Skip to main content

Über dieses Buch

This book constitutes the thoroughly refereed proceedings of the 14 the European Workshop on Dependable Computing, EWDC 2013, held in Coimbra, Portugal, in May 2013. The 9 full papers and 6 short papers presented were carefully reviewed and selected from 24 submissions. Also included in the volume are 6 fast abstracts presenting work in progress or new ideas in the dependability area. The papers are organized in topical sections on wireless sensor networks; cloud computing and services; testing and fault detection, fault injection and benchmarking and dependable and secure computing.



Wireless Sensor Networks

Enhancing Intrusion Detection in Wireless Sensor Networks through Decision Trees

Wireless Sensor Networks (WSNs) are being increasingly adopted also in very sensitive applications where it is of paramount importance to ensure that the sensor network is protected from cyber-security threats. In this paper we present a new IDS architecture designed to ensure a trade-off between different requirements: high detection rate is obtained through decision tree classification; energy saving is obtained through light detection techniques on the motes. A dataset including sinkhole attack has been created and employed to evaluate the effectiveness of the proposed solution. Such a dataset has been made available, and will facilitate future comparisons of alternative solutions.

Alessia Garofalo, Cesario Di Sarno, Valerio Formicola

Middleware Support for Adaptive Real-Time Applications in Wireless Sensor Networks

This position paper describes initial efforts and ideas for the development of a middleware framework to support the operation of adaptive Wireless Sensor Networks applications with real-time and dependability requirements. We identify a set of underlying services that need to be implemented as part of this framework, explaining why they are needed and what they provide. In order to illustrate how this middleware can be used and its potential benefits, we consider the well-known LQER routing protocol to show how it must be changed to incorporate probabilistic real-time requirements and meet them in a dependable way.

João Alves, António Casimiro, Luís Marques

Cloud Computing and Services

Formal Analysis of Dynamic Domain Establishment Protocol in Cloud Logging Service

We present a formal analysis of the dynamic domain establishment protocol in the Cloud logging service. The protocol is used to establish a trust channel between the log as a service client agent (LCA) and the log as a service server agent (LSA). Formal specification and verification have been carried out using the specification language HLPSL and AVISPA, a state-of-the-art verification tool for security protocols. AVISPA has revealed two main security flaws, one of which (previously unheard of, up to our knowledge) allows an intruder to impersonate the LCA to join the dynamic domain, and may launch a denial-of-service attack. To address this problem, we propose to use explicit identity information in one’s signature. The other one is the information leakage problem, to solve this problem we propose a modification of the protocol by adding a key update protocol. After these modifications, this protocol has been verified with AVISPA to be safe from these two attacks.

Wei Hu, Dongyao Ji

Model-Driven Evaluation of User-Perceived Service Availability

Service-oriented architecture (SOA) has emerged as an approach to master growing system complexity by proposing services as basic building elements of system design. However, it remains difficult to evaluate dependability of such distributed and heterogeneous functionality as it depends highly on the properties of the enabling information and communications technology (ICT) infrastructure. Moreover, every specific pair service client and provider can utilize different ICT components, constituting for the


view of a service.

We provide a model-driven methodology to automatically create reliability block diagrams of such views. Given a service description, a network topology model and a pair service client and provider, it identifies relevant ICT components and generates a user-perceived service availability model (UPSAM). We then use this UPSAM to calculate the steady-state availability of different views on an exemplary mail service deployed in the network infrastructure of University of Lugano, Switzerland.

Andreas Dittrich, Rafael Rezende

Exploiting SDN Approach to Tackle Cloud Computing Security Issues in the ATC Scenario

Cloud Computing has been receiving great attention in the last few years due to the benefits it provides in terms of flexibility, scalability, virtualization and service provision. Nevertheless, many companies remain reluctant to such a cutting-edge technology due to the serious security issues affecting virtualized environments, especially in critical application scenarios where high safety and dependability levels are required. This work is aimed at discussing and presenting the main security threats for cloud computing infrastructures, as well as proposing a novel architecture in charge of reacting to security attacks in Infrastructure as a Service platforms. The basic idea is to migrate the attacked virtual appliance and to reconfigure the network by means of Software Defined Networking approach. The paper presents the architecture we have in mind and that will be deployed and validated against a real world distributed Air Traffic Control system, for which missing dependability and security targets would result in huge business and human losses.

Gabriella Carrozza, Vittorio Manetti, Antonio Marotta, Roberto Canonico, Stefano Avallone

Testing and Fault Detection

Intercept: Profiling Windows Network Device Drivers

Device drivers account for a substantial part of the operating system (OS), since they implement the code that interfaces the components connected to a computer system. Unfortunately, in the large majority of cases, hardware vendors do not release their code, making the analysis of failures attributed to device drivers extremely difficult. Although several instrumentation tools exist, most of them are useless to study device drivers as they work at user level. This paper presents Intercept, a tool that profiles Windows Device Drivers (WDD) and logs the driver interactions with the OS core at function level. The tool helps to understand how a WDD works and can provide support for several activities, such as debugging, robustness testing, or reverse engineering. Experiments using Ethernet, Wi-Fi and Bluetooth device drivers show that Intercept is able to record function calls, parameters and return values, with small overheads even when the device driver under test is subject to a heavy workload.

Manuel Mendonça, Nuno Neves

The Challenge of Detection and Diagnosis of Fugacious Hardware Faults in VLSI Designs

Current integration scales are increasing the number and types of faults that embedded systems must face. Traditional approaches focus on dealing with those transient and permanent faults that impact the state or output of systems, whereas little research has targeted those faults being logically, electrically or temporally masked -which we have named fugacious. A fast detection and precise diagnosis of faults occurrence, even if the provided service is unaffected, could be of invaluable help to determine, for instance, that systems are currently under the influence of environmental disturbances like radiation, suffering from wear-out, or being affected by an intermittent fault. Upon detection, systems may react to adapt the deployed fault tolerance mechanisms to the diagnosed problem. This paper explores these ideas evaluating challenges and requirements involved, and provides an outline of potential techniques to be applied.

Jaime Espinosa, David de Andrés, Juan-Carlos Ruiz, Pedro Gil

GraphSeq Revisited: More Efficient Search for Patterns in Mobility Traces

GraphSeq is a graph matching tool previously developed in the framework of a scenario-based test approach. It targets mobile computing systems, for which interaction scenarios must consider the evolution of the spatial configuration of nodes. GraphSeq allows the analysis of test traces to identify occurrences of the successive configurations of a scenario. This paper presents a recent improvement made to the tool, to allow for better performance in the average cases. It consists in re-arranging the configuration patterns extracted from the scenario, so that the most discriminating nodes are matched first. The improvement is assessed using randomly generated graphs and a test trace from a case study in ad hoc networks.

Pierre André, Nicolas Rivière, Hélène Waeselynck

Fault Injection and Benchmarking

Issues and Ongoing Work on State-Driven Workload Generation for Distributed Systems

The dependability of a complex distributed system needs to be assured against the several conditions, namely


, in which it can operate. Generating a workload able to cover a desired target state of a distributed system is still a difficult task, since the relationship between the workload and states is nontrivial due to system complexity and non-deterministic factors. This work discusses our ongoing work on a state-driven workload generation approach for distributed systems, based on an evolutionary algorithm, and its preliminary implementation for testing a fault-tolerant distributed system for flight data processing.

Roberto Natella, Fabio Scippacercola

Towards Benchmarking of Functional Safety in the Automotive Industry

Functional safety is becoming increasingly important in the automotive industry to deal with the growing reliance on the electrical and/or electronic (E/E) systems and the associated complexities. The introduction of ISO 26262, a new standard for functional safety in road vehicles, has made it even more important to adopt a systematic approach of evaluating functional safety. However, standard assessment methods of benchmarking functional safety of automotive systems are not available as of today. This is where the BeSafe (Benchmarking of Functional Safety) project comes into the picture. BeSafe project aims to lay the foundation for benchmarking functional safety of automotive E/E systems. In this paper, we present a brief overview of the project along with the benchmark targets that we have identified as relevant for the automotive industry, assuming three abstraction layers (model, software, hardware). We then define and discuss a set of benchmark measures. Next, we propose a benchmark framework encompassing fault/error models, methods and the required tool support. This paper primarily focuses on functional safety benchmarking from the Safety Element out of Context (SEooC) viewpoint. Finally, we present some preliminary results and highlight potential future works.

Mafijul Md. Islam, Behrooz Sangchoolie, Fatemeh Ayatolahi, Daniel Skarin, Jonny Vinter, Fredrik Törner, Andreas Käck, Mattias Nyberg, Emilia Villani, Johan Haraldsson, Patrik Isaksson, Johan Karlsson

Fault Injection in the Automotive Standard ISO 26262: An Initial Approach

Complexity and criticality of automotive electronic embedded systems is steadily increasing today. A new standard —ISO 26262— recommends methods and techniques, such as fault injection, to improve safety. A first goal is to use fault injection earlier at the design stage, particularly on models providing an appropriate level of abstraction, to identify errors in the handling of safety requirements. A second objective is to use the results of these model-based analyzes to efficiently identify targets and check their implementation by fault injection. Hence, a verification approach, based on fault injection, has to be defined to complement conventional testing methods and analyzes traditionally used in automotive development process. The paper discusses the various steps of this approach, the link between abstraction and implementation, and gives a brief illustration on a real automotive application.

Ludovic Pintard, Jean-Charles Fabre, Karama Kanoun, Michel Leeman, Matthieu Roy

Dependable and Secure Computing

A GPS Spoofing Resilient WAMS for Smart Grid

Smart grids provide efficiency in energy distribution, easy identification of disturbance sources, and fault prediction. To achieve these benefits a continuous monitoring of voltage and current phasors must be performed. Phasor Measurement Units (PMUs) allow measurements of the phasors. A Wide Area Measurement System uses PMUs placed in different locations to assess the status of the power grid. To correctly analyze the phasors provided by PMUs, phasors must refer to the same time. For this reason each PMU uses the clock provided by a GPS receiver. GPS receiver is vulnerable to spoofing attack and it is a single point of failure. In this context we examined Network Time Protocol (NTP) as an alternative time source when the GPS receiver is compromised. In this paper a resilient architecture is proposed that is able to detect and react to the GPS spoofing attack. Experimental tests have shown the effectiveness of our solution.

Alessia Garofalo, Cesario Di Sarno, Luigi Coppolino, Salvatore D’Antonio

A Dependable Alternative to the Spanning Tree Protocol

The Spanning Tree Protocol (STP) is known to have stability problems and poor convergence intervals. Several protocols and variants exist targeting the replacement of STP variants, most of them proprietary and with limited scope of operation. The recent protocols, IETF TRILL and IEEE SPB, target mainly data center networks, are based on complex concepts, require great processing power from switches and huge investment in new gear.

In this paper we propose Self-Configurable Switches Protocol (SCS) as an alternative to all these protocols. It has the following advantages: it is configuration-free, thus less vulnerable to human mistakes; it enhances the network stability and performance when comparing with STP; and it is suitable to the range of equipment and networks that typically run STP variants, minimizing the need for potential large investments required by TRILL and SPB. This paper describes the main characteristics, processes and mechanisms of SCS, presents some lab and simulation experiments with STP and SCS, and provides demonstrations that SCS provides a more reliable service than STP variants, and a more cost effective alternative to TRILL and SPB network dependability.

João Lopes, Susana Sargento, André Zúquete

Understanding (Mis)Information Spreading for Improving Corporate Network Trustworthiness

The explosion of social networks is pervading every form of business. When used inside corporate networks, they can create potential vulnerabilities as employees at the lower levels in the organization chart may become influential thanks to social connections. This unexpected influence could be dangerous if the employee behaves maliciously reducing thus the trustworthiness of the overall organization. The paper is a first attempt in understanding this phenomenon by proposing a model for corporate networks that is able to measure the influence of each employee on the overall organizational chart, that is, to which extent an employee is able to spread (mis)information through the corporate network. The evaluation is done considering the Enron case.

Roberto Baldoni, Silvia Bonomi, Giuseppe Antonio Di Luna, Luca Montanari, Mara Sorella

Software Component Replication for Improved Fault-Tolerance: Can Multicore Processors Make It Work?

Programs increasingly rely on the use of complex component libraries, such as in-memory databases. As any other software, these libraries have bugs that may lead to the application failure. In this work we revisit the idea of software component replication for masking software bugs in the context of multi-core systems. We propose a new abstraction: a


. A


is a software component that includes several internal replicas with diverse implementations to detect and mask bugs. By relying on modern multicores processing capacity it is possible to execute the same operation in multiple replicas concurrently, thus incurring in minimal overhead. Also, by exploring the multiple existent implementations of well-known interfaces, it is possible to use the idea without incurring in additional development cost.

João Soares, João Lourenço, Nuno Preguiça

Fast Abstracts

GRIMACE: GeneRIc MetAmodel for Domain Component modElling

Component Based Software Engineering (CBSE) is a popular and widely adopted software engineering paradigm that has proven his usefulness and success to increase reusability and efficiency in various application domains. In this paper, we propose a common metamodel to support CBSE requirements taking into account the specificities of each domain. The resulting modeling framework serves primarily to capture the basic concepts of concerns related to component systems development based on the clear separation between the development process, interactions and the domain knowledge.

Rahma Bouaziz

Improving the Transfer of Safety and Security Competences to Industry: The RISKY Approach

Transfer to industry is typically understood by academia as a transfer of methodologies and technologies, thus neglecting transfer of knowledge. However, academia is very well placed to improve industry competitiveness through continuous training. Coping with transfer of knowledge is not only a matter of providing courses, but also of considering the lifelong training requirements of professionals and the professional competence framework existing in each domain of expertise. The RISKY project takes into account the current european framework for the transfer of competences across Europe, and the existing certifications promoted by professional bodies, in order to develop and use methods and tools adapted to the training of Security and Safety professionals.

Joaquín Gracia-Morán, Juan-Carlos Ruiz, Juan-Carlos Baraza-Calvo, David de Andrés, Pedro Gil

Towards Dependable Measurements in Coastal Sensors Networks

A flood monitoring system incorporates water sensor networks, forecast simulations models, and a decision-support web-based system. The objective of the system is to achieve reliable flood protection and response. This is challenging because of the inherent presence of a cascade of uncertainties in the forecast models, and also uncertainties affecting the timeliness and quality of raw sensor data that is used in the forecasting processes. Achieving real-time and accurate data collection is difficult due to the pervasive nature of the monitoring networks and because sensors and sensor nodes are vulnerable to external disturbances affecting data accuracy. In this paper we motivate for the need of dependable data collection in harsh coastal and marine environments, we overview the main challenges that need to be addressed and we introduce some initial ideas on what needs to be done in order to deal with external disturbances causing faulty measurements.

Gonçalo Jesus, António Casimiro, Anabela Oliveira

Open Challenges in the Resilience Evaluation of Ad Hoc Networks

Wireless ad hoc networks are spontaneous, self-healing and self-managing systems strongly raising in the last decade. However, their deployment in privacy- or life-critical scenarios still requires a deeper analysis to determine their robustness to faults/attacks and their ability to recover from situations degrading performance and dependability. Unfortunately, several challenges limit the development of practical assessment approaches for ad hoc networks. This paper focuses on identifying these challenges to provide potential evaluators with a guide of the sensitive points that require an especial attention to improve the credibility of results when addressing the resilience evaluation of ad hoc networks.

Miquel Martínez, Jesús Friginal, David de Andrés, Juan-Carlos Ruiz

Using Interleaving to Avoid the Effects of Multiple Adjacent Faults in On-Chip Interconnection Lines

As technology shrinks, higher operating frequencies, reduced feature sizes and lower supply voltages allow greater performance, but the reliability has been affected negatively. Smaller devices and wire spacing lead to an increase in the occurrence of multiple adjacent faults. Thus, the system reliability is seriously affected. Error correction codes are a powerful technique that allows higher reliability using information redundancy. This paper focuses on the use of interleaved codes to tolerate faults in on-chip interconnection lines. Interleaving has been extensively used in memories, but not in system buses. To illustrate the features of this technique, an example has been included.

Luis-J. Saiz-Adalid, Pedro Gil, Joaquín Gracia-Morán, Juan-Carlos Baraza-Calvo

csXception®: First Steps to Provide Fault Injection for the Development of Safe Systems in Automotive Industry

The increasing complexity on the vehicles electrical and/or electronic components has introduced a challenge to automotive safety. Standardization efforts have already been made, leading to the ISO-26262 functional safety and the AUTOSAR architecture definition, providing a development process that addresses safety and quality issues. With the goal of ensuring safety properties, this paper presents a fault injection tool (csXception®), developed by Critical Software, and the first steps towards injecting faults on ARM® Cortex-M3 microcontroller using the SCIFI technique for assessing AUTOSAR systems.

Ricardo Barbosa, Nuno Silva, João Mário Cunha


Weitere Informationen

Premium Partner

Neuer Inhalt

BranchenIndex Online

Die B2B-Firmensuche für Industrie und Wirtschaft: Kostenfrei in Firmenprofilen nach Lieferanten, Herstellern, Dienstleistern und Händlern recherchieren.



Best Practices für die Mitarbeiter-Partizipation in der Produktentwicklung

Unternehmen haben das Innovationspotenzial der eigenen Mitarbeiter auch außerhalb der F&E-Abteilung erkannt. Viele Initiativen zur Partizipation scheitern in der Praxis jedoch häufig. Lesen Sie hier  - basierend auf einer qualitativ-explorativen Expertenstudie - mehr über die wesentlichen Problemfelder der mitarbeiterzentrierten Produktentwicklung und profitieren Sie von konkreten Handlungsempfehlungen aus der Praxis.
Jetzt gratis downloaden!