No Arabic abstract
Industrial cyber-infrastructure is normally a multilayered architecture. The purpose of the layered architecture is to hide complexity and allow independent evolution of the layers. In this paper, we argue that this traditional strict layering results in poor transparency across layers affecting the ability to significantly improve resiliency. We propose a contract-based methodology where components across and within the layers of the cyber-infrastructure are associated with contracts and a light-weight resilience manager. This allows the system to detect faults (contract violation monitored using observers) and react (change contracts dynamically) effectively. It results in (1) improving transparency across layers; helps resiliency, (2) decoupling fault-handling code from application code; helps code maintenance, (3) systematically generate error-free fault handling code; reduces development time. Using an industrial case study, we demonstrate the proposed methodology.
As the industrial cyber-infrastructure become increasingly important to realise the objectives of Industry~4.0, the consequence of disruption due to internal or external faults become increasingly severe. Thus there is a need for a resilient infrastructure. In this paper, we propose a contract-based methodology where components across layers of the cyber-infrastructure are associated with contracts and a light-weight resilience manager. This allows the system to detect faults (contract violation monitored using observers) and react (change contracts dynamically) effectively.
Orchestrated collaborative effort of physical and cyber components to satisfy given requirements is the central concept behind Cyber-Physical Systems (CPS). To duly ensure the performance of components, a software-based resilience manager is a flexible choice to detect and recover from faults quickly. However, a single resilience manager, placed at the centre of the system to deal with every fault, suffers from decision-making overburden; and therefore, is out of the question for distributed large-scale CPS. On the other hand, prompt detection of failures and efficient recovery from them are challenging for decentralised resilience managers. In this regard, we present a novel resilience management framework that utilises the concept of management hierarchy. System design contracts play a key role in this framework for prompt fault-detection and recovery. Besides the details of the framework, an Industry 4.0 related test case is presented in this article to provide further insights.
Instilling resilience in critical infrastructure (CI) such as dams or power grids is a major challenge for tomorrows cities and communities. Resilience, here, pertains to a CIs ability to adapt or rapidly recover from disruptive events. In this paper, the problem of optimizing and managing the resilience of CIs is studied. In particular, a comprehensive two-fold framework is proposed to improve CI resilience by considering both the individual CIs and their collective contribution to an entire system of multiple CIs. To this end, a novel analytical resilience index is proposed to measure the effect of each CIs physical components on its probability of failure. In particular, a Markov chain defining each CIs performance state and a Bayesian network modeling the probability of failure are introduced to infer each CIs resilience index. Then, to maximize the resilience of a system of CIs, a novel approach for allocating resources, such as drones or maintenance personnel, is proposed. In particular, a comprehensive resource allocation framework, based on the tools of contract theory, is proposed enabling the system operator to optimally allocate resources, such as, redundant components or monitoring devices to each individual CI based on its economic contribution to the entire system. The optimal solution of the contract-based resilience resource allocation problem is analytically derived using dynamic programming. The proposed framework is then evaluated using a case study pertaining to hydropower dams and their interdependence to the power grid. Simulation results, within the case study, show that the system operator can economically benefit from allocating the resources while dams have a 60% average improvement over their initial resilience indices.
`Anytime, Anywhere data access model has become a widespread IT policy in organizations making insider attacks even more complicated to model, predict and deter. Here, we propose Gargoyle, a network-based insider attack resilient framework against the most complex insider threats within a pervasive computing context. Compared to existing solutions, Gargoyle evaluates the trustworthiness of an access request context through a new set of contextual attributes called Network Context Attribute (NCA). NCAs are extracted from the network traffic and include information such as the users device capabilities, security-level, current and prior interactions with other devices, network connection status, and suspicious online activities. Retrieving such information from the users device and its integrated sensors are challenging in terms of device performance overheads, sensor costs, availability, reliability and trustworthiness. To address these issues, Gargoyle leverages the capabilities of Software-Defined Network (SDN) for both policy enforcement and implementation. In fact, Gargoyles SDN App can interact with the network controller to create a `defence-in-depth protection system. For instance, Gargoyle can automatically quarantine a suspicious data requestor in the enterprise network for further investigation or filter out an access request before engaging a data provider. Finally, instead of employing simplistic binary rules in access authorizations, Gargoyle incorporates Function-based Access Control (FBAC) and supports the customization of access policies into a set of functions (e.g., disabling copy, allowing print) depending on the perceived trustworthiness of the context.
In this paper, we explore using runtime verification to design safe cyber-physical systems (CPS). We build upon the Simplex Architecture, where control authority may switch from an unverified and potentially unsafe advanced controller to a backup baseline controller in order to maintain system safety. New to our approach, we remove the requirement that the baseline controller is statically verified. This is important as there are many types of powerful control techniques -- model-predictive control, rapidly-exploring random trees and neural network controllers -- that often work well in practice, but are difficult to statically prove correct, and therefore could not be used before as baseline controllers. We prove that, through more extensive runtime checks, such an approach can still guarantee safety. We call this approach the Black-Box Simplex Architecture, as both high-level controllers are treated as black boxes. We present case studies where model-predictive control provides safety for multi-robot coordination, and neural networks provably prevent collisions for groups of F-16 aircraft, despite occasionally outputting unsafe actions.