@conference{gharibladc2018, author = "Gharib, Mohamad and Leandro Dias da Silva and Kavalionak, Hanna and Ceccarelli, Andrea", abstract = "A Cyber-Physical System-of-Systems (CPSoS) can be defined as a System-of-Systems (SoS), where its Constituent Systems (CSs) are Cyber-Physical Systems (CPSs). A main challenge in integrating CPSoS to function as a single integrated system is the autonomy of its components, which may result in conflicts due to the lack of coordination among its CPSs. In this paper, we advocate that in order to facilitate the integration of CPSs within the overall context of their CPSoS, we may need to adjust their level of autonomy in a way that enables them to coordinate their activities to avoid any conflict among one another. Reducing such conflicts surely contributes to the dependability of the CPSoS. In particular, we propose a novel model-based approach for modeling and analyzing the autonomy levels of CPSs based on their awareness concerning their operational environment as well as their capability to safely perform their activity. We illustrate the utility of the approach with an example concerning a cooperative driver overtaking assistance system. ", address = "Foz do Igua{\c{c}}u, Brazil, Brazil", booktitle = "Eighth Latin-American Symposium on Dependable Computing (LADC)", doi = "10.1109/LADC.2018.00024", isbn = "978-1-5386-8489-4", keywords = "Autonomy, Cyber-Physical Systems of Systems, CPSoS, SoS, Conceptual Modeling", publisher = "IEEE", title = " {A} {M}odel-based {A}pproach for {A}nalyzing the {A}utonomy {L}evels for {C}yber-{P}hysical {S}ystems-of-{S}ystems", url = "https://ieeexplore.ieee.org/document/8671607", year = "2018", } @conference{sort2014, author = "Ceccarelli, Andrea and Zoppi, Tommaso and Bondavalli, Andrea and Fabio Duchi and Giuseppe Vella", abstract = "Amongst the features of Service Oriented Architectures (SOAs), their flexibility, dynamicity, and scalability make them particularly attractive for adoption in the ICT infrastructure of organizations. Such features come at the cost of improved difficulty in monitoring the SOA for error detection: i) faults may manifest themselves differently due to services and SOA evolution, and ii) interactions between a service and its monitors may need reconfiguration at each service update. This calls for monitoring solutions that operate at different layers than the application layer (services layer). In this paper we present our ongoing work towards the definition of a monitoring framework for SOAs and services, which relies on anomaly detection performed at the Application Server (AS) and the Operating System (OS) layers to identify events whose manifestation or effect is not adequately described a-priori. Specifically the paper introduces the key concepts of our work and presents the case study built to exercise and set-up our monitor. The case study uses Liferay as application layer and it includes fault injection and data collection instruments to perform extended testing campaigns. ", booktitle = "ISORCW-SORT 2014", doi = "10.1109/ISORC.2014.31", issn = "1555-0885", keywords = "sort2014", pages = "358 - 365", publisher = "IEEE", title = " {A} {T}estbed for {E}valuating {A}nomaly {D}etection {M}onitors {T}hrough {F}ault {I}njection", url = "http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=6899171", year = "2014", } @conference{MN2011alarp, author = "Bondavalli, Andrea and Ceccarelli, Andrea and Florjan Gogaj and Andrea Seminatore and Michele Vadursi", booktitle = "M{\&}N 2011", keywords = "alarp mn localization", publisher = "IEEE ", title = " {L}ocalization errors of low-cost {GPS} devices in railway worksite-like scenario", year = "2011", } @conference{RESACS2017, author = "Vasenev, Alexandr and Ionita, Dan and Zoppi, Tommaso and Ceccarelli, Andrea and Wieringa, Roel", abstract = "Self-adaptive systems need to be designed with respect to threats within their operating conditions. Identifying such threats during the design phase can benefit from the involvement of stakeholders. Using a system model, the stakeholders, who may neither be IT experts nor security experts, can identify threats as a first step towards formulating security requirements. The modeling language might possess adequate features to support this task. This paper investigates how iconic signs as a feature of an informal modeling language can contribute to eliciting security requirements by non-experts. Taking urban grid as a case, we relate benefits and specifics of using iconic signs to the two modeling challenges: i) reducing the cognitive complexity required to understand and model a system by non-experts, and ii) facilitating the threat identification activity using a system model. Outputs of three experiments suggest that iconic signs do assists in addressing the challenges.", booktitle = "3rd International Workshop on Requirements Engineering for Self-Adaptive {\&} Cyber Physical Systems (RESACS)", editor = "CEUR-WS", keywords = "Requirements elicitation and analysis, Cyber-physical networks, Security requirements, Electrical network, Smart Grid, Experiments", title = " {T}owards {S}ecurity {R}equirements: {I}conicity as a {F}eature of an {I}nformal {M}odeling {L}anguage", url = "http://ceur-ws.org/Vol-1796/resacs-paper-2.pdf", volume = "1796", year = "2017", } @misc{big4data2, author = "Massimiliano Leone Itria and Daidone, Alessandro and Ceccarelli, Andrea", howpublished = "EDCC Workshop Big4CIP", title = "{A} {C}omplex {E}vent {P}rocessing {A}pproach for {C}risis-{M}anagement {S}ystems", year = "2014", } @conference{SOSE17IQ, author = "Gharib, Mohamad and Lollini, Paolo and Bondavalli, Andrea", abstract = "A System-of-Systems (SoS) is an integration of a finite number of Constituent Systems (CSs), which are networked together for achieving a certain higher goal. Therefore, integration is the key viability of any SoS. Although the integration of CSs can be achieved by the exchange of information, no existing work has considered the quality of such information. Without considering Information Quality (IQ), a CS may depend on inaccurate, incomplete, inconsistent, invalid, and/or untrustworthy information, which might lead to its failure, and in turn to catastrophic incidents in the case of critical SoS. The main objective of the paper is proposing a novel conceptual model that provides the required concepts for analyzing for SoS. We illustrate the utility of the model with an example concerning the Intelligent Transportation System (ITS) domain. ", address = "Waikoloa, HI, USA", booktitle = "The12th System of Systems Engineering Conference (SoSE'17) ", doi = "10.1109/SYSOSE.2017.7994946", isbn = "978-1-5090-5945-4", keywords = "System-of-Systems, SoS, Information, Information Quality, Conceptual Modeling", month = "June", pages = "1-6", publisher = "IEEE", title = "{A} {C}onceptual {M}odel for {A}nalyzing {I}nformation {Q}uality in {S}ystem-of-{S}ystems", url = "http://ieeexplore.ieee.org/document/7994946/", year = "2017", } @techreport{BCDGS95-C9541-52, author = "Bondavalli, Andrea and Silvano Chiaradonna and Di Giandomenico, Felicita and L. Strigini", institution = "CNUCE/CNR", month = "December", number = "C95-41", title = "{A} {C}ontribution to {D}ependability {E}valuation of {F}ault-{T}olerant, {I}terative-{E}xecution {S}oftware", type = "Technical Report", year = "1995", } @article{BCDGS99-STVR-56, author = "Bondavalli, Andrea and Silvano Chiaradonna and Di Giandomenico, Felicita and L. Strigini", journal = "STVR - Software Testing, Verification and Reliability, John Wiley and Sons", number = "3", pages = "145--166", title = "{A} {C}ontribution to the {E}valuation of the reliability of {I}terative-{E}xecution {S}oftware", volume = "9", year = "1999", } @article{BDGX93-JCSSE-68, author = "Bondavalli, Andrea and Di Giandomenico, Felicita and J. Xu", journal = "Journal of Computer Systems Science and Engineering", note = "CRL Publishing", number = "4", pages = "234--244", title = "{A} {C}ost-{E}ffective and {F}lexible {S}cheme for {S}oftware fault {T}olerance", volume = "8", year = "1993", } @article{LBD07-LBDToR07-209, author = "Lollini, Paolo and Bondavalli, Andrea and Di Giandomenico, Felicita", journal = "IEEE Trans. on Reliability", number = "1", pages = "20--33", title = "{A} decomposition-based modeling framework for complex systems", volume = "58", year = "2009", } @conference{Montecchi2014-EDCC, author = "Montecchi, Leonardo and Lollini, Paolo and Bondavalli, Andrea", abstract = "Dependability and performance analysis of modern systems is facing great challenges: their scale is growing, they are becoming massively distributed, interconnected, and evolving. Such complexity makes model-based assessment a difficult and time-consuming task. For the evaluation of large systems, reusable submodels are typically adopted as an effective way to address the complexity and improve the maintanability of models. Approaches based on Stochastic Petri Nets often compose submodels by state-sharing, following predefined "patterns", depending on the scenario of interest. However, such composition patterns are typically not formalized. Clearly defining libraries of reusable submodels, together with valid patterns for their composition, would allow complex models to be automatically assembled, based on a high-level description of the scenario to be evaluated. The contribution of this paper to this problem is twofold: on one hand we describe our workflow for the automated generation of large performability models, on the other hand we introduce the TMDL language, a DSL to concretely support the workflow. After introducing the approach and the language, we detail their implementation within the Eclipse modeling platform, and briefly show its usage through an example.", booktitle = "Proceedings of the 10th European Dependable Computing Conference (EDCC'14)", doi = "10.1109/EDCC.2014.33", month = "May 13-16", note = "{ieee}", pages = "82-93", title = "{A} {DSL}-{S}upported {W}orkflow for the {A}utomated {A}ssembly of {L}arge {S}tochastic {M}odels", url = "http://ieeexplore.ieee.org/xpl/login.jsp?tp={\&}arnumber=6821093", year = "2014", } @misc{SRDS008Workshop-SRDS2008Workshop-222, author = "Ceccarelli, Andrea and D. Iovino and Bondavalli, Andrea", howpublished = "SRDS 2008 Workshop with no proceeding", month = "October 5", title = "{A} {F}ault {I}njection {T}ool for {T}rustworthy, {C}omparative {M}easurements and {A}nalysis", year = "2008", } @techreport{CBDG94-PDCS2-102, author = "Silvano Chiaradonna and Bondavalli, Andrea and Di Giandomenico, Felicita", institution = "Esprit BRA 6362 PDCS2", month = "September", title = "{A} {F}ault {T}reatment {A}pproach to {S}upport {D}ynamic {R}edundancy in {M}ultiprocessor {A}rchitectures", type = "2nd year deliverable", year = "1994", } @conference{BCCR03-LADC2003-2, author = "Bondavalli, Andrea and Silvano Chiaradonna and D. Cotroneo and Luigi Romano", address = "S{\~a}o Paulo, Brazil", booktitle = "LADC2003 - First Latin-American Symposium on Dependable Computing - LNCS 2847", month = "October 21-24", pages = "303--320", publisher = "Springer-Verlag", title = "{A} {F}ault-{T}olerant {D}istributed {L}egacy-based {S}ystem and {I}ts {E}valuation", year = "2003", } @conference{MRAMBL12, author = "Rossi, Magali Andreia and Jorge Rady de Almeida Junior and Bondavalli, Andrea and Lollini, Paolo", abstract = "This work presents a federated simulation framework for safety and reliability analysis in Aeronautical Communications Networking (ATN) considering the insertion of Unmanned Aircraft Vehicles (UAV) in the airspace control. The main objective is to quantitatively assess the impact of ATN faults on the risk collision probability between manned and unmanned aircraft. The paper first presents the framework that simulates the communication systems used in a non-controlled airspace. Then it is described the ATN fault injection module, which is then used to evaluate the impact of network-level faults on the risk of collisions probability considering a representative simulation scenario comprising 1500 aircraft in flight.", booktitle = "Computer Safety, Reliability, and Security", crossref = "DBLP:conf/safecomp/2012w", doi = "10.1007/978-3-642-33675-1_24", editor = "Frank Ortmeier; Peter Daniel", isbn = "978-3-642-33674-4", issn = "0302-9743", keywords = "Safety, Reliability, Simulation Framework, UAV, ATN, Fault Injection", month = "09", pages = "271-281", publisher = "Springer Berlin Heidelberg", series = "Lecture Notes in Computer Science", title = "{A} {F}ederated {S}imulation {F}ramework with {ATN} {F}ault {I}njection {M}odule for {R}eliablity {A}nalysis of {UAV}s in {N}on-controlled {A}irspace", url = "http://link.springer.com/chapter/10.1007%2F978-3-642-33675-1_24#", volume = "7613", year = "2012", } @conference{1364209-SAC08-206, author = "A. Casimiro and Lollini, Paolo and M. Dixit and Bondavalli, Andrea and P. Ver{\'i}ssimo", address = "New York, NY, USA", booktitle = "SAC '08: Proceedings of the 2008 ACM symposium on Applied computing", isbn = "978-1-59593-753-7", pages = "2192--2196", publisher = "ACM", title = "{A} framework for dependable {Q}o{S} adaptation in probabilistic environments", url = "http://doi.acm.org/10.1145/1363686.1364209", year = "2008", } @incollection{PCDGBI04-PostWADS2003-14, author = "Stefano Porcarelli and M. Castaldi and Di Giandomenico, Felicita and Bondavalli, Andrea and P. Inverardi", booktitle = "Architecting Dependable Systems", editor = "De Lemos, R. and Gacek, c. and Romanovsky, A.", note = "To appear, also ICSE-WADS2003, Post-Proceeding of ICSE-WADS2003", publisher = "Springer-Verlag", series = "LNCS", title = "{A} {F}ramework for {R}econfiguration-based {F}ault-{T}olerance in {D}istributed {S}ystems", year = "2004", } @inbook{GAPANALYSIS, author = "Ceccarelli, Andrea and Nuno Silva", chapter = "1", doi = "10.13052/rp-9788793519558", editor = "Andrea Bondavalli, Francesco Brancati", isbn = "9788793519565", pages = "1-30", publisher = "River Publisher", series = "Certifications of Critical Systems - The CECRIS Experience", title = "{A} {F}ramework to {I}dentify {C}ompanies {G}aps {W}hen {I}ntroducing {N}ew {S}tandards for {S}afety-{C}ritical {S}oftware", url = "https://www.riverpublishers.com/pdf/ebook/chapter/RP_9788793519558C1.pdf", year = "2017", } @conference{BDGPSZ04-PRDC04-19, author = "Bondavalli, Andrea and E. De Giudici and Stefano Porcarelli and S. Sabina and F. Zanini", address = "Papeete, Tahiti, French Polynesia", booktitle = "10th IEEE Pacific Rim International Symposium on Dependable Computing (PRDC'04)", month = "March 03 - 05", pages = "292--301", title = "{A} {F}reshness {D}etection {M}echanism for {R}ailway {A}pplications", year = "2004", } @techreport{RCL060501-RCL060501-189, author = "Lollini, Paolo and Bondavalli, Andrea and Di Giandomenico, Felicita", month = "May", title = "{A} general modeling approach and its application to a {UMTS} network with soft-handover mechanism", type = "Technical Report RCL", year = "2006", } @misc{boa23234, author = "Federico Moncini", howpublished = "Bachelor's thesis. Universit{\`a} degli Studi di Firenze. Corso di Laurea in Informatica", month = "April 24th", note = "Supervisor(s): P. Lollini, Co-Supervisor(s): L. Montecchi", title = "{A} {G}raphical {E}ditor for the {D}efinition of {S}tochastic {A}ctivity {N}etworks {T}emplate {M}odels", year = "2020", } @conference{ares2016, author = "Alexandr Vasenev and Lorena Montoya and Ceccarelli, Andrea", abstract = "Ensuring an external electricity supply to critical city components during flood events requires adequate urban grid planning. The proliferation of smart grid technologies means that such planning needs to assess how smart grids might function during floods. This paper proposes a method to qualitatively investigate robustness of electricity supply to smart grid consumers during flood events. This method builds on the Hazus methodology and aims to provide inputs for the risk analysis of urban grids.", booktitle = "International Conference on Availability, Reliability and Security (ARES)", keywords = "Robustness; smart grid; Hazus; risk analysis; topology", pages = "6", publisher = "IEEE", title = "{A} {H}azus-based method for assessing robustness of electricity supply to critical smart grid consumers during flood events", year = "2016", } @article{Coppolino12, author = "Luigi Coppolino and Luigi Romano and Bondavalli, Andrea and Daidone, Alessandro", journal = " International Journal of Critical Computer-Based Systems", number = "3", pages = "210-228", title = "{A} hidden {M}arkov model based intrusion detection system for wireless sensor networks", volume = "3", year = "2012", } @conference{System of Systems; SysML Profile; Conceptual Model;, author = "Mori, Marco and Ceccarelli, Andrea and Lollini, Paolo and Bondavalli, Andrea and Bernhard Fr{\"o}mel", abstract = "In recent decades more and more efforts have been devoted in supporting the design of Systems-of-Systems (SoSs). These systems are composed of autonomous Constituent Systems (CSs) which are integrated together to achieve a higher level goal that cannot be achieved by any of its CSs in isolation. Designing such an SoS is a multidisciplinary problem which involves considering emergent phenomena, assuring the achievement of dependability and security requirements, guaranteeing system responsiveness, supporting dynamicity and evolution and multi-criticality of provided services. We believe that a first step towards a viable design approach is to provide a conceptual model of SoSs which captures SoS concepts (e.g., methods, characteristics, and technologies related to SoSs) and their inter-relationships. Such a conceptual model should enhance the understandability of SoSs to stakeholders and provide the basis for further automated analysis. In this context, the AMADEOS European project is bringing together researchers and practitioners to provide the support to design SoSs starting from the definition of a domain specific ontology serving as a vocabulary for SoSs. Our contribution consists of semi-formalizing the key SoS concepts and relationships defined in AMADEOS adopting a SysML visual modeling language. We propose a SysML profile for SoSs and we show its applicability in a Smart Grid scenario.", address = "Orlando, Florida(USA)", booktitle = "IEEE 17th International Symposium on High Assurance Systems Engineering (HASE), 2016 ", keywords = "System of Systems; SysML Profile; Conceptual Model;", publisher = "IEEE", title = "{A} holistic viewpoint-based {S}ys{ML} {P}rofile to {D}esign {S}ystems-of-{S}ystems", year = "2016", } @techreport{BCDGG96b-GUARDSD1A2A06003A-44, author = "Bondavalli, Andrea and Silvano Chiaradonna and Di Giandomenico, Felicita and F. Grandoni", institution = "GUARDS Project - PDCC", month = "December", number = "D1A2/A0/60", title = "{A} {M}echanism for {D}iscriminating {T}ransient from {I}ntermittent/{P}ermanent {F}aults", type = "ESPRIT Project 20716", year = "1996", } @techreport{Bonfiglio130401, author = "Bonfiglio, Valentina and Montecchi, Leonardo and Francesco Rossi and Bondavalli, Andrea", institution = "University of Florence, RCL Group", month = "April", number = "RCL130401", title = "{A} {M}ethodological {A}pproach for {R}igorous {A}ssessment of {S}oftware {A}rchitectures within {ISO}26262", year = "2013", } @phdthesis{PhDMontecchi, author = "Montecchi, Leonardo", month = "March 25th", note = "Supervisor(s): A. Bondavalli", school = "Universit{\`a} degli Studi di Firenze. Dottorato in Informatica, Sistemi e Telecomunicazioni (XXVI ciclo)", title = "{A} {M}ethodology and {F}ramework for {M}odel-{D}riven {D}ependability {A}nalysis of {C}ritical {E}mbedded {S}ystems and {D}irections {T}owards {S}ystems of {S}ystems", year = "2014", } @conference{nostro2013methodology, author = "Nostro, Nicola and Ceccarelli, Andrea and Bondavalli, Andrea and Brancati, Francesco", booktitle = "Proceedings of the 2nd International Workshop on Dependability Issues in Cloud Computing", organization = "ACM", pages = "3", title = "{A} methodology and supporting techniques for the quantitative assessment of insider threats", year = "2013", } @mastersthesis{StadMaster, author = "Staderini, Mirko", school = "University of Florence", title = "{A} {M}ethodology for the {P}roper {C}hoice and {S}etup of {B}lockchains", year = "2018", } @article{leandro2020, author = "Gharib, Mohamad and Leandro Dias da Silva and Ceccarelli, Andrea", issn = "20477481", journal = "Journal of Software: Evolution {\&} Process", keywords = "models", title = "{A} {M}odel to {D}iscipline {A}utonomy in {C}yber-{P}hysical {S}ystems-of-{S}ystems and its {A}pplication", year = "2020", } @techreport{techRep-rcl090601-229, author = "{\'A}bel Heged{\"u}s", institution = "University of Florence, Dip. Sistemi Informatica, RCL group", month = "June", number = "rcl090601", title = "{A} model transformation-based approach for the {D}ependability analysis of {UML}-based system designs with maintenance", url = "http://dcl.isti.cnr.it/Documentation/Papers/Techreports.html", year = "2009", } @conference{Montecchi16DSN, author = "Montecchi, Leonardo and Atle Refsdal and Lollini, Paolo and Bondavalli, Andrea", abstract = "Accidents on petroleum installations can have huge consequences; to mitigate the risk, a number of safety barriers are devised. Faults and unexpected events may cause barriers to temporarily deviate from their nominal state. For safety reasons, a work permit process is in place: decision makers accept or reject work permits based on the current state of barriers. However, this is difficult to estimate, as it depends on a multitude of physical, technical and human factors. Information obtained from different sources needs to be aggregated by humans, typically within a limited amount of time. In this paper we propose an approach to provide an automated decision support to the work permit system, which consists in the evaluation of quantitative measures of the risk associated with the execution of work. The approach relies on state-based stochastic models, which can be automatically composed based on the work permit to be examined.", address = "Toulouse, France", booktitle = "Proceedings of the 46th IEEE/IFIP International Conference on Dependable Systems and Networks (DSN'16)", doi = " 10.1109/DSN.2016.33", isbn = "978-1-4673-8891-7", issn = "2158-3927", month = "June 28 - July 1", note = "{ieee}", pages = "275-286", publisher = "IEEE", title = "{A} {M}odel-{B}ased {A}pproach to {S}upport {S}afety-{R}elated {D}ecisions in the {P}etroleum {D}omain", url = "http://ieeexplore.ieee.org/document/7579748/", year = "2016", } @conference{Workflow2017SmartGIFT, author = "Zoppi, Tommaso and Bessler, Sandford and Ceccarelli, Andrea and Lambert, Edward and Lau, Eng Tseng and Vasenev, Alexandr", abstract = "Cyber security is becoming more and more relevant with the advent of large-scale systems made of independent and autonomous constituent systems that interoperate to achieve complex goals. To ensure security of cyberphysical systems, it is important to analyze identified threats and their possible consequences. In case of smart grids as an example of a complex system, threats can result in power outages that damage the continuous supply of energy that is required from critical infrastructures. Therefore, city planners must take into account security requirements when organizing the power grid, including demand-side management techniques able to mitigate the adverse effects of outages, ultimately improving grid resilience. This paper presents a modeling framework developed within the IRENE project that brings together methodologies, policies and a toolset to evaluate and measure the resilience of the targeted smart grid. This will support stakeholders and city planners in their activities, specifically the resilient evolution planning of Smart Grids.", address = "London, UK", booktitle = "2nd SmartGIFT Conference", doi = "10.1007/978-3-319-61813-5_23", editor = "Springer", isbn = "978-3-319-61813-5", keywords = "Threat Analysis, Smart Grids, Evolution, Resilience, City Planning, Power Flow Equations, Demand Side Management, IRENE", month = "March", pages = "10", publisher = "Springer", title = "{A} {M}odeling {F}ramework to {S}upport {R}esilient {E}volution {P}lanning of {S}mart {G}rids", url = "https://link.springer.com/chapter/10.1007/978-3-319-61813-5_23", volume = "203", year = "2017", } @article{jbcs05-JBCS-180, author = "Lollini, Paolo and Bondavalli, Andrea and Di Giandomenico, Felicita", booktitle = "Journal of the Brazilian Computer Society (JBCS)", month = "June", title = "{A} {M}odeling {M}ethodology for {H}ierarchical {C}ontrol {S}ystem and its {A}plication", year = "2005", } @conference{PDGLB04-ISAS2004-16, author = "Stefano Porcarelli and Di Giandomenico, Felicita and Lollini, Paolo and Bondavalli, Andrea", address = "Munich, Germany", booktitle = "International Service Availability Symposium 2004 (ISAS 2004)", month = "May 13-14", publisher = "Springer-Verlag", title = "{A} {M}odular {A}pproach for {M}odel-based {D}ependability {E}valuation of a {C}lass of {S}ystems", year = "2004", } @inbook{cecris10, author = "Nuno Antunes and Brancati, Francesco and Ceccarelli, Andrea and Bondavalli, Andrea and Marco Vieira", chapter = "10", doi = "10.13052/rp-9788793519558", isbn = "9788793519565", keywords = "cecris book, testing", pages = "25", publisher = "Riverpublisher", title = "{A} {M}onitoring and {T}esting {F}ramework for {C}ritical {O}ff-the-{S}helf {A}pplications and {S}ervices", url = "http://www.riverpublishers.com/pdf/ebook/chapter/RP_9788793519558C10.pdf", volume = "Certifications of Critical Sys", year = "2017", } @conference{issre-wosocer1, author = "Nuno Antunes and Brancati, Francesco and Ceccarelli, Andrea and Bondavalli, Andrea and Marco Vieira", booktitle = "ISSRE-WoSoCer", month = "November", publisher = "IEEE Computer society", title = "{A} {M}onitoring and {T}esting {F}ramework for {C}ritical {O}ff-{T}he-{S}helf {A}pplications and {S}ervices", year = "2013", } @conference{dadssac2016, author = "Nostro, Nicola and Ilaria Matteucci and Ceccarelli, Andrea and Francesco Santini and Felicita Di Giandomenico and Fabio Martinelli and Bondavalli, Andrea", abstract = "We propose a multi-criteria framework for ranking controlling strategies according to several weights, such as delay-time, resource cost, and success-probability of attacks defined via quantitative threat analysis. Therefore, by assigning a different priority to weight-dimensions, we can rank controllers in an adaptive way. We exemplify our approach on the Customer Energy Management System (CEMS), that acting as an interface among different systems, is exposed to attacks. We consider both the Man in the Middle (MiM) and the Denial of Service (DoS) attacks.", address = "New York, NY, USA", booktitle = "Proceedings of the 31st Annual ACM Symposium on Applied Computing", doi = "10.1145/2851613.2851878", isbn = "978-1-4503-3739-7", keywords = "Security assessment,Semiring,Algebraic formalism", pages = "530-533", publisher = "ACM", title = "{A} {M}ulti-{C}riteria {R}anking of {S}ecurity {C}ountermeasures", url = "http://dl.acm.org/citation.cfm?doid=2851613.2851878", year = "2016", } @conference{adet2015safecomp, author = "Zoppi, Tommaso and Bondavalli, Andrea and Ceccarelli, Andrea and Massimiliano Itria", abstract = "Revealing anomalies to support error detection in complex systems is a promising approach when traditional detection mechanisms (e.g., based on event logs, probes and heartbeats) are considered inadequate or not applicable. The detection capability of such complex system can be enhanced observing different layers to achieve richer information that describes the system status. Relying on an algorithm for statistical anomaly detection, in this paper we present the definition and implementation of an anomaly detector able to monitor data acquired from multiple layers, namely the Operating system and the Application Server, of a remote physical or virtual node. As case study, such monitoring system is applied to a node of the Secure! crisis management servicebased system. Results show the monitor performance, the intrusiveness of the probes, and ultimately the improved detection capability achieved observing data from the different layers.", booktitle = "Computer Safety, Reliability, and Security", doi = "10.1007/978-3-319-24255-2_13", isbn = "978-3-319-24254-5", issn = "0302-9743", keywords = "anomalies, monitor, complex event processor, Service Oriented Architecture, Secure", month = "September", pages = "166-180", publisher = "Springer International Publishing", series = "Lecture Notes in Computer Science", title = "{A} {M}ulti-{L}ayer {A}nomaly {D}etector for {D}ynamic {S}ervice-{B}ased {S}ystems", url = "http://link.springer.com/chapter/10.1007/978-3-319-24255-2_13", volume = "9337", year = "2015", } @article{TIM2010-TIM-239, author = "Bondavalli, Andrea and Ceccarelli, Andrea and Falai, Lorenzo and Michele Vadursi", journal = "IEEE Tran. on Instr. and Meas.", number = "4", pages = "820-831", title = "{A} {N}ew {A}pproach and a {R}elated {T}ool {F}or {D}ependability {M}easurements on {D}istributed {S}ystems", volume = "59", year = "2010", } @conference{GCB98-HASE-113, author = "F. Grandoni and Silvano Chiaradonna and Bondavalli, Andrea", address = "Bethesda, MD, USA", booktitle = "3rd IEEE High Assurance System Engineering Symposium (HASE'98)", pages = "224--231", title = "{A} new {H}euristic to {D}iscriminate {T}ransient from {I}ntermittent {F}aults", year = "1998", } @conference{BMNSTZ91-FTCS-80, author = "Bondavalli, Andrea and M. Mannocci and L. Nardone and L. Simoncini and F. Tarini and P. Zini", address = "Nurnberg, Germany", booktitle = "5th Int. Conference on Fault-Tolerant Computing Systems", month = "September", pages = "332--347", publisher = "Springer-Verlag", title = "{A} {P}erformable {BSM} {A}rchitecture", year = "1991", } @conference{BDG00-ISORC2k-62, author = "Bondavalli, Andrea and Di Giandomenico, Felicita", address = "Newport Beach, CA, USA", booktitle = "ISORC2k - 3rd IEEE Int. Symposium on Object-oriented Real-time distributed Computing", month = "March 15-17", pages = "306--308", title = "{A} {P}osition on {D}esign, {M}ethods, and {T}ools for {O}bject-{O}riented {R}eal-time {C}omputing", year = "2000", } @conference{RSAMN2011, author = "Bondavalli, Andrea and Brancati, Francesco and A. Flammini and Stefano Rinaldi", booktitle = "IEEE International Workshop on Measurements and Networking (M{\&}N 2011)", month = "October", title = "{A} {R}eliable and {S}elf-{A}ware {C}lock for {R}eference {T}ime {F}ailure {D}etection in {I}nternal {S}ynchronization {E}nvironment", year = "2011", } @conference{SRDS18, author = "Staderini, Mirko and Schiavone, Enrico and Bondavalli, Andrea", abstract = "In recent years, the interest in blockchain has grown exponentially, and nowadays it is foreseen as a technology with the potential to revolutionize the way data is maintained and transferred around the globe. The reason of this excitement is ascribable to the ability of enabling new forms of transactions and interactions between mistrusting and decentralized entities. Indeed, it has attracted interests and huge investments from enterprises, and it is predictable that in a near future many industries will adopt it. However, it is not a panacea and in some cases may even become useless or not convenient. Moreover, even when it can really constitute an added value, selecting the proper blockchain and configuring it may not be trivial. Trying to go beyond the hype and to address this problem, this paper proposes a methodology addressing: i) whether, given a specific problem requirements, the blockchain is a proper solution for it ii) in such a case which is the blockchain category more suitable, and finally iii) guiding the designer throughout its configuration.", booktitle = "2018 IEEE 37th International Symposium on Reliable Distributed Systems ", doi = "10.1109/SRDS.2018.00031", editor = "IEEE", isbn = "978-1-5386-8301-9", issn = "2575-8462", keywords = "blockchain, configuration, requirements-driven, flow diagram", month = "October", pages = "201-206", publisher = "IEEE", title = "{A} {R}equirements-{D}riven {M}ethodology for the {P}roper {S}election and {C}onfiguration of {B}lockchains", url = "https://ieeexplore.ieee.org/abstract/document/8613968", year = "2018", } @conference{DEPCOS2008-DEPCOSRELCOMEX2008-223, author = "Ceccarelli, Andrea and I. Majzik and D. Iovino and F. Caneschi and G. Pinter and Bondavalli, Andrea", booktitle = "IEEE Third International Conference on Dependability of Computer Systems (DepCoS-RELCOMEX 08)", month = "June", title = "{A} resilient {SIL} 2 {D}river {M}achine {I}nterface for train control systems", year = "2008", } @conference{Montecchi-ValueTools13, author = "Montecchi, Leonardo and Lollini, Paolo and Bondavalli, Andrea", abstract = "Model-transformation techniques have increasingly gained attention in the design and evaluation of high-integrity systems, with the purpose to provide (semi-)automatic tools for non-functional analysis. Analysis models are automatically derived from an architectural description of the system in a UML-like language. One of the main challenges is designing tools which can be reused: the modeling language, the analysis tools, and possibly the analysis method itself are going to evolve over time (e.g., due to different domains, new software versions, updates to standards). In this paper we describe the design and implementation of the toolchain for state-based dependability analysis developed within the CHESS project. The toolchain, which also provides back-annotation facilities, has been designed to be adapted to different modeling languages and analysis tools. The tool has been implemented as a plugin for the Eclipse platform, and it is publicly available on the CHESS website.", booktitle = "Proceedings of the 7th International Conference on Performance Evaluation Methodologies and Tools (VALUETOOLS 2013)", doi = "10.4108/icst.valuetools.2013.254395", isbn = "978-1-936968-48-0", month = "December, 10-12", note = "{acm}", pages = "298-303", title = "{A} {R}eusable {M}odular {T}oolchain for {A}utomated {D}ependability {E}valuation", url = "http://dl.acm.org/citation.cfm?id=2631882", year = "2013", } @conference{Rossi14, author = "Rossi, Magali Andreia and Lollini, Paolo and Bondavalli, Andrea and Italo Romani de Oliveira and Jorge Rady de Almeida Junior", address = "Colorado Springs", booktitle = "Proc. of the IEEE/AIAA 33rd IEEE Digital Avionics Systems Conference (DASC 2014)", month = "October 5-9", pages = "6B1-1 - 6B1-11", title = "{A} {S}afety {A}ssessment on the {U}se of {CPDLC} in {UAS} {C}ommunication {S}ystem", year = "2014", } @conference{BBDG97-FTDCS-32, author = "P. Bizzarri and Bondavalli, Andrea and Di Giandomenico, Felicita", address = "Tunis, Tunisia", booktitle = "6th IEEE Workshop on Future Trend in Distributed Computing Systems - FTDCS'97", month = "October 29-31", pages = "296--301", title = "{A} {S}cheduling {A}lgorithm for {A}periodic {G}roups of {T}asks in distributed {R}eal-{T}ime {S}ystems and its {H}olistic {A}nalysis", year = "1997", } @conference{BMCFPS00-pdp2007-195, author = "Bondavalli, Andrea and Ceccarelli, Andrea and Falai, Lorenzo", booktitle = "The Fifteen Euromicro Conference on Parallel, Distributed and Network-based Processing (PDP 2007)", month = "Febraury 7-9", title = "{A} self-aware clock for pervasive computing systems", year = "2007", } @conference{SORT2011-ISORCWSORT-253, author = "Ceccarelli, Andrea and Marco Vieira and Bondavalli, Andrea", booktitle = "Object/Component/Service-Oriented Real-Time Distributed Computing Workshops (ISORCW), 2011 14th IEEE International Symposium on", month = "March", pages = "133-142", title = "{A} {S}ervice {D}iscovery {A}pproach for {T}esting {D}ynamic {SOA}s", year = "2011", } @conference{safecomp, author = "Antonio Bovenzi and Brancati, Francesco and Stefano Russo and Bondavalli, Andrea", booktitle = "Computer Safety, Reliability, and Security", doi = "10.1007/978-3-642-24270-0_10", editor = "Flammini, Francesco and Bologna, Sandro and Vittorini, Valeria", isbn = "978-3-642-24269-4", note = "{springer}", pages = "128-142", publisher = "Springer Berlin / Heidelberg", title = "{A} {S}tatistical {A}nomaly-{B}ased {A}lgorithm for {O}n-line {F}ault {D}etection in {C}omplex {S}oftware {C}ritical {S}ystems", url = "http://dx.doi.org/10.1007/978-3-642-24270-0_10", year = "2011", } @article{8710621, author = "Montecchi, Leonardo and Lollini, Paolo and Bondavalli, Andrea", abstract = "Dependability and performance analysis of modern systems is facing great challenges: their scale is growing, they are becoming massively distributed, interconnected, and evolving. Such complexity makes model-based assessment a difficult and time-consuming task. For the evaluation of large systems, reusable submodels are typically adopted as an effective way to address the complexity and to improve the maintainability of models. When using state-based models, a common approach is to define libraries of generic submodels, and then compose concrete instances by state sharing, following predefined “patterns” that depend on the class of systems being modeled. However, such composition patterns are rarely formalized, or not even documented at all. In this paper, we address this problem using a model-driven approach, which combines a language to specify reusable submodels and composition patterns, and an automated composition algorithm. Clearly defining libraries of reusable submodels, together with patterns for their composition, allows complex models to be automatically assembled, based on a high-level description of the scenario to be evaluated. This paper provides a solution to this problem focusing on: formally defining the concept of model templates, defining a specification language for model templates, defining an automated instantiation and composition algorithm, and applying the approach to a case study of a large-scale distributed system.", doi = "10.1109/TR.2019.2898351", issn = "1558-1721", journal = "IEEE Transactions on Reliability", keywords = "decision making;formal verification;software reusability;specification languages;Web services;high-level description;generic submodels libraries;automated composition algorithm;model-driven approach;composition patterns;state sharing;state-based models;re", month = "March", number = "1", pages = "293-309", title = "{A} {T}emplate-{B}ased {M}ethodology for the {S}pecification and {A}utomated {C}omposition of {P}erformability {M}odels", volume = "69", year = "2020", } @conference{SOAHASE, author = "Ceccarelli, Andrea and Bondavalli, Andrea and Marco Vieira", booktitle = "HASE 2011", keywords = "SOA, testing", publisher = "IEEE in press", title = "{A} {T}esting {S}ervice for {L}ifelong {V}alidation of {D}ynamic {SOA}. ", year = "2011", } @conference{ETA2017SmartGIFT, author = "Zoppi, Tommaso and Ceccarelli, Andrea and Mori, Marco", abstract = "Cyber-security is becoming more and more relevant with the advent of large-scale systems made of independent and autonomous constituent systems that interoperate to achieve complex goals. Providing security in such cyber-physical systems means, among other features, identifying threats generated by novel detrimental behaviors. This paper presents a tool based on a methodology that is intended to support city evolution and energy planning with a focus on threats due to novel and existing interconnections among different components. More in detail, we report a tool demonstration which shows the application of a tool devised to i) deal with security threats arising due to evolutions in a Smart City - intended as a complex cyber-physical system -, and ii) consequently perform threat analysis.", address = "London, UK", booktitle = "2nd SmartGIFT Conference", doi = "10.1007/978-3-319-61813-5_20", editor = "Springer", isbn = "978-3-319-61813-5", keywords = "Threat Analysis, Smart Grids, Evolution, IRENE", month = "March", pages = "6", title = "{A} {T}ool for {E}volutionary {T}hreat {A}nalysis of {S}mart {G}rids", url = "https://link.springer.com/chapter/10.1007/978-3-319-61813-5_20", volume = "203", year = "2017", } @conference{BDGM97b-WMCS-66, author = "Bondavalli, Andrea and Di Giandomenico, Felicita and I. Mura", address = "Pisa, Italy", booktitle = "2nd Int. Workshop on Mechatronical Computer Systems", pages = "155--163", title = "{A} {V}alue-{B}ased {A}pproach to {F}lexible {D}ecision {M}aking in {R}eal-{T}ime {D}ependable {S}ystems", year = "1997", } @article{Nostro-JSS2016, author = "Nostro, Nicola and Romina Spalazzese and Di Giandomenico, Felicita and Paola Inverardi", abstract = "Our everyday life is pervaded by the use of a number of heterogeneous systems that are continuously and dynamically available in the networked environment to interoperate to achieve some goal. Goals may include both functional and non functional aspects and the evolving nature of such environment requires automated solutions as means to reach the needed level of flexibility. Achieving interoperability in such environment is a challenging problem. Even though some of such systems may in principle interact since they have compatible functionalities and similar interaction protocols, mismatches in their protocols and non functional issues arising from the environment may undermine their seamless interoperability. In this paper, we propose an approach for the automated synthesis of application layer connectors between heterogeneous networked systems (NSs) addressing both functional and some non functional interoperability. Our contributions are: (i) an automated connectors synthesis approach for NSs interoperability taking into account functional, performance and dependability aspects spanning pre-deployment time and run-time; (ii) a connector adaptation process, related to the performance and dependability aspects; and (iii) a stochastic model-based implementation of the performance and dependability analysis. In addition, we implemented, analyzed, and critically discussed a case study.", doi = "10.1016/j.jss.2015.09.038", issn = "0164-1212", journal = "Journal of Systems and Software", keywords = " Connector synthesis for interoperability; Dependability; Performance", month = "January", pages = "185 - 199", title = "{A}chieving functional and non functional interoperability through synthesized connectors", url = "http://www.sciencedirect.com/science/article/pii/S0164121215002149", volume = "111", year = "2016", } @incollection{BSS95-RCS-98, author = "Bondavalli, Andrea and J. Stankovic and L. Strigini", address = "Boston", booktitle = "Responsive Computer Systems: Steps Toward Fault-Tolerant Real-Time Systems", editor = "Fussell, D. and Malek, M.", pages = "187--208", publisher = "Kluwer Academic Publishers", title = "{A}daptable {F}ault {T}olerance for {R}eal-{T}ime {S}ystems", year = "1995", } @article{taas10-taas-243, author = "M. Dixit and A. Casimiro and Lollini, Paolo and Bondavalli, Andrea and P. Ver{\'i}ssimo", issn = "1556-4665", journal = "ACM Transactions on Autonomous and Adaptive Systems", keywords = "Adaptation, dependability, probabilistic analysis, quality of service", number = "2", pages = "18:1-18:25", title = "{A}daptare: {S}upporting automatic and dependable adaptation in dynamic environments", volume = "7", year = "2012", } @phdthesis{PhDBranca, author = "Brancati, Francesco", month = "May 14th", note = "Supervisor(s): A. Bondavalli", school = "Universit{\`a} degli Studi di Firenze. Dottorato in Informatica e Applicazioni (XXIV ciclo)", title = "{A}daptive and {S}afe {E}stimation of {D}ifferent {S}ources of {U}ncertainty to {I}mprove {D}ependability of {H}ighly {D}ynamic {S}ystems {T}hrough {O}nline {M}onitoring {A}nalysis", year = "2012", } @conference{NSBBT96-WORDS-121, author = "Edgar Nett and H. Streich and P. Bizzarri and Bondavalli, Andrea and F. Tarini", address = "Laguna Beach, California, U.S.A.", booktitle = "WORDS 96, IEEE Second Int. Workshop on Object-oriented Real-time Dependable Systems", month = "February 1-2", pages = "78--85", title = "{A}daptive {S}oftware {F}ault {T}olerance {P}olicies with {D}ynamic {R}eal-{T}ime {G}uarantees", year = "1996", } @conference{nbs_wosocer_14, author = "Nostro, Nicola and Bondavalli, Andrea and Nuno Silva", booktitle = "Software Reliability Engineering Workshops (ISSREW), 2014 IEEE International Symposium on", doi = "10.1109/ISSREW.2014.56", keywords = "Safety,Security,Safety-critical system,Cyber Threats,Threats Library", month = "November", pages = "521-526", title = "{A}dding {S}ecurity {C}oncerns to {S}afety {C}ritical {C}ertification", url = "http://ieeexplore.ieee.org/xpl/articleDetails.jsp?arnumber=6983897", year = "2014", } @conference{8995714, author = "Nuno Laranjeiro and Camilo Gomez and Schiavone, Enrico and Montecchi, Leonardo and Manoel J M Carvalho and Lollini, Paolo and Zolt{\'a}n Micskei", abstract = "Cyber-physical systems are characterized by strong interactions between their physical and computation parts. The increasing complexity of such systems, now used in numerous application domains (e.g., aeronautics, healthcare), in conjunction with hard to predict surrounding environments or the use of non-traditional middleware and with the presence of non-deterministic or non-explainable software outputs, tend to make traditional Verification and Validation (V{\&}V) techniques ineffective. This paper presents the H2020 ADVANCE project, which aims precisely at addressing the Verification and Validation challenges that the next-generation of cyber-physical systems bring, by exploring techniques, methods and tools for achieving the technical objective of improving the overall efficiency and effectiveness of the V{\&}V process. From a strategic perspective, the goal of the project is to create an international network of expertise on the topic of V{\&}V of cyber-physical systems.", booktitle = "2019 9th Latin-American Symposium on Dependable Computing (LADC)", doi = "10.1109/LADC48089.2019.8995714", keywords = "cyber-physical systems;formal verification;middleware;security of data;Validation challenges;future cyber-physical systems;physical parts;computation parts;nontraditional middleware;nonexplainable software outputs;traditional verification;validation techn", month = "Nov", pages = "1-2", title = "{A}ddressing {V}erification and {V}alidation {C}hallenges in {F}uture {C}yber-{P}hysical {S}ystems", year = "2019", } @conference{DGS90-SRDS-172, author = "Di Giandomenico, Felicita and L. Strigini", address = "Huntsville, Alabama", booktitle = "9th Symposium on Reliable Distributed Systems", pages = "114--123", title = "{A}djudicators for {D}iverse-{R}edundant {C}omponents", year = "1990", } @techreport{RCL120301, author = "Montecchi, Leonardo and Lollini, Paolo and Bondavalli, Andrea", month = "March", number = "RCL120301", title = "{ADVISE} model for the security evaluation of the {CASHMA} multi-biometric authentication system", year = "2012", } @conference{TRA2012, author = "Andrea Seminatore and Luca Ghelardoni and Ceccarelli, Andrea and Falai, Lorenzo and Michael Schultheis and Boris Malinowsky", abstract = "The ALARP (A railway automatic track warning system based on distributed personal mobile terminals) project has the aim to study, design and implement an innovative more efficient Automated Track Warning Systems with the intent of overcome the limits of current state-of-the-art solutions. The ALARP system provides a solution which is low cost, non-invasive, easy to install and totally independent from the existing signaling. It is responsible of advising workers of a train approaching and has the functionality of localizing the workers inside the worksite and of guiding them to a safe area.", booktitle = "TRA 2012", pages = "10", publisher = "Elsevier Ltd", title = "{ALARP} ({A} {R}ailway {A}utomatic {T}rack {W}arning {S}ystem {B}ased on {D}istributed {P}ersonal {M}obile {T}erminals)", year = "2012", } @techreport{PRB98-GUARDSI1SA1TN5009VE-157, author = "D. Powell and C. Rab{\'e}jac and Bondavalli, Andrea", number = "Report GUA", title = "{A}lpha-count {M}echanism and {I}nter-{C}hannel {D}iagnosis", type = "GUARDS Project - PDC", year = "1998", } @incollection{AMADEOS-framework, author = "Arun Babu and Sorin Iacob and Lollini, Paolo and Mori, Marco", abstract = "This chapter defines the overall tool-supported “AMADEOS architectural framework”, with its main building blocks and interfaces. It particularly focuses on Structure, Dependability, Security, Emergence, and Multi-criticality viewpoints of an SoS. Finally, for SoS modeling, a “supporting facility tool” based on Blockly is demonstrated. Blockly is a visual DSL and has been adopted to ease the design of SoS by means of simpler and intuitive user interface; thus requiring minimal technology expertise and support for the SoS designer.", booktitle = "Cyber-Physical Systems of Systems: Foundations -- A Conceptual Model and Some Derivations: The AMADEOS Legacy", doi = "10.1007/978-3-319-47590-5_5", editor = "Andrea Bondavalli, Sara Bouchenak, Hermann Kopetz", isbn = "978-3-319-47590-5", keywords = "Class Diagram, Conceptual Level, Sequence Diagram, Logical Level, Implementation Level", month = "2016", publisher = "Springer International Publishing", title = "{AMADEOS} {F}ramework and {S}upporting {T}ools", url = "https://link.springer.com/chapter/10.1007/978-3-319-47590-5_5", year = "2016", } @incollection{AMADEOS-profile, author = "Lollini, Paolo and Mori, Marco and Arun Babu and Sara Bouchenak", abstract = "In the European Union FP7-610535-AMADEOS project, a conceptual model for Systems of Systems (SoSs) has been conceived to find a common language allowing experts to collaborate on modelling, engineering, and analyzing SoSs.", booktitle = "Cyber-Physical Systems of Systems: Foundations -- A Conceptual Model and Some Derivations: The AMADEOS Legacy", doi = "10.1007/978-3-319-47590-5_4", editor = "Andrea Bondavalli, Sara Bouchenak, Hermann Kopetz", isbn = "978-3-319-47590-5", keywords = "Smart Grid, Sequence Diagram, Access Control Model, Emergent Behavior, Emergent Phenomenon", month = "2016", publisher = "Springer International Publishing", title = "{AMADEOS} {S}ys{ML} {P}rofile for {S}o{S} {C}onceptual {M}odeling", url = "https://link.springer.com/chapter/10.1007/978-3-319-47590-5_4", year = "2016", } @article{BCDGX02-JSA-1, author = "Bondavalli, Andrea and Silvano Chiaradonna and Di Giandomenico, Felicita and J. Xu", journal = "JSA - Journal on Systems and Architectures", number = "9", pages = "763--781", title = "{A}n {A}daptive {A}pproach to {A}chieving {H}ardware and {S}oftware {F}ault {T}olerance in a {D}istributed {C}omputing {E}nvironment", volume = "47", year = "2002", } @conference{MiniSy2020Staderini, author = "Staderini, Mirko and Caterina Palli", abstract = "Blockchain technology is having an everincreasing impact on distributed applications domain, since the adoption of Blockchain 2.0 led to the spread of smart contracts. In such context, Ethereum is the framework with the highest diffusion in terms of smart contract’s development, with a consequent rise of code vulnerabilities exploitations, some of which causing bad financial losses. This work focuses on the issues of Ethereum smart contracts implementation by analyzing known vulnerabilities and gives an overview to further perform a comparison among existing static tools for vulnerability detection. This analysis aims to select the less detected vulnerabilities that need deeper investigations to reduce their impact.", address = "Budapest, Hungary", booktitle = "Proceedings of the 27th PhD Mini-Symposium of the Department of Measurement and Information Systems, Budapest University of Technology and Economics", keywords = "smart contracts, Ethereum, Solidity, vulnerabilities, tools", month = "February", pages = "21-24", title = "{A}n {A}nalysis on {E}thereum {V}ulnerabilities and {F}urther {S}teps", url = "https://www.mit.bme.hu/eng/system/files/oktatas/9860/27Minisy_proceedings.pdf", year = "2020", } @article{DGBCN-IJARAS13, author = "Di Giandomenico, Felicita and Bertolino, Antonia and Calabr{\`o}, Antonello and Nostro, Nicola", doi = "10.4018/jaras.2013010101", journal = "International Journal of Adaptive, Resilient and Autonomic Systems (IJARAS)", keywords = "Adaptation, Dependability, Evolving Heterogeneous Systems, Model-based Assessment, Monitoring, Performance", month = "March", number = "1", pages = "1-25", title = "{A}n approach to adaptive dependability assessment in dynamic and evolving connected systems", url = "http://www.igi-global.com/article/approach-adaptive-dependability-assessment-dynamic/75547", volume = "Volume 4", year = "2013", } @conference{10.1007/978-3-030-58462-7_13, author = "Montecchi, Leonardo and Lollini, Paolo and Federico Moncini and Kenneth Keefe", abstract = "Mathematical models are an effective tool for studying the properties of complex systems. Constructing such models is a challenging task that often uses repeated patterns or templates. The Template Models Description Language (TMDL) has been developed to clearly define model templates that are used to generate model instances from the template specification. This paper describes the tool support that is being developed for applying the TDML approach with Stochastic Activity Networks (SANs) models. In particular, this paper details a graphical editor for SAN templates, which assists users in creating template-level models based on SANs. From these specifications, it will be possible to generate by model-transformation the subsequent instance-level models, which can be studied by simulation or analytical tools.", address = "Cham", booktitle = "Dependable Computing - EDCC 2020 Workshops", editor = "Bernardi, Simona and Vittorini, Valeria and Flammini, Francesco and Nardone, Roberto and Marrone, Stefano and Adler, Rasmus and Schneider, Daniel and Schlei{\ss}, Philipp and Nostro, Nicola and Lovenstein Olsen, Rasmus and Di Salle, Amleto and Masci, Paolo", isbn = "978-3-030-58462-7", pages = "159--167", publisher = "Springer International Publishing", title = "{A}n {E}clipse-{B}ased {E}ditor for {SAN} {T}emplates", year = "2020", } @conference{Ficco2011, author = "Massimo Ficco and Daidone, Alessandro and Luigi Coppolino and Luigi Romano and Bondavalli, Andrea", address = "New York, NY, USA", booktitle = "Proceedings of the 13th European Workshop on Dependable Computing", doi = "10.1145/1978582.1978586", isbn = "978-1-4503-0284-5", keywords = "diagnosis, filtering, monitoring", pages = "15--20", publisher = "ACM", series = "EWDC '11", title = "{A}n event correlation approach for fault diagnosis in {SCADA} infrastructures", url = "http://doi.acm.org/10.1145/1978582.1978586", year = "2011", } @conference{MCCB00-PESSRA2000-119, author = "M. Minichino and E. Ciancamerla and Silvano Chiaradonna and Bondavalli, Andrea", address = "K{\"o}ln, Cologne, Germany", booktitle = "4t Int. Symposium Programmable Electronic Systems in Safety Related Applications", month = "May 3-4", title = "{A}n experience of dependability assessment of a typical industrial safety critical {P}rogrammable {L}ogic {C}ontroller", year = "2000", } @conference{SEUS09Bondavalli-SEUS-236, author = "Bondavalli, Andrea and Brancati, Francesco and Ceccarelli, Andrea and Falai, Lorenzo", booktitle = "LNCS Software Technologies for Embedded and Ubiquitous Systems (SEUS)", pages = "69-81", title = "{A}n {E}xperimental {F}ramework for the {A}nalysis and {V}alidation of {S}oftware {C}locks", year = "2009", } @conference{services19, author = "Zoppi, Tommaso and Ceccarelli, Andrea and Bondavalli, Andrea", abstract = "The growing systems complexity calls for dedicated monitoring and data analysis strategies aiming to detect faults, attacks and errors before they escalate into failures. Distributed and heterogeneous systems are more likely to expose vulnerabilities that attackers may target to get unauthorized access to a system, make it unavailable or steal sensitive data. As countermeasure, traditionally techniques for attacks and intrusion detection are based on signature recognition and requires knowledge on the attacks pattern: therefore, they are not well-suited to detect zero-days attacks. A viable alternative is anomaly detection, where deviation from the expected behavior are suspected as attacks. However, anomaly detection is generally not applicable in systems where the expected behavior changes through time. In this paper we explore anomaly detection strategies based on sliding windows, which are intended for evolving and dynamic systems as IoT, in which system configuration and behavior may change continuously. We first describe the context and the key features of sliding windows, and then we proceed detailing their possible drawbacks. Discussion is substantiated by quantitative analyses directed to evaluate detection capabilities. The experimental campaign is based on state-of-the-art algorithms and datasets, and results have been made publicly available. ", booktitle = "IEEE World Congress on Services", doi = "10.1109/SERVICES.2019.00031", editor = "Chang C.K.,Chen P.,Goul M.,Oyama K.,Reiff-Marganiec S.,Sun Y.,Wang S.,Wang Z.", isbn = "978-172813851-0", publisher = "Institute of Electrical and Electronics Engineers Inc.", title = "{A}n {I}nitial {I}nvestigation on {S}liding {W}indows for {A}nomaly-{B}ased {I}ntrusion {D}etection", url = "https://ieeexplore.ieee.org/abstract/document/8817209", year = "2019", } @conference{BFLS00-EFTS00-69, author = "Bondavalli, Andrea and A. Fantechi and D. Latella and L. Simoncini", address = "Washington DC", booktitle = "IEEE Int. Workshop On Embedded Fault-Tolerant Systems (EFTS00)", month = "September 21-22", title = "{A}n {I}ntegrated and {C}ompositional {A}pproach to {D}esign {V}alidation of {E}mbedded {D}ependable {S}ystems", year = "2000", } @conference{BMCFPS00-SERENE08-210, author = "M. Kovacs and Lollini, Paolo and I. Majzik and Bondavalli, Andrea", booktitle = "RISE/EFTS Joint International Workshop on Software Engineering for REsilieNt systEms (SERENE 2008)", month = "November 17-19", pages = "29--38", title = "{A}n {I}ntegrated {F}ramework for the {D}ependability {E}valuation of {D}istributed {M}obile {A}pplications", year = "2008", } @techreport{techRepMoLoBo10-247, author = "Montecchi, Leonardo and Lollini, Paolo and Bondavalli, Andrea", institution = "University of Florence, Dip. Sistemi Informatica, RCL group", month = "January", number = "rcl101115 ", title = "{A}n {I}ntermediate {D}ependability {M}odel for state-based dependability analysis", year = "2011", } @article{BDGM99-RTSJ-67, author = "Bondavalli, Andrea and Di Giandomenico, Felicita and I. Mura", journal = "Real-Time Systems Journal, Kluwer Academic Publishers", number = "1", pages = "5--30", title = "{A}n {O}ptimal {V}alue-{B}ased {A}dmission {P}olicy and its {R}eflective {U}se in {R}eal-{T}ime {D}ependable {S}ystems", volume = "16", year = "1999", } @article{Bovenzi15-TDSC, author = "Antonio Bovenzi and Brancati, Francesco and Stefano Russo and Bondavalli, Andrea", abstract = "Revealing anomalies at the operating system (OS) level to support online diagnosis activities of complex software systems is a promising approach when traditional detection mechanisms (e.g., based on event logs, probes and heartbeats) are inadequate or cannot be applied. In this paper we propose a configurable detection framework to reveal anomalies in the OS behavior, related to system misbehaviors. The detector is based on online statistical analyses techniques, and it is designed for systems that operate under variable and non-stationary conditions. The framework is evaluated to detect the activation of software faults in a complex distributed system for Air Traffic Management (ATM). Results of experiments with two different OSs, namely Linux Red Hat EL5 and Windows Server 2008, show that the detector is effective for mission-critical systems. The framework can be configured to select the monitored parameter so as to tune the level of intrusivity. A sensitivity analysis of the detector parameters is carried out to show their impact on the performance and to give to practitioners guidelines for its field tuning.", journal = "IEEE Transactions on Dependable and Secure Computing", month = "May-June 1", note = "{IEEE}", number = "3", pages = "366-372", title = "{A}n {OS}-level {F}ramework for {A}nomaly {D}etection in {C}omplex {S}oftware {S}ystems", volume = "12", year = "2015", } @misc{facunla1, author = "Vallierick Ar-j Facunla", howpublished = "Corso di Laurea in Informatica, Universit{\`a} degli Studi di Firenze. Supervisor: A. Ceccarelli", keywords = "facunla1", title = "{A}nalisi dell’impatto di bug del compilatore {GCC} ai fini della sicurezza del softwa", year = "2018", } @mastersthesis{dallaimaster, author = "Giulia Dallai", note = "Supervisors: Andrea Bondavalli, Tommaso Zoppi", title = "{A}nalisi di {A}zzardi per un {S}istema di {I}nterfaccia {M}obile {R}emota per la {M}anutenzione delle {L}inee {F}erroviarie", year = "2019", } @mastersthesis{Pacini 2007, author = "Pacini, Alessandro", month = "February 9th", note = "Supervisor: A. Bondavalli, Co-Supervisor: F. Di Giandomenico, A. Daidone", school = "Universit{\`a} di Firenze", title = "{A}nalisi di possibili soluzioni per la diagnosi e la riconfigurazione dello scenario applicativo {A}ssisted {T}rasportation all'interno del progetto {H}idenets", year = "2007", } @mastersthesis{TesiFoglia, author = "Alex Foglia", note = "Supervisor(s): A. Bondavalli", school = "Universit{\`a} degli Studi di Firenze. Corso di Laurea in Informatica", title = "{A}nalisi di un sottosistema di posizionamento ferrotramviario", year = "2019", } @misc{Albini 2006, author = "Albini, Martina", howpublished = "Bachelor's thesis. Universit{\`a} degli Studi di Firenze. Corso di Laurea in Informatica", month = "December 18th", note = "Supervisor(s): A. Bondavalli, Co-Supervisor(s): L. Falai", title = "{A}nalisi e {V}alidazione di {A}lgoritmi {D}istribuiti in {S}istemi con {P}almari: {S}pecifica e {D}efinizione di {N}eko{PDA} e {A}nalisi delle {P}roblematiche del {P}orting", year = "2006", } @misc{Guarnieri 2006, author = "Guarnieri, Vania", howpublished = "Bachelor's thesis. Universit{\`a} degli Studi di Firenze. Corso di Laurea in Informatica", month = "December 18th", note = "Supervisor(s): A. Bondavalli, Co-Supervisor(s): L. Falai", title = "{A}nalisi e {V}alidazione di {S}istemi {D}istribuiti con {S}upporto {A}utomatico {I}ndipendente dalla {P}iattaforma", year = "2006", } @misc{Montecchi 2007, author = "Montecchi, Leonardo", howpublished = "Bachelor's thesis. Universit{\`a} degli Studi di Firenze. Corso di Laurea in Informatica", month = "April 27th", note = "Supervisor(s): A. Bondavalli, Co-Supervisor(s): P. Lollini", title = "{A}nalisi e valutazione di reti {UMTS}", year = "2007", } @mastersthesis{masinimaster, author = "Lavinia Masini", note = "Supervisors: Andrea Bondavalli, Tommaso Zoppi", title = "{A}nalisi quantitativa di architetture safety critical per un sistema di controllo ferroviario", year = "2019", } @misc{Baldini 2006, author = "Baldini, Alessio", howpublished = "Bachelor's thesis. Universit{\`a} degli Studi di Firenze. Corso di Laurea in Informatica", month = "December 18th", note = "Supervisor(s): A. Bondavalli, Co-Supervisor(s): S. Chiaradonna, P. Lollini", title = "{A}nalisi {Q}uantitativa di {S}istemi di {C}onsenso {S}oggetti ad {A}ttacchi", year = "2006", } @misc{tesicecca, author = "Ceccarelli, Andrea", howpublished = "Bachelor's thesis. Universit{\`a} degli Studi di Firenze. Corso di Laurea in Informatica", month = "April 28th", note = "Supervisor(s): A. Bondavalli, Co-Supervisor(s): L. Falai", title = "{A}nalisi sperimentale di applicazioni critiche real-time: uno strumento consapevole della qualit{\`a} delle misurazioni raccolte", year = "2006", } @conference{CBDG01-ISORC01-138, author = "A. Coccoli and Bondavalli, Andrea and Di Giandomenico, Felicita", address = "Magdeburg, Germany", booktitle = "ISORC'01 - 4th IEEE Int. Symposium on Object-oriented Real-time distributed Computing", pages = "209--216", title = "{A}nalysis and {E}stimation of the {Q}uality of {S}ervice of {G}roup {C}ommunication {P}rotocols", year = "2001", } @phdthesis{Porcarelli2003, author = "Stefano Porcarelli", month = "June 4th", note = "Supervisor(s): L. Simoncini, A. Bondavalli", school = "Universit{\`a} degli Studi di Pisa, Dottorato in Ingegneria dell'Informazione", title = "{A}nalysis and {M}odeling of {D}ependability and {P}erformability of {T}elecommunication {S}ystems", year = "2003", } @conference{CSB99-NGC-108, author = "A. Coccoli and L. Simoncini and Bondavalli, Andrea", address = "Pisa, Italy", booktitle = "First Int. Workshop on Networked Group Communication, NGC '99", title = "{A}nalysis and {V}alidation of {P}rotocols for the {R}ealisation of {D}istributed {D}ependable {A}pplications in {W}ireless {N}etworks", year = "1999", } @incollection{DCBV08-DCBV08LNCS-214, author = "Daidone, Alessandro and Silvano Chiaradonna and Bondavalli, Andrea and P. Verissimo", booktitle = "Architecting Dependable Systems V", editor = "De Lemos, R. and Di Giandomenico, F. and Gacek, C. and Muccini, H. and Vieira, M.", pages = "78--100", publisher = "Springer, Heidelberg", series = "LNCS", title = "{A}nalysis of a {R}edundant {A}rchitecture for {C}ritical {I}nfrastructure {P}rotection", volume = "5135", year = "2008", } @conference{DBLP:conf/safecomp/CeccarelliS15, author = "Ceccarelli, Andrea and Nuno Silva", booktitle = "Computer Safety, Reliability, and Security - SAFECOMP 2015 Workshops, ASSURE, DECSoS, ISSE, ReSA4CI, and SASSUR, Delft, The Netherlands, September 22, 2015, Proceedings", crossref = "DBLP:conf/safecomp/2015w", doi = "10.1007/978-3-319-24249-1_26", pages = "303--313", title = "{A}nalysis of {C}ompanies {G}aps in the {A}pplication of {S}tandards for {S}afety-{C}ritical {S}oftware", url = "http://dx.doi.org/10.1007/978-3-319-24249-1_26", year = "2015", } @phdthesis{PhDCecca, author = "Ceccarelli, Andrea", keywords = "critical systems, assessment, experimental evaluation, testing, methodology", month = "May 9th", note = "Supervisor(s): A. Bondavalli", school = "Universit{\`a} degli Studi di Firenze. Dottorato in Ingegneria Informatica e dell'Automazione (XXIV Ciclo)", title = "{A}nalysis of {C}ritical {S}ystems {T}hrough {R}igorous, {R}eproducible and {C}omparable {E}xperimental {A}ssessment", year = "2012", } @conference{EDCC 2012, author = "Silvano Chiaradonna and Di Giandomenico, Felicita and Nostro, Nicola", booktitle = "EDCC", doi = "10.1109/EDCC.2012.17", editor = "Cristian Constantinescu , Miguel P. Correia", isbn = "978-1-4673-0938-7", keywords = "Stochastic Modeling; Electric Power System; In- frastructures Dependencies; Blackout-size Assessment", month = "May", pages = "84-93", publisher = "IEEE", title = "{A}nalysis of {E}lectric {P}ower {S}ystems accounting for interdependencies in heterogeneous scenarios", url = "http://ieeexplore.ieee.org/xpl/articleDetails.jsp?tp={\&}arnumber=6214763{\&}contentType=Conference+Publications{\&}sortType%3Dasc_p_Sequence%26filter%3DAND%28p_IS_Number%3A6214743%29", year = "2012", } @conference{CSDGMB00-HASE00-109, author = "A. Coccoli and S. Schemmer and Di Giandomenico, Felicita and M. Mock and Bondavalli, Andrea", address = "Albuquerque, NM, USA", booktitle = "HASE00 - 5th IEEE High Assurance System Engineering Symposium", pages = "247--256", title = "{A}nalysis of {G}roup {C}ommunication {P}rotocols to {A}ssess {Q}uality of {S}ervice {P}roperties", year = "2000", } @conference{CB03-WORDS03-15, author = "A. Coccoli and Bondavalli, Andrea", address = "Capri, Italy", booktitle = "WORDS 2003, 9th IEEE International Workshop on Object-oriented Real-time Dependable Systems", publisher = "IEEE Computer Society Press", title = "{A}nalysis of {S}afety {R}elated {A}rchitectures", year = "2003", } @conference{CBBS94-DCCS-100, author = "Gy. Csert{\'a}n and C. Bernardeschi and Bondavalli, Andrea and L. Simoncini", address = "Toledo, Spain", booktitle = "12th IFAC workshop DCCS 94", pages = "153--158", publisher = "Elsevier Science", title = "{A}nalysis of temporal properties of dataflow networks", year = "1994", } @conference{TPDGB01-DSN-147, author = "F. Tataranni and Stefano Porcarelli and Di Giandomenico, Felicita and Bondavalli, Andrea", address = "G{\"o}teborg, Sweden", booktitle = "IEEE Int. Conference on Dependable Systems and Networks (DSN-2001)", pages = "235--244", title = "{A}nalysis of the {E}ffects of {O}utages on the {Q}uality of {S}ervice of {GPRS} {N}etwork {S}ystems", year = "2001", } @conference{forms08-FORMS2008-211, author = "Lollini, Paolo and Montecchi, Leonardo and M. Magyar and I. Majzik and Bondavalli, Andrea", booktitle = "Symposium on Formal Methods for Automation and Safety in Railway and Automotive Systems (FORMS/FORMAT 2008)", month = "October 9-10", title = "{A}nalysis of the impact of communication protocols on service quality in {ERTMS} automatic train control systems", year = "2008", } @incollection{blm08-SEUS2008-215, author = "Bondavalli, Andrea and Lollini, Paolo and Montecchi, Leonardo", booktitle = "6th IFIP Workshop on Software Technologies for Future Embedded and Ubiquitous Systems (SEUS 2008)", note = "{springer}", publisher = "Springer Verlag", series = "LNCS", title = "{A}nalysis of {U}ser {P}erceived {Q}o{S} in {U}biquitous {UMTS} {E}nvironments {S}ubject to {F}aults", year = "2008", } @conference{BMN97-HASE-79, author = "Bondavalli, Andrea and I. Mura and M. Nelli", address = "Washington, DC, USA", booktitle = "IEEE HASE'97, High Assurance System Engineering Workshop", month = "August 11-12", pages = "85--91", title = "{A}nalytical {M}odelling and {E}valuation of {P}hased-{M}ission {S}ystems for {S}pace {A}pplications", year = "1997", } @techreport{BMN97b-GUARDSD3A4AO6001C-161, author = "Bondavalli, Andrea and I. Mura and M. Nelli", month = "March 18", number = "Report GUA", title = "{A}nalytical modelling and evaluation of the {GUARDS} instances: example for space applications", type = "GUARDS Project - PDC", year = "1997", } @techreport{CDGB97-GUARDSD3A4AO6002C-107, author = "Silvano Chiaradonna and Di Giandomenico, Felicita and Bondavalli, Andrea", institution = "PDCC", month = "March 18", number = "D3A4/AO/60", title = "{A}nalytical {M}odelling of {GUARDS} {M}echanisms and {C}omponents: {E}xample of the {E}rror {F}iltering {M}echanism", type = "ESPRIT Project 20716", year = "1997", } @conference{PDGB02-ISCC02-8, author = "Stefano Porcarelli and Di Giandomenico, Felicita and Bondavalli, Andrea", address = "Taormina, Italy", booktitle = "IEEE Symposium on Computers and Communications (ISCC02)", pages = "142--149", title = "{A}nalyzing {Q}uality of {S}ervice of {GPRS} {N}etwork {S}ystems from a {U}sers {P}erspective", year = "2002", } @conference{gmee, author = "Bondavalli, Andrea and Ceccarelli, Andrea and Brancati, Francesco and Diego Santoro and Michele Vadursi", booktitle = "XXXI Congresso Nazionale dell'AssociazioneGruppo Misure Elettriche ed Elettroniche", isbn = "978-88-97683-66-7", keywords = "anomaly gmee", title = "{A}nomaly detection in sistemi complessi mediante monitoraggio di variabili di sistema operativo", year = "2014", } @misc{taddeibach, author = "Dario Taddei", howpublished = "Corso di Laurea in Informatica, Universit{\`a} degli Studi di Firenze. Supervisor(s): Tommaso Zoppi, Andrea Bondavalli", title = "{A}nomaly {D}etection in {S}istemi {S}afety-{C}ritical: {A}nalisi e {D}iscussione dell’{A}deguatezza della {M}atrice di {C}onfusion", year = "2020", } @misc{caiabach, author = "Antonio Caia", howpublished = "Corso di Laurea in Informatica, Universit{\`a} degli Studi di Firenze. Supervisor(s): Tommaso Zoppi", title = "{A}nomaly {D}etection {I}n {S}mart {G}rid: {C}onfronto {D}i {A}lgoritmi {U}nsupervised {P}er {L}’analisi {D}ei {C}onsumi", year = "2020", } @misc{rettanibachelor, author = "Manuel Rettani", howpublished = "Corso di Laurea in Informatica, Universit{\`a} degli Studi di Firenze. Supervisor(s): Tommaso Zoppi", title = "{A}nomaly detection per la {R}ilevazione di {A}ttacchi ai {S}ensori {B}iometrici ", year = "2019", } @conference{BNSM97-WCRR-85, author = "Bondavalli, Andrea and M. Nelli and L. Simoncini and G. Mongardi", address = "Firenze, Italia", booktitle = "WCRR - World Congress on Railway Research", month = "16-19 Novembre", title = "{A}pplication of {A}nalytical {M}odel-{B}ased {E}valuations to {T}he {R}ailway {A}plications: a case study", year = "1997", } @inbook{ads7-ads_vii-242, author = "Bondavalli, Andrea and Ceccarelli, Andrea and Lollini, Paolo", address = "Berlin Heidelberg", month = "January", publisher = "Springer Berlin / Heidelberg", series = "LNCS", title = "{A}rchitecting and {V}alidating {D}ependable {S}ystems: {E}xperiences and {V}isions", year = "2010", } @conference{SDGBC04-WCC2004-22, author = "L. Simoncini and Di Giandomenico, Felicita and Bondavalli, Andrea and Silvano Chiaradonna", address = "Toulouse, France", booktitle = "Fault Tolerance for Trustworthy and Dependable Information Infrastructures, Topical Days Track, WCC 18th IFIP World Computer Congress", month = "August, 22-27", title = "{A}rchitectural {C}hallenges for a {D}ependable {I}nformation {S}ociety", year = "2004", } @misc{goriLollini, author = "Francesco Gori", howpublished = "Corso di Laurea in Informatica, Universit{\`a} degli Studi di Firenze. Supervisor(s): Paolo Lollini", title = "{ARCHITETTURE} {A} {MICROSERVIZI}: {PROTOCOLLI} {DI} {COMUNICAZIONE} {DI} {BASE}, {MODELLO} {AD} {ATTORI} {ED} {ESPERIENZE} {DI} {SVILUPPO} {CON} {IL} {FRAMEWORK} {AKKA}", year = "2020", } @conference{8276772, author = "Montecchi, Leonardo and Lollini, Paolo and Ceccarelli, Andrea", booktitle = "2017 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData)", doi = "10.1109/iThings-GreenCom-CPSCom-SmartData.2017.54", keywords = "critical infrastructures;failure analysis;large-scale systems;power system interconnection;smart power grids;stochastic processes;Critical Infrastructures;Smart Grids;Stochastic Activity Networks formalism;cascading failures;complex systems;failures propa", month = "June", pages = "324-329", title = "{A}ssessing the {I}mpact of {C}ascading {F}ailures in {U}rban {E}lectricity {N}etworks", year = "2017", } @techreport{techRep-rcl080401-205, author = "Lollini, Paolo and Montecchi, Leonardo and M. Magyar and I. Majzik and Bondavalli, Andrea", institution = "University of Florence, Dip. Sistemi Informatica, RCL group", month = "April", number = "rcl080401", title = "{A}ssessing the impact of cyclic/acyclic {EVC}-{DMI} interactions in {A}utomatic {T}rain {C}ontrol systems", url = "http://dcl.isti.cnr.it/Documentation/Papers/Techreports.html", year = "2008", } @article{CDGL09-IJSSECDGL09-232, author = "Silvano Chiaradonna and Di Giandomenico, Felicita and Lollini, Paolo", journal = "International Journal of System of Systems Engineering (IJSSE), InderScience Publishers", number = "3", pages = "367--386", title = "{A}ssessing the {I}mpact of {I}nterdependencies in {E}lectric {P}ower {S}ystems", volume = "1", year = "2009", } @conference{SRDS08-SRDS2008-224, author = "Bondavalli, Andrea and Ceccarelli, Andrea and Falai, Lorenzo", address = "Washington, DC, USA", booktitle = "SRDS 2008: Proceedings of the 27th IEEE Symposium on Reliable Distributed Systems", publisher = "IEEE Computer Society", title = "{A}ssuring {R}esilient {T}ime {S}ynchronization", year = "2008", } @misc{piazzesi, author = "Niccolo Piazzesi", howpublished = "Corso di Laurea in Informatica, Universit{\`a} degli Studi di Firenze. Supervisor: A. Ceccarelli", keywords = "piazzesi", title = "{A}ttacchi verso sistemi di apprendimento in ambito autonomous driving: studio e implementazione in ambienti simulati", year = "2020", } @conference{10.1007/978-3-030-83903-1_14, author = "Niccol{\`o} Piazzesi and Massimo Hong and Ceccarelli, Andrea", abstract = "Machine Learning applications are acknowledged at the foundation of autonomous driving, because they are the enabling technology for most driving tasks. However, the inclusion of trained agents in automotive systems exposes the vehicle to novel attacks and faults, that can result in safety threats to the driving tasks. In this paper we report our experimental campaign on the injection of adversarial attacks and software faults in a self-driving agent running in a driving simulator. We show that adversarial attacks and faults injected in the trained agent can lead to erroneous decisions and severely jeopardize safety. The paper shows a feasible and easily-reproducible approach based on open source simulator and tools, and the results clearly motivate the need of both protective measures and extensive testing campaigns.", address = "Cham", booktitle = "Computer Safety, Reliability, and Security", editor = "Habli, Ibrahimand Sujan, Markand Bitsch, Friedemann", isbn = "978-3-030-83903-1", pages = "210--225", publisher = "Springer International Publishing", title = "{A}ttack and {F}ault {I}njection in {S}elf-driving {A}gents on the {C}arla {S}imulator -- {E}xperience {R}eport", year = "2021", } @mastersthesis{SchiavoneMaster, author = "Schiavone, Enrico", month = "April 17th", note = "Supervisor(s): A. Bondavalli, Co-Supervisor(s): A. Ceccarelli", school = "Universit{\`a} degli Studi di Firenze. Corso di Laurea Magistrale in Informatica", title = "{A}utenticazione {C}ontinua {B}iometrica: {D}efinizione e {P}rototipazione di una {S}oluzione per la {P}rotezione di {A}mbienti {D}esktop", year = "2015", } @conference{BMM99-ISORC-77, author = "Bondavalli, Andrea and I. Majzik and I. Mura", address = "Saint Malo, France", booktitle = "2nd IEEE Int. Symposium on Object-oriented Real-time distributed Computing (ISORC'99)", month = "May 2-5", pages = "139--144", title = "{A}utomated {D}ependability {A}nalysis of {UML} {D}esigns", year = "1999", } @article{DiGiandomenico2014220, author = "Di Giandomenico, Felicita and Massimiliano Leone Itria and P. Masci and Nostro, Nicola", abstract = "Approaches to dependability and performance are challenged when systems are made up of networks of heterogeneous applications/devices, especially when operating in unpredictable open-world settings. The research community is tackling this problem and exploring means for enabling interoperability at the application level. The EU project Connect has developed a generic interoperability mechanism which relies on the on-the-fly synthesis of “Connectors”, that is software bridges that enable and adapt communication among heterogeneous devices. Dependability and Performance are relevant aspects of the system. In our previous work, we have identified generic dependability mechanisms for enhancing the dependability of Connectors. In this work, we introduce a set of generic strategies for automating the selection and application of an appropriate dependability mechanism. A case study based on a global monitoring system for environment and security (GMES) is used as a means for demonstrating the approach. ", doi = "http://dx.doi.org/10.1016/j.ress.2014.08.001", issn = "0951-8320", journal = "Reliability Engineering {\&} System Safety ", keywords = "Model-based analysis", pages = "220 - 232", title = "{A}utomated synthesis of dependable mediators for heterogeneous interoperable systems ", url = "http://www.sciencedirect.com/science/article/pii/S095183201400194X", volume = "132", year = "2014", } @conference{BMM99b-HASE-78, author = "Bondavalli, Andrea and I. Majzik and I. Mura", address = "Washington D.C., USA", booktitle = "4th IEEE High Assurance System Engineering Symposium (HASE99)", pages = "64--71", title = "{A}utomatic {D}ependability {A}nalysis for {S}upporting {D}esign {D}ecisions in {UML}", year = "1999", } @conference{MB98-ISSRE-115, author = "I. Majzik and Bondavalli, Andrea", address = "Paderborn, Germany", booktitle = "9th IEEE Int. Symposium on Software Reliability Engineering (ISSRE) - Fast Abstract Track", month = "November 4-7", pages = "29--30", title = "{A}utomatic {D}ependability {M}odelling of {S}ystems {D}escribed in {UML}", year = "1998", } @inbook{Ceccarelli2016a, author = "Ceccarelli, Andrea and Bondavalli, Andrea and Bernhard Froemel and Oliver Hoeftberger and Hermann Kopetz", abstract = "A System of System (SoS) stems from the integration of existing systems (legacy systems), normally operated by different organizations, and new systems that have been designed to take advantage of this integration.", address = "Cham", booktitle = "Cyber-Physical Systems of Systems: Foundations -- A Conceptual Model and Some Derivations: The AMADEOS Legacy", doi = "10.1007/978-3-319-47590-5_1", editor = "Bondavalli, Andrea and Bouchenak, Sara and Kopetz, Hermann", isbn = "978-3-319-47590-5", pages = "1--39", publisher = "Springer International Publishing", title = "{B}asic {C}oncepts on {S}ystems of {S}ystems", url = "https://doi.org/10.1007/978-3-319-47590-5_1", year = "2016", } @techreport{PSBDG98b-CSRtn-153, author = "M. Pizza and L. Strigini and Bondavalli, Andrea and Di Giandomenico, Felicita", month = "January", title = "{B}ayesian {D}iagnosis of {T}ransient vs {P}ermanent {F}aults", type = "CSR Technical note", year = "1998", } @misc{big4data1, author = "Marcello Cinque and Flavio Frattini and Antonio Pecchia and Stefano Russo and Leonardo Querzoni and Leonardo Aniello and Claudio Ciccottelli and Ceccarelli, Andrea and Bondavalli, Andrea and Andrea Pugliese and Antonella Guzzo", howpublished = "EDCCW Big4CIP", title = "{B}ig {D}ata in {C}ritical {I}nfrastructures {S}ecurity {M}onitoring: {C}hallenges and {O}pportunities", year = "2014", } @misc{calamaiMarco, author = "Marco Calamai", howpublished = "Corso di Laurea in Informatica, Universit{\`a} degli Studi di Firenze. Supervisor: Paolo Lollini. Co-Supervisor: Andrea Bondavalli", title = "{BLOCKLY} {COME} {TOOL} {DI} {MODEL}-{DRIVEN} {ENGINEERING} {PER} {LA} {MODELLIZZAZIONEDI} {SISTEMI} {DI} {SISTEMI} ", year = "2017", } @techreport{BM98-GUARDSI3A4AO6015VA-156, author = "Bondavalli, Andrea and I. Mura", month = "11 June", number = "Report GUA", title = "{B}rief {O}verview of some {T}ools to {S}upport the {M}odelling and {E}valuation of {P}hased {M}ission {S}ystems", type = "GUARDS Project, PDCC", year = "1998", } @misc{mariotti1, author = "Francesco Mariotti", howpublished = "Corso di Laurea in Informatica, Universit{\`a} degli Studi di Firenze. Supervisor: A. Ceccarelli", keywords = "camp1", title = "{C}ampagna di test funzionali su un protocollo ferroviario di comunicazione secondo la {EN}50128", year = "2019", } @book{CECRISBook, author = "Bondavalli, Andrea and Brancati, Francesco", abstract = "In recent years, a considerable amount of effort has been devoted, both in industry and academia, to the development, validation and verification of critical systems, i.e. those systems whose malfunctions or failures reach a critical level both in terms of risks to human life as well as having a large economic impact. Certifications of Critical Systems - The CECRIS Experience documents the main insights on Cost Effective Verification and Validation processes that were gained during work in the European Research Project CECRIS (Certification of Critical Systems). The objective of the research was to tackle the challenges of certification by focusing on those aspects that turn out to be more difficult/important for current and future critical systems industry: the effective use of methodologies, processes and tools. Starting from both the scientific and industrial state of the art methodologies for system development and the impact of their usage on the verification and validation and certification of critical systems, the project aimed at developing strategies and techniques supported by automatic or semi-automatic tools and methods for these activities, setting guidelines to support engineers during the planning of the verification and validation phases.", doi = "10.13052/rp-9788793519558", editor = "Andrea Bondavalli, Francesco Brancati", isbn = "9788793519565", keywords = "Safety Assessment, Reliability Analysis, Critical Systems and Applications, Functional Safety, Dependability Validation, Dependable Software Systems, Embedded Systems, System Certification", publisher = "River Publisher", title = "{C}ertifications of {C}ritical {S}ystems - {T}he {CECRIS} {E}xperience", url = "http://www.riverpublishers.com/research_details.php?book_id=450", year = "2017", } @misc{LMorgantiBsc, author = "Lorenzo Morganti", howpublished = "Corso di Laurea in Informatica, Universit{\`a} degli Studi di Firenze. Supervisor: Paolo Lollini", title = "{CERTIFICAZIONE} {DI} {SISTEMI} {CRITICI} {NEL} {SETTORE} {AUTOMOBILISTICO}: {CONCETTI} {DI} {BASE}, {STANDARDS} {E} {LORO} {EVOLUZIONE} {VERSO} {L}’ {INTEGRAZIONE} {DI} {FATTORI} {UMA}", year = "2018", } @conference{srds2016tommaso, author = "Zoppi, Tommaso and Ceccarelli, Andrea and Bondavalli, Andrea", abstract = "Software infrastructures are becoming more and more complex, making performance and dependability monitoring in wide and dynamic contexts such as Distributed Systems, Systems of Systems (SoS) and Cloud environments an unachievable goal. Consequently, it is very difficult to know how all the specific parts, services and modules of these systems behave. This negatively impacts our ability in detecting anomalies, because the boundaries between normal and anomalous behaviors are not always known. The paper describes the context and the targeted problem highlighting the research directions that the student will follow in the next years. In particular, after introducing the relevance of this work with respect to the academic and the industrial state of the art, we carefully define the problem and summarize the main challenges that arise according to such problem definition.", booktitle = "Proceedings of 2016 IEEE 35th Symposium on Reliable Distributed Systems", doi = "10.1109/SRDS.2016.34", isbn = "978-1-5090-3513-7", keywords = "anomaly detection; monitoring; multi-layer; distributed system; complex system;", pages = "2", publisher = "IEEE", title = "{C}hallenging {A}nomaly {D}etection in {C}omplex {D}ynamic {S}ystems", year = "2016", } @conference{BCCA2020, author = "Staderini, Mirko and Caterina Palli and Bondavalli, Andrea", abstract = "Blockchain technology is having an ever-increasing impact on distributed applications domain, since the adoption of Blockchain 2.0 led to the spread of smart contracts. In such a context, Ethereum is the framework with the highest diffusion in terms of smart contract’s development, with a consequent rise of exploitation of code vulnerabilities, some of which causing bad financial losses. For this reason, this paper focuses on the issues of Ethereum smart contracts implementation (made with the Turing-complete language Solidity), providing a comprehensive systematization of such vulnerabilities basing on a slice of the Common Weakness Enumeration (CWE). Moreover, some relevant propagation cases among different vulnerabilities and CWE groups, observed in exploited contracts, are highlighted.", booktitle = "2020 Second International Conference on Blockchain Computing and Applications (BCCA)", doi = "10.1109/BCCA50787.2020.9274458", isbn = "978-1-7281-8370-1", keywords = "smart contracts , Ethereum , Solidity , vulnerabilities , classification , relations", month = "December", pages = "pp. 44-51", publisher = "IEEE", title = "{C}lassification of {E}thereum {V}ulnerabilities and their {P}ropagations", url = "https://ieeexplore.ieee.org/document/9274458", year = "2020", } @conference{BerniniEDCC16, author = "Riccardo Bernini and Bondavalli, Andrea and Lollini, Paolo and Montecchi, Leonardo", abstract = "Several formalisms and techniques have been in- troduced in the literature for the purpose of modeling and evaluation of complex systems. Each of them has its strengths and weaknesses, which also depend on the purpose of the evaluation. In this paper we propose the integration of two different formalisms in a single framework for the modeling, validation, and optimization of production-supply problems. In particular, the proposed framework combines Process Graphs (P-Graphs) as the modeling formalism, and Stochastic Activity Networks (SAN) for the analysis and optimization. The integration proposed in this paper extends the capabilities of the P-Graph formalism to include performance and dependability metrics in the optimization process, without hampering the modeling convenience of P-Graphs. The proposed approach is applied to a case study of the optimization of a power supply network.", address = "Gothenburg, Sweden", booktitle = "Proceedings of the 12th European Dependable Computing Conference (EDCC2016)", doi = "10.1109/EDCC.2016.33", isbn = "978-1-5090-1582-5 ", month = "September 5-9", note = "{ieee}", pages = "197-207", title = "{C}ombining {SAN} and {P}-{G}raphs for the {A}nalysis and {O}ptimization of {I}ndustrial {P}rocesses", url = "http://ieeexplore.ieee.org/document/7780361/", year = "2016", } @techreport{CBS94-C9402-104, author = "Silvano Chiaradonna and Bondavalli, Andrea and L. Strigini", institution = "CNUCE/CNR", month = "January", number = "C94-02", title = "{C}omparative {P}erformability {E}valuation of {RB}, {NVP} and {SCOP}", type = "Technical Report", year = "1994", } @proceedings{safecomp2014, author = "Bondavalli, Andrea and Di Giandomenico, Felicita", doi = "10.1007/978-3-319-10506-2", editor = "Andrea Bondavalli; Felicita Di Giandomenico", isbn = "978-3-319-10505-5", publisher = "Springer", series = "Lecture Notes in Computer Science", title = "{C}omputer {S}afety, {R}eliability, and {S}ecurity - 33rd {I}nternational {C}onference, {SAFECOMP} 2014, {F}lorence, {I}taly, {S}eptember 10-12, 2014. {P}roceedings", url = "http://dx.doi.org/10.1007/978-3-319-10506-2", volume = "8666", year = "2014", } @proceedings{safecomp2014workshops, author = "Bondavalli, Andrea and Ceccarelli, Andrea and Frank Ortmeier", editor = "Andrea Bondavalli; Andrea Ceccarelli; Frank Ortmeier ", isbn = "978-331910556-7", issn = "03029743", publisher = "Springer", series = "Lecture Notes in Computer Science", title = "{C}omputer {S}afety, {R}eliability, and {S}ecurity - {SAFECOMP} 2014 {W}orkshops: {ASC}o{MS}, {DECS}o{S}, {DEVVARTS}, {ISSE}, {R}e{SA}4{CI}, {SASSUR}. {F}lorence, {I}taly, {S}eptember 8-9, 2014, {P}roceedings", url = "http://www.springer.com/us/book/9783319105567", volume = "8696", year = "2014", } @conference{BG88b-SNIPS-73, author = "Bondavalli, Andrea and E. Gregori", address = "Sofia, Bulgaria", booktitle = "IFIP TC6/TC8 Open Symposium on Network Information Processing Systems", month = "May", pages = "69--77", publisher = "North Holland", title = "{C}oncurrency {C}ontrol in {OSI} {T}ransactional {E}nvironments", year = "1988", } @conference{LBDGP04-ISCC2004-18, author = "Lollini, Paolo and Bondavalli, Andrea and Di Giandomenico, Felicita and Stefano Porcarelli", address = "Alexandria, Egypt", booktitle = "The Ninth IEEE Symposium On Computers And Communications (ISCC'2004)", month = "June 28 - July 1", title = "{C}ongestion {A}nalysis during {O}utage, {C}ongestion {T}reatment and {O}utage {R}ecovery for simple {GPRS} networks", year = "2004", } @conference{LDGBP04-MV04-24, author = "Lollini, Paolo and Di Giandomenico, Felicita and Bondavalli, Andrea and Stefano Porcarelli", address = "Athens, Greece", booktitle = "Mobile Venue '04 (informal proceedings)", month = "May 27-28", title = "{C}ongestion analysis in a general {GPRS} network", year = "2004", } @conference{CBS00-IDPT2000-103, author = "A. Coccoli and Bondavalli, Andrea and L. Simoncini", address = "Dallas, TX, USA", booktitle = "IDPT '2000 5th, Int. Conference on Integrated Design and Process Technology", month = "June 4-8", title = "{C}onsensus in asynchronous distributed systems", year = "2000", } @conference{SAFECOMP16AD, author = "Zoppi, Tommaso and Ceccarelli, Andrea and Bondavalli, Andrea", abstract = "Revealing anomalies to support error detection in softwareintensive systems is a promising approach when traditional detection mechanisms are considered inadequate or not applicable. The core of anomaly detection lies in the definition of the expected behavior of the observed system. Unfortunately, the behavior of complex and dynamic systems is particularly difficult to understand. To improve the accuracy of anomaly detection in such systems, in this paper we present a contextaware anomaly detection framework which acquires information on the running services to calibrate the anomaly detection. To cope with system dynamicity, our framework avoids instrumenting probes into the application layer of the observed system monitoring multiple underlying layers instead. Experimental evaluation shows that the detection accuracy is increased considerably through context-awareness and multiple layers monitoring. Results are compared to state-of-the-art anomaly detectors exercised in demanding more static contexts.", booktitle = "Computer Safety, Reliability and Security (SAFECOMP 2016)", doi = "10.1007/978-3-319-45477-1", editor = "Amund Skavhaug; J{\'e}r{\'e}mie Guiochet; Friedemann Bitsch", isbn = "978-3-319-45477-1", keywords = "Anomaly Detection, Monitoring, Service Oriented Architecture, SOA, Context Aware, Multi Layer", pages = "145-158", publisher = "Springer International Publishing", series = "9922", title = "{C}ontext-{A}wareness to improve {A}nomaly {D}etection in {D}ynamic {S}ervice {O}riented {A}rchitectures", url = "https://www.springerprofessional.de/context-awareness-to-improve-anomaly-detection-in-dynamic-servic/10656174", year = "2016", } @article{Ceccarelli-TDSC2015, author = "Ceccarelli, Andrea and Montecchi, Leonardo and Brancati, Francesco and Lollini, Paolo and Angelo Marguglio and Bondavalli, Andrea", abstract = "Session management in distributed Internet services is traditionally based on username and password, explicit logouts and mechanisms of user session expiration using classic timeouts. Emerging biometric solutions allow substituting username and password with biometric data during session establishment, but in such an approach still a single verification is deemed sufficient, and the identity of a user is considered immutable during the entire session. Additionally, the length of the session timeout may impact on the usability of the service and consequent client satisfaction. This paper explores promising alternatives offered by applying biometrics in the management of sessions. A secure protocol is defined for perpetual authentication through continuous user verification. The protocol determines adaptive timeouts based on the quality, frequency and type of biometric data transparently acquired from the user. The functional behavior of the protocol is illustrated through Matlab simulations, while model-based quantitative analysis is carried out to assess the ability of the protocol to contrast security attacks exercised by different kinds of attackers. Finally, the current prototype for PCs and Android smartphones is discussed.", doi = "10.1109/TDSC.2013.2297709", journal = "IEEE Transactions on Dependable and Secure Computing", month = "May-June", note = "{ieee}", number = "3", pages = "270-283", title = "{C}ontinuous and {T}ransparent {U}ser {I}dentity {V}erification for {S}ecure {I}nternet {S}ervices", volume = "12", year = "2015", } @conference{SRDSsf2016Schiavone, author = "Schiavone, Enrico and Ceccarelli, Andrea and Bondavalli, Andrea", abstract = "User authentication is a key service, especially for systems that can be considered critical for the data stored and the functionalities offered. In those cases, traditional authentication mechanisms can be inadequate to face intrusions: they usually verify user’s identity only at login, and even repeating this step, frequently asking for passwords or PIN would reduce system’s usability. Biometric continuous authentication, instead, is emerging as viable alternative approach that can guarantee accurate and transparent verification for the entire session: the traits can be repeatedly acquired avoiding disturbing the user’s activity. Another security service that these systems may need is nonrepudiation, which protect against the denial of having used the system or executed some commands with it. The paper focuses on biometric continuous authentication and nonrepudiation, and it briefly presents a preliminary solution based on a specific case study. This work presents the current research direction of the author and describes some challenges that the student aims to address in the next years.", address = "Budapest, Hungary", booktitle = "PhD Forum of the 35th IEEE Symposium on Reliable Distributed Systems, SRDS", keywords = "authenticity; non-repudiation; continuous authentication; biometrics; security;", month = "September", publisher = "IEEE", title = "{C}ontinuous {A}uthentication and {N}on-repudiation for the {S}ecurity of {C}ritical {S}ystems", year = "2016", } @conference{ARES17, author = "Schiavone, Enrico and Ceccarelli, Andrea and Bondavalli, Andrea", abstract = "As our society massively relies on ICT, security services are becoming essential to protect users and entities involved. Amongst such services, non-repudiation provides evidences of actions, protects against their denial, and helps solving disputes between parties. For example, it prevents denial of past behaviors as having sent or received messages. Noteworthy, if the information flow is continuous, evidences should be produced for the entirety of the flow and not only at specific points. Further, non-repudiation should be guaranteed by mechanisms that do not reduce the usability of the system or application. To meet these challenges, in this paper, we propose two solutions for non-repudiation of remote services based on multi-biometric continuous authentication. We present an application scenario that discusses how users and service providers are protected with such solutions. We also discuss the technological readiness of biometrics for non-repudiation services, and the assumptions under which this is possible.", booktitle = "ARES '17 Proceedings of the 12th International Conference on Availability, Reliability and Security ", doi = "http://dx.doi.org/10.1145/3098954.3098969", isbn = "978-1-4503-5257-4", keywords = "Non-repudiation, biometrics, security, authentication, continuous authentication, protocol, biometric signature", month = "August", publisher = "ACM", title = "{C}ontinuous {B}iometric {V}erification for {N}on-{R}epudiation of {R}emote {S}ervices", url = "http://dl.acm.org/citation.cfm?id=3098969", year = "2017", } @conference{Schiavone2015-ICA3PP, author = "Schiavone, Enrico and Ceccarelli, Andrea and Bondavalli, Andrea", abstract = "Human operators in control rooms are often responsible of issuing critical commands, and in charge of managing sensitive data. Insiders must be prevented to operate on the system: they may benefit of their position in the con-trol room to fool colleagues, and gain access to machines or accounts. This paper proposes an authentication system for deterring and detecting malicious access to the workstations of control rooms. Specifically tailored for the operators in the control room of the crisis management system Secure!, the solution aims to guar-antee authentication and non-repudiation of operators, reducing the risk that un-authorized personnel (including intruders) misuses a workstation. A continuous multi-biometric authentication mechanism is developed and applied in which bi-ometric data is acquired transparently from the operator and verified continu-ously through time. This paper presents the authentication system design and pro-totype, its execution and experimental results.", booktitle = "Algorithms and Architectures for Parallel Processing - {ICA3PP} International Workshops and Symposiums, Zhangjiajie, China, November 18-20, 2015, Proceedings", keywords = "Biometrics, Verification, Trust, Security, Control Rooms", month = "November 18-20", pages = "187-200", publisher = "Springer", series = "Lecture Notes in Computer Science", title = "{C}ontinuous {U}ser {I}dentity {V}erification for {T}rusted {O}perators in {C}ontrol {R}ooms", volume = "9532", year = "2015", } @misc{salani1, author = "Lorenzo Salani", howpublished = "Corso di Laurea in Informatica, Universit{\`a} degli Studi di Firenze. Supervisor: A. Ceccarelli", keywords = "salani1", title = "{C}orrelazione tra attacchi e anomalie: analisi delle tipologie di anomalie generate nei dataset di attacchi", year = "2019", } @conference{Brancati15-DSNW, author = "Brancati, Francesco and Andr{\'a}s Pataricza and Nuno Silva and Abel Hegedus and Laszlo Gonczy and Bondavalli, Andrea and Rosaria Esposito", abstract = "Cost (time and effort) estimation is fundamental in system and software management. The software related research, together with industries, elaborated and currently use a large number of different cost estimators (CE). While expert judgment is still the most widely used estimation practice in industry, these estimators take a representative calibration set of projects and use a best matching extrapolation curve to predict the costs of further projects. The approach has proven its usefulness in predicting system and software development cost with the breakdown granularity of the main phases of the workflow (specification, implementation, testing etc.). However, there is no such CE for the broad application field of safety critical applications which would be fine granular enough to predict the costs related to Verification and Validation (V{\&}V) and certification. The paper presents an ongoing work for creating such a V{\&}V specific CE. The usefulness of the approach is illustrated by a "what-if" analysis example on the impacts of introducing sophisticated formal methods into the V{\&}V workflow instead of the traditional methodology.", booktitle = "Dependable Systems and Networks Workshops (DSN-W), 2015 IEEE International Conference on ", doi = "10.1109/DSN-W.2015.15", month = "June 22-25", pages = "57-62", title = "{C}ost {P}rediction for {V}{\&}{V} and {C}ertification {P}rocesses ", year = "2015", } @incollection{SAFECOMPW-DEVVARTS2, author = "Fabio Duchi and Nuno Antunes and Ceccarelli, Andrea and Giuseppe Vella and Francesco Rossi and Bondavalli, Andrea", booktitle = "Computer Safety, Reliability, and Security - Workshop", editor = "Andrea Bondavalli, Andrea Ceccarelli, Frank Ortmeier", pages = "231-242", publisher = "Springer International Publishing", title = "{C}ost-{E}ffective {T}esting for {C}ritical {O}ff-the-{S}helf {S}ervices", year = "2014", } @conference{BBBL88-AICA-30, author = "T. Belli and C. Bernardeschi and Bondavalli, Andrea and D. Latella", address = "Cagliari, Italy", booktitle = "27th Congresso annuale A.I.C.A.", month = "September 28-30", pages = "165--180", title = "{C}ostruzione gerarchica di tipi di dati astratti condivisi", year = "1988", } @phdthesis{tesidaidonephd, author = "Daidone, Alessandro", month = "April 21th", school = "Universit{\`a} degli Studi di Firenze. Dottorato in Informatica e Applicazioni (XXII ciclo)", title = "{C}ritical {I}nfrastructures: a {C}onceptual {F}ramework for {D}iagnosis, {S}ome {A}pplications and {T}heir {Q}uantitative {A}nalysis", year = "2010", } @book{AMADEOSBook, author = "Bondavalli, Andrea and Hermann Kopetz and Sara Bouchenak", abstract = "Technical Systems-of-Systems (SoS) – in the form of networked, independent constituent computing systems temporarily collaborating to achieve a well-defined objective – form the backbone of most of today’s infrastructure. The energy grid, most transportation systems, the global banking industry, the water-supply system, the military equipment, many embedded systems, and a great number more, strongly depend on systems-of-systems. The correct operation and continuous availability of these underlying systems-of-systems are fundamental for the functioning of our modern society. The 8 papers presented in this book document the main insights on Cyber-Physical System of Systems (CPSoSs) that were gained during the work in the FP7-610535 European Research Project AMADEOS (acronym for Architecture for Multi-criticality Agile Dependable Evolutionary Open System-of-Systems). It is the objective of this book to present, in a single consistent body, the foundational concepts and their relationships. These form a conceptual basis for the description and understanding of SoSs and go deeper in what we consider the characterizing and distinguishing elements of SoSs: time, emergence, evolution and dynamicity.", doi = "10.1007/978-3-319-47590-5", editor = "Andrea Bondavalli, Hermann Kopetz, Sara Bouchenak", isbn = "978-3-319-47590-5", publisher = "Springer", series = "Programming and Software Engineering", title = "{C}yber-{P}hysical {S}ystems of {S}ystems {F}oundations – {A} {C}onceptual {M}odel and {S}ome {D}erivations: {T}he {AMADEOS} {L}ega", url = "http://www.springer.com/us/book/9783319475899", year = "2016", } @conference{Ussami2016RADIANCE, author = "Thais Harumi Ussami and Eliane Martins and Montecchi, Leonardo", abstract = "Agile software development methodologies use an iterative and incremental development in order to handle evolving systems. Consolidated techniques in the field of testing have been applied to these techniques with the main purpose of aiding in the test creation stage. An example is Model-Based Test Driven Development (MBTDD) which joins the concepts of Model-Based Testing (MBT) and Test Driven Development (TDD). However, when iterative and incremental processes are used, problems appear as the consequence of the evolution of the system, such as: how to reuse the test artefacts, and how to select the relevant tests for implementing the new version of the system. In this context, this work proposes a process called D-MBTDD in which the agile development of a system is guided by model-based tests, focusing on helping with the reuse of test artefacts and on the process of identifying tests relevant to development. The information about the modifications between two versions of the test model are used in this approach, which was compared to the RegenerateAll approach, which regenerates test cases along the iterations and does not reuse any of them.", address = "Toulouse, France", booktitle = "Proceedings of the RADIANCE Workshop 2016", doi = " 10.1109/DSN-W.2016.22", isbn = "978-1-5090-3688-2", month = "June 28", note = "{ieee}", pages = "39-46", publisher = "IEEE", title = "{D}-{MBTDD}: {A}n {A}pproach for {R}eusing {T}est {A}rtefacts in {E}volving {S}ystems", url = "http://ieeexplore.ieee.org/document/7575347/", year = "2016", } @conference{BBS93b-SAFECOMP-35, author = "C. Bernardeschi and Bondavalli, Andrea and L. Simoncini", address = "Poznan, Poland", booktitle = "SAFECOMP '93", month = "October 27-29", pages = "9--20", publisher = "Springer Verlag", title = "{D}ata {F}low {C}ontrol {S}ystems: an {E}xample of {S}afety {V}alidation", year = "1993", } @misc{riggiagianca, author = "Gianmarco Ricciarelli", howpublished = "Corso di Laurea in Informatica, Universit{\`a} degli Studi di Firenze. Supervisor: Paolo Lollini. Co-supervisor: Alberto Baggio", title = "{D}ata {P}rocessing: dai concetti di base alla loro applicazione in un caso di uso aziendale", year = "2016", } @conference{SBS91-IFAC-126, author = "L. Strigini and Bondavalli, Andrea and L. Simoncini", address = "Vienna, Austria", booktitle = "10th IFAC Workshop on Distributed Computer Control Systems", pages = "131--136", publisher = "Pergamon Press", title = "{D}ata-{F}low like {L}anguages for {D}esigning {D}ependable {R}eal-{T}ime {C}ontrol {S}ystems", year = "1991", } @conference{BSS92b-SRDS-97, author = "Bondavalli, Andrea and L. Strigini and L. Simoncini", address = "Houston, Texas, USA", booktitle = "11th IEEE Symposium on Reliable Distributed Systems (SRDS-11)", month = "October 5-7", note = "also Esprit PDCS (Predictably Dependable Computing Systems) report No. D10, 1992", pages = "214--221", title = "{D}ata-{F}low like {L}anguages for {R}eal-{T}ime {S}ystems: {I}ssues of {C}omputational {M}odels and {N}otation", year = "1992", } @conference{BBS94b-ESREL-37, author = "C. Bernardeschi and Bondavalli, Andrea and L. Simoncini", address = "Le Baule, France", booktitle = "ESREL 94", pages = "876--881", title = "{D}ata-flow networks in the design of safety-critical systems", year = "1994", } @article{BS89-JCSSE-90, author = "Bondavalli, Andrea and L. Simoncini", journal = "Journal of Computer Systems Science and Engineering", note = "Butterworths, July", number = "3", pages = "176--184", title = "{D}ata-flow-like model for robust computations", volume = "4", year = "1989", } @conference{CRITIS17, author = "Gharib, Mohamad and Lollini, Paolo and Ceccarelli, Andrea and Bondavalli, Andrea", abstract = "Road transport system is an essential infrastructures in the world, where the majority of the population use its facilities on a daily basis. That is why ensuring their safety has been always a growing concern for most authorities. The automotive industry is already aware of that, and the ISO 26262, a standard for developing functional safety systems for vehicles, has been developed. Although current studies have shown that the root cause for most of the accidents has shifted from vehicle-centric to driver-centric, the main objective of ISO 26262 is covering electronic and electric (E/E) systems of vehicles with almost no emphasis on the driver itself. To this end, we propose a holistic approach based on the ISO 26262 standard that not only considers the E/E systems of the vehicle but also the driver's behavior. We illustrate the utility of the approach with an example from the automotive domain.", booktitle = "The 12th International Conference on Critical Information Infrastructures Security (CRITIS)", keywords = "Transport, Automotive systems, Functional safety requirements, ISO 26262, Cyber-Physical-Social systems", month = "October ", publisher = "Springer", title = "{D}ealing with {F}unctional {S}afety {R}equirements for {A}utomotive {S}ystems: {A} {C}yber-{P}hysical-{S}ocial {A}pproach", year = "2017", } @conference{BMCFPS00-DSN2000-76, author = "Bondavalli, Andrea and I. Mura and Silvano Chiaradonna and R. Filippini and S. Poli and F. Sandrini", booktitle = "DSN-2000 IEEE Int. Conference on Dependable Systems and Networks (FTCS-30 and DCCA-8)", month = "June 25-28", pages = "231--236", title = "{DEEM}: a {T}ool for the {D}ependability {M}odeling and {E}valuation of {M}ultiple {P}hased {S}ystems", year = "2000", } @article{CDGL11-CDGL11IJCIP-254, author = "Silvano Chiaradonna and Di Giandomenico, Felicita and Lollini, Paolo", doi = "10.1016/j.ijcip.2011.03.001", issn = "1874-5482", journal = "International Journal of Critical Infrastructure (IJCIP), Elsevier", keywords = " Electric power systems; Control systems; SCADA systems; Dependencies; Interdependencies; Stochastic modeling", month = "April", number = "1", pages = "24--40", title = "{D}efinition, {I}mplementation and {A}pplication of a {M}odel-based {F}ramework for the {A}nalysis of {I}nterdependencies in {E}lectric {P}ower {S}ystems {P}rotection", url = "http://www.sciencedirect.com/science/article/pii/S1874548211000059", volume = "4", year = "2011", } @mastersthesis{Bastone 2005, author = "Bastone, Giuseppina", month = "September 20th", note = "Supervisor(s): A. Bondavalli, Co-Supervisor(s): L. Falai", school = "Universit{\`a} di Firenze. Corso di Laurea in Informatica", title = "{D}efinizione e realizzazione di miglioramenti alle metodologie per l'analisi di sistemi distribuiti", year = "2005", } @article{BDCLMPS01-134, author = "Bondavalli, Andrea and M. Dal Cin and D. Latella and I. Majzik and Andr{\'a}s Pataricza and G. Savoia", journal = "Journal of Computer Systems Science and Engineering", number = "5", pages = "265--275", title = "{D}ependability {A}nalysis in the {E}arly {P}hases of {UML} {B}ased {S}ystem {D}esign", volume = "16", year = "2001", } @techreport{MB98b-HIDET12PDCC1v1-155, author = "I. Majzik and Bondavalli, Andrea", number = "Project Re", title = "{D}ependability {A}nalysis in the {HIDE} {F}ramework", type = "Technical note", year = "1998", } @conference{MCDG10-EDCC2010MCDG10-234, author = "P. Masci and Silvano Chiaradonna and Di Giandomenico, Felicita", booktitle = "Eighth European Dependable Computing Conference (EDCC-2010)", title = "{D}ependability {A}nalysis of {D}iffusion {P}rotocols in {W}ireless {N}etworks with {H}eterogeneous {N}ode {C}apabilities", year = "2010", } @incollection{BCDGS95b-PDCS-53, author = "Bondavalli, Andrea and Silvano Chiaradonna and Di Giandomenico, Felicita and L. Strigini", booktitle = "Predictably Dependable Computing Systems", editor = "Randell, B. and Laprie, J.C. and Kopetz, H. and Littlewood, B.", pages = "459--472", publisher = "Springer-Verlag", title = "{D}ependability {A}nalysis of {I}terative {F}ault {T}olerant {S}oftware {C}onsidering {C}orrelation", year = "1995", } @conference{CBDG00-EWDC12-101, author = "A. Coccoli and Bondavalli, Andrea and Di Giandomenico, Felicita", address = "Budapest, Hungary", booktitle = "EWDC-12 European Workshop on Dependable Computing", title = "{D}ependability and performance analysis of a protocol for efficient real-time group communication", year = "2000", } @incollection{BCDN11, author = "Bertolino, Antonia and Calabr{\`o}, Antonello and Di Giandomenico, Felicita and Nostro, Nicola", booktitle = "Formal Methods for Eternal Networked Software Systems", editor = "M. Bernardo and V. Issarny", pages = "350 - 392", publisher = "Springer", series = "LNCS", title = "{D}ependability and {P}erformance {A}ssessment of {D}ynamic {CONNECT}ed {S}ystems", volume = "6659", year = "2011", } @conference{MoLoBo2011a-WORNUS2011-250, author = "Montecchi, Leonardo and Lollini, Paolo and Bondavalli, Andrea", booktitle = "14th IEEE International Symposium on Object/Component/Service-Oriented Real-Time Distributed Computing Workshops (ISORCW 2011)", month = "28-31 March", note = "{ieee}", title = "{D}ependability {C}oncerns in {M}odel-{D}riven {E}ngineering", year = "2011", } @incollection{ABDGJJKMP01-GUARDS2001-131, author = "J. Arlat and Bondavalli, Andrea and Di Giandomenico, Felicita and M. T. Jarboui and E. Jenn and K. Kanoun and I. Mura and D. Powell", address = "Boston", booktitle = "A Generic Fault-Tolerant Architecture for Real-Time Dependable Systems", editor = "Powell, D.", note = "ISBN 0-7923-7295-6", pages = "157--191", publisher = "Kluwer Academic Publishers", title = "{D}ependability {E}valuation", year = "2001", } @incollection{GCDGPBB06-EPEW2006-185, author = "L. G{\"o}nczy and Silvano Chiaradonna and Di Giandomenico, Felicita and Andr{\'a}s Pataricza and Bondavalli, Andrea and T. Bartha", booktitle = "3rd European Performance Engineering Workshop (EPEW2006), Budapest, Hungary, June 21-22, 2006", editor = "Horv{\'a}th, A. and Telek, M.", pages = "166--180", publisher = "Springer Verlag", series = "LNCS", title = "{D}ependability {E}valuation of {W}eb {S}ervice-{B}ased {P}rocesses", url = "http://dx.doi.org/10.1007/11777830_12", volume = "4054", year = "2006", } @conference{DGPLB03-WPMC03-20, author = "Di Giandomenico, Felicita and Stefano Porcarelli and Lollini, Paolo and Bondavalli, Andrea", booktitle = "WMPC03 - 6th International Symposium on Wireless Personal Multimedia Communications", pages = "146--150", title = "{D}ependability {I}ssues in {R}adio {R}esource {M}anagement of {W}ireless {S}ystems", volume = "2", year = "2003", } @article{BCDGM04-TRDEEM-3, author = "Bondavalli, Andrea and Silvano Chiaradonna and Di Giandomenico, Felicita and I. Mura", journal = "IEEE Transactions on Reliability", number = "4", pages = "509-522", title = "{D}ependability {M}odeling and {E}valuation of {M}ultiple-{P}hased {S}ystems using {DEEM}", volume = "53", year = "2004", } @techreport{BMZT98-GUARDSI1SA4TN6010-152, author = "Bondavalli, Andrea and I. Mura and X. Zang and K. S. Trivedi", month = "20 January", number = "Report GUA", title = "{D}ependability modeling and {E}valuation of {P}hased {M}ission {S}ystems: a {DSPN} {A}pproach", type = "PDCC Technical Note", year = "1998", } @conference{MBZT99-DCCA7-117, author = "I. Mura and Bondavalli, Andrea and X. Zang and K. S. Trivedi", address = "San Jose, CA, USA", booktitle = "IEEE DCCA-7, IFIP Int. Conference on Dependable Computing for Critical Applications", month = "January 6-8", pages = "319--337", title = "{D}ependability {M}odeling and {E}valuation of {P}hased {M}ission {S}ystems: a {DSPN} {A}pproach", year = "1999", } @conference{NBS96-EDCC2-120, author = "M. Nelli and Bondavalli, Andrea and L. Simoncini", address = "Taormina, Italy", booktitle = "EDCC-2 European Dependable Computing Conference", pages = "93--110", title = "{D}ependability {M}odelling and {A}nalysis of {C}omplex {C}ontrol {S}ystems: an {A}pplication to {R}ailway {I}nterlocking", year = "1996", } @conference{BMT99-EDCC3-83, author = "Bondavalli, Andrea and I. Mura and K. S. Trivedi", address = "Prague, Czech Republic", booktitle = "EDCC-3 European Dependable Computing Conference (also LNCS N. 1667)", month = "September", pages = "7--23", publisher = "Springer Verlag", title = "{D}ependability {M}odelling and {S}ensitivity {A}nalysis of {S}cheduled {M}aintenance {S}ystems", year = "1999", } @conference{BCDGS95c-IPDS-54, author = "Bondavalli, Andrea and Silvano Chiaradonna and Di Giandomenico, Felicita and L. Strigini", address = "Erlangen, Germany", booktitle = "IEEE Int. Computer Performance and Dependability Symposium (IPDS'95)", pages = "13--21", title = "{D}ependability {M}odels for {I}terative {S}oftware {C}onsidering {C}orrelation among {S}uccessive {I}nputs", year = "1995", } @conference{BCDGLT95-SAFECOMP-49, author = "Bondavalli, Andrea and Silvano Chiaradonna and Di Giandomenico, Felicita and La Torre, S.", address = "Belgirate, Italy", booktitle = "14th Int. Conference on Computer Safety, Reliability and Security (SAFECOMP'95)", month = "October 11-13", pages = "489--503", publisher = "Springer-Verlag", title = "{D}ependability of {I}terative {S}oftware: a {M}odel for {E}valuating the {E}ffects of {I}nput {C}orrelation", year = "1995", } @book{BT02-EDCC4-12, author = "", address = "Berlin, Heidelberg, New York", editor = "Andrea Bondavalli and Th{\`e}venod-Fosse, P.", publisher = "Springer Verlag", series = "Lecture Notes in Computer Science", title = "{D}ependable {C}omputing -- {EDCC}-4 {LNCS} 2485", year = "2002", } @inbook{BBR07-LADC2007-201, author = "Bondavalli, Andrea and F.V. Brasileiro and S. Rajsbaum", editor = "Andrea Bondavalli and Brasileiro, F. V. and Rajsbaum, S.", isbn = "978-3-540-75293-6", publisher = "Springer", series = "Lecture Notes in Computer Science", title = "{D}ependable {C}omputing, {T}hird {L}atin-{A}merican {S}ymposium, {LADC} 2007, {M}orella, {M}exico, {S}eptember 26-28, 2007, {P}roceedings", volume = "4746", year = "2007", } @conference{BS94-MicroP94-95, author = "Bondavalli, Andrea and L. Simoncini", address = "Budapest, Hungary", booktitle = "MicroP94, 8th Symposium on Microcomputer and Microprocessor Applications", month = "March 30 - April 1", pages = "5--14", title = "{D}ependable {D}ataflow {C}ontrol {S}ystems", year = "1994", } @misc{DolceBachelor, author = "Enrico Dolce", note = "Universit{\`a} degli Studi di Firenze. Corso di Laurea in Informatica. April, 2021. Supervisor(s): P. Lollini, Co-Supervisor(s): L. Montecchi.", title = "{DERIVATION} {OF} {STOCHASTIC} {ACTIVITY} {NETWORKS} {MODELS} {FROM} {THEIR} {TEMPLATE}-{BASED} {GENERALIZATION}", year = "2021", } @article{IJPESAFEDMI-IJPESafedmi-226, author = "Bondavalli, Andrea and Ceccarelli, Andrea and Jesper Gr{\o}nb{\ae}k and D. Iovino and L. Karna and S. Klapka and T.K. Madsen and M. Magyar and I. Majzik and A. Salzo", journal = "IJPE", number = "2", pages = "153--166", title = "{D}esign and {E}valuation of a {S}afe {D}river {M}achine {I}nterface", volume = "4", year = "2009", } @phdthesis{phd-schiavone, author = "Schiavone, Enrico", keywords = "biometrics; continuous authentication; non-repudiation; usability; blockchain", title = "{D}esign and {E}valuation of {M}ulti-{B}iometric {A}pproaches for {C}ontinuous {A}uthentication and {N}on-{R}epudiation in {C}ritical {S}ervices", year = "2019", } @conference{HASE2012MT, author = "Ceccarelli, Andrea and Bondavalli, Andrea and Joao Figueiras and Boris Malinowsky and Jurij Wakula and Brancati, Francesco and C. Dambra and Andrea Seminatore", abstract = "Trackside railway workers can benefit of intelligent systems for automatic track warning, that are able to safely i) detect trains or rolling stock approaching the worksite, and ii) notify their arrival to the workers. The usage of wearable mobile devices to monitor workers positions and notify trains arrivals requires to face serious challenges mainly in terms of service timeliness, safety, security and ergonomics (this last one to define notification signals to the workers that are always perceivable). This paper presents the design and the prototype of the Mobile Terminal (MT), a wearable, real-time, wireless, safety-critical device which exploits information received from track monitoring devices to inform a worker about trains or rolling stock approaching the worksite. The MT design concept is based on a hybrid architecture to favor the apportionment of different requirements, in terms of timing and security, to the different parts of the MT. Additionally, the MT includes novel solutions to interface with the worker, to realize an accurate localization service and to achieve safety-critical real-time communication.", booktitle = "High-Assurance Systems Engineering (HASE), 2012 IEEE 14th International Symposium on", keywords = "railway workers; hybrid architecture; track-warning system; safety; self-localization; real-time; wireless", pages = "147--154", publisher = "IEEE Computer society", title = "{D}esign and implementation of real-time wearable devices for a safety-critical track warning system", year = "2012", } @conference{B96-EDCC2-27, author = "Bondavalli, Andrea", address = "Gliwice, Poland", booktitle = "EDCC-2 Companion Workshop on Dependable Computing", note = "ISBN 83-906582-0-8", pages = "41--51", publisher = "AMK-Press", title = "{D}esign of {F}ault {T}olerant {S}oftware", year = "1996", } @conference{BBBDGT95-WRTP-29, author = "M. Bizzarri and P. Bizzarri and Bondavalli, Andrea and Di Giandomenico, Felicita and F. Tarini", address = "Ft. Lauderdale, Florida, USA", booktitle = "20th IFAC-IFIP WRTP'95", editor = "Press, Pergamon", title = "{D}esign of {F}lexible and {D}ependable {R}eal-{T}ime {A}pplications", year = "1995", } @article{BFLS01-IEEEMICRO-136, author = "Bondavalli, Andrea and A. Fantechi and D. Latella and L. Simoncini", journal = "IEEE MICRO (special issue on embedded fault tolerant systems)", number = "5", pages = "52--62", title = "{D}esign {V}alidation of {E}mbedded {D}ependable {S}ystems", volume = "21", year = "2001", } @article{schiavone2019design, author = "Schiavone, Enrico and Ceccarelli, Andrea and Ariadne Carvalho and Bondavalli, Andrea", journal = "International Journal of Critical Computer-Based Systems", number = "3", pages = "215--247", publisher = "Inderscience Publishers (IEL)", title = "{D}esign, implementation, and assessment of a usable multi-biometric continuous authentication system", volume = "9", year = "2019", } @article{schiavone_IJCCBS_19, author = "Schiavone, Enrico and Ceccarelli, Andrea and Ariadne M. B. R. Carvalho and Bondavalli, Andrea", abstract = "Authentication mechanisms typically verify the user identity only at login, or with tedious explicit authentication requests that improve security at the expense of usability. However, especially for critical systems, workstations have to be tightly and continuously secured in order to prevent unauthorised interventions. Recent researches envisage multi-biometric systems for continuous authentication, where biometric traits are acquired transparently to the user and authentication is provided without requiring explicit actions. In this work we propose a multi-biometric authentication system that continuously and transparently verifies the user identity through face, fingerprint and keystroke recognition. This paper presents the design, prototype implementation and assessment of our system. We evaluate the system usability and its trade-off with security in an experiment involving 60 users. Our findings show that security enhancements are provided and users: 1) perform the actions without additional effort; 2) largely accept the authentication system, which only requires minimal training.", doi = "10.1504/IJCCBS.2019.104490", journal = "International Journal of Critical Computer-Based Systems", keywords = "continuous authentication;biometrics;security;usability;identity verification;multi-biometric;transparent;face;fingerprint;keystroke;prototype;assessment;design;implementation", number = "3", pages = "215 - 247", title = "{D}esign, {I}mplementation, and {A}ssessment of a {U}sable {M}ulti-{B}iometric {C}ontinuous {A}uthentication {S}ystem", url = "https://www.inderscience.com/info/inarticle.php?artid=104490", volume = "9", year = "2019", } @article{BSS92-CNISDNS-96, author = "Bondavalli, Andrea and L. Strigini and M. Sereno", journal = "Computer Networks and ISDN Systems", note = "also CNUCE / CNR report, No. C90-07, 1990", number = "1", pages = "15--32", title = "{D}estination {S}tripping {D}ual {R}ing: a new protocol for {MAN}s", volume = "24", year = "1992", } @conference{prdc2021voting, author = "Zoppi, Tommaso and Ceccarelli, Andrea and Bondavalli, Andrea", abstract = "Recent years have seen an astounding growth in the adoption of Machine Learning algorithms to classify data gathered through monitoring activities. Those algorithms can effectively classify data as system indicators, network packets, and logs according to a model they infer during training. This way, they provide sophisticated means to conduct intrusion detection by suspecting anomalies due to attacks in the value of those features. Additionally, Meta-Learners as Bagging and Boosting build ensembles of homogeneous classifiers that are known to improve classification performance with positive impact on intrusion detection. On the other hand, it is not yet clear if ensembles of heterogeneous or diverse classifiers can build better intrusion detectors. To such extent, we first recap on n-version programming, k-out-of-m (k-o-o-m) systems and the role of diversity. Then, we present k-o-o-m systems of classifiers for intrusion detection, expanding on meta-learning and diversity measures to be applied to classifiers. This paves the way for an experimental campaign which exercises supervised and unsupervised classifiers as well as k-o-o-m voting ensembles. After presenting and discussing results, we conclude that voting ensembles of diverse classifiers does not improve intrusion detection. Therefore, while voting has been acknowledged since decades as a staple to manage n-version programming for reliable systems engineering, it is not as effective as a meta-learner to improve classification performance of intrusion detectors", booktitle = "Pacific Rim Dependable COmputing (PRDC2021)", keywords = "intrusion detection, voting, diversity, anomaly detection, machine learning", title = "{D}etecting {I}ntrusions by {V}oting {D}iverse {M}achine {L}earners: {I}s {I}t {R}eally {W}orth?", url = "https://ieeexplore.ieee.org/document/9667710", year = "2021", } @article{bertieri2021development, author = "Bertieri, Duccio and Ceccarelli, Andrea and Zoppi, Tommaso and Innocenzo Mungiello and Mario Barbareschi and Bondavalli, Andrea", journal = "Journal of the Brazilian Computer Society", number = "1", pages = "1--26", publisher = "Springer", title = "{D}evelopment and validation of a safe communication protocol compliant to railway standards", volume = "27", year = "2021", } @mastersthesis{TesiTerrosi, author = "Francesco Terrosi", note = "Supervisor(s): A. Bondavalli, Co-Supervisor(s): L. Strigini", school = "Universit{\`a} degli Studi di Firenze. Corso di Laurea in Informatica", title = "{D}evelopment of a monitoring methodology for autonomous vehicles managed by a {C}ontroller and a {S}afety {M}onitor", year = "2019", } @conference{DSN2007sf-DSN2007-197, author = "Daidone, Alessandro", booktitle = "DSN-2007 student forum", month = "June 25--28", title = "{D}iagnosis {F}ramework for {C}omplex {C}ritical {S}ystems/{I}nfrastructures", year = "2007", } @article{Bondavalli2016229, author = "Bondavalli, Andrea and Brancati, Francesco and Ceccarelli, Andrea and Diego Santoro and Michele Vadursi", abstract = "Abstract Dependable complex systems often operate under variable and non-stationary conditions, which requires efficient and extensive monitoring and error detection solutions. Among the many, the paper focuses on anomaly detection techniques, which monitor the evolution of some specific indicators through time to identify anomalies, i.e. deviations from the expected operational behavior. The timely identification of anomalies in dependable, fault tolerant systems allows to timely detect errors in the services and react appropriately. In this paper, we investigate the possibility to monitor the evolution of indicators through time using the random walk model on indicators belonging to Operating Systems, specifically in our study the Linux Red Hat EL5. The approach is based on the experimental evaluation of a large set of heterogeneous indicators, which are acquired under different operating conditions, both in terms of workload and faultload, on an air traffic management target system. The statistical analysis is based on a best-fitting approach aiming to minimize the integral distance between the empirical data distribution and some reference distributions. The outcomes of the analysis show that the idea of adopting a random walk model for the development of an anomaly detection monitor for critical systems that operates at Operating System level is promising. Moreover, standard distributions such as Laplace and Cauchy, rather than Normal, should be used for setting up the thresholds of the monitor. Further studies that involve a new application, a different Operating System and a new layer (an Application Server) will allow verifying the generalization of the approach to other fault tolerant systems, monitored layers and set of indicators. ", doi = "http://dx.doi.org/10.1016/j.measurement.2015.11.010", issn = "0263-2241", journal = "Measurement ", keywords = "System monitoring", pages = "229 - 240", title = "{D}ifferential analysis of {O}perating {S}ystem indicators for anomaly detection in dependable systems: {A}n experimental study ", url = "http://www.sciencedirect.com/science/article/pii/S0263224115005965", volume = "80", year = "2016", } @conference{BCDGG97-FTCS-45, author = "Bondavalli, Andrea and Silvano Chiaradonna and Di Giandomenico, Felicita and F. Grandoni", address = "Seattle, Washington, USA", booktitle = "27th IEEE Int. Symposium on Fault-Tolerant Computing (FTCS-27)", month = "June 25-27", pages = "354--362", title = "{D}iscriminating {F}ault {R}ate and {P}ersistency to {I}mprove {F}ault {T}reatment", year = "1997", } @techreport{BCDGG96c-B433-166, author = "Bondavalli, Andrea and Silvano Chiaradonna and Di Giandomenico, Felicita and F. Grandoni", institution = "IEI/CNR, Pisa, Italy", number = "B4-33", title = "{D}iscriminating {F}ault {R}ate and {P}ersistency to {I}mprove {F}ault {T}reatment", type = "Internal Report", year = "1996", } @conference{BS91-INFOCOM-92, author = "Bondavalli, Andrea and L. Strigini", address = "Miami, Florida", booktitle = "IEEE INFOCOM'91", month = "April 9-11", pages = "1022--1030", title = "{DSDR}: {A} {F}air and {E}fficient {A}ccess {P}rotocol for {R}ing-{T}opology {MAN}s", year = "1991", } @incollection{XBDG95-PDCS-130, author = "J. Xu and Bondavalli, Andrea and Di Giandomenico, Felicita", booktitle = "Predictably Dependable Computing Systems", editor = "Randell, B. and Laprie, J.C. and Kopetz, H. and Littlewood, B.", pages = "155--172", publisher = "Springer-Verlag", title = "{D}ynamic {A}djustment of {D}ependability and {E}fficiency in {F}ault-{T}olerant {S}oftware", year = "1995", } @article{BCCR04-TDSC-173, author = "Bondavalli, Andrea and Silvano Chiaradonna and D. Cotroneo and Luigi Romano", journal = "IEEE Transactions on Dependable and Secure Computing", number = "4", pages = "223--237", title = "{E}ffective {F}ault {T}reatment for {I}mproving the {D}ependability of {COTS}- and {L}egacy-based {A}pplications", volume = "1", year = "2004", } @conference{BCDG94-ICPADS-41, author = "Bondavalli, Andrea and Silvano Chiaradonna and Di Giandomenico, Felicita", address = "Hsinchu, Taiwan, ROC", booktitle = "IEEE Int. Conference on Parallel and Distributed Systems (ICPADS'94)", month = "December", pages = "354--359", title = "{E}fficient {F}ault {T}olerance: an {A}pproach to {D}eal with {T}ransient {F}aults in {M}ultiprocessor {A}rchitectures", year = "1994", } @conference{depend10-depend-244, author = "Lorenzo Vinerbi and Bondavalli, Andrea and Lollini, Paolo", booktitle = "Third International Conference on Dependability (DEPEND 2010)", title = "{E}mergence: a new source of failures in complex systems", year = "2010", } @conference{gharibHASE2019, author = "Gharib, Mohamad and Lollini, Paolo and Ceccarelli, Andrea and Bondavalli, Andrea", abstract = "Several approaches have been developed to assist automotive system manufacturers in designing safer vehicles by complying with functional safety standards. However, most of these approaches either mainly focus on the technical aspects of automotive systems and ignore the social ones, or they are not equipped with an adequate automated support. To this end, we propose a model-based approach for modeling and analyzing the Functional Safety Requirements (FSR) for automotive systems, which is based on the ISO 26262 standard and considers both technical and social aspects of such systems. This approach proposes a UML profile for modeling the FSR starting from item definition until safety validation, and it proposes constraints expressed in OCL to be used for the verification of FSR models. We illustrate the utility of the approach using an example from the automotive domain.", address = "Hangzhou, China", booktitle = "IEEE 19th International Symposium on High Assurance Systems Engineering (HASE)", doi = "10.1109/HASE.2019.00021", isbn = "978-1-5386-8540-2", issn = "2640-7507", keywords = "Functional safety requirements, Automotive systems, ISO 26262, Cyber-Physical-Social systems, GORE", number = "74-81", publisher = "IEEE", title = "{E}ngineering {F}unctional {S}afety {R}equirements for {A}utomotive {S}ystems: {A} {C}yber-{P}hysical-{S}ocial {A}pproach", url = "https://ieeexplore.ieee.org/document/8673045", year = "2019", } @misc{RADB08Bondavalli-RADB2008-221, author = "Bondavalli, Andrea and Ceccarelli, Andrea and Falai, Lorenzo and Michele Vadursi", howpublished = "Workshop with no proceeding DSN-RADB2008", month = "June", title = "{E}nhancing the {N}eko{S}tat {T}ool with {U}ncertainty, {R}esolution and {I}ntrusiveness {E}valuation {C}apabilities", year = "2008", } @article{DARCO2018144, author = "Mauro D'Arco and Alfredo Renga and Ceccarelli, Andrea and Francesco Brancati and Bondavalli, Andrea", doi = "https://doi.org/10.1016/j.measurement.2017.12.005", issn = "0263-2241", journal = "Measurement", keywords = "GNSS, Localization, Wearables, Safety, Accuracy, Positioning, Railway trackside workers", pages = "144 - 152", title = "{E}nhancing workers safety in worksites through augmented {GNSS} sensors", url = "http://www.sciencedirect.com/science/article/pii/S0263224117307765", volume = "117", year = "2018", } @incollection{BCDGGPR01-GUARDS2001-133, author = "Bondavalli, Andrea and Silvano Chiaradonna and Di Giandomenico, Felicita and F. Grandoni and D. Powell and C. Rab{\'e}jac", address = "Boston", booktitle = "A Generic Fault-Tolerant Architecture for Real-Time Dependable Systems", editor = "Powell, D.", month = "January", pages = "71--86", publisher = "ISBN 0-7923-7295-6, Kluwer Academic Publishers", title = "{E}rror {P}rocessing and {F}ault {T}reatment", year = "2001", } @incollection{DGGGS92-169, author = "Di Giandomenico, Felicita and M. L. Guidotti and F. Grandoni and L. Simoncini", booktitle = "Hardware and Software Fault Tolerance in Parallel Computing Systems", editor = "Avresky, D. R.", pages = "227--242", publisher = "Ellis Horwood Workshops", title = "{E}valuating the {E}fficiency of {B}yzantine {A}greement {A}lgorithms", year = "1992", } @conference{reload2019issre, author = "Zoppi, Tommaso and Ceccarelli, Andrea and Bondavalli, Andrea", abstract = "Anomaly detection aims at identifying patterns in data that do not conform to the expected behavior. Despite anomaly detection has been arising as one of the most powerful techniques to suspect attacks or failures, dedicated support for the experimental evaluation is actually scarce. In fact, existing frameworks are mostly intended for the broad purposes of data mining and machine learning. Intuitive tools tailored for evaluating anomaly detection algorithms for failure and attack detection with an intuitive support to sliding windows are currently missing. This paper presents RELOAD, a flexible and intuitive tool for the Rapid EvaLuation Of Anomaly Detection algorithms. RELOAD is able to automatically i) fetch data from an existing data set, ii) identify the most informative features of the data set, iii) run anomaly detection algorithms, including those based on sliding windows, iv) apply multiple strategies to features and decide on anomalies, and v) provide conclusive results following an extensive set of metrics, along with plots of algorithms scores. Finally, RELOAD includes a simple GUI to set up the experiments and examine results. After describing the structure of the tool and detailing inputs and outputs of RELOAD, we exercise RELOAD to analyze an intrusion detection dataset available on a public platform, showing its setup, metric scores and plots.", booktitle = "International Sympoosium on Software Reliability Engineering (ISSRE 2019)", keywords = "anomaly detection, intrusion detection, tool, RELOAD, algorithm, sliding windows, machine learning", series = "Tools and Artifacts Paper", title = "{E}valuation of {A}nomaly {D}etection algorithms made easy with {RELOAD} ", year = "2019", } @incollection{CDGL08-CDGL08LNCS-213, author = "Silvano Chiaradonna and Di Giandomenico, Felicita and Lollini, Paolo", booktitle = "Architecting Dependable Systems V", editor = "De Lemos, R. and Di Giandomenico, F. and Gacek, C. and Muccini, H. and Vieira, M.", pages = "52--77", publisher = "Springer, Heidelberg", series = "LNCS 5135", title = "{E}valuation of {C}ritical {I}nfrastructures: {C}hallenges and {V}iable {A}pproaches", url = "http://dx.doi.org/10.1007/978-3-540-85571-2_3", volume = "5135", year = "2008", } @article{GCDGB01-CJ2001-142, author = "F. Grandoni and Silvano Chiaradonna and Di Giandomenico, Felicita and Bondavalli, Andrea", journal = "Special Issue on High Assurance Systems of The Computer Journal", number = "6", pages = "544--556", title = "{E}valuation of {F}ault-{T}olerant {M}ultiprocessor {S}ystems for {H}igh {A}ssurance {A}pplications", volume = "44", year = "2001", } @conference{DGCBG00-PDPTA2000-111, author = "Di Giandomenico, Felicita and Silvano Chiaradonna and Bondavalli, Andrea and F. Grandoni", address = "Monte Carlo Resort, Las Vegas, Nevada, USA", booktitle = "IEEE Int. Conference on Parallel and Distributed Processing Techniques and Applications (PDPTA 2000)", month = "June 26-29", pages = "1145--1151", title = "{E}valuation of {I}ntegrated {E}rror {P}rocessing and {F}ault {D}iagnosis in {M}ultiprocessor {S}ystems", year = "2000", } @conference{ISAS2005-LNCS-182, author = "Lollini, Paolo and Bondavalli, Andrea and Di Giandomenico, Felicita", booktitle = "ISAS 2005/Service Availability, Lecture Notes in Computer Science 3694, Volume Editor(s): M. Malek, N. Suri, E. Nett", title = "{E}valuation of the {I}mpact of {C}ongestion on {S}ervice {A}vailability in {GPRS} infrastructures", year = "2005", } @conference{5609784-I2MTC2011-258, author = "P. Ferrari and A. Flammini and Stefano Rinaldi and Bondavalli, Andrea and Brancati, Francesco", booktitle = "2011 IEEE Instrumentation and Measurement Technology Conference (I2MTC)", month = "May", title = "{E}valuation of {T}imestamping {U}ncertainty in a {S}oftware-based {IEEE}1588 {I}mplementation", year = "2011", } @conference{Azzolini15, author = "Raphael P. Azzolini and Cecilia M. F. Rubira and Leonardo P. Tizzei and Felipe N. Gaia and Montecchi, Leonardo", abstract = "Software Product Lines engineering is a technique that explores systematic reuse of software artifacts in large scale to implement applications that share a common domain and have some customized features. For improving Product Line Architecture evolution, it is advisable to develop Software Product Lines using a modular structure. This demand can be satisfied by an aspect-oriented and component-based feature-architecture method that integrates components, aspects and variation point aspect-connectors. This approach allows minimization of feature scattering in the architectural model and supports modular modelling of crosscutting features. A case study mapping major features of significant e-commerce systems operating in Brazil and other countries was performed to evaluate this approach. The assessment of our solution was performed comparing its stability and modularity with other two approaches. Our results indicate that change impact in the architectural model is reduced when using our solution in the context of Software Product Lines evolution.", booktitle = "Proceedings of the Workshop on Variability for Qualities in Software Architecture (VAQUITA 2015)", month = "September", note = "{acm}", pages = "26:1-26:7", title = "{E}volving a {S}oftware {P}roducts {L}ine for {E}-commerce {S}ystems: a {C}ase {S}tudy", year = "2015", } @conference{Bonfiglio15HASE, author = "Bonfiglio, Valentina and Montecchi, Leonardo and Francesco Rossi and Lollini, Paolo and Andr{\'a}s Pataricza and Bondavalli, Andrea", abstract = "Safety analysis is increasingly important for a wide class of systems. In the automotive field, the recent ISO26262 standard foresees safety analysis to be performed at system, hardware, and software levels. Failure Modes and Effects Analy- sis (FMEA) is an important step in any safety analysis process, and its application at hardware and system levels has been extensively addressed in the literature. Conversely, its application to software architectures is still to a large extent an open problem, especially concerning its integration into a general certification process. The approach we propose in this paper aims at performing semi-automated FMEA on component-based software architectures described in UML. The foundations of our approach are model-execution and fault-injection at model-level, which allows us to compare the nominal and faulty system behaviors and thus assess the effectiveness of safety countermeasures. Besides introducing the detailed workflow for SW FMEA, the work in this paper focuses on the process for obtaining an executable model from a component-based software architecture specified in UML. ", address = "Daytona Beach Shores, FL", booktitle = "Proceedings of the IEEE 16th International Symposium on High Assurance Systems Engineering (HASE'15) ", doi = "10.1109/HASE.2015.36", isbn = "978-1-4799-8110-6", month = "8-10 January", note = "{ieee}", pages = "189-196", title = "{E}xecutable {M}odels to {S}upport {A}utomated {S}oftware {FMEA}", url = "http://ieeexplore.ieee.org/xpl/login.jsp?tp={\&}arnumber=7027431", year = "2015", } @conference{MiniSy2017Zoppi, author = "Zoppi, Tommaso", abstract = "Revealing anomalies in data usually suggests significant - also critical - actionable information in a wide variety of application domains. Anomaly detection can support dependability monitoring when traditional detection mechanisms e.g., based on event logs, probes and heartbeats, are considered inadequate or not applicable. On the other hand, checking the behavior of complex and dynamic system it is not trivial, since the notion of “normal” – and, consequently, anomalous - behavior is changing frequently according to the characteristics of such system. In such a context, performing anomaly detection calls for dedicate strategies and techniques that are not consolidated in the state-of-the-art. The paper expands the context, the challenges and the work done so far in association with our current research direction. The aim is to highlight the challenges and the future works that the PhD student tackled and will tackle in the next years.", booktitle = "24th PhD MiniSymposium", doi = "10.5281/zenodo.291908", isbn = "978-963-313-243-2", keywords = "anomaly detection; monitoring; multi-layer; dynamicity; complex system; online", month = "January", organization = "DMIS Budapest", pages = "4", publisher = "IEEE", title = "{E}xecuting {O}nline {A}nomaly {D}etection in {C}omplex {D}ynamic {S}ystems", url = "https://zenodo.org/record/291908#.WqpCs2rOXX4", year = "2017", } @conference{bondavalli2013experimental, author = "Bondavalli, Andrea and Brancati, Francesco and Ceccarelli, Andrea and Diego Santoro and Michele Vadursi", booktitle = "Measurements and Networking Proceedings (M{\&}N), 2013 IEEE International Workshop on", organization = "IEEE", pages = "138--142", title = "{E}xperimental analysis of the first order time difference of indicators used in the monitoring of complex systems", year = "2013", } @article{elsevier2013, author = "Bondavalli, Andrea and Ceccarelli, Andrea and Florjan Gogaj and Michele Vadursi and Andrea Seminatore", abstract = "Since GPS has been made available for civil usage, satellite-based localization in open space has become a more and more common option for vehicular tracking and for a number of commercial applications. The accuracy of the localization results and the availability of the localization system are influenced by several factors, such as the characteristics of the devices used, the surrounding environment, and the distance from reference stations. The possibility of exploiting off-the-shelf GPS devices, in the contest of a composite multi-sensor localization, is currently being investigated within the framework of the ALARP project [9], where it is required to accurately localize workers in railway worksites. This paper presents the results of an experimental campaign aimed at determining if, and under which conditions, low-cost GPS devices can be used in such a scenario. The evaluation is performed comparing data from low-cost GPS devices to data collected using a highly accurate reference system. The analysis permits to assess the feasibility of two different, very popular, commercial GPS devices for the ALARP requirements on localization.", doi = "10.1016/j.measurement.2012.08.001", issn = "0263-2241", journal = "Measurement", keywords = "Localization errors, Experimental evaluation, GPS, Railway technology, Railway measurements", month = "January", number = "1", pages = "11", title = "{E}xperimental assessment of low-cost {GPS}-based localization in railway worksite-like scenarios", url = "http://www.sciencedirect.com/science/article/pii/S0263224112002965", volume = "46", year = "2013", } @article{6140566, author = "P. Ferrari and A. Flammini and Stefano Rinaldi and Bondavalli, Andrea and Brancati, Francesco", doi = "10.1109/TIM.2011.2180974", issn = "0018-9456", journal = "Instrumentation and Measurement, IEEE Transactions on", month = " May", number = "5", pages = "1512-1521", title = "{E}xperimental {C}haracterization of {U}ncertainty {S}ources in a {S}oftware-{O}nly {S}ynchronization {S}ystem", volume = "61", year = "2012", } @conference{QOSFD-dsn2005-176, author = "Falai, Lorenzo and Bondavalli, Andrea", address = "Yokohama", booktitle = "Proceedings of the International Conference on Dependable Systems and Networks (DSN 2005)", month = "june", title = "{E}xperimental evalutation of the {Q}o{S} of {F}ailure {D}etectors on {W}ide {A}rea {N}etwork", url = "http://doi.ieeecomputersociety.org/10.1109/DSN.2005.47", year = "2005", } @conference{SRDS2010-SRDS2010-248, author = "Bondavalli, Andrea and Brancati, Francesco and Ceccarelli, Andrea and Michele Vadursi", booktitle = "SRDS 2010", journal = "Reliable Distributed Systems, IEEE Symposium on", pages = "245-254", title = "{E}xperimental {V}alidation of a {S}ynchronization {U}ncertainty-{A}ware {S}oftware {C}lock", year = "2010", } @misc{akinola2021, author = "Akinjolagbe Samuel Folabi Akinola", howpublished = "Universit{\`a} degli Studi di Firenze. Supervisor: A. Ceccarelli", keywords = "akinola2021", title = "{E}xplainable {AI} : studio ed implementazione di tecniche di machine learning interpretabili", year = "2021", } @conference{Leal2019149, author = "L. Leal and Montecchi, Leonardo and Ceccarelli, Andrea and E. Martins", doi = "10.1109/EDCC.2019.00037", journal = "Proceedings - 2019 15th European Dependable Computing Conference, EDCC 2019", note = "cited By 0", pages = "149-152", title = "{E}xploiting {MDE} for platform-independent testing of service orchestrations", url = "https://www.scopus.com/inward/record.uri?eid=2-s2.0-85075631947{\&}doi=10.1109%2fEDCC.2019.00037{\&}partnerID=40{\&}md5=86585563427ad4e01f2b36ac472dcccf", year = "2019", } @conference{AnDet2017SAC, author = "Zoppi, Tommaso and Ceccarelli, Andrea and Bondavalli, Andrea", abstract = "The loosely coupled integration of heterogeneous existing systems, together with the ongoing replacement of monolithic systems design with Off-The-Shelf (OTS) approaches, promotes a new architectural paradigm that is called System of Systems (SoS). In SoSs, independent and autonomous constituent systems (CSs) cooperate to achieve higher-level goals. Some inherent challenges are that boundaries of the SoS may be partially unknown and the components may be governed by different authorities, affecting the ability to observe the system as a whole. Further, novel challenges related to dependability and security are introduced, such as the detection of emerging and possibly unexpected behaviors resulting from the interconnection of previous disconnected CSs. In this paper we explore these challenges questioning if a novel mindset to error, malware or intrusion detection is needed when dealing with SoSs. With the support of a state of the art review, we first identify the design principles and the performance targets of a monitoring and anomaly detection framework. Then we discuss these principles at the light of SoS fundamentals. Ultimately, we propose an approach to design a monitoring and anomaly detection framework for SoSs aggregating i) monitoring approaches ii) SoS properties, and iii) anomaly detection techniques. ", booktitle = "Symposium on Applied Computing (SAC) - "Software Architecture: Theory, Technology, and Applications" track", doi = "10.1145/3019612.3019765", editor = "ACM", isbn = "978-1-4503-4486-9", keywords = "Systems-of-Systems; Anomaly Detection; Monitoring;", pages = "1139-1146", series = "32nd ACM Symposium on Applied Computing", title = "{E}xploring {A}nomaly {D}etection in {S}ystems of {S}ystems", url = "https://dl.acm.org/citation.cfm?id=3019765", year = "2017", } @incollection{FB07-seft2007-194, author = "Falai, Lorenzo and Bondavalli, Andrea", booktitle = "SOFTWARE ENGINEERING AND FAULT TOLERANCE", editor = "Pelliccione, P.", publisher = "World Scientific Publishing Co. Pte. Ltd", title = "{E}xtending the {A}pplicability of the {N}eko {F}ramework for the {V}alidation and {V}erification of {D}istributed {A}lgorithms", year = "2007", } @conference{BS90-FTDCS-91, author = "Bondavalli, Andrea and L. Simoncini", address = "Cairo, Egypt", booktitle = "2nd. IEEE Workshop on Future Trends in Distributed Computing Systems", month = "September 30 - Octob", note = "also Esprit PDCS (Predictably Dependable Computing Systems) report 1st Year Deliverables, 1990", pages = "47--53", title = "{F}ailures {C}lassification with {R}espect to {D}etection", year = "1990", } @techreport{BCDGG96-GUARDSD1A2A06000A-43, author = "Bondavalli, Andrea and Silvano Chiaradonna and Di Giandomenico, Felicita and F. Grandoni", institution = "CNUCE/CNR", month = "October", number = "C96-26 (al", title = "{F}ault {T}olerance {S}tructures {\&} {M}echanisms for the {GUARDS} {A}rchitecture", type = "Technical Report", year = "1996", } @conference{ladc2021fs, author = "", abstract = "An anomaly-based Intrusion Detection System (IDS) consists of a monitor and a binary classifier, in which monitored system indicators are fed into a Machine Learning (ML) algorithm that detects anomalies due to attacks. Building such an IDS for a target system requires first to define a strategy to monitor features, then to select and evaluate many ML algorithms to find the most suitable candidate. Noticeably, features that do not fluctuate enough when attacks happen will negatively affect detection performance. In this paper we propose a strategy to predict the classification performance of unsupervised anomaly-based intrusion detectors without any knowledge or execution of the ML algorithm. We experimentally verify that individual scores assigned to features by filter and wrapper-based feature rankers can be used to predict the classification performance of anomaly detectors. Particularly, we detail, explain and motivate how feeding scores of feature rankers into a Random Forest regressor allows predicting the value of common evaluation metrics for anomaly detectors as F1 or MCC with average of relative residuals lower than 15%, and how to take advantage of our prediction strategy in different scenarios. ", booktitle = "Latin-American Dependability Conference (LADC 2021)", keywords = "Unsupervised Learning, Intrusion Detection, Anomaly Detection, Feature Ranking", title = "{F}eature {R}ankers to {P}redict {C}lassification {P}erformance of {U}nsupervised {I}ntrusion {D}etectors ", url = "https://ieeexplore.ieee.org/document/9672586", year = "2021", } @conference{DGS91b-SRDS-171, author = "Di Giandomenico, Felicita and L. Strigini", address = "Pisa, Italy", booktitle = "10th Symposium on Reliable Distributed Systems", pages = "86--95", title = "{F}lexible {S}chemes for {A}pplication-{L}evel {F}ault-{T}olerance", year = "1991", } @misc{TesiVallario, author = "Gabriele Vallario", note = "Supervisor(s): Andrea Bondavalli, Co-supervisor(s): S. Pietropaoli", title = "{F}light data science: analisi tecnica e giuridica dei registratori di volo", year = "2020", } @techreport{RCL081215-RCL081215-219, author = "Daidone, Alessandro", institution = "University of Florence, Dip. Sistemi Informatica, RCL group", month = "December", number = "rcl080508", title = "{FOREVER} assessment: modelling details", url = "http://dcl.isti.cnr.it/Documentation/Papers/Techreports.html", year = "2008", } @conference{FORMSBonda08-FORMSFORMAT-225, author = "I. Majzik and Bondavalli, Andrea and S. Klapka and T.K. Madsen and D. Iovino", booktitle = "FORMS-FORMAT 2008", month = "October", title = "{FORMAL} {METHODS} {IN} {THE} {EVALUATION} {OF} {A} {SAFE} {DRIVER}-{MACHINE} {INTERFACE}", year = "2008", } @conference{BCFV2007-DSN2007-198, author = "Bondavalli, Andrea and Ceccarelli, Andrea and Falai, Lorenzo and Michele Vadursi", booktitle = "DSN-2007 IEEE Int. Conference on Dependable Systems and Networks", month = "June 25--28", title = "{F}oundations of measurement theory applied to the evaluation of dependability attributes", year = "2007", } @incollection{bondavalli2012foundations, author = "Bondavalli, Andrea and Ceccarelli, Andrea and Falai, Lorenzo and Michele Vadursi", booktitle = "Resilience Assessment and Evaluation of Computing Systems", pages = "205--211", publisher = "Springer", title = "{F}oundations of {M}etrology in the {O}bservation of {C}ritical {S}ystems", year = "2012", } @incollection{BBS93-PARLE-34, author = "C. Bernardeschi and Bondavalli, Andrea and L. Simoncini", address = "Munchen, Germany", booktitle = "PARLE 93 - LNCS 694", month = "June 14-18", pages = "740--743", publisher = "Springer Verlag", series = "Lecture Notes in Computer Science", title = "{F}rom {D}ata {F}low {N}etworks to {P}rocess {A}lgebras", volume = "694", year = "1993", } @conference{BS93-ISADS-94, author = "Bondavalli, Andrea and L. Simoncini", address = "Kawasaki, japan", booktitle = "IEEE Int. Symposium on Autonomous Decentralized Systems (ISADS '93)", month = "March 30 - April 1", pages = "108--114", title = "{F}unctional {P}aradigm for {D}esigning {D}ependable {L}arge-{S}cale {P}arallel {C}omputing {S}ystems", year = "1993", } @article{fusion2020, author = "Ceccarelli, Andrea and Marcello Cinque and Christian Esposito and Luca Foschini and Carlo Giannelli and Lollini, Paolo", issn = "0018-9391", journal = "IEEE Transactions on Engineering Management", title = "{FUSION}—{F}og {C}omputing and {B}lockchain for {T}rusted {I}ndustrial {I}nternet of {T}hin", } @article{9210080, author = "Ceccarelli, Andrea and Marcello Cinque and Christian Esposito and Luca Foschini and Carlo Giannelli and Lollini, Paolo", abstract = "The industrial Internet of Things (IIoT) is currently foreseen as a foundation to implement the Industry 4.0 vision. However, device heterogeneity and the need of integration and configuration exposes the industrial infrastructure to potential threats, such as black-hole, man-in-the-middle, and malicious configuration attacks. In this article, we investigate how to manage distributed trust information and to enable trusted configuration actions in the IIoT, by opportunistically intermingling blockchain with the software defined networking and container orchestration technologies. In particular, we focus on how the joint and coordinated adoption of such technologies can make technicians’ interventions on industrial equipment both easier and more trusted. To this purpose, we present the design of a software architecture to simplify the management, configuration, and assessment of IIoT systems, and we discuss our experiences with the application of the proposed architecture in a railways use case.", doi = "10.1109/TEM.2020.3024105", issn = "1558-0040", journal = "IEEE Transactions on Engineering Management", keywords = "Internet of Things;Cloud computing;Industries;Maintenance engineering;Software;Blockchain;fog/edge computing;industrial Internet of Things (IIoT)", pages = "1-15", title = "{FUSION}—{F}og {C}omputing and {B}lockchain for {T}rusted {I}ndustrial {I}nternet of {T}hin", year = "2020", } @incollection{AMBERRoadmap, author = "Bondavalli, Andrea and Henrique Madeira and Lollini, Paolo", abstract = "This chapter provides a condensed description of a roadmap for research in technologies for assessment, measurement and benchmarking (AMB) of the resilience of information, computer and communication systems. The research roadmap is the result of the EU-funded AMBER Coordination Action, integrating the consortium experience in the field with the insights resulting from discussions and interviews with a variety of stakeholders about motivating scenarios, drivers and priorities. A set of motivating scenarios help understand the current needs and challenges in resilience assessment. These scenarios present viewpoints of industrial players, end users, system operators and regulators. The research roadmap then provides a detailed list of research needs and challenges grouped in three categories: (i) scientific and technological foundations, (ii) measurement and assessment, and (iii) benchmarking. The foundations make the case for two types of research advances, which we could label as ‘back to basics’ and ‘holistic’. The measurement and assessment category identifies a number of topics of acute interest and that are particularly challenging. Resilience benchmarking aims at providing generic, repeatable and widely accepted methods for characterising and quantifying the system (or component) behaviour in the presence of faults, and comparing the resilience of alternative solutions. In addition to the above research issues, we also identified the challenges we see in education as well as standardization.", booktitle = "Resilience Assessment and Evaluation of Computing Systems ", editor = " Katinka Wolter, Alberto Avritzer, Marco Vieira, Aad van Moorsel ", month = "November", pages = "415-439 ", publisher = "Springer", title = "{F}uture of {R}esilience {A}ssessment: {T}he {AMBER} {R}esearch {R}oadmap", year = "2012", } @misc{ds1220, author = "Denny Sbanchi", howpublished = "Bachelor's thesis. Universit{\`a} degli Studi di Firenze. Corso di Laurea in Informatica", month = "December 11th", note = "Supervisor(s): P. Lollini, Co-Supervisor(s): L. Montecchi", title = "{G}eneration of {M}{\"o}bius-compliant {SAN} models from {EMF}-based representations", year = "2020", } @misc{kitticarla, author = "D. Verduchi", howpublished = "Universit{\`a} degli Studi di Firenze. Supervisor: A. Ceccarelli", keywords = "carla, kitti", title = "{G}enerazione di un dataset di immagini per l'autonomous driving arricchito di informazioni sul movimento", year = "2021", } @conference{9130527, author = "Mohammad Gharib and Lollini, Paolo and Ceccarelli, Andrea and Bondavalli, Andrea", abstract = "One of the main challenges in integrating CyberPhysical System-of-Systems (CPSoS) to function as a single unified system is the autonomy of its Cyber-Physical Systems (CPSs), which may lead to lack of coordination among CPSs and results in various kinds of conflicts. We advocate that to efficiently integrate CPSs within the CPSoS, we may need to adjust the autonomy of some CPSs in a way that allows them to coordinate their activities to avoid any potential conflict among one another. To achieve that, we need to incorporate the notion of governance within the design of CPSoS, which defines rules that can be used for clearly specifying who and how can adjust the autonomy of a CPS. In this paper, we try to tackle this problem by proposing a new conceptual model that can be used for performing a governance-based analysis of autonomy for CPSs within CPSoS. We illustrate the utility of the model with an example from the automotive domain.", booktitle = "2020 IEEE 15th International Conference of System of Systems Engineering (SoSE)", doi = "10.1109/SoSE50414.2020.9130527", keywords = "automotive engineering;cyber-physical systems;formal specification;governance-based analysis;cyber-physical systems-of-systems;CPSoS;autonomy;automotive domain;Autonomy;Governance;Cyber-Physical Systems of Systems;CPSoS;SoS;Conceptual Modeling", month = "June", pages = "000217-000222", title = "{G}overnance {A}utonomy: {T}owards a {G}overnance-based {A}nalysis of {A}utonomy in {C}yber-{P}hysical {S}ystems-of-{S}ystems", year = "2020", } @conference{HASE2012local, author = "Joao Figueiras and Jesper Gr{\o}nb{\ae}k and Ceccarelli, Andrea and Schwefel, Hans-Peter", abstract = "Context-dependent decisions in safety-critical applications require careful consideration of accuracy and timeliness of the underlying context information. Relevant examples include location-dependent actions in mobile distributed systems. This paper considers localization functions for personalized warning systems for railway workers, where the safety aspects require timely and precise identification whether a worker is located in a dangerous (red) or safe (green) zone within the worksite. The paper proposes and analyzes a data fusion approach based on low-cost GPS receivers integrated on mobile devices, combined with electronic fences strategically placed in the adjacent boundaries between safe and unsafe geographic zones. An approach based on the combination of a Kalman Filter for GPS-based trajectory estimation and a Hidden Markov Model for inclusion of mobility constraints and fusion with information from the electronic fences is developed and analyzed. Different accuracy metrics are proposed and the benefit obtained from the fusion with electronic fences is quantitatively analyzed in the scenarios of a single mobile entity: By having fence information, the correct zone estimation can increase by 30%, while false alarms can be reduced one order of magnitude in the tested scenario.", booktitle = "High-Assurance Systems Engineering (HASE), 2012 IEEE 14th International Symposium on", keywords = "Mobile Positioning, Data Fusion, Kalman Filter, Hidden Markov Model, GPS, Electronic Fences", pages = "17--23", publisher = "IEEE Computer society", title = "{GPS} and {E}lectronic {F}ence {D}ata {F}usion for {P}ositioning within {R}ailway {W}orksite {S}cenarios", year = "2012", } @incollection{BoLoMo2010-249, author = "Bondavalli, Andrea and Lollini, Paolo and Montecchi, Leonardo", address = " Ashurst Lodge, Ashurst, Southampton, UK", booktitle = "Critical Infrastructure Security: Assessment, Prevention, Detection, Response", editor = "Francesco Flammini", isbn = "9781845645625", pages = "57-73", publisher = "WIT Press", title = "{G}raphical formalisms for modeling critical infrastructures", year = "2012", } @techreport{PABBCFJRW98-GUARDS-154, author = "D. Powell and J. Arlat and L. Beus-Dukic and Bondavalli, Andrea and P. Coppola and A. Fantechi and E. Jenn and C. Rab{\'e}jac and A. Wellings", number = "Report GUA", title = "{GUARDS}: a {G}eneric {U}pgradable {A}rchitecture for {R}eal-time {D}ependable {S}ystems", type = "GUARDS Project", year = "1998", } @article{PABBCFJRW99-TPDS-122, author = "D. Powell and J. Arlat and L. Beus-Dukic and Bondavalli, Andrea and P. Coppola and A. Fantechi and E. Jenn and C. Rab{\'e}jac and A. Wellings", journal = "IEEE Transactions on Parallel and Distributed Systems, Special Issue on Dependable Real-Time Systems", number = "6", pages = "580--599", title = "{GUARDS}: a {G}eneric {U}pgradable {A}rchitecture for {R}eal-time {D}ependable {S}ystems", volume = "10", year = "1999", } @article{ABHV06-TDSC06-207, author = "J. Arlat and Bondavalli, Andrea and B. R. Haverkort and P. Ver{\'i}ssimo", journal = "IEEE Trans. on Dependable and Secure Computing", number = "3", pages = "169--171", title = "{G}uest {E}ditorial for the {S}pecial {I}ssue on the 2005 {IEEE}/{IFIP} {C}onference on {D}ependable {S}ystems and {N}etworks, including the {D}ependable {C}omputing and {C}ommunications and {P}erformance and {D}ependability {S}ymposia", volume = "3", year = "2006", } @techreport{DGBX95-Esprit173-168, author = "Di Giandomenico, Felicita and Bondavalli, Andrea and J. Xu", month = "June", number = "173", title = "{H}ardware and {S}oftware {F}ault {T}olerance: {A}daptive {A}rchitectures in {D}istributed {C}omputing {E}nvironments", type = "Esprit BRA 6362 PDCS", year = "1995", } @techreport{DGBX95b-B415-167, author = "Di Giandomenico, Felicita and Bondavalli, Andrea and J. Xu", institution = "IEI CNR, Pisa, Italy", month = "April", number = "B4-15", title = "{H}ardware and {S}oftware {F}ault {T}olerance: {A}daptive {A}rchitectures in {D}istributed {C}omputing {E}nvironments", type = "Internal Report", year = "1995", } @conference{DGBXC97-ESREL-110, author = "Di Giandomenico, Felicita and Bondavalli, Andrea and J. Xu and Silvano Chiaradonna", address = "Lisbon, Portugal", booktitle = "Int. Conference on Safety and Reliability (ESREL'97)", month = "June 17-20", pages = "341--348", publisher = "Pergamon Press", title = "{H}ardware and {S}oftware {F}ault {T}olerance: {D}efinition and {E}valuation of {A}daptive {A}rchitectures in a {D}istributed {C}omputing {E}nvironment", year = "1997", } @conference{D