Bo Li, Mengdi Wang, Yongxin Zhao, G. Pu, Huibiao Zhu, Fu Song
Google File System (GFS) is a distributed file system developed by Google for massive data-intensive applications. Its high aggregate performance of delivering massive data to many clients but the inexpensiveness of commodity hardware facilitate GFS to successfully meet the massive storage needs and be widely used in industries. In this paper, we first present a formal model of Google File System in terms of Communicating Sequential Processes (CSP#), which precisely describes the un-derlying read/write behaviors of GFS. On that basis, both relaxed consistency and eventually consistency guaranteed by GFS may be revealed in our framework. Furthermore, the suggested CSP# model is encoded in Process Analysis Toolkit (PAT), thus several properties such as starvation-free and deadlock-free could be automatically checked and verified in the framework of formal methods.
Google File System (GFS)是Google为海量数据密集型应用开发的分布式文件系统。GFS具有向多个客户端提供海量数据的高聚合性能和廉价的商用硬件,成功地满足了海量存储的需求,在工业中得到了广泛的应用。在本文中,我们首先从通信顺序进程(CSP#)的角度提出了Google文件系统的形式化模型,该模型精确地描述了GFS的底层读/写行为。在此基础上,我们的框架可以揭示GFS保证的松弛一致性和最终一致性。此外,建议的CSP#模型被编码在过程分析工具包(PAT)中,因此可以在形式化方法的框架中自动检查和验证诸如无饥饿和无死锁等几个属性。
{"title":"Modeling and Verifying Google File System","authors":"Bo Li, Mengdi Wang, Yongxin Zhao, G. Pu, Huibiao Zhu, Fu Song","doi":"10.1109/HASE.2015.38","DOIUrl":"https://doi.org/10.1109/HASE.2015.38","url":null,"abstract":"Google File System (GFS) is a distributed file system developed by Google for massive data-intensive applications. Its high aggregate performance of delivering massive data to many clients but the inexpensiveness of commodity hardware facilitate GFS to successfully meet the massive storage needs and be widely used in industries. In this paper, we first present a formal model of Google File System in terms of Communicating Sequential Processes (CSP#), which precisely describes the un-derlying read/write behaviors of GFS. On that basis, both relaxed consistency and eventually consistency guaranteed by GFS may be revealed in our framework. Furthermore, the suggested CSP# model is encoded in Process Analysis Toolkit (PAT), thus several properties such as starvation-free and deadlock-free could be automatically checked and verified in the framework of formal methods.","PeriodicalId":248645,"journal":{"name":"2015 IEEE 16th International Symposium on High Assurance Systems Engineering","volume":"375 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-01-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122777193","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
A case study of the trade off between fidelity and complexity is presented for a passive radar simulator. Although it is possible to accurately model the underlying physics, signal processing, and environment of a radar, the resulting model might be both too complex and too costly to evaluate. Instead, simplifications of various model attributes reduce the complexity and permit fast evaluation of performance metrics over large areas, such as the United States. Several model simplifications and their impact on the results are discussed.
{"title":"Fidelity and Complexity in Passive Radar Simulations","authors":"W. Barott, Ted Dabrowski, B. Himed","doi":"10.1109/HASE.2015.30","DOIUrl":"https://doi.org/10.1109/HASE.2015.30","url":null,"abstract":"A case study of the trade off between fidelity and complexity is presented for a passive radar simulator. Although it is possible to accurately model the underlying physics, signal processing, and environment of a radar, the resulting model might be both too complex and too costly to evaluate. Instead, simplifications of various model attributes reduce the complexity and permit fast evaluation of performance metrics over large areas, such as the United States. Several model simplifications and their impact on the results are discussed.","PeriodicalId":248645,"journal":{"name":"2015 IEEE 16th International Symposium on High Assurance Systems Engineering","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-01-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129362480","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Omar Portillo-Dominguez, Miao Wang, John Murphy, D. Magoni, A. O. Portillo-Dominguez
High-Assurance applications usually require achieving fast response time and high throughput on a constant basis. To fulfil these stringent quality of service requirements, these applications are commonly deployed in clustered instances. However, how to effectively manage these clusters has become a new challenge. A common approach is to deploy a front-end load balancer to optimise the workload distribution among the clustered applications. Thus, researchers have been studying how to improve the effectiveness of a load balancer. Our previous work presented a novel load balancing strategy which improves the performance of a distributed Java system by avoiding the performance impacts of Major Garbage Collection, which is a common cause of performance degradation in Java applications. However, as that strategy used a static configuration, it could only improve the performance of a system if the strategy was configured with domain expert knowledge. This paper extends our previous work by presenting an adaptive GC-aware load balancing strategy which self-configures according to the GC characteristics of the application. Our results have shown that this adaptive strategy can achieve higher throughput and lower response time, compared to the round-robin load balancing, while also avoiding the burden of manual tuning.
{"title":"Adaptive GC-Aware Load Balancing Strategy for High-Assurance Java Distributed Systems","authors":"Omar Portillo-Dominguez, Miao Wang, John Murphy, D. Magoni, A. O. Portillo-Dominguez","doi":"10.1109/HASE.2015.19","DOIUrl":"https://doi.org/10.1109/HASE.2015.19","url":null,"abstract":"High-Assurance applications usually require achieving fast response time and high throughput on a constant basis. To fulfil these stringent quality of service requirements, these applications are commonly deployed in clustered instances. However, how to effectively manage these clusters has become a new challenge. A common approach is to deploy a front-end load balancer to optimise the workload distribution among the clustered applications. Thus, researchers have been studying how to improve the effectiveness of a load balancer. Our previous work presented a novel load balancing strategy which improves the performance of a distributed Java system by avoiding the performance impacts of Major Garbage Collection, which is a common cause of performance degradation in Java applications. However, as that strategy used a static configuration, it could only improve the performance of a system if the strategy was configured with domain expert knowledge. This paper extends our previous work by presenting an adaptive GC-aware load balancing strategy which self-configures according to the GC characteristics of the application. Our results have shown that this adaptive strategy can achieve higher throughput and lower response time, compared to the round-robin load balancing, while also avoiding the burden of manual tuning.","PeriodicalId":248645,"journal":{"name":"2015 IEEE 16th International Symposium on High Assurance Systems Engineering","volume":"61 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-01-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123654188","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Maintaining security and privacy in the Cloud is a complex task. The task is made even more challenging as the number of vulnerabilities associated with the cloud infrastructure and applications are increasing very rapidly. Understanding the security service level agreements (SSLAs) and privacy policies offered by service and infrastructure providers is critical for consumers to assess the risks of the Cloud before they consider migrating their IT operations to the Cloud. To address these concerns relative to the assessment of security and privacy risks of the Cloud, we have developed ontologies for representing security SLAs (SSLA) in this paper. Our ontologies for SSLAs can be used to understand the security agreements of a provider, to negotiate desired security levels, and to audit the compliance of a provider with respect to federal regulations (such as HIPAA).
{"title":"Ontology of Secure Service Level Agreement","authors":"Chen-Yu Lee, K. Kavi, R. Paul, M. Gomathisankaran","doi":"10.1109/HASE.2015.33","DOIUrl":"https://doi.org/10.1109/HASE.2015.33","url":null,"abstract":"Maintaining security and privacy in the Cloud is a complex task. The task is made even more challenging as the number of vulnerabilities associated with the cloud infrastructure and applications are increasing very rapidly. Understanding the security service level agreements (SSLAs) and privacy policies offered by service and infrastructure providers is critical for consumers to assess the risks of the Cloud before they consider migrating their IT operations to the Cloud. To address these concerns relative to the assessment of security and privacy risks of the Cloud, we have developed ontologies for representing security SLAs (SSLA) in this paper. Our ontologies for SSLAs can be used to understand the security agreements of a provider, to negotiate desired security levels, and to audit the compliance of a provider with respect to federal regulations (such as HIPAA).","PeriodicalId":248645,"journal":{"name":"2015 IEEE 16th International Symposium on High Assurance Systems Engineering","volume":"11 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-01-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130125961","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
R. Hawkins, I. Habli, D. Kolovos, R. Paige, T. Kelly
Assurance cases are used to demonstrate confidence in properties of interest for a system, e.g. For safety or security. A model-based assurance case seeks to bring the benefits of model-driven engineering, such as automation, transformation and validation, to what is currently a lengthy and informal process. In this paper we develop a model-based assurance approach, based on a weaving model, which allows integration between assurance case, design and process models and meta-models. In our approach, the assurance case itself is treated as a structured model, with the aim that all entities in the assurance case become linked explicitly to the models that represent them. We show how it is possible to exploit the weaving model for automated generation of assurance cases. Building upon these results, we discuss how a seamless model-driven approach to assurance cases can be achieved and examine the utility of increased formality and automation.
{"title":"Weaving an Assurance Case from Design: A Model-Based Approach","authors":"R. Hawkins, I. Habli, D. Kolovos, R. Paige, T. Kelly","doi":"10.1109/HASE.2015.25","DOIUrl":"https://doi.org/10.1109/HASE.2015.25","url":null,"abstract":"Assurance cases are used to demonstrate confidence in properties of interest for a system, e.g. For safety or security. A model-based assurance case seeks to bring the benefits of model-driven engineering, such as automation, transformation and validation, to what is currently a lengthy and informal process. In this paper we develop a model-based assurance approach, based on a weaving model, which allows integration between assurance case, design and process models and meta-models. In our approach, the assurance case itself is treated as a structured model, with the aim that all entities in the assurance case become linked explicitly to the models that represent them. We show how it is possible to exploit the weaving model for automated generation of assurance cases. Building upon these results, we discuss how a seamless model-driven approach to assurance cases can be achieved and examine the utility of increased formality and automation.","PeriodicalId":248645,"journal":{"name":"2015 IEEE 16th International Symposium on High Assurance Systems Engineering","volume":"4 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-01-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115680503","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
M. Machin, F. Dufossé, Jérémie Guiochet, D. Powell, Matthieu Roy, H. Waeselynck
Ensuring that safety requirements are respected is a critical issue for the deployment of hazardous and complex reactive systems. We consider a separate safety channel, called a monitor, that is able to partially observe the system and to trigger safety-ensuring actuations. We address the issue of correctly specifying such a monitor with respect to safety and liveness requirements. Two safety requirement synthesis programs are presented and compared. Based on a formal model of the system and its hazards, they compute a monitor behavior that ensures system safety without unduly compromising system liveness. The first program uses the model-checker NuSMV to check safety requirements. These requirements are automatically generated by a branch-and-bound algorithm. Based on a game theory approach, the second program uses the TIGA extension of UPPAAL to synthesize safety requirements, starting from an appropriately reformulated representation of the problem.
{"title":"Model-Checking and Game theory for Synthesis of Safety Rules","authors":"M. Machin, F. Dufossé, Jérémie Guiochet, D. Powell, Matthieu Roy, H. Waeselynck","doi":"10.1109/HASE.2015.15","DOIUrl":"https://doi.org/10.1109/HASE.2015.15","url":null,"abstract":"Ensuring that safety requirements are respected is a critical issue for the deployment of hazardous and complex reactive systems. We consider a separate safety channel, called a monitor, that is able to partially observe the system and to trigger safety-ensuring actuations. We address the issue of correctly specifying such a monitor with respect to safety and liveness requirements. Two safety requirement synthesis programs are presented and compared. Based on a formal model of the system and its hazards, they compute a monitor behavior that ensures system safety without unduly compromising system liveness. The first program uses the model-checker NuSMV to check safety requirements. These requirements are automatically generated by a branch-and-bound algorithm. Based on a game theory approach, the second program uses the TIGA extension of UPPAAL to synthesize safety requirements, starting from an appropriately reformulated representation of the problem.","PeriodicalId":248645,"journal":{"name":"2015 IEEE 16th International Symposium on High Assurance Systems Engineering","volume":"51 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-01-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123617531","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Safety cases are increasingly being required in many safety-critical domains to assure, using structured argumentation and evidence, that a system is acceptably safe. However, comprehensive system-wide safety arguments present appreciable challenges to develop, understand, evaluate, and manage, partly due to the volume of information that they aggregate, such as the results of hazard analysis, requirements analysis, testing, formal verification, and other engineering activities. Previously, we have proposed hierarchical safety cases, hicases, to aid the comprehension of safety case argument structures. In this paper, we build on a formal notion of safety case to formalise the use of hierarchy as a structuring technique, and show that hicases satisfy several desirable properties. Our aim is to provide a formal, theoretical foundation for safety cases. In particular, we believe that tools for high assurance systems should be granted similar assurance to the systems to which they are applied. To this end, we formally specify and prove the correctness of key operations for constructing and managing hicases, which gives the specification for implementing hicases in Advocate, our toolset for safety case automation. We motivate and explain the theory with the help of a simple running example, extracted from a real safety case and developed using Advocate.
{"title":"Formal Foundations for Hierarchical Safety Cases","authors":"E. Denney, Ganesh J. Pai, I. Whiteside","doi":"10.1109/HASE.2015.17","DOIUrl":"https://doi.org/10.1109/HASE.2015.17","url":null,"abstract":"Safety cases are increasingly being required in many safety-critical domains to assure, using structured argumentation and evidence, that a system is acceptably safe. However, comprehensive system-wide safety arguments present appreciable challenges to develop, understand, evaluate, and manage, partly due to the volume of information that they aggregate, such as the results of hazard analysis, requirements analysis, testing, formal verification, and other engineering activities. Previously, we have proposed hierarchical safety cases, hicases, to aid the comprehension of safety case argument structures. In this paper, we build on a formal notion of safety case to formalise the use of hierarchy as a structuring technique, and show that hicases satisfy several desirable properties. Our aim is to provide a formal, theoretical foundation for safety cases. In particular, we believe that tools for high assurance systems should be granted similar assurance to the systems to which they are applied. To this end, we formally specify and prove the correctness of key operations for constructing and managing hicases, which gives the specification for implementing hicases in Advocate, our toolset for safety case automation. We motivate and explain the theory with the help of a simple running example, extracted from a real safety case and developed using Advocate.","PeriodicalId":248645,"journal":{"name":"2015 IEEE 16th International Symposium on High Assurance Systems Engineering","volume":"20 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-01-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128589173","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Online Failure Prediction allows improving system dependability by foreseeing incoming failures at runtime, enabling mitigation actions to be taken in advance. Despite advances in the last years, Online Failure Prediction is still not adopted due to the complexity and time needed to perform the supporting operations, such as training, testing and tuning. Moreover, a predictor must be frequently re-trained to maintain its effectiveness as the target system evolves during its runtime life, this requiring substantial human intervention and effort. In this work we propose a framework for the automatic deployment and online retraining of failure prediction systems. The framework makes use of key techniques such as fault injection and virtualization to reduce the cost and impact of retraining, and is driven by configurable events that trigger the entire process. We present a case study using a web server system and our results show that the framework is able to maintain the performance of the fault predictor even when the system is modified, suggesting that it can be useful in real scenarios.
{"title":"Adaptive Failure Prediction for Computer Systems: A Framework and a Case Study","authors":"Ivano Irrera, M. Vieira, J. Durães","doi":"10.1109/HASE.2015.29","DOIUrl":"https://doi.org/10.1109/HASE.2015.29","url":null,"abstract":"Online Failure Prediction allows improving system dependability by foreseeing incoming failures at runtime, enabling mitigation actions to be taken in advance. Despite advances in the last years, Online Failure Prediction is still not adopted due to the complexity and time needed to perform the supporting operations, such as training, testing and tuning. Moreover, a predictor must be frequently re-trained to maintain its effectiveness as the target system evolves during its runtime life, this requiring substantial human intervention and effort. In this work we propose a framework for the automatic deployment and online retraining of failure prediction systems. The framework makes use of key techniques such as fault injection and virtualization to reduce the cost and impact of retraining, and is driven by configurable events that trigger the entire process. We present a case study using a web server system and our results show that the framework is able to maintain the performance of the fault predictor even when the system is modified, suggesting that it can be useful in real scenarios.","PeriodicalId":248645,"journal":{"name":"2015 IEEE 16th International Symposium on High Assurance Systems Engineering","volume":"96 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-01-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127291275","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
We present an algorithm for automated detection of infinite loop bugs in programs. It relies on a Satisfiability Modulo Theories (SMT) solver backend and can be run conveniently with SMT-constrained symbolic execution. The algorithm detects infinite loop bugs for single-path, multi-path and nested loops. We prove soundness of the algorithm, i.e. There are no false positive detections of infinite loops. Part of the algorithm is a fixed-point based termination check for 'simple' loops, whose soundness is a consequence of Brouwer's fixed-point theorem. The algorithm further yields no false negative detections for context-sensitive detection of periodic loop orbits with sum of prefix iterations and periodicity of up to the analysis loop unroll depth (bounded completeness), if the SMT solver answers the fixed-point satisfiability query in time. We describe an example implementation as plug-in extension of Eclipse CDT. The implementation is validated with the infinite loop test cases from the Juliet test suite and benchmarks are provided.
{"title":"A Fixed-Point Algorithm for Automated Static Detection of Infinite Loops","authors":"A. Ibing, Alexandra Mai","doi":"10.1109/HASE.2015.16","DOIUrl":"https://doi.org/10.1109/HASE.2015.16","url":null,"abstract":"We present an algorithm for automated detection of infinite loop bugs in programs. It relies on a Satisfiability Modulo Theories (SMT) solver backend and can be run conveniently with SMT-constrained symbolic execution. The algorithm detects infinite loop bugs for single-path, multi-path and nested loops. We prove soundness of the algorithm, i.e. There are no false positive detections of infinite loops. Part of the algorithm is a fixed-point based termination check for 'simple' loops, whose soundness is a consequence of Brouwer's fixed-point theorem. The algorithm further yields no false negative detections for context-sensitive detection of periodic loop orbits with sum of prefix iterations and periodicity of up to the analysis loop unroll depth (bounded completeness), if the SMT solver answers the fixed-point satisfiability query in time. We describe an example implementation as plug-in extension of Eclipse CDT. The implementation is validated with the infinite loop test cases from the Juliet test suite and benchmarks are provided.","PeriodicalId":248645,"journal":{"name":"2015 IEEE 16th International Symposium on High Assurance Systems Engineering","volume":"174 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-01-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122346616","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The communication infrastructure is a key element for management and control of the power system in the smart grid. The communication infrastructure, which can include equipment using off-the-shelf vulnerable operating systems, has the potential to increase the attack surface of the power system. The interdependency between the communication and the power system renders the management of the overall security risk a challenging task. In this paper, we address this issue by presenting a mathematical model for identifying and hardening the most critical communication equipment used in the power system. Using non-cooperative game theory, we model interactions between an attacker and a defender. We derive the minimum defense resources required and the optimal strategy of the defender that minimizes the risk on the power system. Finally, we evaluate the correctness and the efficiency of our model via a case study.
{"title":"A Game-Theoretical Model for Security Risk Management of Interdependent ICT and Electrical Infrastructures","authors":"Z. Ismail, J. Leneutre, D. Bateman, Lin Chen","doi":"10.1109/HASE.2015.24","DOIUrl":"https://doi.org/10.1109/HASE.2015.24","url":null,"abstract":"The communication infrastructure is a key element for management and control of the power system in the smart grid. The communication infrastructure, which can include equipment using off-the-shelf vulnerable operating systems, has the potential to increase the attack surface of the power system. The interdependency between the communication and the power system renders the management of the overall security risk a challenging task. In this paper, we address this issue by presenting a mathematical model for identifying and hardening the most critical communication equipment used in the power system. Using non-cooperative game theory, we model interactions between an attacker and a defender. We derive the minimum defense resources required and the optimal strategy of the defender that minimizes the risk on the power system. Finally, we evaluate the correctness and the efficiency of our model via a case study.","PeriodicalId":248645,"journal":{"name":"2015 IEEE 16th International Symposium on High Assurance Systems Engineering","volume":"9 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-01-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115181339","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: