Biblio

When a robot breaks a person's trust by making a mistake or failing, continued interaction will depend heavily on how the robot repairs the trust that was broken. Prior work in psychology has demonstrated that both the trust violation framing and the trust repair strategy influence how effectively trust can be restored. We investigate trust repair between a human and a robot in the context of a competitive game, where a robot tries to restore a human's trust after a broken promise, using either a competence or integrity trust violation framing and either an apology or denial trust repair strategy. Results from a 2×2 between-subjects study ( n=82) show that participants interacting with a robot employing the integrity trust violation framing and the denial trust repair strategy are significantly more likely to exhibit behavioral retaliation toward the robot. In the Dyadic Trust Scale survey, an interaction between trust violation framing and trust repair strategy was observed. Our results demonstrate the importance of considering both trust violation framing and trust repair strategy choice when designing robots to repair trust. We also discuss the influence of human-to-robot promises and ethical considerations when framing and repairing trust between a human and robot.

Minimum-Storage Regenerating (MSR) codes have emerged as a viable alternative to Reed-Solomon (RS) codes as they minimize the repair bandwidth while they are still optimal in terms of reliability and storage overhead. Although several MSR constructions exist, so far they have not been practically implemented mainly due to the big number of I/O operations. In this paper, we analyze high-rate MDS codes that are simultaneously optimized in terms of storage, reliability, I/O operations, and repair-bandwidth for single and multiple failures of the systematic nodes. The codes were recently introduced in [1] without any specific name. Due to the resemblance between the hashtag sign \# and the procedure of the code construction, we call them in this paper HashTag Erasure Codes (HTECs). HTECs provide the lowest data-read and data-transfer, and thus the lowest repair time for an arbitrary sub-packetization level α, where α ≤ r⌈k/r⌉, among all existing MDS codes for distributed storage including MSR codes. The repair process is linear and highly parallel. Additionally, we show that HTECs are the first high-rate MDS codes that reduce the repair bandwidth for more than one failure. Practical implementations of HTECs in Hadoop release 3.0.0-alpha2 demonstrate their great potentials.

{1 We present a construction for exact-repair regenerating codes with an information-theoretic secrecy guarantee against an eavesdropper with access to the content of (up to) ℓ nodes. The proposed construction works for the entire range of per-node storage and repair bandwidth for any distributed storage system with parameters (n

Most augmented reality applications connect virtual information to anchors, i.e. physical places or objects, by using spatial overlays or proximity. However, for industrial use cases this is not always feasible because specific parts must remain fully visible in order to meet work or security requirements. In these situations virtual information must be displayed at alternative positions while connections to anchors must still be clearly recognizable. In our previous research we were the first to show that for simple scenes connection lines are most suitable for this. To extend these results to more complex environments, we conducted an experiment on the effects of visual interruptions in connection lines and incorrect occlusion. Completion time and subjective mental effort for search tasks were used as measures. Our findings confirm that also in 3D scenes with partial occlusion connection lines are preferable to connect virtual information with anchors if an assignment via overlay or close proximity is not feasible. The results further imply that neither incorrectly used depth cues nor missing parts of connection lines make a significant difference concerning completion time or subjective mental effort. For designers of industrial augmented reality applications this means that they can choose either visualization based on their needs.

Nowadays, the detection of acoustical emission is widely used for fault diagnosis of gas insulated substations (GIS) in normal operation and factory tests, which is called 'non-conventional' method recommended in the standard IEC TS 62478-2016 and GIGRE D1.33 444. In this paper, to develop a data analyzer for acoustic detection (AD) system to make an assistant diagnosis for technical personnel or equipment operation and maintenance personnel, based on the previous research on the experimental research, pattern identification with phase compensation and the software development, the algorithm model design and its application is given in detail. For the acoustical emission signals (n, ti, qi), the BP artificial neural network optimized by genetic algorithm (GA-BP) is used as a classifier based on the fingerprint consisting of several statistic operators, which are derivate form typical 2D histograms of PRPD with identification with phase compensation (IPC). Experimental results show that the comprehensive algorithm model designed for identification is practical and effective.

In this paper, we consider a stochastic model to evaluate the system availability of an intrusion tolerant system (ITS), where the system undergoes the patch management with a periodic vulnerability checking strategy, i.e., a pull-type patch management. Based on the model, this paper discusses the appropriate timing for patch applying. In particular, the paper models the attack behavior of adversary and the system behaviors under reactive defense strategies by a composite stochastic reward net (SRN). Furthermore, we formulate the interval availability by applying the phase-type (PH) approximation to solve the Markov regenerative process (MRGP) models derived from the SRNs. Numerical experiments are conducted to study the sensitivity of the system availability with respect to the number of checking.

Many modern business models of the manufacturing industry use the possibilities of digitization. In particular, the idea of connecting machines to networks and communication infrastructure is gaining momentum. However, in addition to the considerable economic advantages, this development also brings decisive disadvantages. By connecting previously encapsulated industrial networks with untrustworthy external networks such as the Internet, machines and systems are suddenly exposed to the same threats as conventional IT systems. A key problem today is the typical network paradigm with static routers and switches that cannot meet the dynamic requirements of a modern industrial network. Current security solutions often only threat symptoms instead of tackling the cause. In this paper we will therefore analyze the weaknesses of current networks and security solutions using the example of industrial remote maintenance. We will then present a novel concept of how Software-Defined Networking (SDN) in combination with a policy framework that supports attribute-based access control can be used to meet current and future security requirements in dynamic industrial networks. Furthermore, we will introduce an examplary implementation of this novel security framework for the use case of industrial remote maintenance and evaluate the solution. Our results show that SDN in combination with an Attribute-based Access Control (ABAC) policy framework is perfectly suited to increase flexibility and security of modern industrial networks at the same time.

Large-scale failures in communication networks due to natural disasters or malicious attacks can severely affect critical communications and threaten lives of people in the affected area. In the absence of a proper communication infrastructure, rescue operation becomes extremely difficult. Progressive and timely network recovery is, therefore, a key to minimizing losses and facilitating rescue missions. To this end, we focus on network recovery assuming partial and uncertain knowledge of the failure locations. We proposed a progressive multi-stage recovery approach that uses the incomplete knowledge of failure to find a feasible recovery schedule. Next, we focused on failure recovery of multiple interconnected networks. In particular, we focused on the interaction between a power grid and a communication network. Then, we focused on network monitoring techniques that can be used for diagnosing the performance of individual links for localizing soft failures (e.g. highly congested links) in a communication network. We studied the optimal selection of the monitoring paths to balance identifiability and probing cost. Finally, we addressed, a minimum disruptive routing framework in software defined networks. Extensive experimental and simulation results show that our proposed recovery approaches have a lower disruption cost compared to the state-of-the-art while we can configure our choice of trade-off between the identifiability, execution time, the repair/probing cost, congestion and the demand loss.

The paper describes modification of the ATA (Attack Tree Analysis) technique for assessment of instrumentation and control systems (ICS) dependability (reliability, availability and cyber security) called AvTA (Availability Tree Analysis). The techniques FMEA, FMECA and IMECA applied to carry out preliminary semi-formal and criticality oriented analysis before AvTA based assessment are described. AvTA models combine reliability and cyber security subtrees considering probabilities of ICS recovery in case of hardware (physical) and software (design) failures and attacks on components casing failures. Successful recovery events (SREs) avoid corresponding failures in tree using OR gates if probabilities of SRE for assumed time are more than required. Case for dependability AvTA based assessment (model, availability function and technology of decision-making for choice of component and system parameters) for smart building ICS (Building Automation Systems, BAS) is discussed.

Submarine optical-fiber cables are key components in the conveying of Internet data, and their failures have costly consequences. Currently, there are over a million km of such cables empowering the Internet. To carry the ever-growing Internet traffic, additional 100,000s of km of cables will be needed in the next few years. At an average cost of \$28,000 per km, this entails investments of billions of dollars. In current industry practice, cable paths are planned manually by experts. This paper surveys our recent work on cable path planning algorithms, where we use several methods to plan cable paths taking account of a range of cable risk factors in addition to cable costs. Two methods, namely, the fast marching method (FMM) and the Dijkstra's algorithm are applied here to long-haul cable path design in a new geographical region. A specific example is given to demonstrate the benefit of the FMM-based method in terms of the better path planning solutions over the Dijkstra's algorithm.

The intelligent power communication network is closely connected with the power system, and carries the data transmission and intelligent decision in a series of key services in the power system, which is an important guarantee for the smart power service. The self-healing control (SHC) of the distribution network monitors the data of each device and node in the distribution network in real time, simulates and analyzes the data, and predicts the hidden dangers in the normal operation of the distribution network. Control, control strategies such as correcting recovery and troubleshooting when abnormal or fault conditions occur, reducing human intervention, enabling the distribution network to change from abnormal operating state to normal operating state in time, preventing event expansion and reducing the impact of faults on the grid and users.

The realization principle of zero-time self-healing network communication technology is introduced. According to the characteristics of ship monitoring, an integrated ship monitoring network is designed, which integrates the information of ship monitoring equipment. By setting up a network performance test environment, the information delay of self-healing network switch is tested, and the technical characteristics of "no packet loss" are verified. Zero-time self-healing network communication technology is an innovative technology in the design of ship monitoring network. It will greatly reduce the laying of network cables, reduce the workload of information upgrade and transformation of ships, and has the characteristics of continuous maintenance of the network. It has a wide application prospect.

The autonomic logistic system (ALS), first used by the U.S. military JSF, is a new conceptional system which supports prognostic and health management system of aircrafts, including such as real-time failure monitoring, remaining useful life prediction and maintenance decisions-making. However, the development of ALS faces some challenges. Firstly, current ALS is mainly based on client/server architecture, which is very complex in a large-scale aircraft control center and software is required to be reconfigured for every accessed node, which will increase the cost and decrease the expandability of deployment for large scale aircraft control centers. Secondly, interpretation of telemetry parameters from the aircraft is a tough task considering various real-time flight conditions, including instructions from controllers, work statements of single machines or machine groups, and intrinsic physical meaning of telemetry parameters. It is troublesome to meet the expectation of full representing the relationship between faults and tests without a standard model. Finally, typical diagnostic algorithms based on dependency matrix are inefficient, especially the temporal waste when dealing with thousands of test points and fault modes, for the reason that the time complexity will increase exponentially as dependency matrix expansion. Under this situation, this paper proposed a distributed ALS under complex operating conditions, which has the following contributions 1) introducing a distributed system based on browser/server architecture, which is divided overall system into primary control system and diagnostic and health assessment platform; 2) designing a novel interface for modelling the interpretation rules of telemetry parameters and the relationship between faults and tests in consideration of multiple elements of aircraft conditions; 3) proposing a promoted diagnostic algorithm under parallel computing in order to decrease the computing time complexity. what's more, this paper develops a construction with 3D viewer of aircraft for user to locate fault points and presents repairment instructions for maintenance personnels based on Interactive Electronic Technical Manual, which supports both online and offline. A practice in a certain aircraft demonstrated the efficiency of improved diagnostic algorithm and proposed ALS.

A significant number of the generation, transmission and distribution facilities in the North America were designed and configured for serving electric loads and economic activities under certain reliability and resiliency requirements over 30 years ago. With the changing generation mix, the electric grid is tasked to deliver electricity made by fuel uncertain and energy limited resources. How adequate are the existing facilities to meet the industry expectations on reliability? What level of grid resiliency should be designed and built to sustain reliable electric services given the increasing exposure to frequent and lasting severe weather conditions? There is a need to review the modeling assumptions, operating and maintenance records before we can answer these questions.

As an information hinge of various trades and professions in the era of big data, cloud data center bears the responsibility to provide uninterrupted service. To cope with the impact of failure and interruption during the operation on the Quality of Service (QoS), it is important to guarantee the resilience of cloud data center. Thus, different resilience actions are conducted in its life circle, that is, resilience strategy. In order to measure the effect of resilience strategy on the system resilience, this paper propose a new approach to model and evaluate the resilience strategy for cloud data center focusing on its core part of service providing-IT architecture. A comprehensive resilience metric based on resilience loss is put forward considering the characteristic of cloud data center. Furthermore, mapping model between system resilience and resilience strategy is built up. Then, based on a hierarchical colored generalized stochastic petri net (HCGSPN) model depicting the procedure of the system processing the service requests, simulation is conducted to evaluate the resilience strategy through the metric calculation. With a case study of a company's cloud data center, the applicability and correctness of the approach is demonstrated.

Role-Based Access Control (RBAC) is often used in web applications to restrict operations and protect security sensitive information and resources. Web applications regularly undergo maintenance and evolution and their security may be affected by source code changes between releases. To prevent security regression and vulnerabilities, developers have to take re-validation actions before deploying new releases. This may become a significant undertaking, especially when quick and repeated releases are sought. We define protection-impacting changes as those changed statements during evolution that alter privilege protection of some code. We propose an automated method that identifies protection-impacting changes within all changed statements between two versions. The proposed approach compares statically computed security protection models and repository information corresponding to different releases of a system to identify protection-impacting changes. Results of experiments present the occurrence of protection-impacting changes over 210 release pairs of WordPress, a PHP content management web application. First, we show that only 41% of the release pairs present protection-impacting changes. Second, for these affected release pairs, protection-impacting changes can be identified and represent a median of 47.00 lines of code, that is 27.41% of the total changed lines of code. Over all investigated releases in WordPress, protection-impacting changes amounted to 10.89% of changed lines of code. Conversely, an average of about 89% of changed source code have no impact on RBAC security and thus need no re-validation nor investigation. The proposed method reduces the amount of candidate causes of protection changes that developers need to investigate. This information could help developers re-validate application security, identify causes of negative security changes, and perform repairs in a more effective way.

Large scale services have automated hardware remediation to maintain the infrastructure availability at a healthy level. In this paper, we share the current remediation flow at Facebook, and how it is being monitored. We discuss a class of hardware issues that are transient and typically have higher rates during heavy load. We describe how our remediation system was enhanced to be efficient in detecting this class of issues. As hardware and systems change in response to the advancement in technology and scale, we have also utilized machine learning frameworks for hardware remediation to handle the introduction of new hardware failure modes. We present an ML methodology that uses a set of predictive thresholds to monitor remediation efficiency over time. We also deploy a recommendation system based on natural language processing, which is used to recommend repair actions for efficient diagnosis and repair. We also describe current areas of research that will enable us to improve hardware availability further.

Whatever one public cloud, private cloud or a mixed cloud, the users lack of effective security quantifiable evaluation methods to grasp the security situation of its own information infrastructure on the whole. This paper provides a quantifiable security evaluation system for different clouds that can be accessed by consistent API. The evaluation system includes security scanning engine, security recovery engine, security quantifiable evaluation model, visual display module and etc. The security evaluation model composes of a set of evaluation elements corresponding different fields, such as computing, storage, network, maintenance, application security and etc. Each element is assigned a three tuple on vulnerabilities, score and repair method. The system adopts ``One vote vetoed'' mechanism for one field to count its score and adds up the summary as the total score, and to create one security view. We implement the quantifiable evaluation for different cloud users based on our G-Cloud platform. It shows the dynamic security scanning score for one or multiple clouds with visual graphs and guided users to modify configuration, improve operation and repair vulnerabilities, so as to improve the security of their cloud resources.

The performance evaluation of distribution network operators is essential for the electrical utilities to know how prepared the operators are to execute their operation standards and rules, searching for minimizing the time of power outage, after some contingency. The performance of operators can be evaluated by the impact of their actions on several technical and economic indicators of the distribution system. This issue is a complex problem, whose solution involves necessarily some expertise and a multi-criteria evaluation. This paper presents a Tutorial Expert System (TES) for performance evaluation of electrical distribution network operators after a given contingency in the electrical network. The proposed TES guides the evaluation process, taking into account technical, economic and personal criteria, aiding the quantification of these criteria. A case study based on real data demonstrates the applicability of the performance evaluation procedure of distribution network operators.

Wireless Sensor Networks (WSN) are widely used to monitor and control physical environments. An efficient energy management system is needed to be able to deploy these networks in lossy environments while maintaining reliable communication. The IPv6 Routing Protocol for Low-Power and Lossy networks is a routing protocol designed to properly manage energy without compromising reliability. This protocol has currently been implemented in Contiki OS, TinyOS, and OMNeT++ Castalia. But these applications also simulate all operation mechanics of a specified hardware model instead of just simulating the protocol only, thus adding unnecessary overhead and slowing down simulations on RPL. In light of this, we have implemented a working ns-3 implementation of RPL with support for multiple RPL instances with the use of a global repair mechanism. The behavior and output of our simulator was compared to Cooja for verification, and the results are similar with a minor difference in rank computation.

Information security policies are not easy to create unless organizations explicitly recognize the various steps required in the development process of an information security policy, especially in institutions of higher education that use enormous amounts of IT. An improper development process or a copied security policy content from another organization might also fail to execute an effective job. The execution could be aimed at addressing an issue such as the non-compliance to applicable rules and regulations even if the replicated policy is properly developed, referenced, cited in laws or regulations and interpreted correctly. A generic framework was proposed to improve and establish the development process of security policies in institutions of higher education. The content analysis and cross-case analysis methods were used in this study in order to gain a thorough understanding of the information security policy development process in institutions of higher education.

Establishing trust relationships between routing nodes represents a vital security requirement to establish reliable routing processes that exclude infected or selfish nodes. In this paper, we propose a new security scheme for the Internet of things and mainly for the RPL (Routing Protocol for Low-power and Lossy Networks) called: Metric-based RPL Trustworthiness Scheme (MRTS). The primary aim is to enhance RPL security and deal with the trust inference problem. MRTS addresses trust issue during the construction and maintenance of routing paths from each node to the BR (Border Router). To handle this issue, we extend DIO (DODAG Information Object) message by introducing a new trust-based metric ERNT (Extended RPL Node Trustworthiness) and a new Objective Function TOF (Trust Objective Function). In fact, ERNT represents the trust values for each node within the network, and TOF demonstrates how ERNT is mapped to path cost. In MRTS all nodes collaborate to calculate ERNT by taking into account nodes' behavior including selfishness, energy, and honesty components. We implemented our scheme by extending the distributed Bellman-Ford algorithm. Evaluation results demonstrated that the new scheme improves the security of RPL.

Vulnerability analysis is important procedure for a cyber security evaluation process. There are two types of vulnerability analysis, which is an interview for the facility manager and a vulnerability scanning with a software tool. It is difficult to use the vulnerability scanning tool on an operating nuclear plant control system because of the possibility of giving adverse effects to the system. The purpose of this paper is to suggest a method of cyber security vulnerability test using the DPPS and PMAS test-bed. Based on functions of the test-bed, possible threats and vulnerabilities in terms of cyber security were analyzed. Attack trees and test scenarios could be established with the consideration of attack vectors. It is expected that this method can be helpful to implement adequate security controls and verify whether the security controls make adverse impact to the inherent functions of the systems.

Internet Protocol version 6 (IPv6) over Low power Wireless Personal Area Networks (6LoWPAN) is extensively used in wireless sensor networks (WSNs) due to its ability to transmit IPv6 packet with low bandwidth and limited resources. 6LoWPAN has several operations in each layer. Most existing security challenges are focused on the network layer, which is represented by its routing protocol for low-power and lossy network (RPL). RPL components include WSN nodes that have constrained resources. Therefore, the exposure of RPL to various attacks may lead to network damage. A sinkhole attack is a routing attack that could affect the network topology. This paper aims to investigate the existing detection mechanisms used in detecting sinkhole attack on RPL-based networks. This work categorizes and presents each mechanism according to certain aspects. Then, their advantages and drawbacks with regard to resource consumption and false positive rate are discussed and compared.

In the multi-robot applications, the maintained and desired network may be destroyed by failed robots. The existing self-healing algorithms only handle with the case of single robot failure, however, multiple robot failures may cause several challenges, such as disconnected network and conflicts among repair paths. This paper presents a distributed self-healing algorithm based on 2-hop neighbor infomation to resolve the problems caused by multiple robot failures. Simulations and experiment show that the proposed algorithm manages to restore connectivity of the mobile robot network and improves the synchronization of the network globally, which validate the effectiveness of the proposed algorithm in resolving multiple robot failures.