Table Of ContentAdvances in Intelligent and
Soft Computing 170
Editor-in-Chief
Prof.JanuszKacprzyk
SystemsResearchInstitute
PolishAcademyofSciences
ul.Newelska6
01-447Warsaw
Poland
E-mail:kacprzyk@ibspan.waw.pl
Forfurthervolumes:
http://www.springer.com/series/4240
Wojciech Zamojski, Jacek Mazurkiewicz,
Jarosław Sugier, Tomasz Walkowiak,
and Janusz Kacprzyk (Eds.)
Complex Systems
and Dependability
ABC
Editors
WojciechZamojski TomaszWalkowiak
InstituteofComputerEngineering, InstituteofComputerEngineering,
ControlandRobotics ControlandRobotics
WrocławUniversityofTechnology WrocławUniversityofTechnology
Wrocław Wrocław
Poland Poland
JacekMazurkiewicz JanuszKacprzyk
InstituteofComputerEngineering, PolishAcademyofSciences
ControlandRobotics SystemsResearchInstitute
WrocławUniversityofTechnology Warszawa
Wrocław Poland
Poland
JarosławSugier
InstituteofComputerEngineering,
ControlandRobotics
WrocławUniversityofTechnology
Wrocław
Poland
ISSN1867-5662 e-ISSN1867-5670
ISBN978-3-642-30661-7 e-ISBN978-3-642-30662-4
DOI10.1007/978-3-642-30662-4
SpringerHeidelbergNewYorkDordrechtLondon
LibraryofCongressControlNumber:2012938746
(cid:2)c Springer-VerlagBerlinHeidelberg2012
Thisworkissubjecttocopyright.AllrightsarereservedbythePublisher,whetherthewholeorpartof
thematerialisconcerned,specificallytherightsoftranslation,reprinting,reuseofillustrations,recitation,
broadcasting,reproductiononmicrofilmsorinanyotherphysicalway,andtransmissionorinformation
storageandretrieval,electronicadaptation,computersoftware,orbysimilarordissimilarmethodology
nowknownorhereafterdeveloped.Exemptedfromthislegalreservationarebriefexcerptsinconnection
with reviews or scholarly analysis or material supplied specifically for the purpose of being entered
and executed on a computer system, for exclusive use by the purchaser of the work. Duplication of
this publication or parts thereof is permitted only under the provisions of the Copyright Law of the
Publisher’slocation,initscurrentversion,andpermissionforusemustalwaysbeobtainedfromSpringer.
PermissionsforusemaybeobtainedthroughRightsLinkattheCopyrightClearanceCenter.Violations
areliabletoprosecutionundertherespectiveCopyrightLaw.
Theuseofgeneraldescriptivenames,registerednames,trademarks,servicemarks,etc.inthispublication
doesnotimply,evenintheabsenceofaspecificstatement,thatsuchnamesareexemptfromtherelevant
protectivelawsandregulationsandthereforefreeforgeneraluse.
Whiletheadviceandinformationinthisbookarebelievedtobetrueandaccurateatthedateofpub-
lication,neithertheauthorsnortheeditorsnorthepublishercanacceptanylegalresponsibilityforany
errorsoromissionsthatmaybemade.Thepublishermakesnowarranty,expressorimplied,withrespect
tothematerialcontainedherein.
Printedonacid-freepaper
SpringerispartofSpringerScience+BusinessMedia(www.springer.com)
Preface
We would like to present monographic studies on selected problems of complex
systemsandtheirdependabilitywhichareincludedinthisvolumeof“Advancesin
IntelligentandSoftComputing”series.
Today’scomplexsystems are integratedunitiesof technical,information,orga-
nization, software and human (users, administrators and management) resources.
Complexity of modern systems stems not only from their complex technical and
organization structures (hardware and software resources) but mainly from com-
plexityofsysteminformationprocesses(processing,monitoring,management,etc.)
realized in their defined environment.System resourcesare dynamicallyallocated
toongoingtasks.Arhythmofsystemeventsflow(incomingand/orongoingtasks,
decisionsofamanagementsystem,systemfaults,“defense”systemreactions,etc.)
may be considered as deterministic or/and probabilistic event streams. This com-
plexity and multiplicity of processes, their concurrencyand their reliance on em-
bedded intelligence (human and artificial) significantly impedes the construction
of mathematical models and limits evaluation of adequate system measures. In
manycases,analysisofmoderncomplexsystemsisconfinedtoquantitativestudies
(MonteCarlosimulations)whichpreventsdevelopmentofappropriatemethodsof
systemdesignandselectionofpoliciesforsystemexploitation.Securityandconfi-
dentialityofinformationprocessingintroducefurthercomplicationsintothesystem
modelsandevaluationmethods.
Dependability is the modern approach to reliability problems of contemporary
complex systems. It is worth to underline the difference among the two terms of
system dependabilityandsystems reliability.Dependabilityofsystems, especially
computer systems and networks, is based on multi-disciplinary approach to the-
ory, technology, and maintenance of systems working in a real (and very often
unfriendly) environment. Dependability of systems concentrates on efficient real-
ization of tasks, services and jobs by a system considered as a unity of technical,
informationandhumanresources,while“classical”reliabilityisrestrainedtoanal-
ysisoftechnicalsystemresources(componentsandstructuresbuiltformthem).
In the following few points we will briefly present main subjects of our
monograph.
VI Preface
Problems of complex system modelling can be found in many chapters. Mod-
ellingofasystemasaservicesnetworkisinvestigatedinchapter11.Mathematical
models of computer systems and networks and applied computation methods are
presentedin chapters4, 6 and 19. Optimizationof the traveller salesman problem
modelled by a genetic algorithm is considered in chapter 13, while in 21 specific
mechanism–servicerenaming–isproposedasamethodforeliminationofunex-
pectedbehaviourincomponent-basedsystems.
Astatisticalmethodologycalled“nonparametricpredictiveinference”appliedto
reliabilityanalysisforsystemsandnetworksispresentedinchapter8.Somespecific
viewonseveralaspectsontheinterrelationbetweenstatisticsandsoftwaretesting
andreliabilityisdiscussedinchapter7.Inchapter17amethodofeventmonitoring
in a cluster system is proposed.A functionaltesting toolset and its application to
developmentofdependableavionicssoftwarearethetopicofchapter2.
The ISO/IEC standard 15408 “Common Criteria for IT security evaluation”
deals with problemsof IT security featuresand behaviour.Chapter 3 proposesan
ontology-basedapproachtodefinitionofspecificationmeansusedinaprocesscom-
pliant with this standard, whereas building development environments for secure
andreliableITproductsbasedondesignpatternsofthe“CC”projectisthetopicof
chapter12.Chapter1presentsspecifictoolsupportingbothbusinesscontinuityand
informationsecuritymanagementtryingtointegratethosetwoaspectsinthemost
efficientway.
Encryptionandsecuritytoolscreateafoundationofsecureexploitationofcom-
putersystemsandnetworks.Anencryptionmethodusefulforobliviousinformation
transferis proposedinchapter9, whilespecializedcipherdevicesimplementedin
FPGAdevicesarediscussedinchapter18.Chapter10,inturn,isdevotedtosecurity
issuesintheprocessofhardwaredesignandsimulation.
Thefinalsubjectdealswithspecificcontrollinganddesignissuesinspecialized
complexsystemsappliedforstreetlighting.Inchapter14mathematicalmodelsof
thelightingsystemsareintroducedandthenformalmethodsimprovingagent-aided
smart lighting system design are presented in chapter 15. Computational support
foroptimizingsystems ofthis kindis discussedin chapter16 while in 20specific
rule-basedapproachtotheproblemsoftheircontrolisproposed.
Inthefinalwordsofthisintroductionwewouldliketoexpressoursincereappre-
ciationforallauthorswhohavecontributedtheirworksaswellastoallreviewers
who has helped to refine the contents of this monograph. We believe that it will
beinterestingtoallscientists,researchers,practitionersandstudentswhoworkon
problemsofdependability.
TheEditors
WojciechZamojski
JacekMazurkiewicz
JarosławSugier
TomaszWalkowiak
JanuszKacprzyk
List of Reviewers
SalemAbdel-Badeeh SergeyOrlov
AliAl-Dahoud YiannisPapadopoulos
ManuelGilPerez OksanaPomorova
JanuszGórski MaciejRostan´ski
ZbigniewHuzar KrzysztofSacha
AdrianKapczyn´ski MarekSkomorowski
JanMagott BarbaraStrug
IstvanMajzik StanisławWrycza
GrzegorzJ.Nalepa WojciechZamojski
Contents
Validationof the SoftwareSupportingInformationSecurityand
BusinessContinuityManagementProcesses ........................ 1
JacekBaginski,AndrzejBiałas
AFunctionalTestingToolsetandItsApplicationtoDevelopmentof
DependableAvionicsSoftware.................................... 19
VasilyBalashov,AlexanderBaranov,MaximChistolinov,DmitryGribov,
RuslanSmeliansky
SpecificationMeansDefinitionfortheCommonCriteriaCompliant
DevelopmentProcess–AnOntologicalApproach.................... 37
AndrzejBiałas
Real-Time GastrointestinalTract Video Analysis on a Cluster
Supercomputer ................................................ 55
Adam Blokus, Adam Brzeski, Jan Cychnerski, Tomasz Dziubich,
MateuszJe˛drzejewski
DetectionofAnomaliesinaSOASystembyLearningAlgorithms...... 69
IlonaBluemke,MarcinTarka
ServiceAvailabilityModeltoSupportReconfiguration ............... 87
DariuszCaban,TomaszWalkowiak
OnSomeStatisticalAspectsofSoftwareTestingandReliability........ 103
FrankP.A.Coolen
Generalizing the Signature to Systems with Multiple Types of
Components................................................... 115
FrankP.A.Coolen,TahaniCoolen-Maturi
EffectiveObliviousTransferUsingaProbabilisticEncryption ......... 131
AlexanderFrolov
X Contents
Gap-and-IMECA-BasedAssessmentofI&CSystemsCyberSecurity ... 149
Vyacheslav Kharchenko, Anton Andrashov, Vladimir Sklyar,
AndriyKovalenko,OlexandrSiora
ApproachtoMethodsofNetworkServicesExploitation .............. 165
KatarzynaNowak,JacekMazurkiewicz
PatternBasedSupportforSiteCertification ........................ 179
DariuszRogowski,PrzemysławNowak
IntegratingtheBest2-OptMethodtoEnhancetheGeneticAlgorithm
ExecutionTimeinSolvingtheTravelerSalesmanProblem............ 195
SaraSabba,SalimChikhi
RepresentationofObjectsinAgent-BasedLightingDesignProblem.... 209
AdamSe¸dziwy
FormalMethodsSupportingAgentAidedSmartLightingDesign ...... 225
AdamSe¸dziwy,LeszekKotulski,MarcinSzpyrka
ComputationalSupportforOptimizingStreetLightingDesign ........ 241
AdamSe¸dziwy,MagdalenaKozien´-Woz´niak
MonitoringEventLogswithinaClusterSystem..................... 257
JanuszSosnowski,MarcinKubacki,HenrykKrawczyk
Implementing AES and Serpent Ciphers in New Generationof
Low-CostFPGADevices ........................................ 273
JarosławSugier
DependableStrategiesforJob-FlowsDispatchingandSchedulingin
VirtualOrganizationsofDistributedComputingEnvironments........ 289
Victor Toporkov, Alexey Tselishchev, Dmitry Yemelyanov,
AlexanderBobchenkov
ControllingComplexLightingSystems ............................ 305
IgorWojnicki,LeszekKotulski
ServiceRenaminginComponentComposition ...................... 319
WlodekM.Zuberek
AuthorIndex ..................................................... 331
Validation of the Software Supporting
Information Security and Business Continuity
Management Processes
Jacek Baginski and Andrzej Białas
Abstract. The chapter presents the OSCAD tool supporting the business continui-
ty (according to BS 25999) and information security management (according to
ISO/IEC 27001) processes in organizations. First, the subject of the validation, i.e.
the OSCAD software is presented, next the goal and range of the validation are
briefly described. The validation is focused on the key management process re-
lated to risk analyses. A business-oriented, two-stage risk analysis method imple-
mented in the tool assumes a business processes criticality assessment at the first
stage and detailed analysis of threats and vulnerabilities for most critical processes
at the second stage of the risk analysis. The main objective of the validation is to
answer how to integrate those two management systems in the most efficient way.
1 Introduction
The chapter concerns a joint software implementation of two management systems
very important for business processes of any modern organization. The first deals
with business continuity, while the second concerns information security.
Business continuity [1], [2] is understood as a strategic ability of the
organization to:
• plan reactions and react to incidents and disturbances in its business operations
with a view to continue them on an acceptable, previously determined level,
• diminish possible losses if such harmful factors occur.
Different kinds of assets are engaged to run business processes – technical produc-
tion infrastructures, ICT infrastructures with information assets, services, energy,
media, materials, human resources, etc. All of them are needed by an organization
to continue its operations and, as a result, to achieve its business objectives.
Business continuity is very important for organizations:
Jacek Baginski · Andrzej Białas
Institute of Innovative Technologies EMAG, 40-189 Katowice, Leopolda 31, Poland
e-mail: jbaginski@emag.pl, a.bialas@emag.pl
W. Zamojski et al. (Eds.): Complex Systems and Dependability, AISC 170, pp. 1–17.
springerlink.com © Springer-Verlag Berlin Heidelberg 2012
2 J. Baginski and A. Białas
• which have expanded co-operation links,
• which are part of complex supply chains,
• which work according to the Just-in-time strategy.
There is a specific group of organizations providing e-services that are totally
dependent on ICT infrastructures. Their business processes depend strongly on
efficient operations of IT systems and business continuity is a key issue for them.
There are many other factors which can disturb business continuity, such as:
technical damages; random disruption events; catastrophes; disturbances in the
provision of services, materials and information from the outside; organizational
errors; human errors, deliberate human actions, etc. These factors should be identi-
fied, mitigated and controlled. The BS 25999 group of standards [1], [2] plays the
key role in business continuity management (BCM), specifying the requirements
for Business Continuity Management Systems (BCMS).
Information security [3], [4] is identified as the protection of integrity, confi-
dentiality and availability with respect to information assets of any organization.
Business processes of modern organizations depend on reliable and secure infor-
mation processing. This processing influences the achievement of business objec-
tives of these organizations, despite of their size and character. It is important for
public or health organizations, educational institutions, and commercial compa-
nies. The information related to business processes should be protected while it is
generated, processed, stored or transferred, despite of its representation (electron-
ic, paper document, voice, etc.). Different threats exploiting vulnerabilities
cause information security breaches. Any factors that may negatively influence
information assets should be mitigated and controlled. The key role for informa-
tion security management (ISM) belongs to the ISO/IEC 2700x family of
standards, especially ISO/IEC 27001, specifying the requirements for Information
Security Managements Systems (ISMS).
Both BCM and ISM systems are based on the Deming cycle (Plan-Do-Check-
Act) and broadly use the risk analysis. They gave foundation to the OSCAD sys-
tem, presented in this chapter. OSCAD is developed at the Institute of Innovative
Technologies EMAG within a project co-financed by the Polish National Research
& Development Centre (Narodowe Centrum Badań i Rozwoju) [5].
The BS 25999 standard plays the key role in the BCM domain. To improve the
effectiveness of the BCM processes, a number of software tools were developed,
e.g.: SunGuard LDRPS (Living Disaster Recovery Planning System) [6], ErLogix
BCMS [7], ROBUST [8], RPX Recovery Planner [9]. These tools offer very simi-
lar functions, more or less detailed activities within the BCMS phases. Some of
them require purchasing several separate modules for the full BCMS implementa-
tion (like risk analysis or incident management). OSCAD tries to gather those
functions within one complex solution and offers additional elements, like:
• integration with ISMS and its specific elements (e.g. statement of applicability,
information groups risk analysis, more emphasis on information confidentiality
and integrity during the risk analysis);
