Andrea Ceccarelli

A New Approach and a Related Tool for Dependability Measurements on Distributed Systems

In recent years, experts in the field of dependability are recognizing experimental measurements as an attractive option for assessing distributed systems; contrary to simulation, measurement allows monitoring the real execution of a system in its real usage environment. However, the results of a recent survey have highlighted that the way measurements are carried out and measurement results are expressed is far from being in line with the approach commonly adopted by metrology. The scope of this paper is twofold. The first goal is to extend the discussion on the increasing role that measurements play in dependability and on the importance of cross-fertilization between the dependability and the instrumentation and measurement communities. The second objective is to present a different approach to dependability measurements, in line with the common practices in metrology. With regard to this, the paper presents a tool for dependability measurements in distributed systems that allows evaluating the uncertainty of measurement results. The tool is an enhancement of NekoStat, which is a powerful highly portable Java framework that allows analyzing distributed systems and algorithms. Together with the description of the tool and its innovative features, two experimental case studies are presented.

Foundations of Measurement Theory Applied to the Evaluation of Dependability Attributes

Increasing interest is being paid to quantitative evaluation based on measurements of dependability attributes and metrics of computer systems and infrastructures. Despite measurands are generally sensibly identified, different approaches make it difficult to compare different results. Moreover, measurement tools are seldom recognized for what they are: measuring instruments. In this paper, many measurement tools, present in the literature, are critically evaluated at the light of metrology concepts and rules. With no claim of being exhaustive, the paper (i) investigates if and how deeply such tools have been validated in accordance to measurement theory, and (ii) tries to evaluate (if possible) their measurement properties. The intention is to take advantage of knowledge available in a recognized discipline such as metrology and to propose criteria and indicators taken from such discipline to improve the quality of measurements performed in evaluation of dependability attributes.

Safe estimation of time uncertainty of local clocks

The Reliable and Self-Aware Clock (R&SAClock) is a new software clock aimed at providing resilient time information. It uses and exploits the information collected from any chosen clock synchronization mechanism to provide both the current time and the synchronization uncertainty, intended as a conservative and self-adaptive estimation of the distance from an external global time. This paper describes an algorithm that uses statistical analysis to compute the synchronization uncertainty with a given coverage. Simulations are presented that show the behavior of the algorithm and its effectiveness.

Assuring Resilient Time Synchronization

In many distributed and pervasive systems the clocks of nodes are required to be synchronized to a unique global time. Due to unpredictable system and environment characteristics, the distance of a local clock from global time is a variable factor very hard to predict. Systems usually adopt measures to guarantee an upper bound on such distance from global time that are very often quite far from typical execution scenarios and thus are of practical little use. As a consequence, while in many circumstances reliable information on the actual distance from global time would improve system behaviour, unfortunately such information is usually not available. In this paper we propose the Reliable and Self-Aware Clock (R&SAClock), a low-intrusive software service that is able to compute a conservative estimation of distance from an external global time. R&SAClock acts as a new clock that couples information gained from synchronization mechanisms with information collected from the local clock to provide both current time and a self-adaptive reliable estimation of distance from global time. This paper describes the R&SAClock as a system component: we define its main functions, services and time-related mechanisms. Finally details of an implementation of the R&SAClock for the NTP synchronization mechanism and Linux OS are shown.

Continuous and Transparent User Identity Verification for Secure Internet Services

Session management in distributed Internet services is traditionally based on username and password, explicit logouts and mechanisms of user session expiration using classic timeouts. Emerging biometric solutions allow substituting username and password with biometric data during session establishment, but in such an approach still a single verification is deemed sufficient, and the identity of a user is considered immutable during the entire session. Additionally, the length of the session timeout may impact on the usability of the service and consequent client satisfaction. This paper explores promising alternatives offered by applying biometrics in the management of sessions. A secure protocol is defined for perpetual authentication through continuous user verification. The protocol determines adaptive timeouts based on the quality, frequency and type of biometric data transparently acquired from the user. The functional behavior of the protocol is illustrated through Matlab simulations, while model-based quantitative analysis is carried out to assess the ability of the protocol to contrast security attacks exercised by different kinds of attackers. Finally, the current prototype for PCs and Android smartphones is discussed.

Towards a collaborative framework to improve urban grid resilience

Two trends will help to ensure resilient electricity supply in Smart Cities: a) the ongoing deployment of Smart Grid technology and b) the adoption of distributed energy resources. Unfortunately, the increased reliance on ICT in the Smart Grid will expose new threats that could result in incidents that might affect urban electricity distribution networks by causing power outages. Diverse specialists will need to cooperate to address these threats. This position paper outlines a methodology for establishing a collaborative framework that supports the definition of response strategies to threats. We consider the ongoing evolution of the electricity grids and the threats emerging while the grid evolves. After outlining possible scenarios of urban grid development, we highlight several threats and the strategies of attackers. Finally, we introduce a framework that aims to foster the collaboration of stakeholders involved in city resilience planning taking into account grid vulnerability and criticality from a citys perspective.

Design and Implementation of Real-Time Wearable Devices for a Safety-Critical Track Warning System

Trackside railway workers can benefit of intelligent systems for automatic track warning, that are able to safely (i) detect trains or rolling stock approaching the worksite, and (ii) notify their arrival to the workers. The usage of wearable mobile devices to monitor workers positions and notify trains arrivals requires to face serious challenges mainly in terms of service timeliness, safety, security and ergonomics (this last one to define notification signals to the workers that are always perceivable). This paper presents the design and the prototype of the Mobile Terminal (MT), a wearable, real time, wireless, safety-critical device which exploits information received from track monitoring devices to inform a worker about trains or rolling stock approaching the worksite. The MT design concept is based on a hybrid architecture to favor the apportionment of different requirements, in terms of timing and security, to the different parts of the MT. Additionally, the MT includes novel solutions to interface with the worker, to realize an accurate localization service and to achieve safety-critical real-time communication.

Insider Threat Assessment: a Model-Based Methodology

Security is a major challenge for todays companies, especially ICT ones which manage large scale cyber-critical systems. Amongst the multitude of attacks and threats to which a system is potentially exposed, there are insider attackers i.e., users with legitimate access which abuse or misuse of their power, thus leading to unexpected security violation (e.g., acquire and disseminate sensitive information). These attacks are very difficult to detect and mitigate due to the nature of the attackers, which often are companys employees motivated by socio-economical reasons, and to the fact that attackers operate within their granted restrictions. It is a consequence that insider attackers constitute an actual threat for ICT organizations. In this paper we present our methodology, together with the application of existing supporting libraries and tools from the state-of-the-art, for insider threats assessment and mitigation. The ultimate objective is to define the motivations and the target of an insider, investigate the likeliness and severity of potential violations, and finally identify appropriate countermeasures. The methodology also includes a maintenance phase during which the assessment can be updated to reflect system changes. As case study, we apply our methodology to the crisis management system Secure!, which includes different kinds of users and consequently is potentially exposed to a large set of insider threats.

A Testing Service for Lifelong Validation of Dynamic SOA

Service Oriented Architectures (SOAs) are increasingly being used to support the information infrastructures of organizations. SOAs are dynamic and evolve after deployment in order to adapt to changes in the requirements and infrastructure. Consequently, traditional validation approaches based on offline testing conducted before deployment are not adequate anymore, demanding for new techniques that allow testing the SOA during its whole lifecycle. In this paper we propose a SOA testing approach based on a composite service that is able to trace SOA evolution and automatically test the various services according to specific testing policies. The paper describes the architecture of the testing service and presents a concrete implementation focused on robustness testing. Results from a case study demonstrate the effectiveness of the proposed approach in discovering and testing the robustness of SOA services.

Experimental Validation of a Synchronization Uncertainty-Aware Software Clock

A software clock capable of self-evaluating its synchronization uncertainty is experimentally validated for a specific implementation on a node synchronized through NTP. The validation methodology takes advantage of an external node equipped with a GPS-synchronized clock acting as a reference, which is connected to the node hosting the system under test through a fast Ethernet connection. Experiments are carried out for different values of the software clock parameters and different types of workload, and address the possible occurrence of faults in the system under test and in the NTP synchronization mechanism. The validation methodology is designed to be as less intrusive as possible and to grant a resolution of the order of few hundreds of microseconds. The experimental results show very good performance of R&SAClock, and their analysis gives precious hints for further improvements.