Dessert 2014

[index.html] Contacts Accommodations Supporters Committees Speakers About Home Our Plenary Speakers Dr. Peter Popov City University London, United Kingdom Centre for Software Reliability Stochastic modelling of cyber attacks in industrial control systems Prof. Vladimir Sklyar RPC Radiy, Ukraine Technical Director University and IT-industry cooperation: structure, results and perspectives in Ukraine Dr. Iosif Androulidakis University of Zilina, Slovakia Department of Informatics Smart phone users: Are they green users? Dr. Todor Tagarev Centre for Security and Defence Management, Bulgaria IICT - Bulgarian Academy of Sciences A novel resource allocation framework to support organizational development under deep uncertainty Prof. Aleksander Potii Kharkiv National University of Radioelectronics, Ukraine Department of Computer Engineering and Control Security assurance case in context of international standart ISO/IEC 15408 Prof. Juri Vain Tallinn University of Technology, Estonia Department of Computer Science Provably correct online testing of timed systems Prof. Serhiy Shtovba Vinnitsa National Technical University, Ukraine Department of Computer Control Systems Fuzzy sets based modeling of algorithmic process reliability Dr. Mario Fusani National Research Council of Italy, Italy Institute of Information Sciences and Technology How much of safety-related software is quality software ? To be announced Abstracts: Prof. Vladimir Sklyar University and IT-industry Cooperation: structure, results and perspectives in Ukraine Abstract The results in area of University-Business Cooperation (UBC) are discussed and systemized. The UBC related activities are described. Main components of the UBC are defined .The advantages, barriers, drivers, models, methods and tools of UBC are analyzed. The directions of UBC development and implementation in Ukraine are suggested such as formation of government policy and support of UBC, creation of UBC national agency and communication network for all participants, cooperation via information integration with EU, etc. Dr. Iosif Androulidakis Smart phone users: Are they green users? Abstract Smart phones by now have overwhelmed the mobile phone market, to the point that it becomes increasingly difficult to find an "old-type", classical, feature phone. Although they offer a wealth of features and services to their users, they are far more power hungry, requiring to be charged almost daily! At the same time many interesting questions arise, in regards to their users: Are they aware of green practices? Do they follow them? What are their buying habits and their preferences in regards to mobile phone features? In this talk we will present the preliminary findings from an empirical study among 313 users that was held in order to answer all these questions. Prof. Alexander Potii Security assurance case in context of international standard ISO/IEC 15408 Abstract An assurance case is a body of evidence organized into an argument demonstrating that some claim about a system holds. An assurance case is needed when it is important to show that a system exhibits some complex property such as safety, security or dependability. In this report we consider an security assurance requirements of ISO/IEC 15408, to explain an approach to documenting security assurance case from ISO/IEC 15408 and to explain an approach to evaluate security assurance requirements. Prof. Juri Vain Provably correct online testing of timed systems Abstract Automated testing techniques are considered as perspective productivity factors for time- and safety-critical software development. It is important that the generated tests are provably correct - the test results must be trustable and conclusive. This talk concentrates on the methodology of constructing provably correct tests for remote testing of systems with time constraints. To demonstrate the feasibility of the approach we show how the abstract tests are generated, verified and transformed to concrete test scripts that are executable on the distributed model-based testing platform dTron. Dr. Mario Fuzani How much of safety-related software is quality software ? Abstract Two different aspects about software differently impact into system safety: One is the way software is "implemented" (specified, designed, coded, verified and maintained); the other is the way it is "used" (diversity, recovery blocks, diagnostics, ...). It is commonly accepted that only some basic features of the first aspect are "quality management" software. The talk, by examining some popular safety-related software standards, wants to question this belief, to argue that safety-related software is, at various levels, quality management. Dr. Todor Tagarev A novel resource allocation framework to support organizational development under deep uncertainty Abstract Two level of scenarios - alternative futures and likely situations in each future - are used to represent uncertainty and derive future requirements. The proposed framework provides for consistent investment decision making that combines state-of-the-art capability planning with allocation of resources to provide awareness, early warning, and organizational agility. While developed with a primary view on security and defence organizations, this framework is applicable to any organization approaching strategically its long-term development. Dr. Peter Popov Stochastic modelling of cyber attacks in industrial control systems Abstract Cyber security of industrial control systems (ICS) has become a hot topic in the last decade. Recent demonstration that serious damage can be inflicted on industrial systems without physical access to the assets raised awareness of how damaging cyber attacks via ICS can be. The talk reports on an ongoing effort by the Centre for Software Reliability to develop an approach and tool support to evaluating the resilience of ICS accounting for cyber security. The approach taken is described and illustrated on a complex case study - a reference power transmission network (NORDIC32) extended with a SCADA network, compliant with the international standard IEC 615850. The model captures in some detail the essential elements of the modelled power system such as distributed measurements, protection and control functions and the functional dependencies between the modelled elements. Each of the modelled elements is represented by a stochastic state machine and so are the different cyber attacks. The complex dependencies between the modelled elements (e.g. power flow calculations, effects of the successful attacks on the power network, etc.) are modelled via a set of "plug-ins", custom built software modules which can be attached to the modelling environment via a uniform interface. The measure of interest is expressed by defining a set of reward (utility) functions. In the reported studies as a reward we used the power lost (i.e. not supplied to consumers) due to failures. The complex hybrid models (a mixture of stochastic and deterministic state machines) are solved via Monte Carlo simulation. We compared the average power lost and its variance under two scenarios: i) base-line scenario, in which only accidental failures can occur; ii) "under attack scenarios", in which in addition to accidental failures the modelled system is subjected to attacks with different characteristics (intensity, likelihood to damage the power system in a particular way, etc.). Prof. Serhiy Shtovba Fuzzy sets based modeling of algorithmic process reliability Abstract Many discrete-behavior systems can be analyzed in a unified framework if combined into a class of so-called algorithmic processes. The algorithmic process is process of carrying out some algorithm. Typical algorithmic processes include human-computer interaction, technological processes etc. In this report we propose an approach that extends the probabilistic reliability models of algorithmic process to the case of fuzzy source data and fuzzy relations.