his.sePublications
Change search
Link to record
Permanent link

Direct link
BETA
Alternative names
Publications (10 of 59) Show all publications
Jiang, Y., Ding, J., Atif, Y., Jeusfeld, M., Andler, S., Lindström, B., . . . Haglund, D. (2018). Complex Dependencies Analysis: Technical Description of Complex Dependencies in Critical Infrastructures, i.e. Smart Grids. Work Package 2.1 of the ELVIRA Project. Skövde: University of Skövde
Open this publication in new window or tab >>Complex Dependencies Analysis: Technical Description of Complex Dependencies in Critical Infrastructures, i.e. Smart Grids. Work Package 2.1 of the ELVIRA Project
Show others...
2018 (English)Report (Other academic)
Abstract [en]

This document reports a technical description of ELVIRA project results obtained as part of Work-package 2.1 entitled “Complex Dependencies Analysis”. In this technical report, we review attempts in recent researches where connections are regarded as influencing factors to  IT systems monitoring critical infrastructure, based on which potential dependencies and resulting disturbances are identified and categorized. Each kind of dependence has been discussed based on our own entity based model. Among those dependencies, logical and functional connections have been analysed with more details on modelling and simulation techniques.

Place, publisher, year, edition, pages
Skövde: University of Skövde, 2018. p. 22
Series
IKI Technical Reports ; HS-IIT-TR-18-003
Keywords
Dependencies, Interdependencies, Modelling and Simulation, Influence Factors
National Category
Computer and Information Sciences Embedded Systems
Research subject
Distributed Real-Time Systems; Information Systems
Identifiers
urn:nbn:se:his:diva-15114 (URN)
Projects
ELVIRA
Note

This is a technical report related to the ELVIRA project www.his.se/elvira

Available from: 2018-05-02 Created: 2018-05-02 Last updated: 2018-05-29Bibliographically approved
Atif, Y., Jiang, Y., Jeusfeld, M. A., Ding, J., Lindström, B., Andler, S. F., . . . Lindström, B. (2018). Cyber-threat analysis for Cyber-Physical Systems: Technical report for Package 4, Activity 3 of ELVIRA project. Skövde: University of Skövde
Open this publication in new window or tab >>Cyber-threat analysis for Cyber-Physical Systems: Technical report for Package 4, Activity 3 of ELVIRA project
Show others...
2018 (English)Report (Other academic)
Abstract [en]

Smart grid employs ICT infrastructure and network connectivity to optimize efficiency and deliver new functionalities. This evolu- tion is associated with an increased risk for cybersecurity threats that may hamper smart grid operations. Power utility providers need tools for assessing risk of prevailing cyberthreats over ICT infrastructures. The need for frameworks to guide the develop- ment of these tools is essential to define and reveal vulnerability analysis indicators. We propose a data-driven approach for design- ing testbeds to evaluate the vulnerability of cyberphysical systems against cyberthreats. The proposed framework uses data reported from multiple components of cyberphysical system architecture layers, including physical, control, and cyber layers. At the phys- ical layer, we consider component inventory and related physi- cal flows. At the control level, we consider control data, such as SCADA data flows in industrial and critical infrastructure control systems. Finally, at the cyber layer level, we consider existing secu- rity and monitoring data from cyber-incident event management tools, which are increasingly embedded into the control fabrics of cyberphysical systems.

Place, publisher, year, edition, pages
Skövde: University of Skövde, 2018. p. 18
Series
IIT Technical Reports ; HS-IIT-TR-18-004
Keywords
vulnerability analysis, cyber-threats, cyberphysical systems, clus- tering, multiagent systems
National Category
Computer and Information Sciences
Research subject
Distributed Real-Time Systems; Information Systems
Identifiers
urn:nbn:se:his:diva-16092 (URN)
Projects
This research has been supported in part by the EU ISF Project A431.678/2016 ELVIRA (Threat modeling and resilience of critical infrastructures), coordinated by Polismyndigheten/Sweden
Note

I publikationen: HS-IIT-18-004

Available from: 2018-08-29 Created: 2018-08-29 Last updated: 2018-10-12Bibliographically approved
Lindström, B., Offutt, J., González-Hernández, L. & Andler, S. F. (2018). Identifying Useful Mutants to Test Time Properties. In: 2018 IEEE International Conference on Software Testing, Verification and Validation Workshops (ICSTW): . Paper presented at 2018 IEEE 11th International Conference on Software Testing, Verification and Validation Workshops, 9–13 April 2018, Västerås, Sweden (pp. 69-76). IEEE Computer Society
Open this publication in new window or tab >>Identifying Useful Mutants to Test Time Properties
2018 (English)In: 2018 IEEE International Conference on Software Testing, Verification and Validation Workshops (ICSTW), IEEE Computer Society, 2018, p. 69-76Conference paper, Published paper (Refereed)
Abstract [en]

Real-time systems have to be verified and tested for timely behavior as well as functional behavior. Thus, time is an extra dimension that adds to the complexity of software testing. A timed automata model with a model-checker can be used to generate timed test traces. To properly test the timely behavior, the set of test traces should challenge the different time constraints in the model. This paper describes and adapts mutation operators that target such time constraints in timed automata models. Time mutation operators apply a delta to the time constraints to help testers design tests that exceed the time constraints. We suggest that the size of this delta determines how easy the mutant is to kill and that the optimal delta varies by the program, mutation operator, and the individual mutant. To avoid trivial and equivalent time mutants, the delta should be set individually for each mutant. We discuss mutant subsumption and define the problem of finding dominator mutants in this new domain. In this position paper, we outline an iterative tuning process where a statistical model-checker, UPPAAL SMC, is used to: (i) create a tuned set of dominator time mutants, and (ii) generate test traces that kill the mutants.

Place, publisher, year, edition, pages
IEEE Computer Society, 2018
Keywords
mutation testing, model-based testing, mutant subsumption, real-time systems, embedded systems
National Category
Computer Sciences
Research subject
Distributed Real-Time Systems
Identifiers
urn:nbn:se:his:diva-16049 (URN)10.1109/ICSTW.2018.00030 (DOI)2-s2.0-85050973857 (Scopus ID)978-1-5386-6352-3 (ISBN)978-1-5386-6353-0 (ISBN)
Conference
2018 IEEE 11th International Conference on Software Testing, Verification and Validation Workshops, 9–13 April 2018, Västerås, Sweden
Projects
TOCSYC
Funder
Knowledge Foundation, 20130085
Available from: 2018-08-13 Created: 2018-08-13 Last updated: 2018-11-21Bibliographically approved
Atif, Y., Jiang, Y., Lindström, B., Ding, J., Jeusfeld, M., Andler, S., . . . Haglund, D. (2018). Multi-agent Systems for Power Grid Monitoring: Technical report for Package 4.1 of ELVIRA project. Skövde: University of Skövde
Open this publication in new window or tab >>Multi-agent Systems for Power Grid Monitoring: Technical report for Package 4.1 of ELVIRA project
Show others...
2018 (English)Report (Other academic)
Abstract [en]

This document reports a technical description of ELVIRA project results obtained as part of Work- package 4.1 entitled “Multi-agent systems for power Grid monitoring”. ELVIRA project is a collaboration between researchers in School of IT at University of Skövde and Combitech Technical Consulting Company in Sweden, with the aim to design, develop and test a testbed simulator for critical infrastructures cybersecurity. This report outlines intelligent approaches that continuously analyze data flows generated by Supervisory Control And Data Acquisition (SCADA) systems, which monitor contemporary power grid infrastructures. However, cybersecurity threats and security mechanisms cannot be analyzed and tested on actual systems, and thus testbed simulators are necessary to assess vulnerabilities and evaluate the infrastructure resilience against cyberattacks. This report suggests an agent-based model to simulate SCADA- like cyber-components behaviour when facing cyber-infection in order to experiment and test intelligent mitigation mechanisms. 

Place, publisher, year, edition, pages
Skövde: University of Skövde, 2018. p. 16
Series
IKI Technical Reports ; HS-IIT-TR-18-002
Keywords
Smart grid security, Agent model, Multi-agent system
National Category
Computer and Information Sciences
Research subject
Distributed Real-Time Systems; Information Systems
Identifiers
urn:nbn:se:his:diva-15111 (URN)
Projects
Elvira project funded by EU Internal Security Fund (ISF) A431.678-2016
Available from: 2018-05-02 Created: 2018-05-02 Last updated: 2018-05-29Bibliographically approved
González-Hernández, L., Lindström, B., Offutt, J., Andler, S. F., Potena, P. & Bohlin, M. (2018). Using Mutant Stubbornness to Create Minimal and Prioritized Test Sets. In: 2018 IEEE International Conference on Software Quality, Reliability and Security (QRS): . Paper presented at 2018 IEEE 18th International Conference on Software Quality, Reliability, and Security (QRS 2018), 16–20 July 2018, Lisbon, Portugal (pp. 446-457). IEEE Computer Society
Open this publication in new window or tab >>Using Mutant Stubbornness to Create Minimal and Prioritized Test Sets
Show others...
2018 (English)In: 2018 IEEE International Conference on Software Quality, Reliability and Security (QRS), IEEE Computer Society, 2018, p. 446-457Conference paper, Published paper (Refereed)
Abstract [en]

In testing, engineers want to run the most useful tests early (prioritization). When tests are run hundreds or thousands of times, minimizing a test set can result in significant savings (minimization). This paper proposes a new analysis technique to address both the minimal test set and the test case prioritization problems. This paper precisely defines the concept of mutant stubbornness, which is the basis for our analysis technique. We empirically compare our technique with other test case minimization and prioritization techniques in terms of the size of the minimized test sets and how quickly mutants are killed. We used seven C language subjects from the Siemens Repository, specifically the test sets and the killing matrices from a previous study. We used 30 different orders for each set and ran every technique 100 times over each set. Results show that our analysis technique performed significantly better than prior techniques for creating minimal test sets and was able to establish new bounds for all cases. Also, our analysis technique killed mutants as fast or faster than prior techniques. These results indicate that our mutant stubbornness technique constructs test sets that are both minimal in size, and prioritized effectively, as well or better than other techniques.

Place, publisher, year, edition, pages
IEEE Computer Society, 2018
Keywords
Test Case Minimization, Minimal Sets, Test Case Prioritization, Mutant Stubbornness
National Category
Computer Sciences
Research subject
Distributed Real-Time Systems
Identifiers
urn:nbn:se:his:diva-16050 (URN)10.1109/QRS.2018.00058 (DOI)2-s2.0-85052313827 (Scopus ID)978-1-5386-7757-5 (ISBN)978-1-5386-7758-2 (ISBN)
Conference
2018 IEEE 18th International Conference on Software Quality, Reliability, and Security (QRS 2018), 16–20 July 2018, Lisbon, Portugal
Projects
TOCSYC
Funder
Knowledge Foundation, 20130085
Available from: 2018-08-13 Created: 2018-08-13 Last updated: 2018-11-26Bibliographically approved
Ding, J., Atif, Y., Andler, S. F., Lindström, B. & Jeusfeld, M. (2017). CPS-based Threat Modeling for Critical Infrastructure Protection. Performance Evaluation Review, 45(2), 129-132
Open this publication in new window or tab >>CPS-based Threat Modeling for Critical Infrastructure Protection
Show others...
2017 (English)In: Performance Evaluation Review, ISSN 0163-5999, E-ISSN 1557-9484, Vol. 45, no 2, p. 129-132Article in journal (Refereed) Published
Abstract [en]

Cyber-Physical Systems (CPSs) are augmenting traditionalCritical Infrastructures (CIs) with data-rich operations. Thisintegration creates complex interdependencies that exposeCIs and their components to new threats. A systematicapproach to threat modeling is necessary to assess CIs’ vulnerabilityto cyber, physical, or social attacks. We suggest anew threat modeling approach to systematically synthesizeknowledge about the safety management of complex CIs andsituational awareness that helps understanding the nature ofa threat and its potential cascading-effects implications.

Place, publisher, year, edition, pages
ACM Publications, 2017
Keywords
CPS, threat modeling, Critical Infrastructure Protection
National Category
Computer and Information Sciences
Research subject
Distributed Real-Time Systems; Information Systems; INF303 Information Security
Identifiers
urn:nbn:se:his:diva-14245 (URN)10.1145/3152042.3152080 (DOI)2-s2.0-85041405430 (Scopus ID)
Projects
EU ISF project: Elvira
Funder
EU, European Research Council
Available from: 2017-10-23 Created: 2017-10-23 Last updated: 2018-06-01Bibliographically approved
Atif, Y., Ding, J., Lindström, B., Jeusfeld, M., Andler, S. F., Yuning, J., . . . Gustavsson, P. M. (2017). Cyber-Threat Intelligence Architecture for Smart-Grid Critical Infrastructures Protection. In: : . Paper presented at The International Conference on Critical Information Infrastructures Security, CRITIS 2017, Lucca, Italy, October 8-13, 2017.
Open this publication in new window or tab >>Cyber-Threat Intelligence Architecture for Smart-Grid Critical Infrastructures Protection
Show others...
2017 (English)Conference paper, Poster (with or without abstract) (Refereed)
Abstract [en]

Critical infrastructures (CIs) are becoming increasingly sophisticated with embedded cyber-physical systems (CPSs) that provide managerial automation and autonomic controls. Yet these advances expose CI components to new cyber-threats, leading to a chain of dysfunctionalities with catastrophic socio-economical implications. We propose a comprehensive architectural model to support the development of incident management tools that provide situation-awareness and cyber-threats intelligence for CI protection, with a special focus on smart-grid CI. The goal is to unleash forensic data from CPS-based CIs to perform some predictive analytics. In doing so, we use some AI (Artificial Intelligence) paradigms for both data collection, threat detection, and cascade-effects prediction. 

Keywords
critical infrastructures, cyber-threat, situation awareness, smart-grid, machine-learning, artificial intelligence, multi-agent systems
National Category
Computer Sciences Embedded Systems Energy Systems Remote Sensing Infrastructure Engineering
Research subject
Distributed Real-Time Systems; Information Systems
Identifiers
urn:nbn:se:his:diva-14516 (URN)
Conference
The International Conference on Critical Information Infrastructures Security, CRITIS 2017, Lucca, Italy, October 8-13, 2017
Projects
ELVIRA
Available from: 2017-11-28 Created: 2017-11-28 Last updated: 2018-02-01Bibliographically approved
Lindström, B., Offutt, J., Sundmark, D., Andler, S. F. & Pettersson, P. (2017). Using mutation to design tests for aspect-oriented models. Information and Software Technology, 81, 112-130
Open this publication in new window or tab >>Using mutation to design tests for aspect-oriented models
Show others...
2017 (English)In: Information and Software Technology, ISSN 0950-5849, E-ISSN 1873-6025, Vol. 81, p. 112-130Article in journal (Refereed) Published
Abstract [en]

Abstract Context: Testing for properties such as robustness or security is complicated because their concerns are often repeated in many locations and muddled with the normal code. Such “cross-cutting concerns” include things like interrupt events, exception handling, and security protocols. Aspect-oriented (AO) modeling allows developers to model the cross-cutting behavior independently of the normal behavior, thus supporting model-based testing of cross-cutting concerns. However, mutation operators defined for AO programs (source code) are usually not applicable to AO models (AOMs) and operators defined for models do not target the AO features. Objective: We present a method to design abstract tests at the aspect-oriented model level. We define mutation operators for aspect-oriented models and evaluate the generated mutants for an example system. Method: AOMs are mutated with novel operators that specifically target the AO modeling features. Test traces killing these mutant models are then generated. The generated and selected traces are abstract tests that can be transformed to concrete black-box tests and run on the implementation level, to evaluate the behavior of the woven cross-cutting concerns (combined aspect and base models). Results: This paper is a significant extension of our paper at Mutation 2015. We present a complete fault model, additional mutation operators, and a thorough analysis of the mutants generated for an example system. Conclusions: The analysis shows that some mutants are stillborn (syntactically illegal) but none is equivalent (exhibiting the same behavior as the original model). Additionally, our AOM-specific mutation operators can be combined with pre-existing operators to mutate code or models without any overlap.

Place, publisher, year, edition, pages
Elsevier, 2017
Keywords
Model-based testing, Aspect-oriented model, Mutation testing
National Category
Computer Sciences
Identifiers
urn:nbn:se:his:diva-12767 (URN)10.1016/j.infsof.2016.04.007 (DOI)000387634200009 ()2-s2.0-84963813590 (Scopus ID)
Available from: 2016-08-09 Created: 2016-08-09 Last updated: 2018-01-10Bibliographically approved
Shah, S. M., Sundmark, D., Lindström, B. & Andler, S. F. (2016). Robustness Testing of Embedded Software Systems: An Industrial Interview Study. IEEE Access, 4, 1859-1871, Article ID 7438745.
Open this publication in new window or tab >>Robustness Testing of Embedded Software Systems: An Industrial Interview Study
2016 (English)In: IEEE Access, E-ISSN 2169-3536, Vol. 4, p. 1859-1871, article id 7438745Article in journal (Refereed) Published
Abstract [en]

Embedded software is at the core of current and future telecommunication, automotive, multimedia, and industrial automation systems. The success of practically any industrial application depends on the embedded software system’s dependability, and one method to verify the dependability of a system is testing its robustness. The motivation behind this study is to provide a knowledge base of the state of the practice in robustness testing of embedded software systems and to compare this to the state of the art. We have gathered information on the state of the practice in robustness testing from seven different industrial domains (telecommunication, automotive, multimedia, critical infrastructure, aerospace, consumer products, and banking) by conducting thirteen semi-structured interviews. We investigate different aspects of robustness testing, such as the general view of robustness, relation to requirements engineering and design, test execution, failures, and tools. We highlight knowledge from the state of the practice of robustness testing of embedded software systems. We found different robustness testing practices that have not been previously described. Our study shows that the state of the practice, when it comes to robustness testing, differs between organizations and is quite different from the state of the art described in the scientific literature. For example, methods commonly described in the literature (e.g., the fuzzy approach) are not used in the organizations we studied. Instead, the interviewees described several ad-hoc approaches that take specific scenarios into account (e.g., power failure or overload). Other differences we found concern classification of robustness failures, the hypothesized root causes of robustness failures, and the types of tools used for robustness testing. The study is a first step in capturing the state of the practice of robustness testing of embedded software systems. The results can be used by both researchers and- practitioners. Researchers can use our findings to understand the gap between the state of the art and the state of the practice and develop their studies to fill this gap. Practitioners can also learn from this knowledge base regarding how they can improve their practice and acquire other practices.

Place, publisher, year, edition, pages
Institute of Electrical and Electronics Engineers (IEEE), 2016
National Category
Computer Sciences
Research subject
Distributed Real-Time Systems
Identifiers
urn:nbn:se:his:diva-12154 (URN)10.1109/ACCESS.2016.2544951 (DOI)000401699000001 ()2-s2.0-84979823446 (Scopus ID)
Available from: 2016-04-18 Created: 2016-04-18 Last updated: 2018-01-10Bibliographically approved
Hassan, M. M., Afzal, W., Lindström, B., Shah, S. M. A., Andler, S. F. & Blom, M. (2016). Testability and Software Performance: A Systematic Mapping Study. In: : . Paper presented at the 31st ACM/SIGAPP Symposium on Applied Computing (SAC’16) (pp. 1566-1569).
Open this publication in new window or tab >>Testability and Software Performance: A Systematic Mapping Study
Show others...
2016 (English)Conference paper, Published paper (Refereed)
Abstract [en]

In most of the research on software testability, functional correctness of the software has been the focus while the evidence regarding testability and non-functional properties such as performance is sporadic. The objective of this study is to present the current state-of-the-art related to issues of importance, types and domains of software under test, types of research, contribution types and design evaluation methods concerning testability and software performance. We find that observability, controllability and testing effort are the main testability issues while timeliness and response time (i.e., time constraints) are the main performance issues in focus. The primary studies in the area use diverse types of software under test within different domains, with realtime systems as being a dominant domain. The researchers have proposed many different methods in the area, however these methods lack implementation in practice.

Keywords
Testability, Software performance, Systematic mapping study
National Category
Computer Sciences
Identifiers
urn:nbn:se:his:diva-12768 (URN)10.1145/2851613.2851978 (DOI)978-1-4503-3739-7 (ISBN)
Conference
the 31st ACM/SIGAPP Symposium on Applied Computing (SAC’16)
Projects
TOCSYC
Funder
Knowledge Foundation, 20130085
Available from: 2016-08-09 Created: 2016-08-09 Last updated: 2018-01-10Bibliographically approved
Organisations
Identifiers
ORCID iD: ORCID iD iconorcid.org/0000-0002-6662-9034

Search in DiVA

Show all publications