DOTS-LCCI - Dependable Off-The-Shelf based middleware systems for Large-scale Complex Critical Infrastructures

Large scale Complex Critical Infrastructures (LCCIs), such as water and power supply plants, and transport infrastructures (e.g., airports and seaports), play a key role into several fundamental human activities. It is easy to think about their economic and social impact: the consequences of an outage can be catastrophic in terms of efficiency, economical losses, consumer dissatisfaction, and even indirect harm to people and deaths. Currently, LCCIs make extensive usage of Information and Communications Technology (ICT) (e.g., computing systems, communication networks, and sensing hardware), and especially software systems for LCCI interconnection, control, and management, in charge of providing support for advanced monitoring and control facilities. These systems have to be highly resilient in order to reduce the risk of LCCI catastrophic failures. Nevertheless, the resiliency of future LCCI is compromised by several factors. First, these systems are more and more conceived as the composition of several Off-The-Shelf (OTS) items and/or legacy subsystems, which increase the probability of failures occurrences, due to unexpected or erroneous modes of operation. Second, they have been designed without considering that their size would have significantly grown, crossing national boundaries, and that their operational environment, originally planned to be "closed", would become "open" to the world to allow interoperability among LCCIs and remote accesses and control. This implies that the both accidental events and malicious attacks should be taken into account. The DOTS-LCCI research project aims to define novel middleware technologies, models, and methods to assure and assess the resiliency level of current and future OTS-based LCCIs, to diagnose faults in real time, and to tolerate them by means of dynamic reconfiguration. Assuring the resiliency level of LCCIs is crucial to reduce, with known probabilities, the occurrence of catastrophic failures, and consequently, to adopt proper diagnosis and reconfiguration strategies. Project efforts will progress according to three main directions: i) Distributed architectures for LCCIs, their components (OTS and legacy), and their resiliency requirements will be studied, in order to define algorithms and middleware architectures for improving dependability attributes of future LCCIs; ii) Strategies for on-line diagnosis and reconfiguration will be studied and defined, specifically tailored for OTS-based LCCIs, according to the resiliency assurance requirements; iii) Tools and techniques for modeling and evaluating LCCIs will be devised. Several works exist in the literature about these research themes. However, existing solutions are usually applied to simpler and closed system. Based on the experiences of research units in several real-world contexts, the innovative and challenging aspect is to apply these strategies, or to define novel ones, in the context of complex, evolvable, and extremely heterogeneous systems, which will compose future LCCI systems. The proposed strategies will be applied to two crucial elements of LCCIs: 1) Supervisory Control and Data Acquisition (SCADA) systems, being them massively deployed in critical contexts to monitor and control infrastructure processes. Without loss of generality, the project will consider LCCIs composed as a set of SCADA systems interconnected by means of a communication middleware; 2) The interconnecting middleware, that plays the role of a glue technology across the overall system. This component represents a main concern for the dependability of the LCCI. In particular, Event-Driven Architectures (EDA) will be considered, since they result very effective for the loose interconnection of OTS items, due to the adoption of the publish/subscribe communication paradigm. Particular effort will also be devoted to the definition of EDAs specifically tailored for resilient LCCIs. The different objectives addressed by DOTS-LCCI call for distinguished know-how in different fields, such as diagnosis, reconfiguration, modeling, evaluation, EDA architectures, and SCADA systems, thus making necessary the creation of a research consortium among complementary units. This will enable exchange and cross-fertilization of research interests, and will lead to the increase of knowledge on LCCIs design and management, and to novel techniques for their engineering. Also, project activities will benefit from the close synergy with research efforts and industrial collaborations already active in the research labs of the units composing the consortium

Using Invariants for Anomaly Detection: The Case Study of a SaaS Application

Invariants represent properties of a system that are expected to hold when everything goes well. Thus, the violation of an invariant most likely corresponds to the occurrence of an anomaly in the system. In this paper, we discuss the accuracy and the completeness of an anomaly detection system based on invariants. The case study we have taken is a back-end operation of a SaaS platform. Results show the rationality of the approach and discuss the impact of the invariant mining strategy on the detection capabilities, both in terms of accuracy and of time to reveal violations

SVEVIA - Innovative methods and techniques for Software VErification and ValIdAtion of near-realtime complex systems

The project SVEVIA aims at improving the efficiency of Verification and Validation (V&V) processes for critical and complex software systems with near-real time requirements. A critical system is a system whose failure or malfunction can lead to catastrophic losses in terms of cost, environmental damage, or loss of life. The critical systems are adopted in various fields, ranging from air traffic to the rail traffic managements, the management of ports and airports for civil and military purposes. In such contexts, the reliability and timeliness of the system are crucial requirements to be met. However, the activities necessary to ensure the required quality levels and standards prescribed by rule, require enormous costs for the Verification and Validation (V&V) of software, especially in larger systems. The V&V phase is one of the most expensive phases of the entire development cycle in terms of both time and resources used: the systems under consideration are characterized by complex and stringent non-functional constraints, more than 50% of the cost of the entire development comes from V&V process. Issues relating to the definition and implementation of appropriate strategies for V&V go far beyond the purely technical and / or technology, they involve, in a significant way, methodological aspects, aspects related to the production process, the development process, as well as aspects related to organizational structure, business strategies for medium and long term. Therefore, the criticality and complexity of the systems poses new challenges to software engineers, who need to develop solutions that ensure a high level of quality, taking the same time, lower costs and development time. The project SVEVIA intends to address issues related to both the planning and execution of the V&V activities by developing an innovative framework, SVEVIA, to support engineers in the V&V phase. Based on the results achieved and the critical issues and needs expressed by companies involved in the previous laboratory COSMIC, the project will address issues related to: 1) estimated costs and resources required to process V & V in relation to the expected quality of the final product; 2) lack of predictability of the outcome of V & V, caused by inadequate planning of activities, often based on subjective criteria and unstructured, and a reluctance to carry out preventive risk analysis; 3) poor adjustment and / or integration capabilities of current approaches to V & V corporate advanced development processes based on evolutionary models; 4) lack of measurable results from the process of V & V (in terms of quality attributes); 5) inability to automate the running of tests planned. The main objective of the framework SVEVIA is to guide the development team through the entire process, leveraging, and iteratively enhancing, the prior knowledge to put in place V&V strategies suitable for specific product under development

Seismic Behavior of the San Pietro di Coppito Church Bell Tower in L'Aquila, Italy

In the present paper, a non-linear numerical study on the 13th century masonry bell tower of the church of San Pietro di Coppito is described. The aim is to have an insight into the causes at the base of the partial collapse suffered by the structure during the L'Aquila earthquake in 2009. To this aim, two different numerical analyses have been performed namely non-linear static (pushover) and limit analysis. In both cases, the same full 3D detailed FE model of the structure is adopted, changing the seismic load direction and assuming different distributions of the equivalent static horizontal load. When dealing with the FEM incremental analysis, a commercial code is utilized assuming for masonry a smeared crack isotropic model. For limit analysis, a non-commercial full 3D code developed by the authors is utilized. It provides limit good estimates of limit loads and failure mechanisms, to compare with standard FEM results. From numerical re-sults, the role played by the actual geometry and by the masonry mechanical characteristics of the tower is envisaged, as well as a detailed comparison of failure mechanisms provided by the incremental FEM and limit analysis is provided. In all cases, the numerical analysis has given a valuable picture of damage mechanisms which can be compared with actual damage patterns so providing useful hints for the introduction of structural monitoring