Tommaso Zoppi

Towards a collaborative framework to improve urban grid resilience

Two trends will help to ensure resilient electricity supply in Smart Cities: a) the ongoing deployment of Smart Grid technology and b) the adoption of distributed energy resources. Unfortunately, the increased reliance on ICT in the Smart Grid will expose new threats that could result in incidents that might affect urban electricity distribution networks by causing power outages. Diverse specialists will need to cooperate to address these threats. This position paper outlines a methodology for establishing a collaborative framework that supports the definition of response strategies to threats. We consider the ongoing evolution of the electricity grids and the threats emerging while the grid evolves. After outlining possible scenarios of urban grid development, we highlight several threats and the strategies of attackers. Finally, we introduce a framework that aims to foster the collaboration of stakeholders involved in city resilience planning taking into account grid vulnerability and criticality from a citys perspective.

On the impact of emergent properties on SoS security

Cyber security is becoming more and more relevant with the advent of System of Systems (SoSs). The latter are large scale systems made of independent and autonomous Constituent Systems which interoperate to achieve higher level goals also with the intervention of humans. Providing security in a cyber-physical SoS means, among other features, forecasting and anticipating evolving SoS functionalities and consequently detecting emerging phenomena resulting from the interactions among entailed Constituent Systems. This paper clarifies the relations occurring among SoS evolution, emergence phenomena and security requirements. We show how to enact an evolution step by means of changing SoS functionalities and how to perform the threat analysis consequently. An illustrative scenario in the Smart City domain shows how to dynamically generate security guarantees according to the evolving SoS thus supporting the enactment of mitigation strategies from SoS administrators.

A Multi-layer Anomaly Detector for Dynamic Service-Based Systems

Revealing anomalies to support error detection in complex systems is a promising approach when traditional detection mechanisms e.g., based on event logs, probes and heartbeats are considered inadequate or not applicable. The detection capability of such complex system can be enhanced observing different layers to achieve richer information that describes the system status. Relying on an algorithm for statistical anomaly detection, in this paper we present the definition and implementation of an anomaly detector able to monitor data acquired from multiple layers, namely the Operating system and the Application Server, of a remote physical or virtual node. As case study, such monitoring system is applied to a node of the Secure! crisis management service-based system. Results show the monitor performance, the intrusiveness of the probes, and ultimately the improved detection capability achieved observing data from the different layers.

A Testbed for Evaluating Anomaly Detection Monitors through Fault Injection

Amongst the features of Service Oriented Architectures (SOAs), their flexibility, dynamicity, and scalability make them particularly attractive for adoption in the ICT infrastructure of organizations. Such features come at the cost of improved difficulty in monitoring the SOA for error detection: i) faults may manifest themselves differently due to services and SOA evolution, and ii) interactions between a service and its monitors may need reconfiguration at each service update. This calls for monitoring solutions that operate at different layers than the application layer (services layer). In this paper we present our ongoing work towards the definition of a monitoring framework for SOAs and services, which relies on anomaly detection performed at the Application Server (AS) and the Operating System (OS) layers to identify events whose manifestation or effect is not adequately described a-priori. Specifically the paper introduces the key concepts of our work and presents the case study built to exercise and set-up our monitor. The case study uses Life ray as application layer and it includes fault injection and data collection instruments to perform extended testing campaigns.

Presenting the Proper Data to the Crisis Management Operator: A Relevance Labelling Strategy

The large availability of smart portable devices and the growing interest in developing Internet of Things (IoT) oriented software components make several heterogeneous data available for analysis purposes. In the context of Crisis Management Systems, this means that people owning mobile devices when involved in natural disasters or terroristic attacks may be considered information sources as the classical ones, e.g., sensors or surveillance cameras. Including the information from the citizens in the situational analysis processes comes with two main issues that need to be addressed: i) the source could deliver wrong data (voluntarily or by mistake) that damage the integrity and the correctness of the analysis, and ii) a significant amount of heterogeneous data need to be selected, filtered and aggregated, to provide to the operator a real-time snapshot of the situation depicted using only credible and relevant information. In this paper, we define and implement a relevance labeling strategy able to process information coming from heterogeneous sources aimed at crisis situations and to provide to the human operator all the details he needs. We include provisions for detecting and removing redundancies and misleading data that can slow down or compromise the process and the a-posteriori analysis. The filtering strategy is last applied to events collected for the Secure! crisis management service-based system, showing its application to three scenarios related to real crisis situations happened in the last year.

Context-Awareness to Improve Anomaly Detection in Dynamic Service Oriented Architectures

Revealing anomalies to support error detection in software-intensive systems is a promising approach when traditional detection mechanisms are considered inadequate or not applicable. The core of anomaly detection lies in the definition of the expected behavior of the observed system. Unfortunately, the behavior of complex and dynamic systems is particularly difficult to understand. To improve the accuracy of anomaly detection in such systems, in this paper we present a context-aware anomaly detection framework which acquires information on the running services to calibrate the anomaly detection. To cope with system dynamicity, our framework avoids instrumenting probes into the application layer of the observed system monitoring multiple underlying layers instead. Experimental evaluation shows that the detection accuracy is increased considerably through context-awareness and multiple layers monitoring. Results are compared to state-of-the-art anomaly detectors exercised in demanding more static contexts.

Labelling relevant events to support the crisis management operator

Thanks to the large availability of portable devices and the growing interest in the Internet of Things, during crises, social networks, or alerts sent through mobile devices or sensor networks are available and can be matched each other to perform situational analysis. However, the inclusion of multiple heterogeneous sources in situational analyses leads to 2 main issues: (1) a source could deliver (voluntarily or erroneously) wrong data damaging the integrity and the correctness of the analysis, and (2) a significant amount of heterogeneous data need to be processed. As a consequence, the crisis management operator faces a large amount of potentially unreliable data. In this paper, we present a relevance labelling strategy to process information gathered from heterogeneous data streams to select the most relevant events. These are presented to the crisis management operator with the highest priority. Our strategy is evaluated using events collected by the Secure! crisis management system, considering 3 real crisis scenarios happened in Italy in 2015. Results show that our strategy is able to correctly identify sets of relevant events, supporting the activities of the crisis management operator.

A Tool for Evolutionary Threat Analysis of Smart Grids

Cyber-security is becoming more and more relevant with the advent of large-scale systems made of independent and autonomous constituent systems that interoperate to achieve complex goals. Providing security in such cyber-physical systems means, among other features, identifying threats generated by novel detrimental behaviors. This paper presents a tool based on a methodology that is intended to support city evolution and energy planning with a focus on threats due to novel and existing interconnections among different components. More in detail, we report a tool demonstration which shows the application of a tool devised to (i) deal with security threats arising due to evolutions in a Smart City - intended as a complex cyber-physical system -, and (ii) consequently perform threat analysis.

A modeling framework to support resilient evolution planning of smart grids

Cyber security is becoming more and more relevant with the advent of large-scale systems made of independent and autonomous constituent systems that interoperate to achieve complex goals. To ensure security of cyber-physical systems, it is important to analyze identified threats and their possible consequences. In case of smart grids as an example of a complex system, threats can result in power outages that damage the continuous supply of energy that is required from critical infrastructures. Therefore, city planners must take into account security requirements when organizing the power grid, including demand-side management techniques able to mitigate the adverse effects of outages, ultimately improving grid resilience. This paper presents a modeling framework developed within the IRENE project that brings together methodologies, policies and a toolset to evaluate and measure the resilience of the targeted smart grid. This will support stakeholders and city planners in their activities, specifically the resilient evolution planning of Smart Grids.

Threat Analysis in Systems-of-Systems: An Emergence-Oriented Approach

Cyber-physical Systems of Systems (SoSs) are large-scale systems made of independent and autonomous cyber-physical Constituent Systems (CSs) which may interoperate to achieve high-level goals also with the intervention of humans. Providing security in such SoSs means, among other features, forecasting and anticipating evolving SoS functionalities, ultimately identifying possible detrimental phenomena that may result from the interactions of CSs and humans. Such phenomena, usually called emergent phenomena, are often complex and difficult to capture: the first appearance of an emergent phenomenon in a cyber-physical SoS is often a surprise to the observers. Adequate support to understand emergent phenomena will assist in reducing both the likelihood of design or operational flaws, and the time needed to analyze the relations amongst the CSs, which always has a key economic significance. This article presents a threat analysis methodology and a supporting tool aimed at (i) identifying (emerging) threats in evolving SoSs, (ii) reducing the cognitive load required to understand an SoS and the relations among CSs, and (iii) facilitating SoS risk management by proposing mitigation strategies for SoS administrators. The proposed methodology, as well as the tool, is empirically validated on Smart Grid case studies by submitting questionnaires to a user base composed of 3 stakeholders and 18 BSc and MSc students.