https://www.mdu.se/

mdu.sePublications
Change search
Link to record
Permanent link

Direct link
Alternative names
Publications (10 of 114) Show all publications
Leander, B., Causevic, A., Lindström, T. & Hansson, H. (2024). Evaluation of an OPC UA-based access control enforcement architecture. In: International Workshops which were held in conjunction with 28th European Symposium on Research in Computer Security, ESORICS 2023. The Hague 25 September 2023 through 29 September 2023. Code 309159: . Paper presented at 28th European Symposium on Research in Computer Security, ESORICS 2023 (pp. 124-144). Springer Science+Business Media B.V.
Open this publication in new window or tab >>Evaluation of an OPC UA-based access control enforcement architecture
2024 (English)In: International Workshops which were held in conjunction with 28th European Symposium on Research in Computer Security, ESORICS 2023. The Hague 25 September 2023 through 29 September 2023. Code 309159, Springer Science+Business Media B.V., 2024, p. 124-144Conference paper, Published paper (Other academic)
Abstract [en]

Dynamic access control in industrial systems is becoming a concern of greater importance as a consequence of the increasingly flexible manufacturing systems developed within the Industry 4.0 paradigm. With the shift from control system security design based on implicit trust toward a zero-trust approach, fine grained access control is a fundamental requirement. In this article, we look at an access control enforcement architecture and authorization protocol outlined as part of the Open Process Communication Unified Automation (OPC UA) protocol that can allow sufficiently dynamic and fine-grained access control. We present an implementation, and evaluates a set of important quality metrics related to this implementation, as guidelines and considerations for introduction of this protocol in industrial settings. Two approaches for optimization of the authorization protocol are presented and evaluated, which more than halves the average connection establishment time compared to the initial approach.

Place, publisher, year, edition, pages
Springer Science+Business Media B.V., 2024
Series
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics, ISSN 03029743 ; 14398
Keywords
Access control enforcements, Control system security, Dynamic access control, Enforcement architectures, Fine grained, Implicit trusts, Industrial systems, Open process, Process communication, Security design
National Category
Computer Systems
Identifiers
urn:nbn:se:mdh:diva-64507 (URN)10.1007/978-3-031-54204-6_7 (DOI)001207238300007 ()2-s2.0-85187776017 (Scopus ID)9783031542039 (ISBN)
Conference
28th European Symposium on Research in Computer Security, ESORICS 2023
Available from: 2023-10-11 Created: 2023-10-11 Last updated: 2024-05-15Bibliographically approved
Bakhshi Valojerdi, Z., Rodriguez-Navas, G., Hansson, H. & Prodan, R. (2024). Evaluation of Storage Placement in Computing Continuum for a Robotic Application: A Simulation-Based Performance Analysis. Journal of Grid Computing, 22(2), Article ID 55.
Open this publication in new window or tab >>Evaluation of Storage Placement in Computing Continuum for a Robotic Application: A Simulation-Based Performance Analysis
2024 (English)In: Journal of Grid Computing, ISSN 1570-7873, E-ISSN 1572-9184, Vol. 22, no 2, article id 55Article in journal (Refereed) Published
Abstract [en]

This paper analyzes the timing performance of a persistent storage designed for distributed container-based architectures in industrial control applications. The timing performance analysis is conducted using an in-house simulator, which mirrors our testbed specifications. The storage ensures data availability and consistency even in presence of faults. The analysis considers four aspects: 1. placement strategy, 2. design options, 3. data size, and 4. evaluation under faulty conditions. Experimental results considering the timing constraints in industrial applications indicate that the storage solution can meet critical deadlines, particularly under specific failure patterns. Comparison results also reveal that, while the method may underperform current centralized solutions in fault-free conditions, it outperforms the centralized solutions in failure scenario. Moreover, the used evaluation method is applicable for assessing other container-based critical applications with timing constraints that require persistent storage.

Place, publisher, year, edition, pages
Springer Science+Business Media B.V., 2024
Keywords
Cloud, Computing continuum, Edge, Fault-tolerance, Fog, Persistent storage, Containers, Digital storage, Centralised, Industrial control applications, Paper analysis, Performances analysis, Robotics applications, Timing constraints, Timing performance, Fault tolerance
National Category
Computer Systems
Identifiers
urn:nbn:se:mdh:diva-67704 (URN)10.1007/s10723-024-09758-2 (DOI)2-s2.0-85195460199 (Scopus ID)
Available from: 2024-06-20 Created: 2024-06-20 Last updated: 2024-06-20Bibliographically approved
Leander, B., Causevic, A., Lindström, T. & Hansson, H. (2023). Access Control Enforcement Architectures for Dynamic Manufacturing Systems. In: Proc. - IEEE Int. Conf. Softw. Architecture, ICSA: . Paper presented at Proceedings - IEEE 20th International Conference on Software Architecture, ICSA 2023 (pp. 82-92). Institute of Electrical and Electronics Engineers Inc.
Open this publication in new window or tab >>Access Control Enforcement Architectures for Dynamic Manufacturing Systems
2023 (English)In: Proc. - IEEE Int. Conf. Softw. Architecture, ICSA, Institute of Electrical and Electronics Engineers Inc. , 2023, p. 82-92Conference paper, Published paper (Refereed)
Abstract [en]

Industrial control systems are undergoing a trans-formation driven by business requirements as well as technical advances, aiming towards increased connectivity, flexibility and high level of modularity, that implies a need to revise existing cybersecurity measures. Access control, being one of the major security mechanisms in any system, is largely affected by these advances.In this article we investigate access control enforcement architectures, aiming at the principle of least privilege1 in dynamically changing access control scenarios of dynamic manufacturing systems. Several approaches for permission delegation of dynamic access control policy decisions are described. We present an implementation using the most promising combination of architecture and delegation mechanism for which available industrial standards are applicable.

Place, publisher, year, edition, pages
Institute of Electrical and Electronics Engineers Inc., 2023
Keywords
Access Control, Cybersecurity, Dynamic Manufacturing, Industrial Automation and Control Systems
National Category
Control Engineering
Identifiers
urn:nbn:se:mdh:diva-62589 (URN)10.1109/ICSA56044.2023.00016 (DOI)000990536000008 ()2-s2.0-85159186538 (Scopus ID)9798350397499 (ISBN)
Conference
Proceedings - IEEE 20th International Conference on Software Architecture, ICSA 2023
Available from: 2023-05-29 Created: 2023-05-29 Last updated: 2023-10-12Bibliographically approved
Bakhshi, Z., Rodriguez-Navas, G. & Hansson, H. (2023). Analyzing the performance of persistent storage for fault-tolerant stateful fog applications. Journal of systems architecture, 144, Article ID 103004.
Open this publication in new window or tab >>Analyzing the performance of persistent storage for fault-tolerant stateful fog applications
2023 (English)In: Journal of systems architecture, ISSN 1383-7621, E-ISSN 1873-6165, Vol. 144, article id 103004Article in journal (Refereed) Published
Abstract [en]

In this paper, we analyze the scalability and performance of a persistent, fault-tolerant storage approach that provides data availability and consistency in a distributed container-based architecture with intended use in industrial control applications. We use simulation to evaluate the performance of this storage system in terms of scalability and failures. As the industrial applications considered have timing constraints, the simulation results show that for certain failure patterns, it is possible to determine whether the storage solution can meet critical deadlines. The presented approach is applicable for evaluating timing constraints also of other container-based critical applications that require persistent storage.

National Category
Computer Systems
Identifiers
urn:nbn:se:mdh:diva-64563 (URN)10.1016/j.sysarc.2023.103004 (DOI)001091755600001 ()2-s2.0-85173500699 (Scopus ID)
Funder
EU, Horizon 2020Vinnova, 2018-02437
Available from: 2023-10-20 Created: 2023-10-20 Last updated: 2023-12-04Bibliographically approved
Dehlaghi Ghadim, A., Helali Moghadam, M., Balador, A. & Hansson, H. (2023). Anomaly Detection Dataset for Industrial Control Systems. IEEE Access, 11, 107982-107996
Open this publication in new window or tab >>Anomaly Detection Dataset for Industrial Control Systems
2023 (English)In: IEEE Access, E-ISSN 2169-3536, Vol. 11, p. 107982-107996Article in journal (Refereed) Published
Abstract [en]

Over the past few decades, Industrial Control Systems (ICS) have been targeted by cyberattacks and are becoming increasingly vulnerable as more ICSs are connected to the internet. Using Machine Learning (ML) for Intrusion Detection Systems (IDS) is a promising approach for ICS cyber protection, but the lack of suitable datasets for evaluating ML algorithms is a challenge. Although a few commonly used datasets may not reflect realistic ICS network data, lack necessary features for effective anomaly detection, or be outdated. This paper introduces the 'ICS-Flow' dataset, which offers network data and process state variables logs for supervised and unsupervised ML-based IDS assessment. The network data includes normal and anomalous network packets and flows captured from simulated ICS components and emulated networks, where the anomalies were applied to the system through various cyberattacks. We also proposed an open-source tool, "ICSFlowGenerator," for generating network flow parameters from Raw network packets. The final dataset comprises over 25,000,000 raw network packets, network flow records, and process variable logs. The paper describes the methodology used to collect and label the dataset and provides a detailed data analysis. Finally, we implement several ML models, including the decision tree, random forest, and artificial neural network to detect anomalies and attacks, demonstrating that our dataset can be used effectively for training intrusion detection ML models.

Place, publisher, year, edition, pages
IEEE-INST ELECTRICAL ELECTRONICS ENGINEERS INC, 2023
Keywords
Anomaly detection dataset, industrial control system, intrusion detection, cyberattack, network flow, artificial intelligence
National Category
Computer Sciences
Identifiers
urn:nbn:se:mdh:diva-65227 (URN)10.1109/ACCESS.2023.3320928 (DOI)001121774800001 ()
Available from: 2024-01-03 Created: 2024-01-03 Last updated: 2024-01-03Bibliographically approved
Castellanos Ardila, J. P., Punnekkat, S., Hansson, H. & Grante, C. (2023). Arguing Operational Safety for Mixed Traffic in Underground Mining. In: 2023 18th Annual System of Systems Engineering Conference, SoSe 2023: . Paper presented at 2023 18th Annual System of Systems Engineering Conference, SoSe 2023, Lille 14 June 2023 through 16 June 2023. Institute of Electrical and Electronics Engineers Inc.
Open this publication in new window or tab >>Arguing Operational Safety for Mixed Traffic in Underground Mining
2023 (English)In: 2023 18th Annual System of Systems Engineering Conference, SoSe 2023, Institute of Electrical and Electronics Engineers Inc. , 2023Conference paper, Published paper (Refereed)
Abstract [en]

Practitioners report improved productivity as one of the main benefits of using autonomous dump trucks in underground mining. However, manned vehicles are still needed to transport materials and personnel in the tunnels, which requires practices that may diminish autonomy benefits. Thus, both fleets shall be efficiently mixed to maximize the autonomy potential. In addition, sufficient safety shall be demonstrated for operations approval. This paper proposes a strategy to populate a GSN (Goal Structuring Notation) structure to argue for the sufficient safety of mixed traffic operations in underground mining. Our strategy considers SoS (System of Systems) concepts to describe the operations baseline and the initial argumentation line, i.e., risk reduction mitigation strategies for existing SoS components. Such a strategy is further detailed with risk reduction mitigation arguments for control systems. Mitigation strategies at both levels are derived from safety analysis supported by STPA (System-Theoretic Process Analysis), a safety analysis technique that aligns well with the SoS perspective. We also incorporate regulatory frameworks addressing machinery to align the arguments with mandatory statements of the machinery directive. Our strategy combines SoS concepts with analysis techniques and regulatory frameworks to facilitate safety case argumentation for operations approval in the European mining context. 

Place, publisher, year, edition, pages
Institute of Electrical and Electronics Engineers Inc., 2023
Keywords
GSN, Harmonized Standards, Machinery Directive, Mixed Traffic, Safety Case Arguments, SoS, STPA, Mining, Safety engineering, Goal structuring notation, Process analysis, Safety case, Safety case argument, System-of-systems, System-theoretic process analyse, Underground mining, Mine trucks
National Category
Computer Systems
Identifiers
urn:nbn:se:mdh:diva-63961 (URN)10.1109/SoSE59841.2023.10178525 (DOI)2-s2.0-85166732836 (Scopus ID)9798350327236 (ISBN)
Conference
2023 18th Annual System of Systems Engineering Conference, SoSe 2023, Lille 14 June 2023 through 16 June 2023
Available from: 2023-08-16 Created: 2023-08-16 Last updated: 2023-08-16Bibliographically approved
Dehlaghi-Ghadim, A., Balador, A., Helali Moghadam, M., Hansson, H. & Conti, M. (2023). ICSSIM — A framework for building industrial control systems security testbeds. Computers in industry (Print), 148, Article ID 103906.
Open this publication in new window or tab >>ICSSIM — A framework for building industrial control systems security testbeds
Show others...
2023 (English)In: Computers in industry (Print), ISSN 0166-3615, E-ISSN 1872-6194, Vol. 148, article id 103906Article in journal (Refereed) Published
Abstract [en]

With the advent of the smart industry, Industrial Control Systems (ICS) moved from isolated environments to connected platforms to meet Industry 4.0 targets. The inherent connectivity in these services exposes such systems to increased cybersecurity risks. To protect ICSs against cyberattacks, intrusion detection systems (IDS) empowered by machine learning are used to detect abnormal behavior of the systems. Operational ICSs are not safe environments to research IDSs due to the possibility of catastrophic risks. Therefore, realistic ICS testbeds enable researchers to analyze and validate their IDSs in a controlled environment. Although various ICS testbeds have been developed, researchers' access to a low-cost, extendable, and customizable testbed that can accurately simulate ICSs and suits security research is still an important issue.

In this paper, we present ICSSIM, a framework for building customized virtual ICS security testbeds in which various cyber threats and network attacks can be effectively and efficiently investigated. This framework contains base classes to simulate control system components and communications. Simulated components are deployable on actual hardware such as Raspberry Pis, containerized environments like Docker, and simulation environments such as GNS-3. ICSSIM also offers physical process modeling using software and hardware in the loop simulation. This framework reduces the time for developing ICS components and aims to produce extendable, versatile, reproducible, low-cost, and comprehensive ICS testbeds with realistic details and high fidelity. We demonstrate ICSSIM by creating a testbed and validating its functionality by showing how different cyberattacks can be applied.

Keywords
Cybersecurity, Industrial Control System, Testbed, Network Emulation, Cyberattack
National Category
Engineering and Technology Computer Sciences
Research subject
Computer Science
Identifiers
urn:nbn:se:mdh:diva-62321 (URN)10.1016/j.compind.2023.103906 (DOI)000966310200001 ()2-s2.0-85151016386 (Scopus ID)
Available from: 2023-04-24 Created: 2023-04-24 Last updated: 2023-11-06Bibliographically approved
Castellanos Ardila, J. P., Punnekkat, S., Fattouh, A. & Hansson, H. (2022). A Context-specific Operational Design Domain for Underground Mining (ODD-UM). In: Murat Yilmaz; Paul Clarke; Richard Messnarz; Bruno Wöran (Ed.), Systems, Software and Services Process Improvement: 29th European Conference, EuroSPI 2022, Salzburg, Austria, August 31 – September 2, 2022, Proceedings. Paper presented at 29th European Conference on Systems, Software and Services Process Improvement, EuroSPI 2022, Salzburg, Austria, August 31 – September 2, 2022 (pp. 161-176).
Open this publication in new window or tab >>A Context-specific Operational Design Domain for Underground Mining (ODD-UM)
2022 (English)In: Systems, Software and Services Process Improvement: 29th European Conference, EuroSPI 2022, Salzburg, Austria, August 31 – September 2, 2022, Proceedings / [ed] Murat Yilmaz; Paul Clarke; Richard Messnarz; Bruno Wöran, 2022, p. 161-176Conference paper, Published paper (Refereed)
Abstract [en]

Autonomous and Semi-autonomous Machines (ASAM) can benefit mining operations. However, demonstrating acceptable levels of safety for ASAMs through exhaustive testing is not an easy task. A promising approach is scenario-based testing, which requires the OperationalDesign Domain (ODD) definition, i.e., environmental, time-of-day, and traffic characteristics. Currently, an ODD specification exists for automated Driving Systems (ADS), but, as it is, such specification is not adequate enough for describing the mine nuances. This paper presents a context-specific ODD taxonomy called ODD-UM, which is suitable for underground mining operational conditions. For this, we consider the taxonomy provided by the British Publicly Available SpecificationPAS 1883:2020. Then, we identify attributes included in the standard ISO 17757:2019 for ASAM safety and use them to adapt the original odd to the needs of underground mining. Finally, the adapted taxonomy is presented as a checklist, and items are selected according to the data provided by the underground mining sector. Our proposed ODDUM provides a baseline that facilitates considering the actual needs for autonomy in mines by leading to focused questions.

Series
Communications in Computer and Information Science, ISSN 1865-0929, E-ISSN 1865-0937 ; 1646
National Category
Engineering and Technology
Research subject
Computer Science; Innovation and Design
Identifiers
urn:nbn:se:mdh:diva-61195 (URN)10.1007/978-3-031-15559-8_12 (DOI)2-s2.0-85137979247 (Scopus ID)9783031155581 (ISBN)
Conference
29th European Conference on Systems, Software and Services Process Improvement, EuroSPI 2022, Salzburg, Austria, August 31 – September 2, 2022
Projects
ESCAPE-CD
Available from: 2022-12-11 Created: 2022-12-11 Last updated: 2024-01-04Bibliographically approved
Castellanos Ardila, J. P., Hansson, H. & Punekkat, S. (2022). Safe Integration of Autonomous Machines in Underground Mining Environments. In: ISSE 2022 - 2022 8th IEEE International Symposium on Systems Engineering, Conference Proceedings: . Paper presented at 8th IEEE International Symposium on Systems Engineering, ISSE 2022, 24 October 2022 through 26 October 2022. Institute of Electrical and Electronics Engineers Inc.
Open this publication in new window or tab >>Safe Integration of Autonomous Machines in Underground Mining Environments
2022 (English)In: ISSE 2022 - 2022 8th IEEE International Symposium on Systems Engineering, Conference Proceedings, Institute of Electrical and Electronics Engineers Inc. , 2022Conference paper, Published paper (Refereed)
Abstract [en]

Autonomous and Semi-Autonomous Machines (ASAMs) provide several benefits and have already emerged in mining environments. However, for cost-efficiency reasons and for ASAMs to reach their full potential, they should be capable of operating seamlessly with manually operated machines. Establishing the requirements for sufficient safety for such integration is a non-Trivial task. This paper proposes a methodology for safely integrating ASAMs in underground mining environments. First, we describe the purpose of the integration and define the constituent components. Second, we identify the conditions that ASAMs will likely encounter using ODD-UM, an operational design domain specification for underground mining. Third, we derive high-level requirements for individual components based on ODD-UM attributes. Such requirements are allocated into the constituent components and considered as assumptions for the safety analysis. Fourth, we perform STPA (System-Theoretic Process Analysis) to analyze safety-related control requirements for the integrated system. Our methodology could help the system integrator to systematically identify integration requirements to be enforced in constituent components and safety control systems. Index Terms-Underground Autonomous Mining, Integration Requirements, ODD-UM, STPA, Safety-guided Design.

Place, publisher, year, edition, pages
Institute of Electrical and Electronics Engineers Inc., 2022
Keywords
Mining, Autonomous machines, Condition, Cost-efficiency, Design domains, Integration requirements, Mining environments, Non-trivial tasks, Operational design, Process analysis, Underground mining, Integration
National Category
Civil Engineering
Identifiers
urn:nbn:se:mdh:diva-61802 (URN)10.1109/ISSE54508.2022.10005369 (DOI)000947798100015 ()2-s2.0-85146930516 (Scopus ID)9781665481823 (ISBN)
Conference
8th IEEE International Symposium on Systems Engineering, ISSE 2022, 24 October 2022 through 26 October 2022
Available from: 2023-02-08 Created: 2023-02-08 Last updated: 2023-04-12Bibliographically approved
Leander, B., Markovic, T., Causevic, A., Lindström, T., Hansson, H. & Punnekkat, S. (2022). Simulation Environment for Modular Automation Systems. In: IECON 2022 – 48th Annual Conference of the IEEE Industrial Electronics Society: . Paper presented at IECON 2022 – 48th Annual Conference of the IEEE Industrial Electronics Society, Brussels, Belgium, 17-20 October, 2022. IEEE Computer Society
Open this publication in new window or tab >>Simulation Environment for Modular Automation Systems
Show others...
2022 (English)In: IECON 2022 – 48th Annual Conference of the IEEE Industrial Electronics Society, IEEE Computer Society, 2022Conference paper, Published paper (Refereed)
Abstract [en]

When developing products or performing experimental research studies, the simulation of physical or logical systems is of great importance for evaluation and verification purposes. For research-, and development-related distributed control systems, there is a need to simulate common physical environments with separate interconnected modules independently controlled, and orchestrated using standardized network communication protocols.The simulation environment presented in this paper is a bespoke solution precisely for these conditions, based on the Modular Automation design strategy. It allows easy configuration and combination of simple modules into complex production processes, with support for individual low-level control of modules, as well as recipe-orchestration for high-level coordination. The use of the environment is exemplified in a configuration of a modular ice-cream factory, used for cybersecurity-related research.

Place, publisher, year, edition, pages
IEEE Computer Society, 2022
National Category
Production Engineering, Human Work Science and Ergonomics
Identifiers
urn:nbn:se:mdh:diva-61281 (URN)10.1109/IECON49645.2022.9968835 (DOI)2-s2.0-85143885518 (Scopus ID)9781665480253 (ISBN)
Conference
IECON 2022 – 48th Annual Conference of the IEEE Industrial Electronics Society, Brussels, Belgium, 17-20 October, 2022
Available from: 2022-12-15 Created: 2022-12-15 Last updated: 2023-10-12Bibliographically approved
Organisations
Identifiers
ORCID iD: ORCID iD iconorcid.org/0000-0002-7235-6888

Search in DiVA

Show all publications