Papers by Stefano Marrone
Electronics
Recent times have demonstrated how much the modern critical infrastructures (e.g., energy, essent... more Recent times have demonstrated how much the modern critical infrastructures (e.g., energy, essential services, people and goods transportation) depend from the global communication networks. However, in the current Cyber-Physical World convergence, sophisticated attacks to the cyber layer can provoke severe damages to both physical structures and the operations of infrastructure affecting not only its functionality and safety, but also triggering cascade effects in other systems because of the tight interdependence of the systems that characterises the modern society. Hence, critical infrastructure must integrate the current cyber-security approach based on risk avoidance with a broader perspective provided by the emerging cyber-resilience paradigm. Cyber resilience is aimed as a way absorb the consequences of these attacks and to recover the functionality quickly and safely through adaptation. Several high-level frameworks and conceptualisations have been proposed but a formal defi...
Journal of Sensor and Actuator Networks, 2022
Machine Learning models are susceptible to attacks, such as noise, privacy invasion, replay, fals... more Machine Learning models are susceptible to attacks, such as noise, privacy invasion, replay, false data injection, and evasion attacks, which affect their reliability and trustworthiness. Evasion attacks, performed to probe and identify potential ML-trained models’ vulnerabilities, and poisoning attacks, performed to obtain skewed models whose behavior could be driven when specific inputs are submitted, represent a severe and open issue to face in order to assure security and reliability to critical domains and systems that rely on ML-based or other AI solutions, such as healthcare and justice, for example. In this study, we aimed to perform a comprehensive analysis of the sensitivity of Artificial Intelligence approaches to corrupted data in order to evaluate their reliability and resilience. These systems need to be able to understand what is wrong, figure out how to overcome the resulting problems, and then leverage what they have learned to overcome those challenges and improve ...
2016 11th International Conference for Internet Technology and Secured Transactions (ICITST), 2016
Critical infrastructures as water treatment, power distribution, or telecommunications, provide d... more Critical infrastructures as water treatment, power distribution, or telecommunications, provide daily services essential to our lifestyle. Any service discontinuity can have a high impact into our society and even into our safety. Thus, security of these systems against intentional threats must be guaranteed. However, many of these systems are based on protocols initially designed to operate on closed, unroutable networks, making them an easy target for cybercriminals. In this regard, Modbus is a widely adopted protocol in control systems. Modbus protocol, however, lacks for security properties and is vulnerable to plenty of attacks (as spoofing, flooding, or replay, to name a few). In this paper, we propose a formal modeling of Modbus protocol using an extension of hierarchical state-machines that is automatically transformed to a Promela model. This model allows us to find counterexamples of security properties by model-checking. In particular, the original contribution of this paper is the formal demonstration of the existence of man-inthe-middle attacks in Modbus-based systems. Our approach also allows to formally evaluate security properties in future extensions of Modbus protocols.
Procedia Computer Science, 2016
Evolutionary computing has demonstrated its effectiveness in supporting the development of robust... more Evolutionary computing has demonstrated its effectiveness in supporting the development of robust and intelligent systems: when used in combination with formal and quantitative models, it becomes a primary tool in critical systems. Among the modern critical infrastructures, smart energy grids are getting a growing interest from many communities (academic, industrial and political) fostering the development of a robust energy distribution infrastructure. Energy grids are also an example of critical cyber physical social systems since their equilibrium can be perturbed not only by cyber and physical attacks but also by economical and social crises as well as changes in the consumption profiles. The paper illustrates a practical framework supporting the run-time evolution of the control logic inside the Smart Meter: the centre of modern Smart Homes. By combining the modeling and analysis capabilities of Fluid Stochastic Petri Nets and the flexibility of Genetic Programming, this approach can be used to adapt the control logic of the Smart Meters to the changes of the structure and functionalities of the Smart Home as well as of the operational environment. While the main objective of the evolution is to guarantee the energetic sustainability of the Smart Home, the fulfilment of the user's requirements about the energetic need of the home allows to preserve the identity of the Smart Meter during its evolution.
Journal of Reliable Intelligent Environments, 2015
Bayesian networks have demonstrated their capability in several applications spanning from reason... more Bayesian networks have demonstrated their capability in several applications spanning from reasoning under uncertainty in artificial intelligence to dependability modelling and analysis. This paper focuses on the use of this language for allocating cloud resources to maximise service dependability. This objective is accomplished by the definition of a model-driven approach able to guide the software engineering to define a cloud infrastructure (applications, services, virtual and concrete resources) using a semi-automated process. This process exploits both high-level languages such as UML as well as Bayesian networks. Using all their features (backward analysis, ease of usage, low analysis time), Bayesian networks are used in this process as a driver for the optimization, learning and estimation phases. The paper discusses all the issues that the application of Bayesian networks in the proposed process arises.
Proceedings of the 2nd International ICST Conference on Performance Evaluation Methodologies and Tools, 2007
The use of multi-formalism techniques is very appealing in modeling complex systems since they al... more The use of multi-formalism techniques is very appealing in modeling complex systems since they allow for building of complex models by integrating or composing sub-models specified by different formalisms. Hence, the most suitable formalism may be used according to the evaluation goals, the level of abstraction of the sub-models and the nature of the subsystems. Each formalism is usually coupled with efficient solution methods, thus multi-solution approaches are needed to solve multi-formalism models whose analysis involves different techniques and tools. In this paper the software architecture of the OsMoSys Multi-solution Framework (OMF) is presented. OMF was born to provide the support needed to allow for loosely coupled cooperation among heterogeneous analysis techniques and tools, and automates the tasks that must be performed to solve complex multiformalism models. OMF does not require that heterogeneous models are translated into a common formalism in order to be solved, nor that the available tools are modified to be integrated in the framework, but it achieves multisolution by orchestration.
Theory and Application of Multi-Formalism Modeling
Critical computer-based systems have an increasing complexity due to the number of components, to... more Critical computer-based systems have an increasing complexity due to the number of components, to their heterogeneity, and to the relationships among them. Such systems must meet strict non-functional requirements and should be able to cope with competitive market needs. The adoption of formal methods is often advocated in order to provide formal proof, but their application does not scale with the growing size of systems. The aim of this chapter is to introduce a modelling and analysis methodology that allows the combination of three proven research trends in formal modelling of large systems: formal model generation (by means of model-driven techniques), multiformalism, and compositional approaches. In this chapter there is also a discussion about enabling techniques. The proposed approach has been applied to the performability modelling and evaluation of flexible manufacturing systems.
Lecture Notes in Computer Science, 2004
In this paper we present the application of a compositional modeling methodology to the re-engine... more In this paper we present the application of a compositional modeling methodology to the re-engineering of Stochastic Well Formed net (SWN) models of a contact center. The modeling methodology is based on the definition of proper operators to connect submodels and it is supported by the OsMoSys modeling framework. The paper describes the implementation of a library of reusable SWN submodels of the contact center components and the definition of proper SWN connectors to easily develop models of different configurations of the system. We also describe the solving process of the composed models and its integration in the OsMoSys framework. Moreover, we discuss the advantages that this approach, based on the definition of classes and instances of submodels, can provide to the application of SWN to complex case studies.
Proceedings of the 6th International Conference on Performance Evaluation Methodologies and Tools, 2012
Non-functional properties evaluation in Service Oriented Architecture (SOA) is still mostly an op... more Non-functional properties evaluation in Service Oriented Architecture (SOA) is still mostly an open challenge. Although this is a problem that has been already partially explored with some success, there is lack of consolidated results for more complex SOA applications based on services composition. This paper presents a contribution to performance evaluation of SOA-based applications integrated by BPEL. The evaluation technique is based on a performance-oriented reinterpretation of the BPEL specification as a performance modeling language within a multiformalism framework. The approach is based on automatic translation of PerfBPEL into Markov chains and it is implemented by means of SIMTHESys modeling and analysis framework to enable the interaction with other performance oriented formalisms.
Physical Security Information Management (PSIM) systems are a recent introduction in the surveill... more Physical Security Information Management (PSIM) systems are a recent introduction in the surveillance of critical infrastructures, like those used for mass-transit. In those systems, different sensors are integrated as separate event detection devices, each of them generating independent alarms. In order to lower the rate of false alarms and provide greater situation awareness for surveillance operators, we have developed a framework-namely DETECTfor correlating information coming from multiple heterogeneous sensors. DETECT uses detection models based on (extended) Event Trees in order to generate higher level warnings when a known threat scenario is being detected. In this paper we extend DETECT by adopting probabilistic models for the evaluation of threat detection trustworthiness on reference scenarios. The approach also allows for a quantitative evaluation of model sensitivity to sensor faults. The results of a case-study in the transit system domain demonstrate the increase of trust one could expect when using scenarios characterized in a probabilistic way for the threat detection instead of single-sensor alarms. Furthermore, we show how a model analysis can serve at design time to support decisions about the type and redundancy of detectors.
Reliability Engineering & System Safety, 120(112-126), Dec 1, 2013
The need for integration of model-based verification into industrial processes has produced sever... more The need for integration of model-based verification into industrial processes has produced several attempts to define Model-Driven solutions implementing a unifying approach to system development. A recent trend is to implement tool chains supporting the developer both in the design phase and V&V activities. In this Model-Driven context, specific domains require proper modelling approaches, especially for what concerns RAM (Reliability, Availability, Maintainability) analysis and fulfillment of international standards. This paper specifically addresses the definition of a Model-Driven approach for the evaluation of RAM attributes in railway applications to automatically generate formal models. To this aim we extend the MARTE-DAM UML profile with concepts related to maintenance aspects and service degradation, and show that the MARTE-DAM framework can be successfully specialized for the railway domain. Model transformations are then defined to generate Repairable Fault Tree and Bayesian Network models from MARTE-DAM specifications. The whole process is applied to the railway domain in two different availability studies.
A large number of safety-critical control systems are based on N-modular redundant architectures,... more A large number of safety-critical control systems are based on N-modular redundant architectures, using majority voters on the outputs of independent computation units. In order to assess the compliance of these architectures with international safety standards, the frequency of hazardous failures must be analyzed by developing and solving proper formal models. Furthermore, the impact of maintenance faults has to be considered, since imperfect maintenance may degrade the safety integrity level of the system. In this paper, we present both a failure model for voting architectures based on Bayesian networks and a maintenance model based on continuous time Markov chains, and we propose to combine them according to a compositional multiformalism modeling approach in order to analyze the impact of imperfect maintenance on the system safety. We also show how the proposed approach promotes the reuse and the interchange of models as well the interchange of solving tools.
Uploads
Papers by Stefano Marrone