Biblio

We study the use of Multiform Logical Time, as embodied in Esterel/SyncCharts and Clock Constraint Specification Language (CCSL), for the specification of assume-guarantee constraints providing safe driving rules related to time and space, in the context of Automated Driving Assistance Systems (ADAS). The main novelty lies in the use of logical clocks to represent the epochs of specific area encounters (when particular area trajectories just start overlapping for instance), thereby combining time and space constraints by CCSL to build safe driving rules specification. We propose the safe specification pattern at high-level that provide the required expressiveness for safe driving rules specification. In the pattern, multiform logical time provides the power of parameterization to express safe driving rules, before instantiation in further simulation contexts. We present an efficient way to irregularly update the constraints in the specification due to the context changes, where elements (other cars, road sections, traffic signs) may dynamically enter and exit the scene. In this way, we add constraints for the new elements and remove the constraints related to the disappearing elements rather than rebuild everything. The multi-lane highway scenario is used to illustrate how to irregularly and efficiently update the constraints in the specification while receiving a fresh scene.

Recent advancements in the field of in-vehicle network and wireless communication, has been steadily progressing. Also, the advent of technologies such as Vehicular Adhoc Networks (VANET) and Intelligent Transportation System (ITS), has transformed modern automobiles into a sophisticated cyber-physical system rather than just a isolated mechanical device. Modern automobiles rely on many electronic control units communicating over the Controller Area Network (CAN) bus. Although protecting the car's external interfaces is an vital part of preventing attacks, detecting malicious activity on the CAN bus is an effective second line of defense against attacks. This paper proposes a hybrid anomaly detection system for CAN bus based on patterns of recurring messages and time interval of messages. The proposed method does not require modifications in CAN bus. The proposed system is evaluated on real CAN bus traffic with simulated attack scenarios. Results obtained show that our proposed system achieved a good detection rate with fast response times.

This research paper presented a design that will address the challenges brought by remanence in ground-fault current interrupter devices (gfci). Remanence or residual magnetism is the magnetization left behind in a ferromagnetic material (such as iron) after an external magnetic field is removed. Remanence will make the gfci devices less accurate and less reliable in tripping the current above threshold in just five (5) years. It affects the performance of the device in terms of efficiency, accuracy, and response time. In this research, the problems caused by remanence were alleviated by using two identical transformers in detecting residual current both for hot and neutral wires. The difference of the current detected by the two transformers will be the basis of the signal threshold in tripping the device. By doing so, the problems caused by remanence phenomenon will be solved without compromising the response time of the circuit which is around 16 mS. The design will extend the life span of GFCI devices up to 15 years.

In this paper, our objective is to focus on the recent trend of military fields where they brought Internet of Things (IoT) to have better impact on the battlefield by improving the effectiveness and this is called Internet of Battlefield Things(IoBT). Due to the requirements of high computing capability and minimum response time with minimum fault tolerance this paper proposed a decentralized IoBT architecture. The proposed method can increase the reliability in the battlefield environment by searching the reliable nodes among all the edge nodes in the environment, and by adding the fault tolerance in the edge nodes will increase the effectiveness of overall battlefield scenario. This suggested fault tolerance approach is worth for decentralized mode to handle the issue of latency requirements and maintaining the task reliability of the battlefield. Our experimental results ensure the effectiveness of the proposed approach as well as enjoy the requirements of latency-aware military field while ensuring the overall reliability of the network.

As networks continue to grow in complexity using wired and wireless technologies, efficient testing solutions should accommodate such changes and growth. Network simulators provide a network-independent environment to provide different types of network testing. This paper is motivated by the observation that, in many cases in the literature, the success of developed network protocols is very sensitive to the initial conditions and assumptions of the testing scenarios. Network services are deployed in complex environments; results of testing and simulation can vary from one environment to another and sometimes in the same environment at different times. Our goal is to propose mutation-based integration testing that can be deployed with network protocols and serve as Built-in Tests (BiT).This paper proposes an integrated mutation testing framework to achieve systematic test cases' generation for different scenario types. Scenario description and variables' setting should be consistent with the protocol specification and the simulation environment. We focused on creating test cases for critical scenarios rather than preliminary or simplified scenarios. This will help users to report confident simulation results and provide credible protocol analysis. The criticality is defined as a combination of network performance metrics and critical functions' coverage. The proposed solution is experimentally proved to obtain accurate evaluation results with less testing effort by generating high-quality testing scenarios. Generated test scenarios will serve as BiTs for the network simulator. The quality of the test scenarios is evaluated from three perspectives: (i) code coverage, (ii) mutation score and (iii) testing effort. In this work, we implemented the testing framework in NS2, but it can be extended to any other simulation environment.

Internet of things (IoT) mainly depends on clouds to process and store their data. Clouds cannot handle the volume and velocity of data generated by IoT. IoT is delay-sensitive and resources limited. Fog computing proposed endorsing the internet of things (IoT) demands. Fog computing extends the cloud computing service to the edge of the network. Fog utilization reduces response time and network overhead while maintaining security aspects. isolation and operating system (OS) dependency achieved by using virtualization. Blockchain proposed to solve the security and privacy of fog computing. Blockchain is a decentralized, immutable ledger. fog computing with blockchain proposed as an IoT infrastructure. Fog computing adopted with lightweight blockchain in this proposed work. This adaptation endorses the IoT demands for low response time with limited resources. This paper explores system applicability. Varies from other papers that focus on one factor such as privacy or security-applicability of the proposed model achieved by concentration different IoT needs and limits. Response time and ram usage with 1000 transactions did not encroach 100s and 300MiB in the proposed model.

Due to increased number of devices with limited resources in Internet of Things (IoT) has to serve time sensitive applications including health monitoring, emergency response, industrial applications and smart city etc. This has incurred the problem of solving the provisioning of limited computational resources of the devices to fulfill the requirement with reduced latency. With rapid increase of devices and heterogeneity characteristic the resource provisioning is crucial and leads to conflict of trusting among the devices requests. Trust is essential component in any context for communicating or sharing the resources in the network. The proposed work comprises of trusting and provisioning based on deadline. Trust quantity is measured with concept of game theory and optimal strategy decision among provider and customer and provision resources within deadline to execute the tasks is done by finding Nash equilibrium. Nash equilibrium (NE) is estimated by constructing the payoff matrix with choice of two player strategies. NE is obtained in the proposed work for the Trust- Respond (TR) strategy. The latency aware approach for avoiding resource contention due to limited resources of the edge devices, fog computing leverages the cloud services in a distributed way at the edge of the devices. The communication is established between edge devices-fog-cloud and provision of resources is performed based on scalar chain and Gang Plank theory of management to reduce latency and increase trust quantity. To test the performance of proposed work performance parameter considered are latency and computational time.

The fast improvement in telecommunication technologies that has characterised the last decade is enabling a revolution centred on Cyber-Physical Systems (CPSs). Elements inside cities, from vehicles to cars, can now be connected and share data, describing both our environment and our behaviours. These data can also be used in an active way, by becoming the tenet of innovative services and products, i.e. of Cyber-Physical Products (CPPs). Still, having data is not tantamount to having knowledge, and an important overlooked topic is how should them be analysed. In this contribution we tackle the issue of the development of an analytics toolbox for processing CPS data. Specifically, we review and quantify the main requirements that should be fulfilled, both functional (e.g. flexibility or dependability) and technical (e.g. scalability, response time, etc.). We further propose an initial set of analysis that should in it be included. We finally review some challenges and open issues, including how security and privacy could be tackled by emerging new technologies.

Regardless of the setting, edge computing has drawn much attention from both the academic and industrial communities. For edge computing, content delivery networks are both a concrete and production deployable use case. While viable at the WAN or telco edge scale, it is unclear if this extends to others, such as in home WiFi routers, as has been assumed by some. In this work-in-progress, we present an initial study on the viability of using smart edge WiFi routers as a caching location. We describe the simulator we created to test this, as well as the analysis of the results obtained. We use 1 day of e-commerce web log traffic from a public data set, as well as a sampled subset of our own site - part of an ecosystem of over 111 million users. We show that in the best case scenario, smart edge routers are inappropriate for e-commerce web caching.

A Distributed Denial of Service (DDoS) attack is an attack that compromised the bandwidth of the whole network by choking down all the available network resources which are publically available, thus makes access to that resource unavailable. The DDoS attack is more vulnerable than a normal DoS attack because here the sources of attack origin are more than one, so users cannot even estimate how to detect and where to take actions so that attacks can be dissolved. This paper proposed a unique approach for DDoS detection using the shortest path algorithm. This Paper suggests that the remedy that must be taken in order to counter-affect the DDoS attack in a smart home network.

The growing diffusion of robotics in our daily life demands a deeper understanding of the mechanisms of trust in human-robot interaction. The performance of a robot is one of the most important factors influencing the trust of a human user. However, it is still unclear whether the circumstances in which a robot fails to affect the user's trust. We investigate how the perception of robot failures may influence the willingness of people to cooperate with the robot by following its instructions in a time-critical task. We conducted an experiment in which participants interacted with a robot that had previously failed in a related or an unrelated task. We hypothesized that users' observed and self-reported trust ratings would be higher in the condition where the robot has previously failed in an unrelated task. A proof-of-concept study with nine participants timidly confirms our hypothesis. At the same time, our results reveal some flaws in the design experimental, and encourage a future large scale study.

SPARQL is a standard query language for knowledge graphs (KGs). However, it is hard to find correct answer if KGs are incomplete or incorrect. Knowledge graph embedding (KGE) enables answering queries on such KGs by inferring unknown knowledge and removing incorrect knowledge. Hence, our long-term goal in this line of research is to propose a new framework that integrates KGE and SPARQL, which opens various research problems to be addressed. In this paper, we solve one of the most critical problems, that is, optimizing the performance of nearest neighbor (NN) search. In our evaluations, we demonstrate that the search time of state-of-the-art NN search algorithms is improved by 40% without sacrificing answer accuracy.

The choice of threshold is an important part of fault diagnosis. Most of the current methods use a constant threshold for detection and it is difficult to meet the robustness and sensitivity requirements of the diagnosis system. This article develops a dynamic threshold algorithm for aircraft engine fault detection and isolation systems. The algorithm firstly analyzes the bounded norm uncertainty that may appear in the process of model based on the state space equation, and gives the time domain response range calculation formula under the influence of uncertain parameters; then the Kalman filter is combined to calculate the threshold with the real-time change of state; the simulation is performed at the end. The simulation results show that dynamic threshold range changes with status in real time.

Big Data Cyber Security Analytics (BDCA) leverages big data technologies for collecting, storing, and analyzing a large volume of security events data to detect cyber-attacks. Accuracy and response time, being the most important quality concerns for BDCA, are impacted by changes in security events data. Whilst it is promising to adapt a BDCA system's architecture to the changes in security events data for optimizing accuracy and response time, it is important to consider large search space of architectural configurations. Searching a large space of configurations for potential adaptation incurs an overwhelming adaptation time, which may cancel the benefits of adaptation. We present an adaptation approach, QuickAdapt, to enable quick adaptation of a BDCA system. QuickAdapt uses descriptive statistics (e.g., mean and variance) of security events data and fuzzy rules to (re) compose a system with a set of components to ensure optimal accuracy and response time. We have evaluated QuickAdapt for a distributed BDCA system using four datasets. Our evaluation shows that on average QuickAdapt reduces adaptation time by 105× with a competitive adaptation accuracy of 70% as compared to an existing solution.

Side-channel attacks allow an adversary to uncover secret program data by observing the behavior of a program with respect to a resource, such as execution time, consumed memory or response size. Side-channel vulnerabilities are difficult to reason about as they involve analyzing the correlations between resource usage over multiple program paths. We present DifFuzz, a fuzzing-based approach for detecting side-channel vulnerabilities related to time and space. DifFuzz automatically detects these vulnerabilities by analyzing two versions of the program and using resource-guided heuristics to find inputs that maximize the difference in resource consumption between secret-dependent paths. The methodology of DifFuzz is general and can be applied to programs written in any language. For this paper, we present an implementation that targets analysis of Java programs, and uses and extends the Kelinci and AFL fuzzers. We evaluate DifFuzz on a large number of Java programs and demonstrate that it can reveal unknown side-channel vulnerabilities in popular applications. We also show that DifFuzz compares favorably against Blazer and Themis, two state-of-the-art analysis tools for finding side-channels in Java programs.

IEC61850 and IEC62351 combined provide a set of security promises for the communications channels that are used to run a substation automation system (SAS), that use IEC61850 based technologies. However, one area that is largely untouched by these security promises is the generic object oriented substation events (GOOSE) messaging service. GOOSE is designed to multicast commands and data across a substation within hard real time quality of service (QoS) requirements. This means that GOOSE is unable to implement the required security technologies as the added latency to any message would violate the QoS.

With the evolution of computing from using personal computers to use of online Internet of Things (IoT) services and applications, security risks have also evolved as a major concern. The use of Fog computing enhances reliability and availability of the online services due to enhanced heterogeneity and increased number of computing servers. However, security remains an open challenge. Various trust models have been proposed to measure the security strength of available service providers. We utilize the quantized security of Datacenters and propose a new security-based service broker policy(SbSBP) for Fog computing environment to allocate the optimal Datacenter(s) to serve users' requests based on users' requirements of cost, time and security. Further, considering the dynamic nature of Fog computing, the concept of dynamic reconfiguration has been added. Comparative analysis of simulation results shows the effectiveness of proposed policy to incorporate users' requirements in the decision-making process.

Distinguishing and classifying different types of malware is important to better understanding how they can infect computers and devices, the threat level they pose and how to protect against them. In this paper, a system for classifying malware programs is presented. The paper describes the architecture of the system and assesses its performance on a publicly available database (provided by Microsoft for the Microsoft Malware Classification Challenge BIG2015) to serve as a benchmark for future research efforts. First, the malicious programs are preprocessed such that they are visualized as gray scale images. We then make use of an architecture comprised of multiple layers (multiple levels of encoding) to carry out the classification process of those images/programs. We compare the performance of this approach against traditional machine learning and pattern recognition algorithms. Our experimental results show that the deep learning architecture yields a boost in performance over those conventional/standard algorithms. A hold-out validation analysis using the superior architecture shows an accuracy in the order of 99.15%.

In the EPCglobal standards for RFID architecture frameworks and interfaces, the Electronic Product Code Information System (EPCIS) acts as a standard repository storing event and master data that are well suited to Supply Chain Management (SCM) applications. Oliot-EPCIS broadens its scope to a wider range of IoT applications in a scalable and flexible way to store a large amount of heterogeneous data from a variety of sources. However, this expansion poses data security challenge for IoT applications including patients' ownership of events generated in mobile healthcare services. Thus, in this paper we propose Secure-EPCIS to deal with security issues of EPCIS for IoT applications. We have analyzed the requirements for Secure-EPCIS based on real-world scenarios and designed access control model accordingly. Moreover, we have conducted extensive performance comparisons between EPCIS and Secure-EPCIS in terms of response time and throughput, and provide the solution for performance degradation problem in Secure-EPCIS.

There is a long-standing need for improved cybersecurity through automation of attack signature detection, classification, and response. In this paper, we present experimental test bed results from an implementation of autonomic control plane feedback based on the Observe, Orient, Decide, Act (OODA) framework. This test bed modeled the building blocks for a proposed zero trust cloud data center network. We present test results of trials in which identity management with automated threat response and packet-based authentication were combined with dynamic management of eight distinct network trust levels. The log parsing and orchestration software we created work alongside open source log management tools to coordinate and integrate threat response from firewalls, authentication gateways, and other network devices. Threat response times are measured and shown to be a significant improvement over conventional methods.

Computer systems face the threat of deliberate security intrusions due to malicious attacks that exploit security holes or vulnerabilities. In practice, these security holes or vulnerabilities still remain in the system and applications even if developers carefully execute system testing. Thus it is necessary and important to develop the mechanism to prevent and/or tolerate security intrusions. As a result, the computer systems are often evaluated with confidentiality, integrity and availability (CIA) criteria from the viewpoint of security, and security is treated as a QoS (Quality of Service) attribute at par with other QoS attributes such as capacity and performance. In this paper, we present the method for quantifying a security attribute called mean time to security failure (MTTSF) of a VM-based intrusion tolerant system based on queueing theory.

Cognitive radio networks (CRNs) have a great potential in supporting time-critical data delivery among the Internet of Things (IoT) devices and for emerging applications such as smart cities. However, the unique characteristics of different technologies and shared radio operating environment can significantly impact network availability. Hence, in this paper, we study the channel assignment problem in time-critical IoT-based CRNs under proactive jamming attacks. Specifically, we propose a probabilistic spectrum assignment algorithm that aims at minimizing the packet invalidity ratio of each cognitive radio (CR) transmission subject to delay constrains. We exploit the statistical information of licensed users' activities, fading conditions, and jamming attacks over idle channels. Simulation results indicate that network performance can be significantly improved by using a security- availability- and quality-aware channel assignment that provides communicating CR pair with the most secured channel of the lowest invalidity ratio.

Cloud Computing has emerged as a paradigm to deliver on demand resources to facilitate the customers with access to their infrastructure and applications as per their requirements on a subscription basis. An exponential increase in the number of cloud services in the past few years provides more options for customers to choose from. To assist customers in selecting a most trustworthy cloud provider, a unified trust evaluation framework is needed. Trust helps in the estimation of competency of a resource provider in completing a task thus enabling users to select the best resources in the heterogeneous cloud infrastructure. Trust estimates obtained using the AHP process exhibit a deviation for parameters that are not in direct proportion to the contributing attributes. Such deviation can be removed using the Fuzzy AHP model. In this paper, a Fuzzy AHP based hierarchical trust model has been proposed to rate the service providers and their various plans for infrastructure as a service.

Privacy analysis is essential in the society. Data privacy preservation for access control, guaranteed service in wireless sensor networks are important parts. In programs' verification, we not only consider about these kinds of safety and liveness properties but some security policies like noninterference, and observational determinism which have been proposed as hyper properties. Fairness is widely applied in verification for concurrent systems, wireless sensor networks and embedded systems. This paper studies verification and analysis for proving security-relevant properties and hyper properties by proposing deductive proof rules under fairness requirements (constraints).

Since the massive deployment of Cyber-Physical Systems (CPSs) calls for long-range and reliable communication services with manageable cost, it has been believed to be an inevitable trend to relay a significant portion of CPS traffic through existing networking infrastructures such as the Internet. Adversaries who have access to networking infrastructures can therefore eavesdrop network traffic and then perform traffic analysis attacks in order to identify CPS sessions and subsequently launch various attacks. As we can hardly prevent all adversaries from accessing network infrastructures, thwarting traffic analysis attacks becomes indispensable. Traffic morphing serves as an effective means towards this direction. In this paper, a novel traffic morphing algorithm, CPSMorph, is proposed to protect CPS sessions. CPSMorph maintains a number of network sessions whose distributions of inter-packet delays are statistically indistinguishable from those of typical network sessions. A CPS message will be sent through one of these sessions with assured satisfaction of its time constraint. CPSMorph strives to minimize the overhead by dynamically adjusting the morphing process. It is characterized by low complexity as well as high adaptivity to changing dynamics of CPS sessions. Experimental results have shown that CPSMorph can effectively performing traffic morphing for real-time CPS messages with moderate overhead.