Software Engineering Challenges for Investigating Cyber-Physical Incidents

Cyber-Physical Systems (CPS) are characterized by the interplay between digital and physical spaces. This characteristic has extended the attack surface that could be exploited by an offender to cause harm. An increasing number of cyber-physical incidents may occur depending on the configuration of the physical and digital spaces and their interplay. Traditional investigation processes are not adequate to investigate these incidents, as they may overlook the extended attack surface resulting from such interplay, leading to relevant evidence being missed and testing flawed hypotheses explaining the incidents. The software engineering research community can contribute to addressing this problem, by deploying existing formalisms to model digital and physical spaces, and using analysis techniques to reason about their interplay and evolution. In this paper, supported by a motivating example, we describe some emerging software engineering challenges to support investigations of cyber-physical incidents. We review and critique existing research proposed to address these challenges, and sketch an initial solution based on a meta-model to represent cyber-physical incidents and a representation of the topology of digital and physical spaces that supports reasoning about their interplay

On the Automated Management of Security Incidents in Smart Space

The proliferation of smart spaces, such as smart buildings, is increasing opportunities for offenders to exploit the interplay between cyber and physical components, in order to trigger security incidents. Organizations are obliged to report security incidents to comply with recent data protection regulations. Organizations can also use incident reports to improve security of the smart spaces where they operate. Incident reporting is often documented in structured natural language. However, reports often do not capture relevant information about cyber and physical vulnerabilities present in a smart space that are exploited during an incident. Moreover, sharing information about security incidents can be difficult, or even impossible, since a report may contain sensitive information about an organization. In previous work, we provided a meta-model to represent security incidents in smart spaces. We also developed an automated approach to share incident knowledge across different organizations. In this paper we focus on incident reporting. We provide a System Editor to represent smart buildings where incidents can occur. Our editor allows us to represent cyber and physical components within a smart building and their interplay. We also propose an Incident Editor to represent the activities of an incident, including —for each activity— the target and the resources exploited, the location where the activity occurred, and the activity initiator. Building on our previous work, incidents represented using our editor can be shared across various organizations, and instantiated in different smart spaces to assess how they can re-occur. We also propose an Incident Filter component that allows viewing and prioritizing the most relevant incident instantiations, for example, involving a minimum number of activities. We assess the feasibility of our approach in assisting incident reporting using an example of a security incident that occurred in a research center

Metabolic syndrome and nephrolithiasis: can we hypotize a common background?

Metabolic syndrome and nephrolithiasis are quite common disorders presenting similar epidemiological characteristics. Belonging to genetic, environmental and hormonal interaction, they have high incidence and prevalence in the adult population of industrialised countries and are characterised by a high level of morbidity and mortality if not adequately identified and treated. Despite metabolic syndrome is considered a fundamental risk factor for chronic kidney diseases, is not actually known whether it is associated with nephrolithiasis beyond the effect of its individual components, in particular obesity, glucose intolerance, and hypertension. In this paper, the possible pathogenetic links between metabolic syndrome and nephrolithiasis will be presented and discussed

Digital Age of Consent and Age Verification: Can They Protect Children?

Children are increasingly accessing social media content through mobile devices. Existing data protection regulations have focused on defining the digital age of consent, in order to limit collection of children’s personal data by organizations. However, children can easily bypass the mechanisms adopted by apps to verify their age, and thereby be exposed to privacy and safety threats. We conducted a study to identify how the top 10 social and communication apps among underage users apply age limits in their Terms of Use. We also assess the robustness of the mechanisms these apps put in place to verify the age of their users. Moreover, we discuss how automated age recognition techniques can be adopted to increase the effectiveness of the age verification process. Finally, we provide recommendations to app providers and developers to specify the Terms of Use and implement robust age verification mechanisms

User-centric Adaptation Analysis of Multi-tenant Services

Multi-tenancy is a key pillar of cloud services. It allows different users to share computing and virtual resources transparently, meanwhile guaranteeing substantial cost savings. Due to the tradeoff between scalability and customization, one of the major drawbacks of multi-tenancy is limited configurability. Since users may often have conflicting configuration preferences, offering the best user experience is an open challenge for service providers. In addition, the users, their preferences, and the operational environment may change during the service operation, thus jeopardizing the satisfaction of user preferences. In this article, we present an approach to support user-centric adaptation of multi-tenant services. We describe how to engineer the activities of the Monitoring, Analysis, Planning, Execution (MAPE) loop to support user-centric adaptation, and we focus on adaptation analysis. Our analysis computes a service configuration that optimizes user satisfaction, complies with infrastructural constraints, and minimizes reconfiguration obtrusiveness when user- or service-related changes take place. To support our analysis, we model multitenant services and user preferences by using feature and preference models, respectively. We illustrate our approach by utilizing different cases of virtual desktops. Our results demonstrate the effectiveness of the analysis in improving user preferences satisfaction in negligible time.Ministerio de Economía y Competitividad TIN2012-32273Junta de Andalucía P12--TIC--1867Junta de Andalucía TIC-590

Almond diversity and homozygosity define structure, kinship, inbreeding, and linkage disequilibrium in cultivated germplasm, and reveal genomic associations with nut and seed weight

Almond [Prunus dulcis Miller (D.A. Webb)] is the main tree nut species worldwide. Here, genotyping-by-sequencing (GBS) was applied to 149 almond cultivars from the ex situ collections of the Italian Council for Agricultural Research (CREA) and the Spanish National Research Council (CSIC), leading to the detection of 93,119 single-nucleotide polymorphisms (SNPs). The study of population structure outlined four distinct genetic groups and highlighted diversification between the Mediterranean and Californian gene pools. Data on SNP diversity and runs of homozygosity (ROHs) allowed the definition of kinship, inbreeding, and linkage disequilibrium (LD) decay in almond cultivated germplasm. Four-year phenotypic observations, gathered on 98 cultivars of the CREA collection, were used to perform a genome-wide association study (GWAS) and, for the first time in a crop species, homozygosity mapping (HM), resulting in the identification of genomic associations with nut, shell, and seed weight. Both GWAS and HM suggested that loci controlling nut and seed weight are mostly independent. Overall, this study provides insights on the almond cultivation history and delivers information of major interest for almond genetics and breeding. In a broader perspective, our results encourage the use of ROHs in crop science to estimate inbreeding, choose parental combinations minimizing the risk of inbreeding depression, and identify genomic footprints of selection for specific traits