Advances in Intelligent and Soft Computing 170 Editor-in-Chief Prof.JanuszKacprzyk SystemsResearchInstitute PolishAcademyofSciences ul.Newelska6 01-447Warsaw Poland E-mail:[email protected] Forfurthervolumes: http://www.springer.com/series/4240 Wojciech Zamojski, Jacek Mazurkiewicz, Jarosław Sugier, Tomasz Walkowiak, and Janusz Kacprzyk (Eds.) Complex Systems and Dependability ABC Editors WojciechZamojski TomaszWalkowiak InstituteofComputerEngineering, InstituteofComputerEngineering, ControlandRobotics ControlandRobotics WrocławUniversityofTechnology WrocławUniversityofTechnology Wrocław Wrocław Poland Poland JacekMazurkiewicz JanuszKacprzyk InstituteofComputerEngineering, PolishAcademyofSciences ControlandRobotics SystemsResearchInstitute WrocławUniversityofTechnology Warszawa Wrocław Poland Poland JarosławSugier InstituteofComputerEngineering, ControlandRobotics WrocławUniversityofTechnology Wrocław Poland ISSN1867-5662 e-ISSN1867-5670 ISBN978-3-642-30661-7 e-ISBN978-3-642-30662-4 DOI10.1007/978-3-642-30662-4 SpringerHeidelbergNewYorkDordrechtLondon LibraryofCongressControlNumber:2012938746 (cid:2)c Springer-VerlagBerlinHeidelberg2012 Thisworkissubjecttocopyright.AllrightsarereservedbythePublisher,whetherthewholeorpartof thematerialisconcerned,specificallytherightsoftranslation,reprinting,reuseofillustrations,recitation, broadcasting,reproductiononmicrofilmsorinanyotherphysicalway,andtransmissionorinformation storageandretrieval,electronicadaptation,computersoftware,orbysimilarordissimilarmethodology nowknownorhereafterdeveloped.Exemptedfromthislegalreservationarebriefexcerptsinconnection with reviews or scholarly analysis or material supplied specifically for the purpose of being entered and executed on a computer system, for exclusive use by the purchaser of the work. Duplication of this publication or parts thereof is permitted only under the provisions of the Copyright Law of the Publisher’slocation,initscurrentversion,andpermissionforusemustalwaysbeobtainedfromSpringer. PermissionsforusemaybeobtainedthroughRightsLinkattheCopyrightClearanceCenter.Violations areliabletoprosecutionundertherespectiveCopyrightLaw. Theuseofgeneraldescriptivenames,registerednames,trademarks,servicemarks,etc.inthispublication doesnotimply,evenintheabsenceofaspecificstatement,thatsuchnamesareexemptfromtherelevant protectivelawsandregulationsandthereforefreeforgeneraluse. Whiletheadviceandinformationinthisbookarebelievedtobetrueandaccurateatthedateofpub- lication,neithertheauthorsnortheeditorsnorthepublishercanacceptanylegalresponsibilityforany errorsoromissionsthatmaybemade.Thepublishermakesnowarranty,expressorimplied,withrespect tothematerialcontainedherein. Printedonacid-freepaper SpringerispartofSpringerScience+BusinessMedia(www.springer.com) Preface We would like to present monographic studies on selected problems of complex systemsandtheirdependabilitywhichareincludedinthisvolumeof“Advancesin IntelligentandSoftComputing”series. Today’scomplexsystems are integratedunitiesof technical,information,orga- nization, software and human (users, administrators and management) resources. Complexity of modern systems stems not only from their complex technical and organization structures (hardware and software resources) but mainly from com- plexityofsysteminformationprocesses(processing,monitoring,management,etc.) realized in their defined environment.System resourcesare dynamicallyallocated toongoingtasks.Arhythmofsystemeventsflow(incomingand/orongoingtasks, decisionsofamanagementsystem,systemfaults,“defense”systemreactions,etc.) may be considered as deterministic or/and probabilistic event streams. This com- plexity and multiplicity of processes, their concurrencyand their reliance on em- bedded intelligence (human and artificial) significantly impedes the construction of mathematical models and limits evaluation of adequate system measures. In manycases,analysisofmoderncomplexsystemsisconfinedtoquantitativestudies (MonteCarlosimulations)whichpreventsdevelopmentofappropriatemethodsof systemdesignandselectionofpoliciesforsystemexploitation.Securityandconfi- dentialityofinformationprocessingintroducefurthercomplicationsintothesystem modelsandevaluationmethods. Dependability is the modern approach to reliability problems of contemporary complex systems. It is worth to underline the difference among the two terms of system dependabilityandsystems reliability.Dependabilityofsystems, especially computer systems and networks, is based on multi-disciplinary approach to the- ory, technology, and maintenance of systems working in a real (and very often unfriendly) environment. Dependability of systems concentrates on efficient real- ization of tasks, services and jobs by a system considered as a unity of technical, informationandhumanresources,while“classical”reliabilityisrestrainedtoanal- ysisoftechnicalsystemresources(componentsandstructuresbuiltformthem). In the following few points we will briefly present main subjects of our monograph. VI Preface Problems of complex system modelling can be found in many chapters. Mod- ellingofasystemasaservicesnetworkisinvestigatedinchapter11.Mathematical models of computer systems and networks and applied computation methods are presentedin chapters4, 6 and 19. Optimizationof the traveller salesman problem modelled by a genetic algorithm is considered in chapter 13, while in 21 specific mechanism–servicerenaming–isproposedasamethodforeliminationofunex- pectedbehaviourincomponent-basedsystems. Astatisticalmethodologycalled“nonparametricpredictiveinference”appliedto reliabilityanalysisforsystemsandnetworksispresentedinchapter8.Somespecific viewonseveralaspectsontheinterrelationbetweenstatisticsandsoftwaretesting andreliabilityisdiscussedinchapter7.Inchapter17amethodofeventmonitoring in a cluster system is proposed.A functionaltesting toolset and its application to developmentofdependableavionicssoftwarearethetopicofchapter2. The ISO/IEC standard 15408 “Common Criteria for IT security evaluation” deals with problemsof IT security featuresand behaviour.Chapter 3 proposesan ontology-basedapproachtodefinitionofspecificationmeansusedinaprocesscom- pliant with this standard, whereas building development environments for secure andreliableITproductsbasedondesignpatternsofthe“CC”projectisthetopicof chapter12.Chapter1presentsspecifictoolsupportingbothbusinesscontinuityand informationsecuritymanagementtryingtointegratethosetwoaspectsinthemost efficientway. Encryptionandsecuritytoolscreateafoundationofsecureexploitationofcom- putersystemsandnetworks.Anencryptionmethodusefulforobliviousinformation transferis proposedinchapter9, whilespecializedcipherdevicesimplementedin FPGAdevicesarediscussedinchapter18.Chapter10,inturn,isdevotedtosecurity issuesintheprocessofhardwaredesignandsimulation. Thefinalsubjectdealswithspecificcontrollinganddesignissuesinspecialized complexsystemsappliedforstreetlighting.Inchapter14mathematicalmodelsof thelightingsystemsareintroducedandthenformalmethodsimprovingagent-aided smart lighting system design are presented in chapter 15. Computational support foroptimizingsystems ofthis kindis discussedin chapter16 while in 20specific rule-basedapproachtotheproblemsoftheircontrolisproposed. Inthefinalwordsofthisintroductionwewouldliketoexpressoursincereappre- ciationforallauthorswhohavecontributedtheirworksaswellastoallreviewers who has helped to refine the contents of this monograph. We believe that it will beinterestingtoallscientists,researchers,practitionersandstudentswhoworkon problemsofdependability. TheEditors WojciechZamojski JacekMazurkiewicz JarosławSugier TomaszWalkowiak JanuszKacprzyk List of Reviewers SalemAbdel-Badeeh SergeyOrlov AliAl-Dahoud YiannisPapadopoulos ManuelGilPerez OksanaPomorova JanuszGórski MaciejRostan´ski ZbigniewHuzar KrzysztofSacha AdrianKapczyn´ski MarekSkomorowski JanMagott BarbaraStrug IstvanMajzik StanisławWrycza GrzegorzJ.Nalepa WojciechZamojski Contents Validationof the SoftwareSupportingInformationSecurityand BusinessContinuityManagementProcesses ........................ 1 JacekBaginski,AndrzejBiałas AFunctionalTestingToolsetandItsApplicationtoDevelopmentof DependableAvionicsSoftware.................................... 19 VasilyBalashov,AlexanderBaranov,MaximChistolinov,DmitryGribov, RuslanSmeliansky SpecificationMeansDefinitionfortheCommonCriteriaCompliant DevelopmentProcess–AnOntologicalApproach.................... 37 AndrzejBiałas Real-Time GastrointestinalTract Video Analysis on a Cluster Supercomputer ................................................ 55 Adam Blokus, Adam Brzeski, Jan Cychnerski, Tomasz Dziubich, MateuszJe˛drzejewski DetectionofAnomaliesinaSOASystembyLearningAlgorithms...... 69 IlonaBluemke,MarcinTarka ServiceAvailabilityModeltoSupportReconfiguration ............... 87 DariuszCaban,TomaszWalkowiak OnSomeStatisticalAspectsofSoftwareTestingandReliability........ 103 FrankP.A.Coolen Generalizing the Signature to Systems with Multiple Types of Components................................................... 115 FrankP.A.Coolen,TahaniCoolen-Maturi EffectiveObliviousTransferUsingaProbabilisticEncryption ......... 131 AlexanderFrolov X Contents Gap-and-IMECA-BasedAssessmentofI&CSystemsCyberSecurity ... 149 Vyacheslav Kharchenko, Anton Andrashov, Vladimir Sklyar, AndriyKovalenko,OlexandrSiora ApproachtoMethodsofNetworkServicesExploitation .............. 165 KatarzynaNowak,JacekMazurkiewicz PatternBasedSupportforSiteCertification ........................ 179 DariuszRogowski,PrzemysławNowak IntegratingtheBest2-OptMethodtoEnhancetheGeneticAlgorithm ExecutionTimeinSolvingtheTravelerSalesmanProblem............ 195 SaraSabba,SalimChikhi RepresentationofObjectsinAgent-BasedLightingDesignProblem.... 209 AdamSe¸dziwy FormalMethodsSupportingAgentAidedSmartLightingDesign ...... 225 AdamSe¸dziwy,LeszekKotulski,MarcinSzpyrka ComputationalSupportforOptimizingStreetLightingDesign ........ 241 AdamSe¸dziwy,MagdalenaKozien´-Woz´niak MonitoringEventLogswithinaClusterSystem..................... 257 JanuszSosnowski,MarcinKubacki,HenrykKrawczyk Implementing AES and Serpent Ciphers in New Generationof Low-CostFPGADevices ........................................ 273 JarosławSugier DependableStrategiesforJob-FlowsDispatchingandSchedulingin VirtualOrganizationsofDistributedComputingEnvironments........ 289 Victor Toporkov, Alexey Tselishchev, Dmitry Yemelyanov, AlexanderBobchenkov ControllingComplexLightingSystems ............................ 305 IgorWojnicki,LeszekKotulski ServiceRenaminginComponentComposition ...................... 319 WlodekM.Zuberek AuthorIndex ..................................................... 331 Validation of the Software Supporting Information Security and Business Continuity Management Processes Jacek Baginski and Andrzej Białas Abstract. The chapter presents the OSCAD tool supporting the business continui- ty (according to BS 25999) and information security management (according to ISO/IEC 27001) processes in organizations. First, the subject of the validation, i.e. the OSCAD software is presented, next the goal and range of the validation are briefly described. The validation is focused on the key management process re- lated to risk analyses. A business-oriented, two-stage risk analysis method imple- mented in the tool assumes a business processes criticality assessment at the first stage and detailed analysis of threats and vulnerabilities for most critical processes at the second stage of the risk analysis. The main objective of the validation is to answer how to integrate those two management systems in the most efficient way. 1 Introduction The chapter concerns a joint software implementation of two management systems very important for business processes of any modern organization. The first deals with business continuity, while the second concerns information security. Business continuity [1], [2] is understood as a strategic ability of the organization to: • plan reactions and react to incidents and disturbances in its business operations with a view to continue them on an acceptable, previously determined level, • diminish possible losses if such harmful factors occur. Different kinds of assets are engaged to run business processes – technical produc- tion infrastructures, ICT infrastructures with information assets, services, energy, media, materials, human resources, etc. All of them are needed by an organization to continue its operations and, as a result, to achieve its business objectives. Business continuity is very important for organizations: Jacek Baginski · Andrzej Białas Institute of Innovative Technologies EMAG, 40-189 Katowice, Leopolda 31, Poland e-mail: [email protected], [email protected] W. Zamojski et al. (Eds.): Complex Systems and Dependability, AISC 170, pp. 1–17. springerlink.com © Springer-Verlag Berlin Heidelberg 2012 2 J. Baginski and A. Białas • which have expanded co-operation links, • which are part of complex supply chains, • which work according to the Just-in-time strategy. There is a specific group of organizations providing e-services that are totally dependent on ICT infrastructures. Their business processes depend strongly on efficient operations of IT systems and business continuity is a key issue for them. There are many other factors which can disturb business continuity, such as: technical damages; random disruption events; catastrophes; disturbances in the provision of services, materials and information from the outside; organizational errors; human errors, deliberate human actions, etc. These factors should be identi- fied, mitigated and controlled. The BS 25999 group of standards [1], [2] plays the key role in business continuity management (BCM), specifying the requirements for Business Continuity Management Systems (BCMS). Information security [3], [4] is identified as the protection of integrity, confi- dentiality and availability with respect to information assets of any organization. Business processes of modern organizations depend on reliable and secure infor- mation processing. This processing influences the achievement of business objec- tives of these organizations, despite of their size and character. It is important for public or health organizations, educational institutions, and commercial compa- nies. The information related to business processes should be protected while it is generated, processed, stored or transferred, despite of its representation (electron- ic, paper document, voice, etc.). Different threats exploiting vulnerabilities cause information security breaches. Any factors that may negatively influence information assets should be mitigated and controlled. The key role for informa- tion security management (ISM) belongs to the ISO/IEC 2700x family of standards, especially ISO/IEC 27001, specifying the requirements for Information Security Managements Systems (ISMS). Both BCM and ISM systems are based on the Deming cycle (Plan-Do-Check- Act) and broadly use the risk analysis. They gave foundation to the OSCAD sys- tem, presented in this chapter. OSCAD is developed at the Institute of Innovative Technologies EMAG within a project co-financed by the Polish National Research & Development Centre (Narodowe Centrum Badań i Rozwoju) [5]. The BS 25999 standard plays the key role in the BCM domain. To improve the effectiveness of the BCM processes, a number of software tools were developed, e.g.: SunGuard LDRPS (Living Disaster Recovery Planning System) [6], ErLogix BCMS [7], ROBUST [8], RPX Recovery Planner [9]. These tools offer very simi- lar functions, more or less detailed activities within the BCMS phases. Some of them require purchasing several separate modules for the full BCMS implementa- tion (like risk analysis or incident management). OSCAD tries to gather those functions within one complex solution and offers additional elements, like: • integration with ISMS and its specific elements (e.g. statement of applicability, information groups risk analysis, more emphasis on information confidentiality and integrity during the risk analysis);