Lucia Seno

• Italian National Research Council

Having everything interconnected through the Internet, including vehicle onboard systems, is making security a primary concern in the automotive domain as well. Although Ethernet and CAN XL provide link-level security based on symmetric cryptography, they do not support origin authentication for multicast transmissions. Asymmetric cryptography is u...

The security configuration of firewalls is a complex task that is commonly performed manually by network administrators. As a consequence, among the rules composing firewall policies, they often introduce anomalies, which can be classified into sub-optimizations and conflicts, and which must be solved to allow the expected firewall behavior. The se...

The dynamic redistribution of filtering rules between firewalls, which are located in the same network, is a technical solution that can cope with temporary changes in the traffic load processed by the firewalls themselves. This paper presents a novel formal model for networks including multiple cascaded firewalls, that can be leveraged to enable t...

In several application contexts, keeping transmission latencies on a wireless network bounded is required. When high bandwidth is additionally demanded, IEEE 802.11 is certainly a reasonable choice. Reliable data delivery is customarily achieved through automatic retransmission upon errors. In Wi-Fi, retries are managed in hardware by adapters. Unf...

Erraticness of the radio spectrum makes communication on wireless networks scarcely deterministic, which renders them hardly suitable for the use in application scenarios that demand high reliability, e.g., industrial wireless control systems. To counteract unpredictable phenomena like electromagnetic noise, moving obstacles, and collisions with in...

Access control is one of the building blocks of network security and is often managed by network administrators through the definition of sets of high-level policies meant to regulate network behavior (policy-based management). In this scenario, policy refinement and verification are important processes that have to be dealt with carefully, possibl...

The availability of performance studies and simple models for firewalls able to deal with industrial application-layer communication protocols, like Modbus/TCP, is crucial when the impact of these devices has to be estimated, even roughly, before their actual deployment in industrial networks. Unfortunately, most manufacturers do not provide this k...

Two emerging architectural paradigms, i.e., Software Defined Networking (SDN) and Network Function Virtualization (NFV), enable the deployment and management of Service Function Chains (SFCs). A SFC is an ordered sequence of abstract Service Functions (SFs), e.g., firewalls, VPN-gateways,traffic monitors, that packets have to traverse in the route...

Access control (AC) is the core of every architectural solution for information security. Indeed, no effective protection scheme can abstract from the careful design of access control policies, and infrastructures underlying modern Industrial Networked Systems (INSs) are not exceptions from this point of view. This paper presents a comprehensive fr...

Industrial distributed control systems would greatly benefit from the adoption of wireless communication technologies, if only guarantees could be provided on timing of time-critical data delivery over the ether. This paper presents solutions to handle single-hop deadline-constrained periodic traffic, which combine centralized transmission scheduli...

Access control (AC) is the core of every architectural solution for information security. Indeed, no effective protection scheme can abstract from the careful design of access control policies, and infrastructures underlying modern Industrial Networked Systems (INSs) are not exceptions from this point of view. This paper presents a comprehensive fr...

Communication over the ether is by nature erratic, and thus wireless networks are often deemed unsuitable to support time-critical distributed control applications, like those at the shop-floor of industrial plants. However, scheduling techniques derived from real-time operating systems, along with channel redundancy and runtime retransmission mana...

The current version of IEEE 802.11, based on EDCA, is unable to support fine-grained assignments of priorities to messages. Instead, such an ability could be advantageous in distributed real-time control systems communicating over the air, as it would enable the exploitation of feasibility analysis to assess whether or not timing constraints are me...

Vulnerabilities in software and hardware components can be exploited by attackers to cause damages through the cyberspace. Nowadays, this problem also affects a large number of industrial networked systems (INS) and experts are well aware that suitable prevention/detection techniques and countermeasures have to be developed, taking into account INS...

Communication over the ether is by nature erratic and, consequently, wireless networks are unsuitable for hard real-time distributed control applications typical of industrial plants. However, scheduling strategies employed by real-time operating systems, along with channel redundancy and advanced bandwidth management, can be used to improve their...

Timeliness and reliability are two major requirements of control systems and this true, in particular, in many industrial application areas which make use of solutions distributed over a network. Moreover, with the adoption of wireless communication technologies in industrial environments, granting timeliness and reliability for transmissions over...

The flexibility and reconfigurability requirements of factories and manufacturing plants of the future can be partially met by adopting technologies and solutions already available for testing and experimentation. Openness and adherence to international standards are becoming increasingly important in modern distributed production and automation sy...

The specification and verification of access control policies are fundamental steps in the process of securing industrial control systems and critical infrastructures. The focus of this paper is on bridging the semantic gap between high-level access control policies specified in the Role-Based Access Control (RBAC) framework and the low-level secur...

In the last few years, wireless networks have gained significant importance in the context of industrial communication systems [1], where their deployment is bringing several noticeable benefits, ranging from replacement of cables to the connection of devices that cannot be reached by traditional wired systems. These features make the adoption of w...

The problem of enhancing reliability while providing real-time guarantees in industrial communication over wireless networks has been widely addressed by the scientific literature. Several analyses have been carried out that consider this problem in a real-time scheduling framework, modeling both real-time transmission flows and possible retransmis...

The performance of the IEEE 802.11 WLAN are influenced by the wireless channel characteristics that reflect on the signal-to-noise ratio (SNR), particularly in industrial communication systems, that often operate in harsh environments. In order to cope with SNR reductions, the IEEE 802.11 WLAN specification suggests to adapt (reduce) the transmissi...

The performance evaluation of wireless networks for industrial applications represents a relevant issue for the scientific community. One of the most important aspects of these activities is concerned with the validation of the theoretical models derived from accurate analysis of the protocols employed by the networks. In this paper we focus on a t...

In the last years, several wireless standards have been profitably tested for possible application in factory communication systems, showing encouraging results even in time-critical applications. However, the achieved performance are clearly related to the specific applications considered and, more important, to the specific wireless components em...

Nowadays, wireless communication technologies are being employed in an ever increasing number of different application areas, including industrial environments. Benefits deriving from such a choice are manifold and include, among the others, reduced deployment costs, enhanced flexibility and support for mobility. Unfortunately, because of a number...

The recent improvements of the wireless networks performance offer a valuable opportunity also in the context of industrial communication systems. However, these systems are often subjected to such tight reliability requirements as well as timing constraints that wireless communications, especially in an interfered scenario, can hardly comply with....

Nowadays, industrial communication systems are experiencing the introduction of wireless technologies at all levels of automated factories. The benefits that derive from such a choice are manifold, including reduced deployment costs, enhanced flexibility and support for mobility. Unfortunately, because of a number of reasons, wireless systems can n...

The employment of real time Ethernet networks in factory automation systems is rapidly increasing and several commercial products, with different characteristics, are already available from various manufacturers. Most of these networks have been included in both the IEC 61158 and IEC 61784 International standards that, in addition, define a set of...

The industrial communication scenario is experiencing the introduction of wireless networks at all levels of factory automation systems. The benefits deriving from such an innovation are manifold, even if wireless systems cannot be thought as a complete replacement of wired networks. Rather, they will be even more used in the near future to realize...

Industrial communication networks are a key element for developing advanced distributed control and automation systems. On the one hand, high performance and low costs are generally required to cope with more and more demanding application requirements, while, on the other hand, real-time capabilities are often needed in an increasing number of aut...

Recently, two new types of communication networks have become available at the low levels of factory automation systems. Besides field buses, which have been traditionally used since long time, both real-time Ethernet (RTE) and wireless networks may now be employed. Consequently, it is envisaged that hybrid configurations using all types of the ava...

In the last years real-time Ethernet (RTE) networks, based on the IEEE 802.3 protocol, able of providing realtime data transfer have been even more employed by applications at low levels of factory automation systems. In this paper we focus on Ethernet Powerlink, one of the most popular RTE networks included in the IEC 61784 International Standard,...

Real-time Ethernet networks, which are described by both the IEC 61784 and IEC 61158 International Standards, are even more employed in factory automation systems. In this paper we focus on the performance of EtherNet/IP, one of the most popular networks specified by the above standards. In particular, we evaluate two Performance Indicators, namely...