Risk management in a mega-project: the Universal EXPO 2015 case

The paper analyses the literature on risk management in mega-projects suggesting possible mitigation actions to be considered in the stakeholders' management. EXPO 2015 represents a perfect project to understand the strength of a rigorous methodological approach to uncertainty and the need for a mature consciousness at managerial level on these topics. Analysing real available data on this project, the number of visitors appears overestimated, so, by adopting a framework, called SHAMPU, the paper quantifies the relative impact and provides possible mitigation actions. Practical actions crossing the risk management phases in mega projects proposed by literature are suggested in the conclusions

RADIS: Remote Attestation of Distributed IoT Services

Remote attestation is a security technique through which a remote trusted party (i.e., Verifier) checks the trustworthiness of a potentially untrusted device (i.e., Prover). In the Internet of Things (IoT) systems, the existing remote attestation protocols propose various approaches to detect the modified software and physical tampering attacks. However, in an interoperable IoT system, in which IoT devices interact autonomously among themselves, an additional problem arises: a compromised IoT service can influence the genuine operation of other invoked service, without changing the software of the latter. In this paper, we propose a protocol for Remote Attestation of Distributed IoT Services (RADIS), which verifies the trustworthiness of distributed IoT services. Instead of attesting the complete memory content of the entire interoperable IoT devices, RADIS attests only the services involved in performing a certain functionality. RADIS relies on a control-flow attestation technique to detect IoT services that perform an unexpected operation due to their interactions with a malicious remote service. Our experiments show the effectiveness of our protocol in validating the integrity status of a distributed IoT service.Comment: 21 pages, 10 figures, 2 table

Adaptive Variable Structure Control System for Attitude Spacecraft Applications

L'abstract è presente nell'allegato / the abstract is in the attachmen

Know Your Enemy: Stealth Configuration-Information Gathering in SDN

Software Defined Networking (SDN) is a network architecture that aims at providing high flexibility through the separation of the network logic from the forwarding functions. The industry has already widely adopted SDN and researchers thoroughly analyzed its vulnerabilities, proposing solutions to improve its security. However, we believe important security aspects of SDN are still left uninvestigated. In this paper, we raise the concern of the possibility for an attacker to obtain knowledge about an SDN network. In particular, we introduce a novel attack, named Know Your Enemy (KYE), by means of which an attacker can gather vital information about the configuration of the network. This information ranges from the configuration of security tools, such as attack detection thresholds for network scanning, to general network policies like QoS and network virtualization. Additionally, we show that an attacker can perform a KYE attack in a stealthy fashion, i.e., without the risk of being detected. We underline that the vulnerability exploited by the KYE attack is proper of SDN and is not present in legacy networks. To address the KYE attack, we also propose an active defense countermeasure based on network flows obfuscation, which considerably increases the complexity for a successful attack. Our solution offers provable security guarantees that can be tailored to the needs of the specific network under consideratio

Reaching law-based SMC for spacecraft applications with actuators constraints

This letter considers a robust sliding mode control method for a spacecraft attitude control. The design of the control law is based on the reaching law approach for continuous-time systems. A novel method is proposed to design the parameters of both the reaching law and the sliding surface. The reaching law ensures that during the reaching phase the states of the system remains bounded. Then, taking into account the parameters of the mathematical model, the bounds are defined so that the control law does not overload the actuator limits, whatever the initial conditions. Furthermore, a variable gain is considered for the control law, to provide chattering alleviation of the control input. Numerical simulations are performed to show the effectiveness of the proposed approach

The divergence between actual and estimated costs in large industrial and infrastructure projects: is nuclear special?

Megaprojects are frequently over budget and late all over the world in many different sectors. There has been little or no improvement over the decades. Project performance today is roughly similar to ten, twenty and thirty years ago. On the other hand, even if public opinion and the press are focusing on nuclear projects being over budget and late, such poor performance is not a fatality. The Korean and the (pre-2000) French experience shows that it is possible to deliver nuclear projects on time and budget. Key success factors are the replication of existing reactors, a relative monoculture, a stable environment with experienced stakeholders and a long-term view. Some of these factors may no longer be replicable and the most promising way forward may be to start learning from other high technological sectors such as aerospace or oil and gas, where a number of major companies have evolved from national champions to global competitors

Project controlling in mega events: the Expo 2015 case

Although Universal Expositions are an incredible catalyst for the development of hosting cities, they have to face projects’ common problems as over-budgets and delays. This last issue is critic since mega events have to respect a mandatory deadline and any delay could cause critical project scope reduction. It is thus fundamental to control efficiently and effectively their progress to obtain the best performances. Despite “project controlling” field is well-documented concerning mega-projects, there is a gap for mega events. In addition, literature focuses on strategic elements without providing operative methods to control the execution phase. This paper fi lls this gap highlighting how mega-events can be considered as “mega-programmes”, suggesting supervision through a project envelope to avoid forecasting problems and proposing a gradual control according to project statuses. These results provide a model to monitor Milan Expo 2015 execution phase, guaranteeing that all projects involved end within deadlines