Multilevel Runtime Verification for Safety and Security Critical Cyber Physical Systems from a Model Based Engineering Perspective

Advanced embedded system technology is one of the key driving forces behind the rapid growth of Cyber-Physical System (CPS) applications. CPS consists of multiple coordinating and cooperating components, which are often software-intensive and interact with each other to achieve unprecedented tasks. Such highly integrated CPSs have complex interaction failures, attack surfaces, and attack vectors that we have to protect and secure against. This dissertation advances the state-of-the-art by developing a multilevel runtime monitoring approach for safety and security critical CPSs where there are monitors at each level of processing and integration. Given that computation and data processing vulnerabilities may exist at multiple levels in an embedded CPS, it follows that solutions present at the levels where the faults or vulnerabilities originate are beneficial in timely detection of anomalies. Further, increasing functional and architectural complexity of critical CPSs have significant safety and security operational implications. These challenges are leading to a need for new methods where there is a continuum between design time assurance and runtime or operational assurance. Towards this end, this dissertation explores Model Based Engineering methods by which design assurance can be carried forward to the runtime domain, creating a shared responsibility for reducing the overall risk associated with the system at operation. Therefore, a synergistic combination of Verification & Validation at design time and runtime monitoring at multiple levels is beneficial in assuring safety and security of critical CPS. Furthermore, we realize our multilevel runtime monitor framework on hardware using a stream-based runtime verification language

Information Theoretic Approach to Design of Emergency Response Systems

Emergency response information systems provide critical support to the disaster management. Despite of the growing interest in this area, the existing research is scanty. A significant limitation is the lack of sound theoretical foundations for emergency management and the information system development. In this paper, the authors adapt Information Theory to explore the theoretical underpinnings of emergency response and discuss the general system design issues

A Survey of Simulation Research in Information Systems Discipline

Along with the increasing number of companies introducing Enterprise Social Networks (ESN) in recent years, research on ESN user behaviour has proliferated. Yet, a detailed analysis of factors driving ESN user behaviour, that is, how users participate in ESN, is missing. Addressing this gap, in this paper, we explore ESN user behaviour and factors influencing usage in an Australian professional services firm. Based on a case study including 14 interviews with regular users of the case company’s ESN, we identify and characterise six general dimensions of ESN user behaviour. In addition, our analysis indicates ESN user behaviour to be influenced by a mix of individual factors and organisational factors. The contributions of this paper include a conceptualisation of user behaviour as well as a set of factors shaping ESN usage. For the management of ESN communities, our findings are hoped to inform initiatives aiming at reinforcing user engagement over time

Usability and Trust in Information Systems

The need for people to protect themselves and their assets is as old as humankind. People's physical safety and their possessions have always been at risk from deliberate attack or accidental damage. The advance of information technology means that many individuals, as well as corporations, have an additional range of physical (equipment) and electronic (data) assets that are at risk. Furthermore, the increased number and types of interactions in cyberspace has enabled new forms of attack on people and their possessions. Consider grooming of minors in chat-rooms, or Nigerian email cons: minors were targeted by paedophiles before the creation of chat-rooms, and Nigerian criminals sent the same letters by physical mail or fax before there was email. But the technology has decreased the cost of many types of attacks, or the degree of risk for the attackers. At the same time, cyberspace is still new to many people, which means they do not understand risks, or recognise the signs of an attack, as readily as they might in the physical world. The IT industry has developed a plethora of security mechanisms, which could be used to mitigate risks or make attacks significantly more difficult. Currently, many people are either not aware of these mechanisms, or are unable or unwilling or to use them. Security experts have taken to portraying people as "the weakest link" in their efforts to deploy effective security [e.g. Schneier, 2000]. However, recent research has revealed at least some of the problem may be that security mechanisms are hard to use, or be ineffective. The review summarises current research on the usability of security mechanisms, and discusses options for increasing their usability and effectiveness

Context-Aware and Secure Workflow Systems

Businesses do evolve. Their evolution necessitates the re-engineering of their existing "business processes”, with the objectives of reducing costs, delivering services on time, and enhancing their profitability in a competitive market. This is generally true and particularly in domains such as manufacturing, pharmaceuticals and education). The central objective of workflow technologies is to separate business policies (which normally are encoded in business logics) from the underlying business applications. Such a separation is desirable as it improves the evolution of business processes and, more often than not, facilitates the re-engineering at the organisation level without the need to detail knowledge or analyses of the application themselves. Workflow systems are currently used by many organisations with a wide range of interests and specialisations in many domains. These include, but not limited to, office automation, finance and banking sector, health-care, art, telecommunications, manufacturing and education. We take the view that a workflow is a set of "activities”, each performs a piece of functionality within a given "context” and may be constrained by some security requirements. These activities are coordinated to collectively achieve a required business objective. The specification of such coordination is presented as a set of "execution constraints” which include parallelisation (concurrency/distribution), serialisation, restriction, alternation, compensation and so on. Activities within workflows could be carried out by humans, various software based application programs, or processing entities according to the organisational rules, such as meeting deadlines or performance improvement. Workflow execution can involve a large number of different participants, services and devices which may cross the boundaries of various organisations and accessing variety of data. This raises the importance of _ context variations and context-awareness and _ security (e.g. access control and privacy). The specification of precise rules, which prevent unauthorised participants from executing sensitive tasks and also to prevent tasks from accessing unauthorised services or (commercially) sensitive information, are crucially important. For example, medical scenarios will require that: _ only authorised doctors are permitted to perform certain tasks, _ a patient medical records are not allowed to be accessed by anyone without the patient consent and _ that only specific machines are used to perform given tasks at a given time. If a workflow execution cannot guarantee these requirements, then the flow will be rejected. Furthermore, features/characteristics of security requirement are both temporal- and/or event-related. However, most of the existing models are of a static nature – for example, it is hard, if not impossible, to express security requirements which are: _ time-dependent (e.g. A customer is allowed to be overdrawn by 100 pounds only up-to the first week of every month. _ event-dependent (e.g. A bank account can only be manipulated by its owner unless there is a change in the law or after six months of his/her death). Currently, there is no commonly accepted model for secure and context-aware workflows or even a common agreement on which features a workflow security model should support. We have developed a novel approach to design, analyse and validate workflows. The approach has the following components: = A modelling/design language (known as CS-Flow). The language has the following features: – support concurrency; – context and context awareness are first-class citizens; – supports mobility as activities can move from one context to another; – has the ability to express timing constrains: delay, deadlines, priority and schedulability; – allows the expressibility of security policies (e.g. access control and privacy) without the need for extra linguistic complexities; and – enjoy sound formal semantics that allows us to animate designs and compare various designs. = An approach known as communication-closed layer is developed, that allows us to serialise a highly distributed workflow to produce a semantically equivalent quasi-sequential flow which is easier to understand and analyse. Such re-structuring, gives us a mechanism to design fault-tolerant workflows as layers are atomic activities and various existing forward and backward error recovery techniques can be deployed. = Provide a reduction semantics to CS-Flow that allows us to build a tool support to animate a specifications and designs. This has been evaluated on a Health care scenario, namely the Context Aware Ward (CAW) system. Health care provides huge amounts of business workflows, which will benefit from workflow adaptation and support through pervasive computing systems. The evaluation takes two complementary strands: – provide CS-Flow’s models and specifications and – formal verification of time-critical component of a workflow

Determining criteria for selecting software components: lessons learned

Software component selection is growing in importance. Its success relies on correctly assessing the candidate components' quality. For a particular project, you can assess quality by identifying and analyzing the criteria that affect it. Component selection is on the suitability and completeness of the criteria used for evaluation. Experiences from determining criteria for several industrial projects provide important lessons. For a particular selection process, you can organize selection criteria into a criteria catalog. A CC is built for a scope, which can be either a domain (workflow systems, mail servers, antivirus tools, and so on) or a category of domains (communication infrastructure, collaboration software, and so on). Structurally, a CC arranges selection criteria in a hierarchical tree-like structure. The higher-level selection criteria serve to classify more concrete selection criteria, usually allowing some overlap. They also serve to leverage the CC.Peer ReviewedPostprint (published version

Enabling Flexibility in Process-Aware Information Systems: Challenges, Methods, Technologies

In today’s dynamic business world, the success of a company increasingly depends on its ability to react to changes in its environment in a quick and flexible way. Companies have therefore identified process agility as a competitive advantage to address business trends like increasing product and service variability or faster time to market, and to ensure business IT alignment. Along this trend, a new generation of information systems has emerged—so-called process-aware information systems (PAIS), like workflow management systems, case handling tools, and service orchestration engines. With this book, Reichert and Weber address these flexibility needs and provide an overview of PAIS with a strong focus on methods and technologies fostering flexibility for all phases of the process lifecycle (i.e., modeling, configuration, execution and evolution). Their presentation is divided into six parts. Part I starts with an introduction of fundamental PAIS concepts and establishes the context of process flexibility in the light of practical scenarios. Part II focuses on flexibility support for pre-specified processes, the currently predominant paradigm in the field of business process management (BPM). Part III details flexibility support for loosely specified processes, which only partially specify the process model at build-time, while decisions regarding the exact specification of certain model parts are deferred to the run-time. Part IV deals with user- and data-driven processes, which aim at a tight integration of processes and data, and hence enable an increased flexibility compared to traditional PAIS. Part V introduces existing technologies and systems for the realization of a flexible PAIS. Finally, Part VI summarizes the main ideas of this book and gives an outlook on advanced flexibility issues. The attached pdf file gives a preview on Chapter 3 of the book which explains the book's overall structure

Doctor of Philosophy

dissertationNuclear research reactors are found throughout the world and have been crucial in the advancement of scientific and engineering discoveries but the majority are approaching operational ages that require a renewed focus on safely maintaining and optimizing their use. A novel multilevel safety-factors-centered framework for the optimization and utilization of aging research reactors has been developed that can be implemented at any research reactor facility. The framework consists of an optimization tool for neutron activation analysis (NAA) and irradiation experiments, an optimization system, DACOS, for optimizing reactor operation parameters, and the overall Engineering Safety Culture ideology. The selection of NAA experimental parameters for irradiation in research reactors is essential in lowering the radiation dose to personnel while also minimizing the generation of excessive radioactive products. This comes in competition with assuring that enough activity of an examined sample is produced in order to be able to measure targeted trace nuclei. This is accomplished by coupling a NAA precalculator tool, PyNIC, with the optimization tool, DAKOTA, creating the PyNIC-DAKOTA tool system. This PyNIC-DAKOTA tool system is used to determine the optimal parameters for NAA. The PyNIC-DAKOTA tool system is benchmarked with several examples using the University of Utah TRIGA Reactor (UUTR). The PyNIC-DAKOTA tool system shows expected agreement with the actual NAA experiments. DACOS is a newly developed computational optimization system that merges well-known neutron transport code AGENT and well-known optimization tool DAKOTA. The DACOS can be applied to any reactor configuration for the purpose of optimizing its operation parameters such as but not limited to determining the optimal fuel composition and spatial distribution, amount and position of reflectors and neutron absorbing materials to achieve a specified neutron flux at a given location in the reactor or reactor power level. DACOS demonstrations of application are given for modeling of the UUTR. All of the research reactor optimizations and improvements are housed under the umbrella of a newly formed concept of Engineering Safety Culture and the workflow process that it encompasses. This new ideology is presented with illustrative examples of its implementation and resulting benefits