Leonardo MontecchiNorwegian University of Science and Technology | NTNU · Department of Computer Science
Leonardo Montecchi
PhD in Computer Science, Systems, and Telecommunications
About
72
Publications
6,306
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
401
Citations
Introduction
Associate Professor at NTNU/IDI. My research revolves around different aspects of the modeling of complex systems. I have extensive experience in quantitative system evaluation using stochastic models (e.g., Stochastic Petri Nets). Currently, my main focus is on applying model-driven engineering techniques to support the development and V&V of systems, with a particular focus on critical systems and infrastructures, and, more broadly, on Systems-of-Systems (SoS) and Cyber-Physical Systems (CPS).
Additional affiliations
January 2014 - May 2017
June 2017 - December 2021
Publications
Publications (72)
With the advent of recent technological advances, more demanding tele-immersive applications have started to emerge. In the World Opera application, artists from different opera houses across the globe can participate in a single united performance, and interact almost as if they were co-located. One of the main design challenges in this applicatio...
Dependability and performance analysis of modern systems is facing great challenges: their scale is growing, they are becoming massively distributed, interconnected, and evolving. Such complexity makes model-based assessment a difficult and time-consuming task. For the evaluation of large systems, reusable submodels are typically adopted as an effe...
The injection of software faults in source code requires accurate knowledge of the programming language, both to craft faults and to identify injection locations. As such, fault injection and code mutation tools are typically tailored for a specific language and have limited extensibility. In this paper we present a model-driven approach to craft a...
Coding conventions are a means to improve the reliability of software systems, and they are especially useful to avoid the introduction of known bugs or security flaws. However, coding rules typically come in the form of text written in natural language, which makes them hard to manage and to enforce. Following the model-driven engineering principl...
We argue that object detectors in the safety critical domain should prioritize detection of objects that are most likely to interfere with the actions of the autonomous actor. Especially, this applies to objects that can impact the actor’s safety and reliability. To quantify the impact of object (mis)detection on safety and reliability in the conte...
Peer Code Review (PCR) is a professional practice and a learning method. A case study on PCR was conducted in a “Programming Languages” course in the fall semester of 2023 at the Norwegian University of Science and Tech-nology (NTNU). A new protocol for peer code review was implemented where the students received a suggested solution and instructor...
Programming is one of the core disciplines in Computer Science (CS) and Computer Engineering (CE) courses, and it is increasingly permeating the curricula of other study programs. After undergoing an introduction to programming and a course on object-oriented programming, some students will attend an advanced course on programming languages, where...
Object detection consists in perceiving and locating instances of objects in multi-dimensional data, such as images or lidar scans.While object detection is a fundamental step in autonomous vehicles applications, it is typically evaluated with generic metrics like precision and recall. Recently, metrics that take into account safety have been propo...
Object detection in autonomous driving consists in perceiving and locating instances of objects in multi-dimensional data, such as images or lidar scans. Very recently, multiple works are proposing to evaluate object detectors by measuring their ability to detect the objects that are most likely to interfere with the driving task. Detectors are the...
Early-stage security analysis can be used for a preliminary assessment of the security level of a system, thus providing useful insights to guide the whole system’s development. In this paper, we focus on a specific meta-level modeling framework for security analysis, ADVISE Meta, which allows representing a system using generic built-in blocks and...
Multi-parameter monitoring systems in Intensive Care Units (ICUs) monitor the clinical condition of critical state patients. These Systems of Systems (SoS) comprise a set of Constituent Systems (CS) to measure parameters such as heart rate, respiratory frequency, and temperature. Due to the critical nature and relevance of ICUs, such SoS shall be a...
Software Product Lines (SPLs) enable and maximize reuse of software artefacts, using software variability as central technique. In Model-Based Safety Analysis, system and software models are annotated with failure models that are used to produce safety analysis artefacts like fault trees and FMEAs. However, little work has been done to show MBSA in...
To contribute to multiconcern assurance, we focus on system design and present a high-level process that builds on top of the synergy between qualitative and quantitative dependability analysis techniques, which have been used for mono- as well as multiconcern analysis.
Model-based evaluation is extensively used to estimate the performance and reliability of dependable systems. Traditionally, these systems were small and self-contained, and the main challenge for model-based evaluation has been the efficiency of the solution process. Recently, the problem of specifying and maintaining complex models has increasing...
We argue that object detectors in the safety critical domain should prioritize detection of objects that are most likely to interfere with the actions of the autonomous actor. Especially, this applies to objects that can impact the actor's safety and reliability. In the context of autonomous driving, we propose new object detection metrics that rew...
Fault Injection (FI) is a well-known system verification technique, in which faults are artificially introduced into a system, to assess its behavior in exceptional conditions. FI can be applied at different levels, including physical, hardware and software. FI has also been applied at model level, although the amount of work in this direction is l...
Often, either to expand the target market or to satisfy specific new requirements, software systems inside a company are cloned, refactored, and customized, generating new derived software systems. Although this is a practical solution, it is not effective in the long-term because of the high maintenance costs when maintaining each of these derived...
Mathematical models are an effective tool for studying the properties of complex systems. Constructing such models is a challenging task that often uses repeated patterns or templates. The Template Models Description Language (TMDL) has been developed to clearly define model templates that are used to generate model instances from the template spec...
Model-based evaluation has been extensively used to estimate performance and reliability metrics of computer systems, especially critical systems, for which experimental approaches are not always applicable. A significant challenge is constructing and maintaining the models for large-scale and possibly evolving systems. In a recent work we defined...
Knowledge-intensive Processes (KiPs) are processes characterized by high levels of unpredictability and dynamism. Their process structure may not be known before their execution. One way to cope with this uncertainty is to defer decisions regarding the process structure until run time. In this paper, we consider the definition of the process struct...
With the expansion of autonomous robotics and its applications (e.g. medical, competition, military), the biggest hurdle in developing mobile robots lies in endowing them with the ability to interact with the environment and to make correct decisions so that their tasks can be executed successfully. However, as the complexity of robotic systems gro...
Coding conventions are a means to improve the reliability of software systems. They can be established for many reasons, ranging from improving the readability of code to avoiding the introduction of security flaws. However, coding conventions often come in the form of textual documents in natural language, which makes them hard to manage and to en...
Because of the substances they process and the conditions of operation, chemical plants are systems prone to the occurrence of undesirable and potentially dangerous events. Major accidents may occur when a triggering event produces a cascading accident that propagates to other units, a scenario known as domino effect. Assessing the probability of e...
Service Oriented Architecture (SOA) is a common design pattern that allows building applications composed of several services. It promotes features as interoperability, scalability, and software reuse. Services composing a SOA system may evolve and change during runtime, often outside the control of the owner of the application, which makes the ver...
Cloud services consumers deal with a major challenge in selecting services from several providers. Facilitating these choices has become critical, and an important factor is the service trustworthiness. To be trusted by users, cloud providers should explicitly communicate their capabilities to ensure important functional and non-functional requirem...
With the expansion of autonomous robotics and its applications (e.g. medical, competition, military), the biggest hurdle in developing mobile robots lies in endowing them with the ability to interact with the environment and to make correct decisions so that their tasks can be executed successfully. However, as the complexity of robotic systems gro...
Knowledge-intensive processes (KiPs) cannot be fully specified at design time because not all information about the process is available prior to its execution. At runtime, new information emerges reflecting environment changes or unexpected outcomes. The structure of this kind of processes varies from case to case and it is defined step-by-step ba...
Dynamic features offered by programming languages provide greater flexibility to the programmer (e.g., dynamic constructions of classes and methods) and reduction of duplicate code snippets. However, the unnecessary use of dynamic features may detract from the code in many ways, such as readability, comprehension, and maintainability of software. T...
CHESS is an open source methodology and toolset for the development of safety-critical systems. More specifically, CHESS is a model-based methodology, which supports the design, dependability analysis, and code generation of critical systems. Despite its rather mature level in terms of technology readiness, systematic guidance needs to be developed...
A dramatic shift in system complexity is occurring, bringing monolithic system designs to be progressively replaced by modular approaches. In the latest years, this trend has been emphasized by the system of systems (SoS) concept, in which a complex system or application is the result of the integration of many independent, autonomous constituent s...
Nowadays, personal information is collected, stored, and managed through web applications and services. Companies are interested in keeping such information private due to regulation laws and privacy concerns of customers. Furthermore, the reputation of a company can be dependent on privacy protection, ie, the more a company protects the privacy of...
Socio-technical systems are characterized by the interplay of heterogeneous entities i.e., humans, organizations, and technologies. Application domains such as petroleum, e-health, and many others rely on solutions based on safety-critical socio-technical systems. To ensure a safe operation of these interacting heterogeneous entities, multifaceted...
The shape of Critical Infrastructures (CIs) has changed drastically in recent years, leading them to become interconnected systems with complex interactions. This will be especially true for future power grids, known as “smart grids”. In such complex systems, one of the main challenges consists in understanding the possible impact of failures on th...
Presents the introductory welcome message of the Workshop on Dependability in Evolving Systems (WDES 2016), at LADC 2016 in Cali, Colombia.
Several formalisms and techniques have been introduced in the literature for the purpose of modeling and evaluation of complex systems. Each of them has its strengths and weaknesses, which also depend on the purpose of the evaluation. In this paper we propose the integration of two different formalisms in a single framework for the modeling, valida...
Accidents on petroleum installations can have huge consequences, to mitigate the risk, a number of safety barriers are devised. Faults and unexpected events may cause barriers to temporarily deviate from their nominal state. For safety reasons, a work permit process is in place: decision makers accept or reject work permits based on the current sta...
Agile software development methodologies use an iterative and incremental development in order to handle evolving systems. Consolidated techniques in the field of testing have been applied to these techniques with the main purpose of aiding in the test creation stage. An example is Model-Based Test Driven Development (MBTDD) which joins the concept...
Personal information is continuously gathered and processed by modern web applications. Due to regulation laws and to protect the privacy of users, customers, and business partners, such information must be kept private. A recurring problem in constructing web applications and services that protect privacy is the insufficient resources for document...
Software Product Lines engineering is a technique that explores systematic reuse of software artifacts in large scale to implement applications that share a common domain and have some customized features. For improving Product Line Architecture evolution, it is advisable to develop Software Product Lines using a modular structure. This demand can...
For several years, the vulnerability of Critical Infrastructures (CIs) to cyber-threats has been limited, since they were mostly isolated systems, using proprietary protocols. Nowadays, CIs are increasingly threatened by external attacks: the use of off-the-shelf components is common, they have become interconnected, and sometimes also connected to...
Safety is a fundamental property for a wide class of systems, which can be assessed through safety analysis. Recent standards, as the ISO26262 for the automotive domain, recommend safety analysis processes to be performed at system, hardware, and software levels. While Failure Modes and Effects Analysis (FMEA) is a well-known technique for safety a...
Safety analysis is increasingly important for a wide class of systems. In the automotive field, the recent ISO26262 standard foresees safety analysis to be performed at system, hardware, and software levels. Failure Modes and Effects Analysis (FMEA) is an important step in any safety analysis process, and its application at hardware and system leve...
Current ICT infrastructures are characterized by increasing requirements of reliability, security, performance, availability, adaptability. A relevant issue is represented by the scalability of the system with respect to the increasing number of users and applications, thus requiring a careful dimensioning of resources. Furthermore, new security is...
Dependability and performance analysis of modern systems is facing great challenges: their scale is growing, they are becoming massively distributed, interconnected, and evolving. Such complexity makes model-based assessment a difficult and time-consuming task. For the evaluation of large systems, reusable sub models are typically adopted as an eff...
Session management in distributed Internet services is traditionally based on username and password, explicit logouts and mechanisms of user session expiration using classic timeouts. Emerging biometric solutions allow substituting username and password with biometric data during session establishment, but in such an approach still a single verific...
Safety analysis is becoming more and more important in a wide class of systems. In the automotive field, the recent ISO26262 foresees safety analysis to be performed at different levels: system, software and hardware. The assessment of architecture with respect to safety is typically better understood at system and HW levels, while an equivalent an...
Highly distributed, autonomous and self-powered systems operating in harsh, outdoors environments face several threats in terms of dependability, timeliness and security, due to the challenging operating conditions determined by the environment. Despite such difficulties, there is an increasing demand to deploy these systems to support critical ser...
Recent technological advances have made it possible to design bandwidth demanding distributed interactive multimedia applications such as the World Opera application. In this application artists from different opera houses across the globe, can participate in a single united performance and interact almost as if they were co-located.
One of the mai...
Model-transformation techniques have increasingly gained attention in the design and evaluation of high-integrity systems, with the purpose to provide (semi-)automatic tools for non-functional analysis. Analysis models are automatically derived from an architectural description of the system in a UML-like language. One of the main challenges is des...
This chapter provides an overview of the state of knowledge related to stochastic model-based assessment approaches, which are most commonly used for resiliency evaluation of current computing systems. The chapter first introduces a set of representative surveys developed in recent European projects, and then it provides a deeper description of com...
In this paper we perform a model-based analysis of the Timed Reliable Communication (TRC) protocol, which is being used within the EU funded ALARP project for railway worksite com-munication. TRC is a group communication protocol based on IEEE 802.11 networks, targeting safety-critical applications with limited bandwidth requirements. The paper con...
Biometric authentication systems verify the identity of users by relying on their distinctive traits, like fingerprint, face, iris, signature, voice, etc. Biometrics is commonly perceived as a strong authentication method; in practice several well-known vulnerabilities exist, and security aspects should be carefully considered, especially when it i...
Poster on the quantitative security evaluation of a biometric authentication system using the ADVISE formalism.
Further details can be found in the related paper at the DESEC4LCCI workshop:
L. Montecchi, P. Lollini, A. Bondavalli, E. La Mattina. "Quantitative Security Evaluation of a Multi-biometric Authentication System". In: Workshop on Dependa...
Modelling and simulation are well suited approaches to analyze CI, providing useful insights into how components failures might propagate along interconnected infrastructures, possibly leading to cascading or escalating failures, and to quantitatively assess the impact of these failures on the service delivered to users. This chapter focuses on the...
In the last ten years, Model Driven Engineering (MDE) approaches have been extensively used for the analy- sis of extra-functional properties of complex systems, like safety, dependability, security, predictability, quality of ser- vice. To this purpose, engineering languages (like UML and AADL) have been extended with additional features to model...
Model-Driven engineering (MDE) aims to elevate models in the engineering process to a central role in the specification, design, integration, validation, and operation of a system. MDE is becoming a widely used approach within the dependability domain: the system, together with its main dependability-related characteristics, is represented by engin...
Model-Driven engineering (MDE) aims to elevate models in the engineering process to a central role in the speciication, design, integration, validation, and operation of a system. MDE is becoming a widely used approach within the dependabil-ity domain: the system, together with its main dependability-related characteristics, is represented by engin...
In future inhomogeneous, pervasive and highly dynamic networks, end-nodes may often only rely on unreliable and uncertain observations to diagnose hidden network states and decide upon possible remediation actions. Inherent challenges exists to identify good and timely decision strategies to improve resilience of end-node services. In this paper we...
This paper provides a QoS analysis of a dynamic, ubiquitous UMTS network scenario in the automotive context identi_ed in the ongoing EC HIDENETS project. The scenario comprises different types of mobile users, applications, traffic conditions, and outage events reducing the available network resources. Adopting a compositional modeling approach bas...
This paper provides a QoS analysis of a dynamic, ubiquitous UMTS network scenario in the automotive context identified in
the ongoing EC HIDENETS project. The scenario comprises different types of mobile users, applications, traffic conditions,
and outage events reducing the available network resources. Adopting a compositional modeling approach ba...
The ERTMS-ATC system is a distributed system where the Driver Machine Interface (DMI) is a slave unit of the train onboard vital computer (EVC). In this paper we analyze two types of communication protocols for the EVC-DMI interactions, based, respectively, on cyclic and acyclic messages’ exchange. Adopting a modular modeling methodology, we assess...
The ERTMS-ATC system is a distributed system where the Driver Machine Interface (DMI) is a slave unit of the train onboard vital computer (EVC). Consequently, as for the information visualization and the input data acquisition, the data transfer between DMI and EVC must also be safe. A safe communication protocol stack has therefore to be provided...
Current infrastructures are often characterized by a huge complexity in terms of large number of involved components, high system dynamicity, evolvability, and network heterogeneity. In this paper we introduce a modeling approach to analyze a class of dynamic/large-scale systems characterized by a phased behavior. The modeling approach we present i...