Ivan Cibrario Bertolotti

• Laurea degree in Computer Science
• Researcher at Italian National Research Council

The ongoing adoption of Robot Operating Systems (ROSs) not only for research-oriented projects but also for industrial applications demands a more thorough assessment of its security than in the past. This paper highlights that a key ROS component—the ROS Master—is indeed vulnerable to a novel kind of Slow Denial of Service (slow DoS) attack, the r...

Equipment to be installed in real-time industrial control system networks must be carefully characterized before commissioning to ensure it meets performance requirements. However, performance analysis tools may be expensive and come with stringent hardware and software requirements that render them out of reach for many small and medium enterprise...

Modern ICT infrastructures, i.e., cyber-physical systems and critical infrastructures relying on interconnected IT (Information Technology)- and OT (Operational Technology)-based components and (sub-)systems, raise complex challenges in tackling security and safety issues. Nowadays, many security controls and mechanisms have been made available and...

The Controller Area Network (CAN) dominates in-vehicle networking systems in modern vehicles. CAN was designed with low-latency and reliability as key features. Authenticity of a CAN frame was not considered in the design, thus, most in-vehicle network nodes inherently trust received messages as coming from a legitimate source. As a result, it is t...

Background The adoption of continuous glucose monitoring (CGM) already helps to improve glycemic control in diabetes. When coupled with appropriate data analysis techniques, CGM also provides dependable estimates for significant metrics, like glycated hemoglobin (HbA1c). Findings from the REALISM-T1D study can boost HbA1c estimation methods in diab...

Introduction The availability of easily accessible continuous glucose monitoring (CGM) metrics can improve glycemic control in diabetes, and they may even become a viable alternative to hemoglobin A1c (HbA1c) laboratory tests in the next years. The REALISM-T1D study (REAl-Life glucoSe Monitoring in Type 1 Diabetes) was aimed at contributing, with r...

Cyber-Physical Systems are usually subject to dependability requirements such as safety and reliability constraints. Over the last 50 years, a body of efficient fault-tolerance mechanisms has been devised to handle faults occurring at run-time. However, properly implementing those mechanisms is a time-consuming task that requires a great deal of kn...

Preventive and reactive maintenance require the collection of an ever-increasing amount of information from industrial plants and other complex systems, like those based on robotized cells, a need that can be fulfilled by means of a suitable event notification mechanism. At the same time, timing and delivery reliability requirements in those scenar...

The analysis and design of control system configurations for automated production systems is generally a challenging problem, in particular given the increasing number of automation devices and the amount of information to be managed. This problem becomes even more complex when the production system is characterized by a fast evolutionary behaviour...

Modern automation systems are asked to provide a step change toward flexibility and reconfigurability to cope with increasing demand for fast changing and highly fragmented production—which is more and more characterising the manufacturing sector. This reflects in the transition from traditional hierarchical and centralised control architecture to...

Controller Area Network (CAN) technology is nowadays ubiquitous in vehicular applications and is also gaining popularity in other contexts, for instance, embedded and industrial automation systems. The recent standardization of CAN with flexible data rate (CAN FD), as well as other academic proposals, have highlighted the usefulness of enhancing th...

Embedded Software Development: The Open-Source Approach delivers a practical introduction to embedded software development, with a focus on open-source components. This programmer-centric book is written in a way that enables even novice practitioners to grasp the development process as a whole. Incorporating real code fragments and explicit, real-...

Controller Area Network (CAN) has been the de facto standard in the automotive industry for the past two decades. Recently, CAN with flexible data-rate (CAN FD) has been standardized, which achieves noticeably higher throughput. Further improvements are still possible for CAN, by exploiting its peculiar physical layer to carry out distributed opera...

The ever-increasing variety of services built on top of the Controller Area Network (CAN), along with the recent discovery of vulnerabilities in CAN-based automotive systems (some of them demonstrated in practice), stimulated a renewed attention to security-oriented enhancements of the CAN protocol. The issue is further compounded nowadays because,...

Controller Area Network (CAN) is very popular in networked embedded systems. On the other hand, intranets are now ubiquitous in office, home, and factory environments. Namely, the Internet Protocol (IP) is the glue that permits any kind of information to be exchanged between devices in heterogeneous systems. In this paper, a network architecture to...

Contemporary embedded system development is focusing more and more on software modularity and reuse, to reduce development costs and improve reliability. In this scenario, a Real Time Operating System (RTOS) often plays a central role to schedule task execution and provide inter-task communication and synchronization. For this reason, its performan...

The Modbus protocol is widely used at the field level, such as building automation and industrial automation. Among existing implementations of the protocol over different communication infrastructures, Modbus TCP offers better scalability and interoperability than Modbus RTU and Modbus CAN, while at the same time, its real-time performance suffers...

Requirements concerning the specification and correct implementation of access control policies have become more and more popular in industrial networked systems during the last years. Unfortunately, the peculiar characteristics of industrial systems often prevent the designer from taking full advantage of technologies and techniques already develo...

The bit stuffing mechanism adopted in controller area networks leads to unwanted jitter on frame reception times, which worsens timing accuracy, even if countermeasures are adopted to avoid contentions on the bus. Several solutions have been proposed so far for dealing with stuff bits in the payload of messages, but they are not effective for the c...

The flexibility and reconfigurability requirements of factories and manufacturing plants of the future can be partially met by adopting technologies and solutions already available for testing and experimentation. Openness and adherence to international standards are becoming increasingly important in modern distributed production and automation sy...

Nowadays, industrial control networks are no longer conceived as isolated systems, being them exposed to the same kind of security threats affecting traditional office and business networks. For this kind of systems, the main security requirement is availability, thus the protection measures used to secure industrial control networks must take into...

The MODBUS protocol is nowadays very popular at both the field and SCADA levels, thanks to its simplicity and its open nature. However, the choice of physical transmission medium is currently limited to either the low-performance TIA/EIA-485 bus (MODBUS RTU) or Ethernet (MODBUS TCP), with its topology and cabling shortcomings and additional softwar...

It is well known that bit stuffing in CAN may interfere with error detection and, in particular, with CRC-based approaches, so that the residual error probability can be noticeably higher than the theoretical value. Encoding techniques that prevent the insertion of stuff bits in the payload of the frame are a simple remedy, which improves integrity...

The ever increasing hardware capabilities typical of modern microcontrollers make it easier to add more and more functions to embedded systems, even relatively low-end ones. In turn, this raises new requirements on their firmware, putting the focus on aspects like adherence to international and industrial standards, modularity, portability, fast ti...

The controller area network (CAN) bit stuffing mechanism, albeit essential to ensure proper receiver clock synchronization, introduces a significant, payload-dependent jitter on message response times, which may worsen the timing accuracy of a networked control system. Accordingly, several approaches to overcome this issue have been discussed in li...

Controller Area Networks (CAN) adopt bit stuffing at the physical layer, thus introducing a frame length variability that may adversely affect sensing and actuation jitter. One way to mitigate this issue is to encode the payload by means of a suitable run length limited code, before transmission.In this paper, a family of these codes is defined and...

Although the Controller Area Network (CAN) technology is very mature, the behavior of real CAN controllers under marginal operating conditions is still of practical interest as CAN is being deployed in a variety of application domains. In this paper, we propose a test software architecture able to extensively investigate the reaction of a typical C...

The ability to carry out coordered activities in distributed applications is currently considered a basic requirement in most industrial scenarios as well as in many areas with demanding real-time constraints, such as modern electric power systems, the automotive/avionic domains, and some types of networked embedded control systems. For this reason...

In many distributed systems that involve interactions between physical objects, human beings and environment, the precise time of an event is very important. This is particularly true for automated control applications, wherein the knowledge of the exact time of occurrence of a certain event, or the ability to enforce a given action at a precise in...

Critical Infrastructures are constantly affected by threats of various nature. Contingency planning in this context is needed in order to ensure an adequate management of emergencies. In particular, emergency response plans define the interactions and operations to be performed inside the infrastructure and among different systems during the occurr...

Automatic conformance checks of security policies is becoming a key issue in large ICT infrastructures that are more and more prone to cyber-attacks, in particular when wireless communication technologies and media are extensively adopted. This paper presents a hierarchical class-based model for the description of a system and its security requirem...

Bit stuffing in CAN is likely to cause jitters on message reception that, in specific cases where timing accuracy is relevant, may worsen the quality of the control algorithm noticeably. Several solutions have appeared in the past years that are aimed to tackle this issue, which are based on a suitable encoding of the payload of the message carried...

The effectiveness and quality of several distributed control loops are heavily affected by the ability to reduce jitters. This goal can hardly be achieved without understanding all possible causes that can introduce time fluctuations in the communication path between the processor, running the control algorithms, and the (remote) peripheral devices...