Generalized Fault Trees: from reliability to security

Fault Trees (FT) are widespread models in the reliability \ufb01eld, but they lack of modelling power. So, in the literature, several extensions have been proposed and introduced speci\ufb01c new modelling primitives. Attack Trees (AT) have gained acceptance in the \ufb01eld of security. They follow the same notation of standard FT,but they represent the combinations of actions necessary for the success of an attack to a computing system. In this paper, we extend the AT formalism by exploiting the new primitives introduced in speci\ufb01c FT extensions. This leads to more accurate models. The approach is applied to a case study: the AT is exploited to represent the attack mode and compute speci\ufb01c quantitative measures about the system security

SAN models of a benchmark on dynamic reliability

This report provides the detailed description of the Stochastic Activity Network (SAN) models appearing in [1] and concerning a benchmark on dynamic reliability taken from the literature

Evaluation of a benchmark on dynamic reliability via Fluid Stochastic Petri Nets

The paper presents the evaluation of a benchmark on dynamic reliability. Such system consists of a tank containing some liquid, two pumps and one valve to renew the liquid in the tank, a heat source warming the liquid, and a controller acting on the state of the components. Three failure conditions are possible: the dry out, the over\ufb02ow or the high temperature of the liquid. Due to the presence of continuous variables, such as the liquid level and temperature, the system is modelled as a Fluid Stochastic Petri Net which is the object of simulation obtaining the unreliability evaluation of the system

Modelling dynamic reliability via Fluid Petri Nets

Combinatorial models for reliability analysis (like fault-trees or block diagram) are static models that cannot include any type of component dependence. In the CTMC (Continuous Time Markov Chain) framework, the transition rates can depend on the state of the system thus allowing the analyst to include some dependencies among components. However, in more general terms, the system reliability may depend on parameters or quantities that vary continuously in time (like temperature, pressure, distance, etc.). Systems whose behavior in time can be described by discrete as well as continuous variables, are called hybrid systems. In the dependability literature, the case in which the reliability characteristics vary continuously versus a process parameter, is sometimes referred to as dynamic reliability [1]. The modelling and analysis of hybrid dynamic systems is an open research area. The present paper discusses the evaluation of a benchmark on dynamic reliability proposed in [1] via a modelling framework called Fluid Stochastic Petri Net (FSPN)

ARPHA: an FDIR architecture for Autonomous Spacecrafts based on Dynamic Probabilistic Graphical Models

This paper introduces a formal architecture for on-board diagnosis, prognosis and recovery called ARPHA. ARPHA is designed as part of the ESA/ESTEC study called VERIFIM (Veri\ufb01cation of Failure Impact by Model checking). The goal is to allow the design of an innovative on-board FDIR process for autonomous systems, able to deal with uncertain system/environment interactions, uncertain dynamic system evolution, partial observability and detection of recovery actions taking into account imminent failures. We show how the model needed by ARPHA can be built through a standard fault analysis phase, \ufb01nally producing an extended version of a fault tree called EDFT; we discuss how EDFT can be adopted as a formal language to represent the needed FDIR knowledge, that can be compiled into a corresponding Dynamic Decision Network to be used for the analysis. We also discuss the software architecture we are implementing following this approach, where on-board FDIR can be implemented by exploiting on-line inference based on the junction tree approach typical of probabilisticgraphical models

SAN models of communication scenarios inside the Electrical Power System

This report provides all the details about the models and the quantitative results presented in [1], about the simulation of communication scenarios inside the Electrical Power System. In particular, the scenarios deal with the communication between one area control centre and a set of substations in a distribution grid, exchanging commands and signals by means of a redundant communication network. The communication may be affected by threats such as the communication network failure, or intrusions into the communication, causing the loss of commands or signals. The scenarios have been modeled and simulated in form of Stochastic Activity Networks, with the purpose of evaluating the effects of such threats on the communication reliability

A GSPN semantics for Continuous Time Bayesian Networks with Immediate Nodes

In this report we present an extension to Continuous Time Bayesian Networks (CTBN) called Generalized Continuous Time Bayesian Networks (GCTBN). The formalism allows one to model, in addition to continuous time delayed variables (with exponentially distributed transition rates), also non delayed or "immediate" variables, which act as standard chance nodes in a Bayesian Network. This allows the modeling of processes having both a continuous-time temporal component and an immediate (i.e. non-delayed) component capturing the logical/probabilistic interactions among the model\u2019s variables. The usefulness of this kind of model is discussed through an example concerning the reliability of a simple component-based system. A semantic model of GCTBNs, based on the formalism of Generalized Stochastic Petri Nets (GSPN) is outlined, whose purpose is twofold: to provide a well-de\ufb01ned semantics for GCTBNs in terms of the underlying stochastic process, and to provide an actual mean to perform inference (both prediction and smoothing) on GCTBNs. The example case study is then used, in order to highlight the exploitation of GSPN analysis for posterior probability computation on the GCTBN model

Decision Networks for modeling and analysis of attack/defense scenarios in critical infrastructures

We propose to exploit Decision Networks (DN) for the analysis of attack/defense scenarios. We show that DN extend both the modeling and the analysis capabilities of formalisms based on Attack Trees, which are the main reference model in such a context. Uncertainty can be addressed at every system level and a decision-theoretic analysis of the risk and of the selection of the best countermeasures can be implemented, by exploiting standard inference algorithms on DN