Technological and market evolution motivates investigation into quantitative evaluation of performability of gas distribution networks. This paper proposes an approach for assessing the impact of multi-phased repair procedures, capturing time-variable load profiles for different classes of users, suspension of activities during non-working hours, and random execution times depending on topological, physical, and geographical characteristics of the network. The method interleaves fluid-dynamic analysis of the gas behavior and stochastic analysis of the time spent in the repair procedure, decoupling complexities and making stochastic analysis almost insensitive to the network size and topology, thus making application feasible for real scale cases. Moreover, by encompassing general (non-Markovian) distributions, the approach enables effective fitting of durational properties as emerging in each specific application context.
Road intersection management is one of the main challenging issues for safety, because intersections are a leading cause of traffic congestion and accidents. In fact, more than 44 % of all reported crashed in the U.S. occur around intersection areas, which, in turn, lead 8,500 fatalities and approximately 1 million injuries every year. With the expected self-driving vehicles, the question is whether high throughput can be obtained through intersections while keeping them safe. A spatio-temporal intersection protocol named the Ballroom Intersection Protocol (BRIP) was recently proposed in the literature to address this situation. Under this protocol, automated and connected vehicles arrive at and go through an intersection in a cooperative fashion with no vehicle needing to stop, while maximizing the intersection throughput. Though no vehicles run into one another under ideal environments with BRIP, vehicle accidents can occur when the self-driving vehicles have location errors and/or control system failure. In this paper, we present a safe and practical intersection protocol named the Configurable Synchronous Intersection Protocol (CSIP) that is a more general and resilient version of BRIP. CSIP utilizes a certain inter-vehicle distance to meet safety requirements against GPS inaccuracy and control failure. The inter-vehicle distances under CSIP are much more acceptable and comfortable to human passengers due to longer inter-vehicle distances that do not cause fear. With CSIP, the inter-vehicle distances can also be changed at each intersection to account for different traffic volumes, GPS accuracy levels, and geographical layout of intersections. Our simulation results show that CSIP never leads to traffic accidents even when the system has typical location errors, and that CSIP increases the traffic throughput of the intersections compared to common signalized intersections.
Cyber-physical systems (CPS) involve tight integration of cyber (computation) and physical domains, and both the effectiveness and correctness of a CPS application may rely on successful enforcement of constraints such as bounded latency and temporal validity subject to physical conditions. For many such systems (e.g., edge computing in the Industrial Internet of Things), it is desirable to enforce such constraints within a common middleware service (e.g., during event processing). In this article, we introduce CPEP, a new real-time middleware for cyber-physical event processing, with (1) extensible support for complex event processing operations, (2) execution prioritization and sharing, (3) enforcement of time consistency with load shedding, and (4) efficient memory management and concurrent data processing. We present the design, implementation, and empirical evaluation of CPEP and show that it can (1) support complex operations needed by many applications, (2) schedule data processing according to consumers' priority levels, (3) enforce temporal validity, and (4) reduce processing delay and improve throughput of time-consistent events.
Modern automotive Cyber-Physical Systems (CPS) are increasingly adopting wireless communications for Intra-Vehicular, Vehicle-to-Vehicle (V2V) and Vehicle-to-Infrastructure (V2I) protocols as a promising solution for challenges such as the wire harnessing problem, collision detection, and collision avoidance, traffic control, and environmental hazards. Regrettably, this new trend results in new security challenges that can put the safety and privacy of the automotive CPS and passengers at great risk. In addition, automotive wireless communication security is constrained by strict energy and performance limitations of electronic controller units and sensors. As a result, the key generation and management for secure automotive CPS wireless communication is an open research challenge. This paper aims to help solve these security challenges by presenting a practical key generation technique based on the reciprocity and high spatial and temporal variation properties of the automotive wireless communication channel. Accompanying this technique is also a key length optimization algorithm to improve performance (in terms of time and energy) for safety-related applications constrained by small communication windows. To validate the practicality and effectiveness of our approach, we have conducted simulations alongside real-world experiments with vehicles and RC cars. Lastly, we demonstrate through simulations that we can generate keys with high security strength (keys with 67% min-entropy) with up to 10X improvement in performance and 20X reduction in code size overhead in comparison to the state-of-the-art security techniques.
Cyber-physical Systems of Systems (SoSs) are large-scale systems made of independent and autonomous cyber-physical Constituent Systems (CSs) which may interoperate to achieve high-level goals also with the intervention of humans. Providing security in such SoSs means, among other features, forecasting and anticipating evolving SoS functionalities, ultimately identifying possible detrimental phenomena that may come into existence out of the interactions of CSs and humans. Such phenomena, usually called emergent phenomena, are often complex and difficult to capture: the first appearance of an emergent phenomenon in a cyber-physical SoS is often a surprise to the observers. Adequate support to understand emergent phenomena will assist in reducing both the likelihood of design or operational flaws, and the time needed to analyze the relations amongst the CSs, which always has a key economic significance. This paper presents a threat analysis methodology and a supporting tool aimed at i) identifying (emerging) threats in evolving SoSs, ii) reducing the cognitive load required to understand an SoS and the relations among CSs, and iii) facilitating SoS risk management by proposing mitigation strategies for SoS administrators. The proposed methodology, as well as the tool, is empirically validated on a Smart Grid case study by submitting questionnaires to a user base composed of 18 BSc and MSc students.
Wireless sensor networks (WSNs) typically consist of nodes that collect and transmit data periodically. In this context, we are concerned with unacknowledged communication, i.e., where data packets are not confirmed upon successful reception. This allows reducing traffic on the communication channel --- neither acknowledgments nor retransmissions are sent --- and results in less overhead and less energy consumption, which are meaningful goals in the era of Internet of Things (IoT). On the other hand, packets can be lost and, hence, we do not know how long it takes to convey data from one node to another, which hinders any form of real-time operation and/or quality of service. To overcome this problem, we propose a medium access control (MAC) protocol, which consists in transmitting each packet at a random instant, but within a specified time interval from the last transmission. In contrast to existing approaches from the literature, the proposed MAC can be configured to meet reliability requirements --- given by the probability that at least one data packet reaches its destination within a specified deadline --- in the absence of acknowledgments. We illustrate this and other benefits of the proposed approach based on an detailed OMNeT++ simulation.
XDense is a novel wired 2D-mesh grid sensor network system for application scenarios that benefit from densely deployed sensing (e.g. thousands of sensors per square meter). It was conceived for closed-loop cyber-physical systems (CPS) that require real-time actuation, like active flow control (AFC) on aircraft wing surfaces. XDense communication and distributed processing capabilities are designed to enable complex feature extraction within bounded time and in a responsive manner. In this paper we tackle the issue of deterministic behavior of XDense. We present a methodology allows using traffic shaping heuristics to guarantee bounded communication delays and the fulfillment of memory requirements. We evaluate the model for varied network configurations and workload, and present results on link utilization, queue size and execution time. With this comparative performance analysis of the traffic shaping heuristics, we demonstrate the effectiveness of running real-time applications on XDense.
Z-Wave is a proprietary Internet of Things substrate providing distributed home and office automation services. The proprietary nature of Z-Wave devices make it difficult to determine the security aptitude of these devices. While there are a variety of open source tools for analyzing Z-Wave frames, inspecting non-volatile memory, and disassembling firmware, there are no dynamic analysis tools allowing one to inspect the internal state of a Z-Wave transceiver while it is running. In this work, a memory introspection capability is developed for the ZW0301, a Z-Wave transceiver device component found on many Z-Wave devices. The firmware image of a Z-Wave door lock is modified to include the memory introspection capability, allowing both volatile and non-volatile memory of the transceiver module to be remotely extracted over the Z-Wave communication protocol. The memory introspection capability is applied to several reverse engineering activities requiring access to volatile memory. The stack memory is analyzed to determine the sequence of function calls leading up to the introspection code. The buffers used for holding incoming and outgoing Z-Wave communication frames are identified. By combining memory introspection with static analysis, several algorithms used by the Z-Wave security layer are revealed and validated. The memory locations of several encryption keys are also located in memory.
Safety-critical embedded systems often need to meet dependability requirements such as strict input/output timing constraints. To meet the timing requirements, the code generation (e.g., C code) from timed models needs to determine the timing parameters that indicate when the code has to perform I/O with its platform. We propose a novel framework to determine such timing parameters from platform-independent timed models. Our framework involves two transformations. The first transformation systematically extends the platform-independent model by explicitly modeling input/output processing (e.g., sampling or interrupt-based) and the code invocation (e.g., periodic or aperiodic) mechanisms. Then, we verify if the resulting platform-specific model meets the timing requirements. In the case that the resulting model does not satisfy the timing requirements, we apply the second transformation to compensate the platform delay via adjusting the timing parameters at the code level. We formulate the adjustment mechanism using integer linear programming. If such an adjustment is feasible, generating the code with the new timing parameters guarantees the implemented system to meet the timing requirements. We validate our framework with case studies running on Patient-Controlled Analgesia (PCA) infusion pump platforms.