scispace - formally typeset
Search or ask a question
Author

Roberto Nardone

Bio: Roberto Nardone is an academic researcher from University of Naples Federico II. The author has contributed to research in topics: Promela & Model checking. The author has an hindex of 16, co-authored 56 publications receiving 541 citations. Previous affiliations of Roberto Nardone include Mediterranean University & Mediterranea University of Reggio Calabria.


Papers
More filters
Journal ArticleDOI
TL;DR: A proof of concept of Virtual coupling is provided by introducing a specific operating mode within the European rail traffic management system/European train control system (ERTMS/ETCS) standard specification, and by defining a coupling control algorithm accounting for time-varying delays affecting the communication links.
Abstract: Railway infrastructure operators need to push their network capacity up to their limits in high-traffic corridors. Virtual coupling is considered among the most relevant innovations to be studied within the European Horizon 2020 Shift2Rail Joint Undertaking as it can drastically reduce headways and thus increase the line capacity by allowing to dynamically connect two or more trains in a single convoy. This paper provides a proof of concept of Virtual coupling by introducing a specific operating mode within the European rail traffic management system/European train control system (ERTMS/ETCS) standard specification, and by defining a coupling control algorithm accounting for time-varying delays affecting the communication links. To that aim, we define one ploy to enrich the ERTMS/ETCS with Virtual coupling without changing its working principles and we borrow a numerical analysis methodology used to study platooning in the automotive field. The numerical analysis is also provided to support the proof of concept with quantitative results in a case-study simulation scenario.

79 citations

Proceedings ArticleDOI
01 Nov 2018
TL;DR: This paper introduces Virtual Coupling in the context of a standard ATC, that is ERTMS/ETCS, considering a reference ATC simplifies the discussion about implementation and performance issues and provides some preliminary hints, models and results.
Abstract: Virtual Coupling adds to Automatic Train Control (ATC) systems the further functionality of being able to virtually connect two or more trains, so drastically reducing their headways and increasing line capacity. For this reason it is considered among the most relevant innovations to be researched within the European Horizon 2020 Shift2Rail Joint Undertaking. Indeed, Virtual Coupling also introduces some critical issues related to potential hazards as well as strict requirements on tolerated latency associated to the channels used for train-to-trackside and train-to-train communications. In this paper, we introduce Virtual Coupling in the context of a standard ATC, that is ERTMS/ETCS. Considering a reference ATC simplifies the discussion about implementation and performance issues. We will provide some preliminary hints, models and results and draw conclusions about required safety analyses and future developments.

60 citations

Journal ArticleDOI
TL;DR: The language extends the popular Unified Modeling Language (UML) to provide vulnerability and protection modeling functionality and provides an abstract representation of concepts and activities in the infrastructure protection domain that enables model-to-model transformations for analysis purposes.

60 citations

Journal ArticleDOI
TL;DR: This paper addresses the definition of a Model-Driven approach for the evaluation of RAM attributes in railway applications to automatically generate formal models and shows that the MARTE-DAM framework can be successfully specialized for the railway domain.

44 citations

Journal ArticleDOI
TL;DR: In this article, the relevant research literature in recent years has been systematically reviewed and classified in order to investigate the state-of-the-art in the software verification and validation (V&V) of autonomous cars.
Abstract: Autonomous, or self-driving, cars are emerging as the solution to several problems primarily caused by humans on roads, such as accidents and traffic congestion. However, those benefits come with great challenges in the verification and validation (V&V) for safety assessment. In fact, due to the possibly unpredictable nature of Artificial Intelligence (AI), its use in autonomous cars creates concerns that need to be addressed using appropriate V&V processes that can address trustworthy AI and safe autonomy. In this study, the relevant research literature in recent years has been systematically reviewed and classified in order to investigate the state-of-the-art in the software V&V of autonomous cars. By appropriate criteria, a subset of primary studies has been selected for more in-depth analysis. The first part of the review addresses certification issues against reference standards, challenges in assessing machine learning, as well as general V&V methodologies. The second part investigates more specific approaches, including simulation environments and mutation testing, corner cases and adversarial examples, fault injection, software safety cages, techniques for cyber-physical systems, and formal methods. Relevant approaches and related tools have been discussed and compared in order to highlight open issues and opportunities.

40 citations


Cited by
More filters
Journal Article
TL;DR: A framework for model driven engineering is set out, which proposes an organisation of the modelling 'space' and how to locate models in that space, and identifies the need for defining families of languages and transformations, and for developing techniques for generating/configuring tools from such definitions.
Abstract: The Object Management Group's (OMG) Model Driven Architecture (MDA) strategy envisages a world where models play a more direct role in software production, being amenable to manipulation and transformation by machine. Model Driven Engineering (MDE) is wider in scope than MDA. MDE combines process and analysis with architecture. This article sets out a framework for model driven engineering, which can be used as a point of reference for activity in this area. It proposes an organisation of the modelling 'space' and how to locate models in that space. It discusses different kinds of mappings between models. It explains why process and architecture are tightly connected. It discusses the importance and nature of tools. It identifies the need for defining families of languages and transformations, and for developing techniques for generating/configuring tools from such definitions. It concludes with a call to align metamodelling with formal language engineering techniques.

1,476 citations

Proceedings Article
01 Jan 2002
TL;DR: In this paper, an algorithm for generating attack graphs using model checking as a subroutine is presented, which allows analysts to decide which minimal set of security measures would guarantee the safety of the system.
Abstract: An attack graph is a succinct representation of all paths through a system that end in a state where an intruder has successfully achieved his goal. Today Red Teams determine the vulnerability of networked systems by drawing gigantic attack graphs by hand. Constructing attack graphs by hand is tedious, error-prone, and impractical for large systems. By viewing an attack as a violation of a safety property, we can use off-the-shelf model checking technology to produce attack graphs automatically: a successful path from the intruder's viewpoint is a counterexample produced by the model checker In this paper we present an algorithm for generating attack graphs using model checking as a subroutine. Security analysts use attack graphs for detection, defense and forensics. In this paper we present a minimization analysis technique that allows analysts to decide which minimal set of security measures would guarantee the safety of the system. We provide a formal characterization of this problem: we prove that it is polynomially equivalent to the minimum hitting set problem and we present a greedy algorithm with provable bounds. We also present a reliability analysis technique that allows analysts to perform a simple cost-benefit trade-off depending on the likelihoods of attacks. By interpreting attack graphs as Markov Decision Processes we can use the value iteration algorithm to compute the probabilities of intruder success for each attack the graph.

467 citations

01 Nov 1998
TL;DR: In this paper, a model checker is applied to the problem of test generation using a new application of mutation analysis, and two classes of operators are defined: those that generate test cases from which a correct implementation must differ, and those that produce test cases with which it must agree.
Abstract: We apply a model checker to the problem of test generation using a new application of mutation analysis. We define syntactic operators, each of which produces a slight variation on a given model. The operators define a form of mutation analysis at the level of the model checker specification. A model checker generates countersamples which distinguish the variations from the original specification. The countersamples can easily be turned into complete test cases, that is, with inputs and expected results. We define two classes of operators: those that produce test cases from which a correct implementation must differ, and those that produce test cases with which it must agree. There are substantial advantages to combining a model checker with mutation analysis. First, test case generation is automatic; each countersample is a complete test case. Second, in sharp contrast to program-based mutation analysis, equivalent mutant identification is also automatic. We apply our method to an example specification and evaluate the resulting test sets with coverage metrics on a Java implementation.

334 citations

Journal ArticleDOI
TL;DR: The use of PLM processes and tools to manage product data effi ciently, with increased visibility and control over the life cycle of the product, is expanding.
Abstract: Manufacturers are faced with many challenges, such as globalization, disparate enterprise systems and a lack of platform maturity. These will only multiply as technology advances, offshore manufacturing increases and new ways of working emerge. To overcome these challenges, many manufacturers have embraced product lifecycle management (PLM) or have expanded the use of PLM processes and tools to manage product data effi ciently, with increased visibility and control over the life cycle of the product.

295 citations

Journal ArticleDOI
TL;DR: A comprehensive survey of existing approaches to industrial facility design and risk assessment that consider both safety and security and a comparative analysis of the different approaches identified in the literature is provided.

256 citations