kind of fault forecasting allows the security assessment of alternative system configurations and security policies. Validation and deployment of security policies that minimise the attack surface can now improve fault tolerance and mitigate the impact of successful attacks. Thirdly, the approach is extended to runtime applicability. An observing system monitors an event stream from the observed system with the aim to detect faults - deviations from the specified behaviour or security compliance violations - at runtime. Furthermore, knowledge about the expected behaviour given by an operational model is used to predict faults in the near future. Building on this, a holistic security management strategy is proposed. The architecture of the observing system is described and the applicability of model-based security analysis at runtime is demonstrated utilising processes from several industrial scenarios. The results of this cumulative thesis are provided by 19 selected peer-reviewed papers

Development of a decision support system through modelling of critical infrastructure interdependencies : a thesis presented in partial fulfilment of the requirements for the degree of Doctor of Philosophy in Emergency Management at Massey University, Wellington, New Zealand

Critical Infrastructure (CI) networks provide functional services to support the wellbeing of a community. Although it is possible to obtain detailed information about individual CI and their components, the interdependencies between different CI networks are often implicit, hidden or not well understood by experts. In the event of a hazard, failures of one or more CI networks and their components can disrupt the functionality and consequently affect the supply of services. Understanding the extent of disruption and quantification of the resulting consequences is important to assist various stakeholders' decision-making processes to complete their tasks successfully. A comprehensive review of the literature shows that a Decision Support System (DSS) integrated with appropriate modelling and simulation techniques is a useful tool for CI network providers and relevant emergency management personnel to understand the network recovery process of a region following a hazard event. However, the majority of existing DSSs focus on risk assessment or stakeholders' involvement without addressing the overall CI interdependency modelling process. Furthermore, these DSSs are primarily developed for data visualization or CI representation but not specifically to help decision-makers by providing them with a variety of customizable decision options that are practically viable. To address these limitations, a Knowledge-centred Decision Support System (KCDSS) has been developed in this study with the following aims: 1) To develop a computer-based DSS using efficient CI network recovery modelling algorithms, 2) To create a knowledge-base of various recovery options relevant to specific CI damage scenarios so that the decision-makers can test and verify several ‘what-if’ scenarios using a variety of control variables, and 3) To bridge the gap between hazard and socio-economic modelling tools through a multidisciplinary and integrated natural hazard impact assessment. Driven by the design science research strategy, this study proposes an integrated impact assessment framework using an iterative design process as its first research outcome. This framework has been developed as a conceptual artefact using a topology network-based approach by adopting the shortest path tree method. The second research outcome, a computer-based KCDSS, provides a convenient and efficient platform for enhanced decision making through a knowledge-base consisting of real-life recovery strategies. These strategies have been identified from the respective decision-makers of the CI network providers through the Critical Decision Method (CDM), a Cognitive Task Analysis (CTA) method for requirement elicitation. The capabilities of the KCDSS are demonstrated through electricity, potable water, and road networks in the Wellington region of Aotearoa New Zealand. The network performance has been analysed independently and with interdependencies to generate outage of services spatially and temporally. The outcomes of this study provide a range of theoretical and practical contributions. Firstly, the topology network-based analysis of CI interdependencies will allow a group of users to build different models, make and test assumptions, and try out different damage scenarios for CI network components. Secondly, the step-by-step process of knowledge elicitation, knowledge representation and knowledge modelling of CI network recovery tasks will provide a guideline for improved interactions between researchers and decision-makers in this field. Thirdly, the KCDSS can be used to test the variations in outage and restoration time estimates of CI networks due to the potential uncertainty related to the damage modelling of CI network components. The outcomes of this study also have significant practical implications by utilizing the KCDSS as an interface to integrate and add additional capabilities to the hazard and socio-economic modelling tools. Finally, the variety of ‘what-if’ scenarios embedded in the KCDSS would allow the CI network providers to identify vulnerabilities in their networks and to examine various post-disaster recovery options for CI reinstatement projects

Sorghum bicolor defence responses to the pathogen Burkholderia andropogonis: An LC-MS based metabolomic analysis

Abstract: Metabolomics, the youngest sibling in the family of omics fields, has become an indispensable tool in studying plant biology. Considering that the metabolome is expectedly found to be sensitive to perturbations in both metabolic fluxes and enzyme activity, metabolomics provides insights into the physiological state and biological activities of an organism as influenced by changes in gene expression, protein function modulation and environmental cues. In plant science studies, the coordinated regulatory mechanisms underlying the immune responses of a biological system to biotic stresses can therefore be investigated by untargeted metabolomics approaches. The use of advanced analytical platforms such as LC-MS in untargeted plant metabolomics approaches facilitates a comprehensive measurement of metabolites, spanning an array of classes of these small-molecules. Such analyses, complemented with data analysis methodologies, thus reveal the molecular dynamics of the plant defence responses as well as biomakers associated with resistance state to an environmental stress. The capacity of a plant to launch an effective defensive state depends on the ability to perceive the pathogen presence (via MAMP perception) and timeous defence response activation. Upon pathogen detection, plant hormones such as the salicylates and jasmonates play key roles (working synergistically or antagonistically) to activate an array of highly regulated and coordinated defence events, involving a reprogramming of the metabolome, reflected through activation and changes in defence-related secondary metabolites and precursors for cell wall reinforcement...M.Sc. (Biochemistry