William McKeever

A Cyber Physical Systems Perspective on the Real-time and Reliable Dissemination of Information in Intelligent Transportation Systems

Timely and reliable dissemination of traffic-related information to drivers is a key property that intelligent transportation systems (ITS) should support. Numerous impediments stemming due to (a) physical factors, such as mobility and speed of vehicles, density of vehicles, characteristics of the wireless radio channel, and power and bit rate of radio transceivers, and (b) cyber issues, such as MAC layer access point associations and address resolutions (ARP), network layer addressing, routing and handoffs, and transport layer retransmissions lead to unpredictability in the timely and reliable dissemination of information to drivers. This paper presents compelling arguments in favor of new research directions in this area that are based on a cyber-physical systems (CPS) perspective. In particular, this paper makes three contributions. First, it considers a vehicle-centric perspective to survey and study the physics-and cyber-imposed impediments to the timely and reliable dissemination of information. Second, it presents a promising CPS solution to overcome a subset of the impediments discovered. Third, it outlines lessons learned indicating the need for more focused research and realistic testbeds. The evaluations

Threat modeling for security assessment in cyberphysical systems

In this paper, threat modeling issues in cyberphysical systems are discussed. First a generic model of a cyberphysical system is outlined, with an attack surface suitable for security analysis. Then, a case study of network communication in a road vehicle is presented, with its behavior modeled by a discrete time Markov chain, under the assumption that security violations can cause gradual degradation of functionality. Finally, two ways of numerical assessment of vulnerabilities are analyzed, to help better estimate probabilities of state changes in a Markov model.

Can we measure security and how

In this paper, basic issues of measuring security as a system property are discussed. While traditional approaches to computer security metrics deal mostly with security at the enterprise or organizational level, fewer authors address security measurement at the operational level, that is, when the system is running. After reviewing some basic issues in security assessment, three possible ways of addressing the security measurement are outlined: theoretical, experimental and computational. The computational path in measuring security is pursued in more detail.

Simulating Effects Based Operations

Effects based operations (EBO) are proving to be a vital part of current concepts of operations in military missions and consequently need to be an integral part of current generation wargames. EBO is an approach to planning, executing and assessing military operations that focuses on obtaining a desired strategic outcome or “effect” on the adversary instead of merely attacking targets or simply dealing with objectives. Alternatively, the emphasis of conventional wargames is focused on attrition based modeling and is incapable of assessing effects and their contribution to the overall mission objectives. The focus of this paper is the integration of an EBO modeling scheme [1] within a force-on-force simulator. In this paper, the authors review the EBO modeling capability and describe its’ integration within the wargame; including the integration of center of gravity (COG) models, the realization of indirect and cascading effects, the impact of the COG models on simulation control files, and the use of COG models to link the simulation commander with assets. A simple scenario demonstrating indirect and cascading effects is described and the results are presented.

An approach to effects-based modeling for wargaming

Effects-based operations (EBO) are proving to be a vital part of current concepts of operations in military missions and consequently need to be an integral part of current generation wargames. EBO focuses on the producing effects from military activities, as opposed to the direct result of attacking targets. Alternatively, the emphasis of conventional wargames is focused on attrition-based modeling and is incapable of assessing effects and their contribution to the overall mission objectives. For wargames to be effective, they must allow users to evaluate multiple ways to accomplish the same goal with a combination of direct, indirect and cascading events (actions). The focus of this paper is to describe the development of a methodology for the implementation of EBO concepts into modern wargames. The design approach was to develop a generic methodology and demonstrate how simulation objects can incorporate EBO capabilities. The authors will illustrate the application of the methodology utilizing an EBO scenario example, which was developed to test the system.

SPRUCE: A web portal for the collaborative engineering of Software Intensive Systems Producibility challenge problems and solutions

Lack of widely available, well defined, DoD specific, software producibility challenge problems that drive engineering research has been a significant factor contributing to the problems with developing large, software-intensive systems for the DoD within schedule and budget. Our experience indicates that well articulated and bounded problems can spark scientific and engineering innovation in software producibility and help to bridge the gap between technology users and technology providers. This paper describes the Systems and Software Producibility Collaboration and Experimentation Environment (SPRUCE), which is an open web portal to bring together DoD software developers, users, and software engineering researchers by collaborating on specifying and solving software producibility challenge problems. We describe SPRUCEs concept of operations designed to capture challenge problems and to motivate a community to pursue solutions. We describe SPRUCEs key features, including self-organizing communities of interest (CoI), dynamically evolving challenge problems with accompanying artifacts, and built-in experimentation facilities to reproduce the problems and evaluate solution benchmarks. Finally, we demonstrate early experiences and results with representative CoIs and challenge problems.

Modeling Resiliency and Its Essential Components for Cyberphysical Systems

This paper presents an initial approach related to modeling resiliency for cyberphysical systems. It discusses the concept and definitions of resiliency and outlines the process of building a model of resiliency. Through analogies with feedback control and fault tolerance, the Design for Resilience is addressed, where the design of the controller component of a cyberphysical system needs to account for potential safety hazards and security threats, with awareness of its internal faults and vulnerabilities. This model is validated against other approaches to modeling resilience described in the literature, followed by a discussion of the resilience metrics. The paper concludes with presenting the strategy of modeling resiliency, based on the assumption that one cannot guarantee absolute protection against attacks, or failures, but can aim at providing successful recovery after disruptions. With safety and security as essential resiliency components, an extended model is proposed involving an attacker, suggesting appropriate performance metric reflecting the distance between the normal state and the degraded state. A model-based environment Mobius, from the University of Illinois, is considered in helping to evaluate resiliency under various operational scenarios.

Designing Trustworthy Software Systems Using the NFR Approach

Trustworthy systems are essential for critical operations—they ensure that reliability, usability, interoperability, and security are built into the systems, and that the systems deliver when they are most needed. There are environments where trustworthiness is an essential property in military, government, and civil domains. Examples include missile deployment control systems, the tax submission system of the federal government, and nuclear safety control systems. However, not many methods exist for the systematic engineering of trustworthy software systems. In this chapter we describe the application of the NFR Approach for designing a trustworthy software system. The NFR Approach, where NFR stands for “non-functional requirement,” treats trustworthiness as a goal to be achieved during the process of software development. The NFR Approach uses a structure called the Softgoal Interdependency Graph to capture the trustworthiness definition, depict architectural elements as softgoals, and rationalize the extent of trustworthiness in the design. Advantages of this approach include the ability to nurture consensus among multiple definitions of trustworthiness, capture design rationale, evaluate qualitatively the extent of trustworthiness achieved, and maintain historical records of design decisions. We apply the NFR Approach to design a trustworthy Phoenix system, which is a message-oriented middleware system used by the US Air Force.

Recovering software design from interviews using the NFR approach: an experience report

In the US Air Force there exist several systems for which design documentation does not exist. Chief reasons for this lack of system documentation include software having been developed several decades ago, natural evolution of software, and software existing mostly in its binary versions. However, the systems are still being used and the US Air Force would like to know the actual designs for the systems so that they may be reengineered for future requirements. Any knowledge of such systems lies mostly with its users and managers. A project was commissioned to recover designs for such systems based on knowledge of systems obtained from stakeholders by interviewing them. In this paper we describe our application of the NFR Approach, where NFR stands for Nonfunctional Requirements, to recover software design of a middleware system used by the Air Force called the Phoenix system. In our project we interviewed stakeholders of the Phoenix system, applied the NFR Approach to recover design artifacts, and validated the artifacts with the design engineers of the Phoenix system. Our study indicated that there was a high correlation between the recovered design and the actual design of the Phoenix system.