Robustness-Driven Resilience Evaluation of Self-Adaptive Software Systems

An increasingly important requirement for certain classes of software-intensive systems is the ability to self-adapt their structure and behavior at run-time when reacting to changes that may occur to the system, its environment, or its goals. A major challenge related to self-adaptive software systems is the ability to provide assurances of their resilience when facing changes. Since in these systems, the components that act as controllers of a target system incorporate highly complex software, there is the need to analyze the impact that controller failures might have on the services delivered by the system. In this paper, we present a novel approach for evaluating the resilience of self-adaptive software systems by applying robustness testing techniques to the controller to uncover failures that can affect system resilience. The approach for evaluating resilience, which is based on probabilistic model checking, quantifies the probability of satisfaction of system properties when the target system is subject to controller failures. The feasibility of the proposed approach is evaluated in the context of an industrial middleware system used to monitor and manage highly populated networks of devices, which was implemented using the Rainbow framework for architecture-based self-adaptation

PICSEL: Portable ICS Extensible Lab

Trabalho de projeto de mestrado, Segurança Informática, Universidade de Lisboa, Faculdade de Ciências, 2020Critical infrastructures such as electric power grids, nuclear plants, oil and gas refineries, transportations systems or pharmaceutical industries, play an increasingly important role in our lives due to technological advancement and the precision industry. Traditionally, most of these infrastructures, also called industrial control systems (ICS), are large-scale cyber-physical systems (CPS) which all use supervisory control and data acquisition (SCADA). Over recent years, malicious actors have realized the importance and impact of these infrastructures. Combining this with the deprivation of security features in ICS resulted in a large quantity of high value targets just waiting to be exploited. Since these systems are based on equipment with a really long lifetime and, in most of the cases, have an extremely high availability requirement, its important to, somehow, gather information and perform security tests in order to protect these infrastructures, without compromising a live operation. Normally these infrastructures are very complex and often have a remarkable diversity of equipment, communication protocols and transmission technologies. This thesis presents a portable testbed, PICSEL, which was designed and developed to achieve the following goals: to be a portable testbed testing existing exploits and new security solutions whilst exploring new vulnerabilities within the equipment or the environment. Several requirements were considered in the design of the testbed: for instance, choosing the equipment that allowed for more environment configurations; choosing power supplies that support additional equipment; and designing a static electrical diagram based on each device’s requirements. With these requirements, the testbed must be able to support different types of equipment and architectures, allowing for applications in multiple industries, inside which it can be easily reconfigured. The thesis describes the testbed architecture and discusses the design decisions, presenting two test scenarios that were studied and implemented using PICSEL. In each of these test scenarios, different attacks were performed validating each of the PICSEL goals. Testing known vulnerabilities, testing exploits in the wild and exporting information from PICSEL equipment to an external tool were very important steps to validate the results. Therefore, this thesis provides proof of concept confirming the key value of a modular and reconfigurable testbed, PICSEL

A RARE MUTUAL COURTSHIP DISPLAY IN A SOUTH AMERICAN PASSERIFORMES: BLUE-BILLED BLACK-TYRANT (KNIPOLEGUS CYANIROSTRIS) (TYRANNIDAE: FLUVICOLINAE)

Territorial displays are a common behavior in Knipolegus, but are only performed by males, while a mutual displays are unknown in this genus. In October 2012, in high-altitude grassland (Campos de Altitude), Espírito Santo state, south-east Brazil, a pair of Blue-billed Black Tyrant Knipolegus cyanirostris was filmed making very curious and subtle movements. Both individuals were silent, and perched facing each other 0.59–0.75 m apart, with the male slightly lower, at an angle of c. 21°–23° below the female. The male moved its head downwards, moving its bill in a pendulum-like, downward motion, then reassumed its upright stance, while the female, with its head slightly bent down, moved its bill in the same way as the male, before also reassuming her original stance. These movements were very fast and almost impossible to see with the human eye. This mutual display suggests that courtship behavior in Knipolegus may be much more complex than is currently believe