Seleziona una pagina

# Publications

Articles, Book Chapters, Conference Papers

# Anno 2020

#### A new pressure guided management tool for epidural space detection: feasibility assessment in a clinical scenario (2020)

###### Massimiliano Carassiti, Rita Cataldo, Domenico Formica, Carlo Massaroni, Aurelio De Filippis, Paola Palermo, Joshua Di Tocco, Roberto Setola, Chiara Valenti, Emiliano Schena

Minerva anestesiologica

The detection of epidural space is usually performed by the technique of loss of resistance (LOR) without technological support, although there are few commercial options. In this work, we aimed to assess the feasibility of a new, non-invasive, mechatronic system for LOR detection in clinical settings. The system allows monitoring the pressure exerted on the syringe plunger by the clinician during the puncture. The LOR is related to the mentioned pressure.

#### Multi-criteria node criticality assessment framework for critical infrastructure networks (2020)

###### Luca Faramondi, Gabriele Oliva, Roberto Setola

International Journal of Critical Infrastructure Protection

Spotting criticalities in Critical Infrastructure networks is a crucial task in order to implement effective protection strategies against exogenous or malicious events. Yet, most of the approaches in the literature focus on specific aspects (e.g., presence of hubs, minimum paths) and there is a need to identify tradeoffs among importance metrics that are typically clashing with each other. In this paper we propose an approach for the assessment of criticalities which combines multi-criteria decision making techniques and topological/dynamical centrality measures. In particular, we resort to the Sparse Analytic Hierarchy Process (SAHP) technique to calculate the relevance of the different metrics based on pairwise comparisons of the metrics by Subject Matter Experts (SMEs) and to merge the different metrics into a holistic indicator of node criticality/importance that takes into account all the metrics. With the aim to experimentally demonstrate the potential of the proposed approach, we consider a case study related to the Central London Tube Network. According to the experimental results, the proposed aggregated ranking exhibits negligible correlation with the single metrics being aggregated, thus suggesting that the proposed approach effectively combines the different metrics into a new perspective.

# Anno 2019

#### Recepimento della direttiva NIS sulla cyber-security delle reti (2019)

###### Roberto Setola, Giacomo Assenza

Sicurezza e Giustizia

Con la direttiva 2016/1148 del 6 luglio 2016 [1] recante misure per un livello comune elevato di sicurezza delle reti e dei sistemi informativi, l’Unione Europea vuole affrontare con un approccio organico e trasversale l’emergente questione della cyber-security con l’intento di rafforzare la resilienza e la cooperazione tra stati membri. Come riportato nelle considerazioni introduttive della direttiva, reti, sistemi e servizi informativi svolgono un ruolo cruciale nel facilitare i movimenti di beni, servizi e persone, e la loro perturbazione potrebbe avere ripercussioni non solo sui singoli stati membri ma in tutta l’Unione danneggiando l’economia nel suo complesso. Risulta dunque necessario implementare dei livelli minimi comuni di protezione, in quanto l’attuale disomogeneità, anche alla luce delle strette interrelazioni e interdipendenze esistenti fra i diversi sistemi e componenti del cyberspace, è un fattore di insicurezza a livello comunitario.

#### OPERATIONAL TECHNOLOGY CYBERSECURITY: HOW VULNERABLE IS OUR CRITICAL INFRASTRUCTURE  (2019)

###### Giacomo Assenza, Roberto Setola

Contemporary Macedonian Defense/Sovremena Makedonska Odbrana

The employment of OT (Operational Technology) in Critical Infrastructure has largely increased in recent years due to several benefits related to the improvement of efficiency, quality of production, and cost reduction. Unfortunately, the use of these technologies exposes the plants to cyber threats. Indeed, a cyber-attack may cause not only a production interruption, but it could also manipulate the control process in order to induce catastrophic events. This article will provide background on industrial control systems, highlighting their architecture, the critical sectors in which they operate and what makes them so vulnerable, including a focus on the role of Firmware and its vulnerabilities. Also, it will discuss the new ICS business driven trends analysing their impact on security. Finally, it will review relevant features of some of the occurred cyberattacks that caused physical harm.

#### Opinion-based optimal group formation (2019)

###### Gabriele Oliva, Antonio Scala, Roberto Setola, Paolo Dell’Olmo

Omega

Most of classical decision making processes aim at selecting the “best” alternative or at ranking alternatives based on the opinions of decision makers. Often, such a process occurs among people (experts or decision makers) who are expected to achieve some shared consensus in ranking the alternatives. However, this is not likely to happen (especially for a large and heterogeneous collection of people) and decision makers tend to reveal groups characteristics derived from their different opinions. A major problem is that inconsistency in opinions arises as each expert has a limited knowledge, errors and misinterpretation of data can occur and thus it is not clear how groups can be identified to be internally consistent and non-conflicting. In this paper, we investigate the conditions under which experts can be split into different sub-groups that share coherent and consistent opinions but are mutually in conflict in the ordering of the alternatives. We face this problem by presenting a non-linear integer programming model where each decision maker specifies incomplete preferences on pairs of alternatives and the objective is to obtain groups having the least possible degree of inconsistency. From a theoretical standpoint, we show that the proposed problem is non-convex and NP-Hard. Moreover, we validate the proposed approach with respect to a case study related to the 2018 Italian political elections. Specifically, we analyze the opinions of 33 decision makers and we show that the proposed technique is able to identify sub-groups characterized by large internal consistency, i.e., the members of each sub-groups express similar judgements upon the different options, while such options are evaluated very differently by the different sub-groups. Interestingly, while dividing the decision makers in three sub-groups, we obtain group rankings that reflect the structure of the Italian political parties or coalitions at the time, i.e., left-wing, right-wing and populists, even if such kind of information has not been directly provided by the decision makers nor used within the proposed case study.

#### Network Defensive Strategy Definition Based on Node Criticality (2019)

###### Luca Faramondi, Gabriele Oliva, Roberto Setola

2019 IEEE International Conference on Systems, Man and Cybernetics (SMC)

In this paper we develop a novel approach to identify the best policy to allocate protection resources to raise the overall network robustness to node disruption. The proposed methodology is based on the identification of the most critical elements of the network in terms of their connectivity contribution to the entire system. The definition of the critical nodes is performed as a game-theoretic analysis based on Shapley Value theory. We validate the proposed approach with respect to a case study featuring a social network; by comparison with state of the art metrics, we experimentally show that the proposed protection strategy is particularly effective in preserving the residual network connectivity.

#### An overview of Cyber Attack to Industrial Control System (2019)

###### Roberto Setola, Luca Faramondi, Ernesto Salzano, Valerio Cozzani

Chemical Engineering Transactions

The relevance of OT (Operational Technology) in Seveso plats has largely increased in recent years thanks to several benefits related to the improvement of efficiency, quality of the production, and cost reduction. Unfortunately, the use of these technologies exposes the plants to cyber threats. Indeed, a cyber-attack may cause the interruption of the production, and, at worst, could manipulate the control process in order to induce a catastrophic event. In recent years, several cyber-attacks have been performed against Industrial Control Systems. In this paper, we provide a process-engineering oriented overview of those attacks with the aim of illustrating their behavior. Particular attention is payed to Triton attack, being the first worm specifically designed to attack a Safety Instrumented System. The paper concludes with some consideration about a relevant approach that might be useful to increase the protection of the Seveso ICS.

#### Physical security barriers and protection distances for Seveso sites (2019)

###### Alessandro Tugnoli, Matteo Iaiani, Gabriele Oliva, Ernesto Salzano, Roberto Setola, Valerio Cozzani

Chemical Engineering Transactions

Seveso III Directive (2012/18/EU) requires operators to demonstrate that they have identified major accident hazards and scenarios, and that they have implemented adequate actions to prevent such accidents. Safety reports issued under the Seveso Directive specifically address accident scenarios caused by technical or human failures. Scenarios caused by intentional acts are usually not considered, even if they have a wide potential to harm the workers and the exposed population in the vicinity of Seveso sites. The present contribution focuses on the characterization of physical security-related scenarios in the framework of safety and security management of Seveso sites, identified taking advantages of the potential synergies between safety and security studies. The role of physical security barriers is explored. Finally, the use of protection distances from critical and vulnerable units is presented to support the selection of the barriers.

#### Sicurezza delle infrastrutture critiche: è il fattore umano il punto debole (2019)

Giacomo Assenza, Roberto Setola

Agenda Digitale

Quella delle infrastrutture critiche è una realtà sempre più interconnessa, interdipendente e tecnologicamente avanzata. Tale complessità ha da una parte reso i servizi più efficaci e immediati, ma dall’altra ha creato nuove debolezze e vulnerabilità. Tra queste, il “fattore umano” è considerato sia l’elemento di maggiore forza ma anche l’anello debole dei processi di sicurezza e negli ultimi tempi sono state avviate delle campagne di Security Awareness.

Campagne che risultano però ancora limitate sia livello quantitativo che qualitativo, quando invece sarebbero essenziali per trasformare il personale da anello debole a punto di forza della sicurezza delle infrastrutture critiche.

#### A Review of Methods for Evaluating Security Awareness Initiatives (2019)

###### Giacomo Assenza, Andrea Chittaro, Maria Carla De Maggio, Marzia Mastrapasqua, Roberto Setola

European Journal for Security Research

The ‘human factor’is commonly considered to be the weakest link in an organization’s security chain, and a significant percentage of companies have implemented security awareness (SA) programs to address this vulnerability. However, an element whose usefulness is still underestimated is the importance to perform measurements of the different SA programs’ effectiveness in order to assess their adequateness for achieving the intended goals. This gap has serious consequences as most of the security awareness campaigns have resulted to be largely unsuccessful. Awareness measurement tools might be determinant in providing feedback on the outcome of a program as well as in helping with the strategic planning for endorsing security. This article will introduce and critically compare a set of measurement methods. It will then discuss their attributes and suggested applications.

#### Aggregating Centrality Rankings: A Novel Approach to Detect Critical Infrastructure Vulnerabilities (2019)

###### Gabriele Oliva, Annunziata Esposito Amideo, Stefano Starita, Roberto Setola, Maria Paola Scaparra

International Conference on Critical Information Infrastructures Security

Assessing critical infrastructure vulnerabilities is paramount to arrange efficient plans for their protection. Critical infrastructures are network-based systems hence, they are composed of nodes and edges. The literature shows that node criticality, which is the focus of this paper, can be addressed from different metric-based perspectives (e.g., degree, maximal flow, shortest path). However, each metric provides a specific insight while neglecting others. This paper attempts to overcome this pitfall through a methodology based on ranking aggregation. Specifically, we consider several numerical topological descriptors of the nodes’ importance (e.g., degree, betweenness, closeness, etc.) and we convert such descriptors into ratio matrices; then, we extend the Analytic Hierarchy Process problem to the case of multiple ratio matrices and we resort to a Logarithmic Least Squares formulation to identify an aggregated metric that represents a good tradeoff among the different topological descriptors. The procedure is validated considering the Central London Tube network as a case study.

#### White Paper on Industry Experiences in Critical Information Infrastructure Security: A Special Session at CRITIS 2019

###### Giacomo Assenza, Valerio Cozzani, Francesco Flammini, Nadezhda Gotcheva, Tommy Gustafsson, Anders Hansson, Jouko Heikkila, Matteo Iaiani, Sokratis Katsikas, Minna Nissilä, Gabriele Oliva, Eleni Richter, Maaike Roelofs, Mehdi Saman Azari, Roberto Setola, Wouter Stejin, Alessandro Tugnoli, Dolf Vanderbeek, Lars Westerdahl, Marja Ylönen, Heather Young

International Conference on Critical Information Infrastructures Security

The security of critical infrastructures is of paramount importance nowadays due to the growing complexity of components and applications. This paper collects the contributions to the industry dissemination session within the 14th International Conference on Critical Information Infrastructures Security (CRITIS 2019). As such, it provides an overview of recent practical experience reports in the field of critical infrastructure protection (CIP), involving major industry players. The set of cases reported in this paper includes the usage of serious gaming for training infrastructure operators, integrated safety and security management in the chemical/process industry, risks related to the cyber-economy for energy suppliers, smart troubleshooting in the Internet of Things (IoT), as well as intrusion detection in power distribution Supervisory Control And Data Acquisition (SCADA). The session has been organized to stimulate an open scientific discussion about industry challenges, open issues and future opportunities in CIP research.

#### Assessing Node Criticality in Dynamical Distributed Systems (2019)

###### L Faramondi, S Panzieri, R Setola, G Oliva

2019 18th European Control Conference (ECC)

In this paper we characterize the vulnerability of the different elements of a geographically dispersed and networked LTI discrete-time dynamical system by taking the perspective of an attacker aiming at steering the system state towards an undesirable configuration via the injection of control signals at selected subsystems. Specifically, we assume the attacker aims at directly intervening on the minimum number of subsystems and at injecting the minimum energy signal that would steer the state towards the target adverse configuration, while minimizing the number of steps required to reach such a configuration. Such three conflicting objectives generate a Pareto front of solutions, and the vulnerability of each subsystem is evaluated in terms of the frequency with which each node is attacked in the solutions belonging to the Pareto front. Such a vulnerability assessment can be the base to prioritize the protection resources to be allocated at each subsystem.

#### A Wearable Platform to Identify Workers Unsafety Situations (2019)

###### Luca Faramondi, Paolo Bragatto, Camilla Fioravanti, Maria Grazia Gnoni, Simone Guarino, Roberto Setola

2019 II Workshop on Metrology for Industry 4.0 and IoT (MetroInd4. 0&IoT)

IoT technologies allow the development of innovative solutions to monitoring human activities and, among others, ones connected to workers in order to improve their safety. However, this kind of solutions need to guarantee workers privacy preventing an usage aimed at people’s control. Indeed, a similar employment is forbidden in several legislations and, more in general, solutions that have mechanisms that can hypothetical be used to monitoring the workers’ activities, usually aren’t accepted by workers. In this paper we illustrate the solution developed inside the SmartBench project based on wearable sensors to monitor the workers’ status. Specifically, we describe in detail a waist mounted platform able to detect several situations ranging from standing, running, falling, laying down, etc. The platform is also equipped with environmental sensors able to monitor the presence of carbon monoxide, humidity, temperature, etc. Moreover, the platform can share data using an architecture-free communication schema, i.e. BLE protocol, with environmental sensors dispersed in the work area. On the base of such data, the system is able to detect anomalous situations and provide information about the status directly and exclusively to the worker. Only in case of an emergency the information is shared with the supervisor and other workers in order to better manage the crisis. Precisely, in this paper we illustrate the algorithms developed to identify the workers’ status on the base of data extracted from the wearable sensor.

#### Gossip algorithm for multi-agent systems via random walk (2019)

###### Gabriele Oliva, Stefano Panzieri, Roberto Setola, Andrea Gasparri

Systems & Control Letters

This paper proposes an asynchronous gossip framework where agents move according to independent random walks over a location graph and interactions may occur only when two agents share the same location. Our goal is to investigate how average consensus may be achieved when agents’ motion occurs over a set of discrete locations with topological constraints. This could be used to model the spreading of information across moving crowds or the coordination of agents monitoring a discrete set of points of interest.

#### Covert channels-based stealth attacks in industry 4.0 (2019)

###### Cristina Alcaraz, Giuseppe Bernieri, Federica Pascucci, Javier Lopez, Roberto Setola

IEEE Systems Journal

Industry 4.0 advent opens several cyber-threats scenarios originally designed for classic information technology (IT), drawing the attention to serious risks for the modern industrial control networks. To cope with this problem, in this paper, we address the security issues related to covert channels applied to industrial networks, identifying the new vulnerability points when ITs converge with operational technologies such as edge computing infrastructures. Specifically, we define two signaling strategies where we exploit the Modbus/transmission control protocol (TCP) as target to set up a covert channel. Once the threat channel is established, passive and active offensive methodologies are further exploited by implementing and testing them on a real industrial Internet of Things testbed. The experimental results highlight the potential damage of such specific threats and the easy extrapolation of the attacks to other types of channels in order to show the new risks for the Industry 4.0. Related to this, we discuss some countermeasures offering an overview of possible mitigation and defensive measures.

#### Sparse analytic hierarchy process: an experimental analysis (2019)

###### Gabriele Oliva, Roberto Setola, Antonio Scala, Paolo Dell’Olmo

Soft Computing

The aim of the sparse analytic hierarchy process (SAHP) problem is to rank a set of alternatives based on their utility/importance; this task is accomplished by asking human decision-makers to compare selected pairs of alternatives and to specify relative preference information, in the form of ratios of utilities. However, such an information is often affected by subjective biases or inconsistencies. Moreover, there is no general consent on the best approach to accomplish this task, and in the literature several techniques have been proposed. Finally, when more than one decision-maker is involved in the process, there is a need to provide adequate methodologies to aggregate the available information. In this view, the contribution of this paper to the SAHP body of knowledge is twofold. From one side, it develops a novel methodology to aggregate sparse data given by multiple sources of information. From another side, the paper undertakes an experimental validation of the most popular techniques to solve the SAHP problem, discussing the strength points and shortcomings of the different methodology with respect to a real case study.

#### Distributed C-Means clustering via broadcast-only token-passing (2019)

###### Luca Faramondi, Gabriele Oliva, Roberto Setola, Christoforos N Hadjicostis

IEEE Transactions on Control of Network Systems

This paper provides an implementation of the $C$ -means algorithm in an asynchronous and distributed fashion; specifically, we consider a network of agents, each provided with a piece of information (e.g., data acquired via sensors) and we partition the agents in not mutually exclusive sets such that agents in the same set have similar information; moreover, each set of agents calculates a representative value for the group. Previous distributed algorithms that aimed at accomplishing this task have nontrivial demands, in that they require point-to-point communication capabilities among the agents, which may need to exchange large amounts of data in order to execute their computations. Within the proposed approach, instead, the agents need no prior knowledge about their neighbors and can simply communicate using broadcasts. The proposed solution consists in organizing data transmission following a token-passing approach, thus limiting the communication effort with respect to synchronous distributed implementations; furthermore, the token-passing phase is implemented via the broadcast-only communication, thus avoiding the requirements of the point-to-point communication. As shown via simulations, the latter feature is obtained at the cost of a modest increase in data transmission with respect to a traditional point-to-point token-passing scheme.

#### How to improve the security awareness in complex organizations (2019)

###### Maria Carla De Maggio, Marzia Mastrapasqua, Marco Tesei, Andrea Chittaro, Roberto Setola

European Journal for Security Research

The increasing interest arising around the field of security becomes a pragmatic issue when we consider the behavior of the employees of large organizations involved in critical infrastructures. As a matter of common knowledge, the human factor is the weakest link in the security chain. This introduces the topic of the security awareness of employees in large organizations. In this paper, we describe the results of a survey designed and delivered to large organizations in Europe, to understand how the topic of security is perceived and implemented and which are the security awareness initiatives held by organizations to instruct their employees. Moreover, we evaluate 23 methods to increase the security awareness, on the basis of several indicators describing their effectiveness, cost, implementation time, and other relevant aspects, to emphasize their pros and cons and their areas of applicability. Finally, we describe a tool developed to support the design of a security awareness campaign respecting the constraints imposed by the needs of each organization.

#### Method for remote rapid response to transportation security threats on high speed rail systems (2019)

###### Boris A Lyovin, Alexey V Shvetsov, Roberto Setola, Svetlana V Shvetsova, Marco Tesei

International Journal of Critical Infrastructures

Present day high speed rail systems (HSRS) operate under permanent risk of criminal and terrorist attacks. HSRS security threats require special attention and immediate responses. The purpose of this research is to develop a method for remote rapid response to HSRS transportation security threats. The method is based on the employment of automated drone stations that ensure the arrival of an unmanned aerial vehicle (drone) at the place of incident within 13 minutes of the alarm signal, i.e., when there is an intrusion on the railroad track. Detailed inspection of the incident location allows the dispatcher to make a rapid decision about actions that follow the signal: whether there is a need to send a rapid response team to the place of incident and/or to interrupt the train operation on the involved track section. In our research the method was designed based on the Moscow-Saint-Petersburg HSRS but this method can be applied to the HSRS of the other countries.

#### Peculiarità e problematiche della cyber security per gli Industrial Control System (2019)

###### Giacomo Assenza, Luca Faramondi, Roberto Setola

Istituto Superiore delle Comunicazioni e delle Tecnologie dell’Informazione

Gli Industrial Control System (ICS) sono una parte integrante delle moderne Infrastrutture Critiche (IC) in quanto sovrintendono a tutte le operazioni connesse con la gestione e il controllo di settori vitali come quello elettrico, petrolchimico, energetico, ecc.. Tuttavia, tali sistemi espongono le IC alla minaccia cyber, e i recenti attacchi informatici hanno dimostrato che è possibile, attraverso delle manipolazioni malevoli dei processi produttivi, provocare danni cinetici con conseguenze potenzialmente catastrofiche. Questo articolo illustra i problemi di sicurezza che scaturiscono dall’integrazione negli ICS di elementi e prodotti standardizzati e connessione Internet. Verranno, inoltre, analizzati gli attacchi cyber più rilevanti e si fornirà una profilazione della minaccia cyber suggerendo alcuni aspetti difensivi.

#### Direttiva Nis e Sanità: così migliorerà la cyber resilienza della filiera (2019)

###### Giacomo Assenza, Roberto Setola

Agenda Digitale

La filiera sanitaria rappresenta una delle infrastrutture critiche maggiormente vitali per uno Stato e la protezione degli assetti cibernetici di questo settore riveste caratteristiche di sicurezza nazionale. In particolare, la vulnerabilità cyber si lega da una parte alla crescente dipendenza delle strutture ospedaliere da sistemi digitalizzati, e dall’altra a una troppo lenta implementazione di misure di cyber security. La direttiva NIS, recepita nell’ordinamento italiano a giugno del 2018, riconosce la criticità del settore sanitario e crea un vincolo legale per spingere i vari soggetti ad adottare misure di sicurezza cyber che garantiscano l’affidabilità dei servizi erogati.

#### IIoT in the Hospital Scenario: Hospital 4.0, Blockchain and Robust Data Management (2019)

###### Luca Faramondi, Gabriele Oliva, Roberto Setola, Luca Vollero

Security and Privacy Trends in the Industrial Internet of Things

The Industrial Internet of Things (IIoT) consists of the pervasive application of the IoT paradigm in conjunction with analytics and artificial intelligence (AI) in industrial scenarios. Industry 4.0 (I4.0) extends further the IIoT model with the inclusion of robotics and automation, whereas Hospital 4.0 (H4.0) is the application of the I4.0 paradigm to the healthcare sector. H4.0 relies on cyber-physical systems managing several devices and software components. and the exchange of a huge amount of sensible data that includes medical records. Medical records can be much more valuable to criminals than financial data, indeed the control of medical data allows criminals to plan and realize different frauds, that the victims may identify only too late. Furthermore, the complexity of a typical H4.0 cyber-physical system makes healthcare records particularly vulnerable. Blockchain is today an emerging technology for the management of data that may avoid or mitigate the impact of threats related to data storage and management, in general, and to the administration, in particular, of healthcare records. The blockchain technology relies on cryptography and distributed consensus to guarantee data integrity, accountability and security. The exploitation of such technology is considered in this chapter, showing the advantages when used in a H4.0 scenario.

#### Identification of Vulnerabilities in Networked Systems (2019)

###### Luca Faramondi, Roberto Setola

Critical Infrastructure Security and Resilience

In last decades, thanks to the large diffusion of Information and communications technologies, the cooperation of distributed systems has been facilitated with the aim to provide new services. One of the common aspect of this kind of systems is the presence of a network able to ensure the connectivity among the elements of the network. The connectivity is a fundamental prerequisite also in the context of critical infrastructures (CIs), which are defined as a specific kind of infrastructures able to provide the essential services that underpin the society and serve as the backbone of our nation’s economy, security, and health (i.e. transportation systems, gas and water distribution systems, financial services, etc). Due to their relevance, the identification of vulnerabilities in this kind of systems is a mandatory task in order to design adequate and effective defense strategies. To this end, in this chapter some of the most common methods for networks vulnerabilities identification are illustrated and compared in order to stress common aspects and differences.

#### Ieee 802.11 s mesh network analysis for post disaster communication (2019)

###### Mehmet Ali Ertürk, Muhammed Ali Aydin, Luca Vollero, Roberto Setola

International Telecommunications Conference

Wireless mesh networks (WMN) provide rapidly deployable, cost effective and flexible communication infrastructures. WMNs are particularly useful in the case of disaster, allowing rescuers to build communication infrastructures that may facilitate their work and help them in saving lives. IEEE 802.11s is today the reference standard for wireless mesh networks (WMNs). The aim of this paper is to evaluate the performance of IEEE 802.11s in disaster scenarios when a robust Wireless infrastructures has to be built quickly out of nothing. In such scenarios, parameters like the time elapsed from the distribution of nodes in the area and the successful transmission of the first data packet, or the network delay, may be essential in order to save lives. The aim of this paper is to evaluate such parameters.

#### Incomplete Analytic Hierarchy Process with Minimum Ordinal Violations (2019)

###### Luca Faramondi, Gabriele Oliva, Sándor Bozóki

arXiv

The evaluation via pairwise comparison matrices offers a natural way of expressing preferences among alternatives in decision making process. Complete and incomplete pairwise comparison matrices have been applied in multi-criteria decision making, as well as in scoring and ranking. Although ordinal information is crucial in both theory and practice, there is a bias in the literature: cardinal models dominate. Purely ordinal models usually lead to non-unique solutions, therefore, a dual approach that takes ordinal and cardinal data into consideration is needed. In this work, we address the problem of identifying a set of weights from pairwise comparison matrices by fusing ordinal information and cardinal information. To this end, the incomplete (sparse) logarithmic least squares method is extended by constraints on ordinal consistency. The effectiveness of the proposed method is analyzed and compared with respect to other approaches and criteria at the state of the art.

#### A Dimensionality-Reduction Strategy to Compute Shortest Paths in Urban Water Networks (2019)

###### Carlo Giudicianni, Armando di Nardo, Gabriele Oliva, Antonio Scala, Manuel Herrera

arXiv

The efficient computation of shortest paths in complex networks is essential to face new challenges related to critical infrastructures such as a near real-time monitoring and control and the management of big size systems. In particular, using information on the minimum paths in water distribution networks (WDNs) allows to track the diffusion of contaminants and to quantify the resilience and criticality of the system. This is, ultimately, approached by considering dynamically changing path-weights that depend on the flow or on other information available at run-time. These analyses tipically include all the WDN assets but reducing the high degree of physical details with a minimum lost of key information for their performance assessment. This paper proposes a strategy to compute minimum paths that is based on a dimensionality-reduction process. Specifically, the network is partitioned into communities and suitably modified to obtain a reduced complexity representation (eg, in terms of number of nodes and links). The paper shows how this novel, reduced representation is equivalent to the traditional network on computing the shortest paths. The proposed approach is validated considering two utility networks as case studies. The results show that the proposed method provides the exact solution for the shortest path with a computational-time reduction consistently over 50\% and up to 90\% for some cases. Furthermore, the application of the proposal on WDNs partitioning shows both hydraulic and economic advantages thanks to their monitoring and controlling at near real-time.

#### Sanità digitale in cerca di security, ecco perché serve un piano mirato (2019)

Giacomo Assenza, Andrea Chiappetta

Agenda Digitale

La minaccia cyber contro la Sanità digitale è in continua crescita e causa danni economici e rallentamenti di sistema che rischiano di interferire con la sua capacità di erogare cure mediche in modo puntuale ed efficace. Sebbene sia il più bersagliato, il tessuto ospedaliero stenta ad implementare delle misure di cybersecurity adeguate che risultano costantemente in ritardo. Questo è in parte dovuto alla mancanza di linee guida specifiche di cybersecurity appositamente declinate per risultare adattabili nel settore ospedaliero. Approfondiamo il tema analizzando pro e contro delle strategie in campo.

Nonostante esistano cornici metodologiche e organizzative sia a livello nazionale che internazionale, nessuna di queste tiene in considerazione le peculiarità e necessità specifiche del settore in Italia. Questo articolo, dopo una breve profilazione della minaccia cyber che gli ospedali si trovano a dover fronteggiare, riporterà alcune esperienze di framework di cybersecurity. Infine, esprimerà la necessità di creare uno strumento guida appositamente customizzato per il settore sanitario evidenziando gli aspetti specifici che tale documento dovrà curare.

#### Distributed Flow Network Balancing with Minimal Effort (2019)

###### Gabriele Oliva, Apostolos I Rikos, Christoforos N Hadjicostis, Andrea Gasparri

IEEE Transactions on Automatic Control

The flow network balancing problem, i.e., the problem of balancing the incoming and outgoing flows for each vertex of a directed graph, has been widely investigated with several distributed solutions being proposed in recent years. Flow balancing is crucial in several application domains, ranging from water and traffic networks to complex network synchronization and distributed adaptive networked control. In this paper, we focus on finding the solution for the flow network balancing problem that is optimal in a minimal effort sense. More specifically, we aim at modifying a given set of (unbalanced) flows so that we obtain a balanced solution. We assume that there is a (possibly heterogenous) cost associated to the unit variation of each flow, as well as lower and upper bounds on the peredge flows. More in detail, we first establish a necessary and sufficient optimality condition for network balancing and then propose a distributed protocol, demonstrating its convergence toward the global optimal solution. Simulation results are provided to corroborate the effectiveness of the proposed distributed algorithm.

#### Distributed cooperative localization (2019)

###### Stefano Panzieri, Federica Pascucci, Lorenzo Sciavicco, Roberto Setola

Rapid Automation: Concepts, Methodologies, Tools, and Applications

Localization for mobile platforms, in indoor scenarios, represents a cornerstone achievement to effective develop service and field robots able to safely cooperate. This paper proposes a methodology to achieve such a result by applying a completely decentralized and distributed algorithm. The key idea of the solution developed is to enable a dynamic correction of the position estimate, computed by robots, through information, shared during random rendezvous. This objective is reached using a specific extension of the Extended Kalman Filter, called Interlaced Extended Kalman Filter, which allows exchanging the estimation performed by any single robot together with the corresponding uncertainties. The proposed unsupervised method provides a large flexibility: it facilitates the handling of heterogeneous proprioceptive and exteroceptive sensors, that can be merged taking into account both their accuracy and the system model one. The solution is particularly interesting for rescue scenario, since it is able to cope with irregular communication signals and loss of connectivity among robots team without requiring any synchronization.

# Anno 2018

#### Optimal Redesign of Markov Chains with Prescribed Repulsive Distribution (2018)

###### Matteo Santilli, Andrea Gasparri, Gabriele Oliva

2018 IEEE Conference on Decision and Control (CDC)

Optimization over Markov chains is a popular topic, since Markov chains can be used to model several important systems, such as telecommunications, railways or dams. However, most of the existing literature focuses on steady states and limiting distributions, while in some contexts it might be beneficial to design Markov chains with repulsive distributions, i.e., distributions that, once achieved, cause a large probability transition in the system. This, as typically done in Critical Infrastructure systems, corresponds to having resilient Markov chains that “spring back” after reaching potentially dangerous or unsafe configurations. In this paper we formulate a problem where we aim at redesigning a Markov chain in order from one side to maximize the repulsiveness of a prescribed distribution and from another side to minimize the redesign effort. In more detail, we formulate the problem as an optimization problem, and we provide a necessary and sufficient local optimality condition and a sufficient global optimality condition. We conclude the paper with simulations aimed at numerically demonstrating the theoretical findings in the paper.

#### Distributed estimation of node centrality with application to agreement problems in social networks (2018)

###### Eduardo Montijano, Gabriele Oliva, Andrea Gasparri

2018 IEEE Conference on Decision and Control (CDC)

Measures of node centrality that describe the importance of a node within a network are crucial for understanding the behavior of social networks and graphs. In this paper, we address the problem of distributed node centrality identification. In particular, we focus our attention on alpha-centrality, which can be seen as a generalization of eigenvector centrality, particularly suitable for graphs with asymmetric interactions. In this setting, our contribution is twofold: first we derive a distributed protocol where agents can locally compute their alpha-centrality index by means of local interactions; then we propose a novel consensus-algorithm running in parallel to the alpha-centrality estimator, which converges towards a weighted average of the initial conditions, where the weights are dictated by the alpha-centrality vector. The proposed algorithm finds application in social networks, where agreement protocols typically place more value on experts and influencers than on the rest of users. Simulations results are provided to corroborate the theoretical findings.

#### Discovering Vulnerabilities in Heterogeneous Interconnected Systems (2018)

###### Luca Faramondi, Gabriele Oliva, Stefano Panzieri, Roberto Setola

International Conference on Critical Information Infrastructures Security

The identification of vulnerabilities in critical infrastructure networks, especially in the event of an intentional attack, is a fundamental task to comprehend the behavior of such networks and to implement protection strategies with the purpose of raising their robustness and resilience. In this work, we characterize the network vulnerability with respect to an attacker that aims at destroying subsystems in a way that guarantees, at the same time, the maximization of the damage dealt and the minimization of the effort spent in the attack. To this end, we follow a topological approach and we characterize each subsystem as a node, while dependencies are modeled in terms of a directed edges. Moreover, each node is characterized by an intrinsic degree of importance and by the effort required to attack it. Such a differentiation of the nodes allows to capture the heterogeneous essence of the different subsystems in a Critical Infrastructure network. In this setting, we model the damage dealt by the attacker in terms of a weighted version of the pairwise connectivity, where the weights correspond to the nodes’ importance; moreover we model the overall attack effort in terms of the effort required to attack the nodes. The proposed methodology aims at computing a criticality metric based on a multi-objective optimization formulation. Specifically, the criticality metric represents the frequency with which a given subsystem is attacked in the hypothetical attack plans belonging to the Pareto front. Finally, we complement our methodology by introducing upper and lower bounds on the overall attacker’s effort, in order to specialize the proposed methodology to different classes of attackers. The feasibility of the proposed solution is tested on the US Airline Network as in 1997.

#### Performance and robustness of discrete and finite time average consensus algorithms (2018)

###### Luca Faramondi, Roberto Setola, Gabriele Oliva

International Journal of Systems Science

In this paper, we review some of the main discrete and finite time average consensus implementations in the literature, discussing their strengths and shortcomings from a theoretical and empirical point of view. In particular, we compare the computational characteristics of the different algorithms, their behaviour considering different underlying network topologies, their ability to withstand packet losses and their robustness to attacks where a malicious node aims to steer the result of the algorithm towards a desired value, without letting the other nodes detect the attack. Specifically, we will discuss synchronous approaches, where the nodes broadcast their messages, and asynchronous approaches, where the nodes need to be able to address their neighbours individually on a point-to-point basis (i.e. by direct communication between a specific sender and a specific receiver). With the aim to overcome some critical aspects of the considered methodologies, in this paper we present an asynchronous consensus algorithm based on a broadcast-only approach. The algorithm is characterised by a good trade-off between the robustness of synchronous approaches and to low computational demands of asynchronous methods.

#### Faulty or Malicious Anchor Detection Criteria for Distance-Based Localization (2018)

###### Roberto Setola

Critical Information Infrastructures Security: 12th International Conference, CRITIS 2017, Lucca, Italy, October 8-13, 2017, Revised Selected Papers

The reliability of the localization of Wireless Sensor Networks in presence of errors or malicious data alteration is a challenging research topic: recently, several studies have been carried out to identify, remove or neglect the faulted/malicious nodes. This paper addresses the capability of a network, composed of range-capable nodes and anchor nodes (ie, nodes that know their position), to detect a faulty or malicious alteration of the information provided by the anchor nodes. Specifically, we consider biases for the position of anchor nodes that alter the localization of the network, and we provide conditions under which the nodes are able to detect the event, with particular reference to two distance-based localization algorithms, namely trilateration and Shadow Edge Localization Algorithm.

#### A Touchless system for image visualization during surgery: preliminary experience in clinical settings (2018)

###### Carlo Massaroni, Francesco Giurazza, Marco Tesei, Emiliano Schena, F Corvino, M Meneo, L Corletti, R Niola, Roberto Setola

2018 40th Annual International Conference of the IEEE Engineering in Medicine and Biology Society (EMBC)

Today clinicians may access large medical datasets, but very few systems have been designed to allow a practical and efficient exploration of data directly in critical medical environments such as operating rooms (OR). This work aims to assess during tests in laboratory and clinical settings a Surgery Touchless System (STS). This system allows clinicians to interact with medical images by using two different approaches: a gesture recognition and a voice recognition based system. These two methods are based on the use of a Microsoft Kinect and of a selective microphone, respectively. The STS allows navigating in a specifically designed interface, to perform several tasks, among others, to manipulate biomedical images. In this article, we assessed both the recognitions approaches in laboratory with 5 users. In addition, the STS was tested using only the voice-based recognition approach in clinical settings. The assessment was performed during three procedures by two interventional radiologists. The five volunteers and the 2 radiologists filled two questionnaires to assess the system. The system usability was positively evaluated in laboratory tests. From clinical trials emerged that the STS was considered safe and useful by both the radiologists: they used the system an averaged number of times of 10 and 15 for patients, and found the system useful. These promising results allow considering this system useful for providing information not otherwise accessible and limiting the impact of human error during the operation. Future work will be focused on the use of the STS on a high number and different types of procedure.

#### Novel Vulnerability Metrics for Interdependent System based on System Controllability (2018)

###### L Faramondi, G Oliva, V Piemonte

Journal of Physics: Conference Series

In this paper we develop novel vulnerability metrics for interdependent critical infrastructures or economic sectors based on the concept of controllability. Specifically, we consider the Input-Output Inoperability Model, that represents the dynamics of the dependencies and interdependencies among infrastructures or sectors during an adverse event or malicious attack, and we argue that the more the system is controllable via an external perturbation that represents the fault or attack, the more the system is vulnerable. Therefore, we analyze the vulnerability of the system in terms of the magnitude of the associated controllability matrix. Moreover, based on the proposed index, we develop a simple defensive strategy to reduce the effect of an attack. A validation of the approach with respect to real data concludes the paper.

#### Potential and Limits of IoT for Hazardous Job in Process Industries (2018)

###### Paolo Bragatto, Luca Faramondi, Francesco Failla, Maria Grazia Gnoni

CHEMICAL ENGINEERING

In process industries, including refineries, petrochemical plants, air fractioning plants, Oil and gas depots, there are many hazards for workers (both for employees and contractors). Occupational Hazards include thermal extremes, high concentration of toxic or flammable gas and low concentration of oxygen. These hazards are usually controlled by means of procedures, operating instruction, gas sensors, alarms, personal and collective protection equipment. Whilst a few hazards are well known and localized inside the plants, for instance the classified confined spaces or the classified ATEX areas, in other cases, hazards are associated to a high uncertainty, hence, it’s difficult to find a trade-off between the precautionary safety requirements and the work practicality and easiness. The worker, moreover, must be protected, when the hazard is present but cannot be overwhelmed by heavy protection or oversize solution. The potential of IoT enabling technologies, including smart sensoring and human-machine communication, have a huge potential for reducing the uncertainties in hazard detection and promoting a more dynamic approach. The main idea is the adoption of a solution based on wearable and fixed sensors used to dynamically monitoring the environments in order to provide, in real time, information about situation context in order to help the workers to better estimate the actual level of risk. The use of IoT poses new problems, including web security, privacy, workers’ union acceptance. The implementation of IoT solution requires a special attention to these details, in order to avoid defeats in innovation projects. The paper illustrates the preliminary results developed inside the INAIL Bric project SmartBench related to the use of IoT and RFID beacons to provide information in real time about the equipment, the environment and the worker’s physical condition.

#### A suite of distributed methodologies to solve the sparse analytic hierarchy process problem (2018)

###### Marta Menci, Gabriele Oliva, Marco Papi, Roberto Setola, Antonio Scala

2018 European Control Conference (ECC)

In this paper we aim at finding effective distributed algorithms to solve the Sparse Analytic Hierarchy Process (SAHP) problem, where a set of networked agents (e.g., wireless sensors, mobile robots or IoT devices) need to be ranked based on their utility/importance. However, instead of knowing their absolute importance, the agents know their relative utility/importance with respect to their neighbors. Moreover, such a relative information is perturbed due to errors, subjective biases or incorrect information. Recently, the Sparse Eigenvector Method proved its effectiveness in tackling this problem. However, such a method has several drawbacks, such as demanding computation/communication requirements and lack of control on the magnitude of the computed estimate. With the aim to mitigate such issues, in this paper we inspect the possibility to resort to a suite of different methodologies, each inspired to well known algorithms in the literature, i.e., Metropolis-Hastings Markov chains, Heat-Bath Markov chains and formation control. The proposed methodologies are less demanding in terms of memory and communication capabilities; however, each approach has its own strength points and drawbacks. The aim of this paper is thus to provide a numerical comparison of their performances over networks with different characteristics.

#### Experimental analysis of the influencing factors on the response of a tool for epidural space detection (2018)

###### Edoardo Evangelisti, Emiliano Schena, Carlo Massaroni, Daniela Lo Presti, Paola Saccomandi, Massimiliano Carassiti, Paola Palermo, Domenico Formica, Roberto Setola

2018 IEEE International Symposium on Medical Measurements and Applications (MeMeA)

Epidural injection is a local-regional anesthesia technique used both for analgesic and anesthetic purposes. During the procedure, a needle is inserted between two spinous processes, and it is advanced through interspinous ligament, supraspinous ligament skin, ligamentum flavum, and finally it reaches the epidural space. It is crucial the optimal positioning of the needle’s tip within this space to avoid incorrect medication administration or dural puncture. Nowadays, the anaesthetist detects the epidural space by a sense of a resistance loss due to the different density of the mentioned anatomical tissues. In a previous work, we described a bespoke system called Epidural Sensing Management Tool (ESMT) designed to support the anaesthetist in the detection of the epidural space. The system is based on a piezoresistive sensor which measures the pressure exerted by the clinician on the syringe plunger during the procedure. The resistance of the sensor is converted in voltage by a Wheatstone bridge, then is recorded and visualized on a laptop. The aim of this study is twofold: i) to assess the influence of the sensor’s active area on the ESMT response; ii) to assess the influence of the resistance value of the Wheatstone bridge on the ESMT response. At this scope, two sensors with different circular area and Wheatstone bridge with three different resistance values were used. The influence of the two mentioned parameters on the ESMT response was investigated by applying known force in a wide range of values. These experiments were performed considering two different configurations: i) the first set of tests was carried out with a 3 mm-thick cylinder of silicon material (taken from an upper limb of cosmetic prosthetic gloves) interposed between the indenter and the sensor; ii) The second set of tests was carried out by placing the thumb of a volunteer between the indenter and the sensor. Also, the sensor is placed on a syringe plunger used during epidural puncture. This configuration is very close to the clinical settings (force applied to the whole area of the plunger by the thumb). As expected, both the sensor model and the Wheatstone bridge resistance significantly influence the metrological characteristics of the proposed system.

#### NotPetya: un esempio di mobilitazione internazionale (2018)

Giacomo Assenza

Ce.S.I. – Centro Studi Internazionali

A febbraio 2018, i governi membri dell’UKUSA Community (Stati Uniti, Regno Unito, Nuova Zelanda, Australia e Canada) hanno formalmente accusato la Russia, e in particolare l’agenzia di intelligence militare (GRU), di aver creato e diffuso NotPetya, un malware apparso in Ucraina a giugno 2017 che, diffondendosi a macchia d’olio in tutto il mondo, ha provocato miliardi di dollari di danni. Tali accuse, a cui si sono aggiunte dichiarazioni simili da parte di Danimarca, Repubbliche Baltiche, Norvegia, Svezia e Finlandia, rappresentano il primo esempio di attribuzione collettiva a seguito di un cyber-attacco. Sebbene le accuse non siano state seguite da nessuna sanzione o rappresaglia significativa, la mobilitazione collettiva nell’attribuire un attacco informatico può avere un impatto sostanziale sulla condotta degli Stati nel cyberspazio e, tracciando delle soglie di tollerabilità, può costituire il primo passo verso l’instaurazione di un sistema di cyber-deterrenza che oggi sembra mancare.

#### Design and fabrication of a non-invasive, wireless system for monitoring needle insertion during epidural puncture (2018)

###### E Schena, C Massaroni, D Formica, A Mattei, V Piemonte, P Saccomandi, R Setola, M Carassiti

Journal of Physics: Conference Series

Over the last decades epidural analgesia has gathered research interest and broad clinical acceptance. In this procedure, the detection of the epidural space is pivotal to avoid major complications. Although, some systems for supporting the anaesthetist in the epidural space detection are commercially available, this difficult procedure is often performed without any support. In previous articles, our research group described a new approach for a non-invasive detection of the epidural space; the assessment of the system was also performed both on a spinal column simulator and in ex vivo animal model (small pig). The mentioned system is based on a Force Sensing Resistor (FSR) that monitors the load exerted by the anaesthesiologist on the syringe plunger during the procedure. The resistance of the sensor is transduced into a voltage by means of a Wheatstone bridge (WB), then it is amplified, finally it is collected by a remote laptop. When the needle reaches the epidural space, the load applied by the anaesthesiologist decreases, so the consequent change of the system output may be used for the detection of the entrance within this space. The previous version of the system communicates to the laptop via USB. In this article, we described a new version of the system which communicates to the laptop via wireless. This solution aims at facilitating the use of the system in clinical settings. After the description of the measuring system, its preliminary assessment in patients undergoing epidural puncture will be reported.

#### Distributed Utility Estimation With Heterogeneous Relative Information (2018)

###### Marta Menci, Gabriele Oliva, Marco Papi, Roberto Setola, M Zoppello

IEEE Control Systems Letters

In this letter, we consider a scenario where a set of agents, interconnected by a network topology, aim at computing an estimate of their own utility, importance or value, based on pairwise relative information having heterogeneous nature. In more detail, the agents are able to measure the difference between their value and the value of some their neighbors, or have an estimate of the ratio between their value and the value the remaining neighbors. This setting may find application in problems involving information provided by heterogeneous sensors (e.g., differences and ratios), as well as in scenarios where estimations provided by humans have to be merged with sensor measurements. Specifically, we develop a distributed algorithm that lets each agent asymptotically compute a utility value. To this end, we first characterize the task at hand in terms of a least-squares minimum problem, providing a necessary and sufficient condition for the existence of a unique global minimum, and then we show that the proposed algorithm asymptotically converges to a global minimum. This letter is concluded by numerical analyses that corroborate the theoretical findings.

#### Finding critical nodes in infrastructure networks (2018)

###### Luca Faramondi, Roberto Setola, Stefano Panzieri, Federica Pascucci, Gabriele Oliva

International Journal of Critical Infrastructure Protection

It is well known that profiling attacker behavior is an effective way to obtain insights into network attacks and to identify the systems and components that must be protected. This paper presents a novel integer linear programming formulation that models the strategy of an attacker who targets a set of nodes with the goal of compromising or destroying them. The attacker model considers the infliction of the greatest possible damage with minimal attacker effort. Specifically, it is assumed that the attacker is guided by three conflicting objectives: (i) maximization of the number of disconnected components; (ii) minimization of the size of the largest connected component; and (iii) minimization of the attack cost. Compared with other research in the area, the proposed formulation is much more descriptive but has less complexity; thus, it is very useful for predicting attacks and identifying the entities that must be protected. Since exact solutions of the formulation are computationally expensive for large problems, a heuristic algorithm is presented to obtain approximate solutions. Simulation results using a U.S. airport network dataset demonstrate the effectiveness and utility of the proposed approach.

#### A Stackelberg Game-Theoretical Approach to Maritime Counter-Piracy (2018)

###### Gabriele Oliva, Roberto Setola, Marco Tesei

IEEE Systems Journal

In this paper, we provide a maritime counter-piracy framework to represent the strategies put in place and the interaction between a set of actors (patrollers and attackers) in a wide maritime scenario. Specifically, we model the interaction between patrollers and attackers in terms of a Stackelberg leader-follower game. With respect to the previous literature, we provide several innovations, in that we consider moving targets. Moreover, we let the attackers and patrollers ground their decisions not only on the current situation, but also on the expected evolution in the short or medium term. This is done by introducing in the payoff functions some projection terms, i.e., elements able to consider the future evolution of the scenario, up to a specified time window horizon. We conclude this paper with a simulation campaign considering a realistic test bed settled in the Gulf of Aden. Our experiments show that such a prediction is quite effective in generating better decisions allowing the patrollers to dynamically change targets. However, if the time horizon considered in the projection term is too large, we observe that the patrollers tend to patrol the area rather than focusing on specific vessels, and the resulting protection strategy has reduced effectiveness.

#### Network structural vulnerability: a multiobjective attacker perspective (2018)

###### Luca Faramondi, Gabriele Oliva, Stefano Panzieri, Federica Pascucci, Martin Schlueter, Masaharu Munetomo, Roberto Setola

IEEE Transactions on Systems, Man, and Cybernetics: Systems

In this paper, we provide a novel framework to assess the vulnerability/robustness of a network with respect to pair-wise nodes’ connectivity. In particular, we consider attackers that aim, at the same time, at dealing the maximum possible damage to the network in terms of the residual connectivity after the attack and at keeping the cost of the attack (e.g., the number of attacked nodes) at a minimum. Differently from the previous literature, we consider the attacker perspective using a multiobjective formulation and, rather than making hypotheses on the mindset of the attacker in terms of a particular tradeoff between the objectives, we consider the entire Pareto front of nondominated solutions. Based on that, we define novel global and local robustness/vulnerability indicators and we show that such indices can be the base for the implementation of effective protection strategies. Specifically, we propose two different problem formulations and we assess their performances. We conclude this paper by analyzing, as case studies, the IEEE118 power network and the U.S. Airline Network as it was in 1997, comparing the proposed approach against centrality measures.

#### Robustness vs. Control in Distributed Systems (2018)

###### Marta Menci, Gabriele Oliva

Biological Robustness

Understanding and controlling the behavior of dynamical distributed systems, especially biological ones, represents a challenging task. Such systems, in fact, are characterized by a complex web of interactions among their composing elements or subsystems. A typical pattern observed in these systems is the emergence of complex behaviors, in spite of the local nature of the interaction among elements in close spatial proximity. Yet, we point out that each element is a proper system, with its inputs, its outputs and its internal behavior. Moreover, such elements tend to implement feedback control or regulation strategies, where the outputs of a subsystem A are fed as inputs to another subsystem B and so on until, eventually, A itself is influenced. Such complex feedback loops are understood only by considering, at the same time, low- and high-level perspectives, i.e., by regarding such systems as a collection of systems and as a whole, emerging entity. In particular, dynamical distributed systems show nontrivial robustness properties, which are, from one side, inherent to the each subsystem and, from another, depend on the complex web of interactions. In this chapter, therefore, we aim at characterizing the robustness of dynamical distributed systems by using two coexisting levels of abstraction: first, we discuss and review the main concepts related to the robustness of systems, and the relation between robustness, model and control; then, we decline these concepts in the case of dynamical distributed systems as a whole, highlighting similarities and differences with standard systems. We conclude the chapter with a case study related to the chemotaxis of a colony of E. Coli bacteria. We point out that the very reason of existence of this chapter is to make accessible to a vast and not necessarily technical audience the main concepts related to control and robustness of dynamical systems, both traditional and distributed ones.

# Anno 2017

#### Hybrid indoor positioning system for first responders (2017)

###### Francesca De Cillis, Luca Faramondi, Federica Inderst, Stefano Marsella, Marcello Marzoli, Federica Pascucci, Roberto Setola

IEEE Transactions on Systems, Man, and Cybernetics: Systems

In the last decade, many efforts have been devoted to indoor localization and positioning. In this paper, a hybrid indoor localization system has been developed within the European project REFIRE for emergency situations. The REFIRE solution estimates the user’s pose according to a prediction-correction scheme. The user is equipped with a waist-mounted inertial measurement unit and a radio frequency identification (RFID) reader. In the correction phase, the estimation is updated by means of geo-referenced information fetched from passive RFID tags predeployed into the environment. Accurate position correction is obtained through a deep analysis of the RFID system radiation patterns. To this end, extensive experimental trials have been performed to assess the RFID system performance, both in static and dynamic operating conditions. Experimental validation in realistic environments shows the effectiveness of the proposed indoor localization system, even during long-last missions and/or using a limited number of tags.

#### Distributed and proximity-constrained C-means for discrete coverage control (2017)

###### Gabriele Oliva, Andrea Gasparri, Adriano Fagiolini, Christoforos N Hadjicostis

2017 IEEE 56th Annual Conference on Decision and Control (CDC)

In this paper we present a novel distributed coverage control framework for a network of mobile agents, in charge of covering a finite set of points of interest (PoI), such as people in danger, geographically dispersed equipment or environmental landmarks. The proposed algorithm is inspired by c-Means, an unsupervised learning algorithm originally proposed for non-exclusive clustering and for identification of cluster centroids from a set of observations. To cope with the agents’ limited sensing range and avoid infeasible coverage solutions, traditional c-Means needs to be enhanced with proximity constraints, ensuring that each agent takes into account only neighboring PoIs. The proposed coverage control framework provides useful information concerning the ranking or importance of the different PoIs to the agents, which can be exploited in further application-dependent data fusion processes, patrolling, or disaster relief applications.

#### A new pressure guided management tool for epidural space detection: feasibility assessment on a simulator (2017)

###### Massimiliano Carassiti, Alessia Mattei, Rossella Quarta, Carlo Massaroni, Paola Saccomandi, Marco Tesei, Roberto Setola, Emiliano Schena

Artificial organs

The detection of epidural space is usually performed by the technique of loss of resistance (LOR) without technological support, although there are few commercial options. We sought to design and develop a new noninvasive system able to detect the LOR without any changes to the conventional procedure. It allows detecting the LOR by a custom made algorithm. The system provides a visual and acoustic feedback when the LOR is detected. We optimized the detection algorithm and investigated the performance of the system during experiments on a custom simulator. During the experiments performed by 10 anesthetists and 10 trainees, the pressure exerted on the syringe plunger was monitored using the custom‐made system. Each participant performed four experiments using the system on the simulator. The performance of the system in LOR detection was evaluated comparing the feedback activation and the breaches of the last layer of the simulator. Moreover, each participant filled out a questionnaire to assess how the procedure with the simulator mimics the clinical scenario. A higher questionnaire score corresponds to a more realistic condition (0 = not real, 5 = extremely real). Results showed that the LOR was detected in 74 of the 80 trials (92.5% of the cases); the anesthetists obtained better results than trainees: 97.5 versus 87.5%. The questionnaires showed that all the participants found the trial realistic (score ≥3); anesthetists found it more realistic than trainees (4.2 ± 0.78 vs. 3.8 ± 0.78, mean ± SD). In summary, the proposed system successfully detected the LOR in the large part of the trials. The participants found the trials realistic. A higher success rate was observed in the anesthetists group.

#### WSN Deployment and Localization Using a Mobile Agent (2017)

###### Sheng Feng, Chengdong Wu, Yunzhou Zhang, Gabriele Oliva

Wireless Personal Communications

To address the problem the sensors were typically deployed in fixed positions, but the robots can be used to calibrate, deploy and maintain the surrounding wireless sensor network (WSN) in disaster relief applications, a novel framework was proposed to obtain a wide coverage of the unknown environment by the sensors, which can help the robot during the disaster recovery activities, for the concurrent deployment and localization of a WSN by means of a mobile robot. During the mission, the robot explored an unknown environment, and was equipped with both proprioceptive sensors, range finders and wireless antennas. Moreover, the robot carried a set of nodes, and it can deploy them while exploring the unknown environment. Variou experimental results showd the proposed algorithm can outperform trilateration method in unknown environment exploration and network coverage problems.

#### Critical Information Infrastructures Security: 11th International Conference, CRITIS 2016, Paris, France, October 10–12, 2016, Revised Selected Papers (2017)

###### Grigore Havarneanu, Roberto Setola, Hypatia Nassopoulos, Stephen Wolthusen

Computer Science

This book constitutes the post-conference proceedings of the 11th International Conference on Critical Information Infrastructures Security, CRITIS 2016, held in Paris, France, in October 2016. The 22 full papers and 8 short papers presented were carefully reviewed and selected from 58 submissions. They present the most recent innovations, trends, results, experiences and concerns in selected perspectives of critical information infrastructure protection covering the range from small-scale cyber-physical systems security via information infrastructures and their interaction with national and international infrastructures.

#### Sparse and distributed analytic hierarchy process (2017)

###### Gabriele Oliva, Roberto Setola, Antonio Scala

Automatica

The Analytic Hierarchy Process (AHP) is a de-facto standard technique in centralized decision making. Consider a situation where there is a need to rank a set of elements or alternatives, based on their value or utility, of which we just know pairwise relative information, i.e., the ratio of their values. AHP proved an effective tool to retrieve the value of each element, being able to handle also relative information affected by distortions, subjective biases and intransitivity. A downside of AHP, however, is that it requires complete information, i.e., knowledge on all pairs. In this paper, we extend the applicability of the AHP technique to the case of sparse information, i.e., when only a limited amount of information is available, and such an information corresponds to an undirected connected graph. We complement our sparse framework by developing novel criteria and metrics to evaluate the degree of consistency of the data at hand. Moreover, exploiting the proposed framework, we also provide a distributed formulation of AHP in which a set of agents, interacting through an undirected graph, are able to compute their own values (e.g., for ranking or leader election purposes), by only knowing the ratio of their values with respect to their neighbors. To this end, we develop a novel algorithm to let each agent i compute, the dominant eigenvalue and the ith component of the corresponding eigenvector of the sparse AHP matrix. We conclude the paper with a simulation campaign that numerically demonstrates the effectiveness of the proposed approach.

#### Faulty or Malicious Anchor Detection Criteria for Distance-Based Localization (2017)

###### Federica Inderst, Gabriele Oliva, Stefano Panzieri, Federica Pascucci, Roberto Setola

International Conference on Critical Information Infrastructures Security

The reliability of the localization of Wireless Sensor Networks in presence of errors or malicious data alteration is a challenging research topic: recently, several studies have been carried out to identify, remove or neglect the faulted/malicious nodes. This paper addresses the capability of a network, composed of range-capable nodes and anchor nodes (i.e., nodes that know their position), to detect a faulty or malicious alteration of the information provided by the anchor nodes. Specifically, we consider biases for the position of anchor nodes that alter the localization of the network, and we provide conditions under which the nodes are able to detect the event, with particular reference to two distance-based localization algorithms, namely trilateration and Shadow Edge Localization Algorithm.

#### Performance analysis of single and multi-objective approaches for the critical node detection problem (2017)

###### Luca Faramondi, Gabriele Oliva, Roberto Setola, Federica Pascucci, Annunziata Esposito Amideo, Maria Paola Scaparra

International Conference on Optimization and Decision Science

Critical infrastructures are network-based systems which are prone to various types of threats (e.g., terroristic or cyber-attacks). Therefore, it is paramount to devise modelling frameworks to assess their ability to withstand external disruptions and to develop protection strategies aimed at improving their robustness and security. In this paper, we compare six modelling approaches for identifying the most critical nodes in infrastructure networks. Three are well-established approaches in the literature, while three are recently proposed frameworks. All the approaches take the perspective of an attacker whose ultimate goal is to inflict maximum damage to a network with minimal effort. Specifically, they assume that a saboteur must decide which nodes to disable so as to disrupt network connectivity as much as possible. The formulations differ in terms of the attacker objectives and connectivity metrics (e.g., trade-off between inflicted damage and attack cost, pair-wise connectivity, size and number of disconnected partitions). We apply the six formulations to the IEEE24 and IEEE118 Power Systems and conduct a comparative analysis of the solutions obtained with different parameters settings. Finally, we use frequency analysis to determine the most critical nodes with respect to different attack strategies.

#### Stochastic Dynamic Programming in Hospital Resource Optimization (2017)

###### Marco Papi, Luca Pontecorvi, Roberto Setola, Fabrizio Clemente

International Conference on Optimization and Decision Science

The costs associated with the healthcare system have risen dramatically in recent years. Healthcare decision-makers, especially in areas of hospital management, are rarely fortunate enough to have all necessary information made available to them at once. In this work we propose a stochastic model for the dynamics of the number of patients in a hospital department with the objective to improve the allocation of resources. The solution is based on a stochastic dynamic programming approach where the control variable is the number of admissions in the department. We use the dataset provided by one of the biggest Italian Intensive Care Units to test the application of our model. We propose also a comparison between the optimal policy of admissions and an empirical policy which describes the effective medical practice in the department. The method allows also to reduce the variability of the length of stay.

#### Distributed calculation of edge-disjoint spanning trees for robustifying distributed algorithms against man-in-the-middle attacks (2017)

###### Gabriele Oliva, Sebastian Cioabă, Christoforos N Hadjicostis

IEEE Transactions on Control of Network Systems

In this paper, we provide a distributed methodology to allow a network of agents, tasked to execute a distributed algorithm, to overcome Man-in-the-Middle (MITM) attacks that aim at steering the result of the algorithm toward inconsistent values or dangerous configurations. We want the agents to be able to restore the correct result of the algorithm despite the attacks. To this end, we provide a distributed algorithm to let the set of agents, interconnected by an undirected network topology, construct several edge-disjoint spanning trees by assigning labels to their incident edges. The ultimate objective is to use these spanning trees to run multiple instances of the same distributed algorithm in parallel, in order to detect MITM attacks or other faulty or malicious link behavior (e.g., when the instances yield different results) and to restore the correct result (when the majority of instances is unaffected). The proposed algorithm is lightweight and asynchronous, and is based on iterated depth-first visits on the graph. We complement this paper with a thorough analysis of the performance of the proposed algorithms.

#### Ex vivo animal-model assessment of a non-invasive system for loss of resistance detection during epidural blockade (2017)

###### Massimiliano Carassiti, Rossella Quarta, A Mattei, Marco Tesei, Paola Saccomandi, Carlo Massaroni, Roberto Setola, Emiliano Schena

2017 39th Annual International Conference of the IEEE Engineering in Medicine and Biology Society (EMBC)

During recent decades epidural analgesia has gained widespread recognition in many applications. In this complex procedure, anaesthetist uses a specific needle to inject anesthetic into the epidural space. It is crucial the appropriate insertion of the needle through inhomogeneous tissues placed between the skin and the epidural space to minimize anesthetic-related complications (e.g., nausea, headache, and dural puncture). Usually, anaesthetists perform the procedure without any supporting tools, and stop pushing the syringe when they sense a loss of resistance (LOR). This phenomenon is caused by the physical properties of the epidural space: the needle breaks the ligamentum flavum and reaches the epidural space, in this stage the anaesthetist perceives a LOR because the epidural space is much softer than the ligamentum flavum. To support the clinician in this maneuver we designed a non-invasive system able to detect the LOR by measuring the pressure exerted on the syringe plunger to push the needle up to the epidural space. In a previous work we described the system and its assessment during in vitro tests. This work aims at assessing the feasibility of the system for LOR detection on a more realistic model (ex vivo pig model). The system was assessed by analyzing: its ability to hold a constant value (saturation condition) during the insertion of the needle, and its ability to detect the entrance within the epidural space by a decrease of the system’s output. Lastly, the anaesthetist was asked to assess how the ex vivo procedure mimics a clinical scenario. The system reached the saturation condition during the needle insertion; this feature is critical to avoid false positive during the procedure. However, it was not easy to detect the entrance within the epidural space due to its small volume in the animal model. Lastly, the practitioner found real the model, and performed the procedures in a conventional manner because the system did not influence his actions.

#### Cybersecurity of wearable devices: an experimental analysis and a vulnerability assessment method (2017)

###### Matteo Langone, Roberto Setola, Javier Lopez

2017 IEEE 41st annual computer software and applications conference (COMPSAC)

The widespread diffusion of the Internet of Things (IoT) is introducing a huge number of Internet-connected devices in our daily life. Mainly, wearable devices are going to have a large impact on our lifestyle, especially in a healthcare scenario. In this framework, it is fundamental to secure exchanged information between these devices. Among other factors, it is important to take into account the link between a wearable device and a smart unit (e.g., smartphone). This connection is generally obtained via specific wireless protocols such as Bluetooth Low Energy (BLE): the main topic of this work is to analyse the security of this communication link. In this paper we expose, via an experimental campaign, a methodology to perform a vulnerability assessment (VA) on wearable devices communicating with a smartphone. In this way, we identify several security issues in a set of commercial wearable devices.

#### Long-term gait pattern assessment using a tri-axial accelerometer (2017)

###### Francesca De Cillis, Francesca De Simio, Roberto Setola

Journal of medical engineering & technology

In this article, we present a pervasive solution for gait pattern classification that uses accelerometer data retrieved from a waist-mounted inertial sensor. The proposed algorithm has been conceived to operate continuously for long-term applications. With respect to traditional approaches that use a large number of features and sophisticated classifiers, our solution is able to assess four different gait patterns (standing, level walking, stair ascending and descending) by using three features and a decision tree. We assess the algorithm detection performances using data that we retrieved from a validation group composed by nine young and healthy volunteers, for a total number of 36 tests and 12.5 h of recorded acceleration data. Experimental results show that in continuous applications the proposed algorithm is able to effectively discriminate between standing (100%), level walking (∼99%), stair ascending (∼84%), and descending (∼85%), with an average classification accuracy for the four patterns that exceeds 92% in continuous, long-lasting applications.

#### An analytic hierarchy process approach for the security assessment of high speed railway construction sites (2017)

###### 2nd International Conference on Engineering Sciences and Technologies, CRC Press
The construction of High Speed Railways often faces an increasing number of obstacles because of the opposition of the local population and the environmental activist movements, or similar ideological groups. Therefore, the need of identifying the optimal location for the construction sites to minimize both the overall costs of the project and the risk of negative consequences is a key point, since security in construction sites has become a critical issue.
In this paper, we illustrate a methodology specifically developed to support the analysis for the optimal location of the construction sites for the 57km tunnel of the high speed railway Lyon-Turin. To perform the security assessment, we adopted the Analytic Hierarchy Process (AHP), properly tailored to manage the peculiarities of this specific security problem. The proposed framework has been used to perform an iterative analysis aimed at identifying the most suitable construction site locations, under given objectives and constraints.

#### Risk Assessment for Critical Infrastructure (2017)

###### Inga Žutautaitė, Linas Martišauskas, Ričardas Krikštolaitis, Juozas Augutis, Vika Juričkaitė, Roberto Setola

Critical Infrastructures: Enhancing Preparedness & Resilience for the Security of Citizens and Services Supply Continuity

In the paper, a general risk assessment procedure for critical infrastructure (CI) is based on the assessment of criticality of CI elements due to the consequences of loss of their functionality, and estimation of probabilities associated with these criticalities. Bayesian networks method was applied to estimate probabilities of unfunctionality of CI elements to capture the impact of various factors, which influence CI functionality. Implementation of the proposed approach is illustrated by pilot calculations for energy CI of Lithuania.

#### Positive Systems: Theory and Applications (POSTA 2016) Rome, Italy, September 14-16, 2016 (2017)

###### Filippo Cacace, Lorenzo Farina, Roberto Setola, Alfredo Germani

Control Engineering

This book presents high-quality original contributions on positive systems, including topics such as: monotone dynamical systems in mathematical biology and game theory; mathematical developments for networked systems in biology, chemistry and the social sciences; linear and nonlinear positive operators; dynamical analysis, observation and control of positive distributed parameter systems; stochastic realization theory; biological systems with positive variables and positive controls; iterated function systems; nonnegative dynamic processes; and dimensioning problems for collaborative systems. The book comprises a selection of the best papers presented at the POSTA 2016, the 5th International Symposium on Positive Systems, which was held in Rome, Italy, in September 2016. This conference series represents a targeted response to the growing need for research that reports on and critically discusses a wide range of topics concerning the theory and applications of positive systems.

#### Monitoring system reaction in cyber-physical testbed under cyber-attacks (2017)

###### Giuseppe Bernieri, Estefania Etcheves Miciolino, Federica Pascucci, Roberto Setola

Computers & Electrical Engineering

In this paper, we exploit the cyber-physical testbed developed within the EU Project FACIES to analyze how monitor systems, typically used in Industrial Control Systems, may be prone to fail when facing cyber-attacks. Specifically, through several experimental trials, we test the poor ability of a Fault Diagnosis module to correctly manage cyber-attacks, which generally turn to be considered physical faults, forcing operators to perform erroneous countermeasures. To conclude, we outline how the presence of a cyber Intrusion Detection System improves the effectiveness and the reliability of the protection schema. The experimental validation has been carried out on an emulated water distribution system.

#### Fault diagnosis and network anomaly detection in water infrastructures (2017)

###### Estefanía Etchevés Miciolino, Roberto Setola, Giuseppe Bernieri, Stefano Panzieri, Federica Pascucci, Marios M Polycarpou

IEEE Design & Test

Testing cybersecurity techniques for critical infrastructure on real-world setups is economically infeasible and lacks flexibility. In order to address this challenge, this article presents a testbed for water infrastructures capable of accurately assessing the effectiveness of cybersecurity solutions.

#### Improving the Automatic Identification of Malicious Android Apps in Unofficial Stores through Logo Analysis (2017)

###### Luca Vollero, Daniele Biondo, R Setola, Gianluca Bocci, Rocco Mammoliti, Alessandra Toma

International Conference on Information System Security and Privacy ICISSP

The wide diffusion of mobile devices and the ability of users to customize their experience through applications (Apps) is opening to new problems related to privacy, security and data integrity for the mobile ecosystem. Smartphones, in general, and Android devices, in particular, are rapidly becoming emerging threat vectors of cybercrime activities. Unofficial Android markets, especially those with weak controls on published Apps, are the places where frauds may easily start and spread. Hence, the ability to identify and quickly shut down deceptive Apps is of paramount importance in the protection of users, services and infrastructures. Traditional approaches that aim at mitigating the presence of malicious Apps in unofficial markets, are based on crawlers for scanning stores and checking the words used in Apps’ description. These methods works very well when the App’s title, keywords and description match specific patterns that identify services to protect and the application owner or App’s signature do not match expected ones. Unluckily, the performance of such methods reduce sharply when the store adopts a language that is not supported by the recognition system or the App publisher uses misleading words in the App’s description. Nevertheless, App publishers always use a logo which is familiar to the user in order to highlight the application and increase the probability that the users install it. In this paper we presents a system that overcomes the limitation of traditional approaches including logo analysis in the process of App recognition. Our contribution is the definition and evaluation of a logo-based complementary system to be used in conjunction with traditional approaches based on word lists checking. The system and the performance of the proposed solution are presented and analyzed in the paper.

#### Risk assesment for critical infrastructure (2017)

###### Roberto Setola, Inga Žutautaitė, Linas Martišauskas, Ričardas Krikštolaitis, Juozas Augutis, Vika Juričkaitė

Critical infrastructures: enhancing preparedness & resilience for the security of citizens and services supply continuity

In the paper, a general risk assessment procedure for critical infrastructure (CI) is based on the assessment of criticality of CI elements due to the consequences of loss of their functionality, and estimation of probabilities associated with these criticalities. Bayesian networks method was applied to estimate probabilities of unfunctionality of CI elements to capture the impact of various factors, which influence CI functionality. Implementation of the proposed approach is illustrated by pilot calculations for energy CI of Lithuania

# Anno 2016

#### Distributed asynchronous Cholesky decomposition (2016)

###### Gabriele Oliva, Roberto Setola, Christoforos N Hadjicostis

2016 IEEE 55th Conference on Decision and Control (CDC)

The Cholesky decomposition represents a fundamental building block in order to solve several matrix-related problems, ranging from matrix inversion to determinant calculation, and it finds application in several contexts, e.g., in Unscented Kalman Filters or other least-square estimation problems. In this paper we develop a distributed algorithm for performing the Cholesky decomposition of a sparse matrix. We model a network of n agents as a connected undirected graph, and we consider a symmetric positive definite n × n matrix M with the same structure as the graph (i.e., except for the diagonal entries, nonzero coefficients mij are allowed only if there is a link between the i-th and the j-th agent). We develop an asynchronous and distributed algorithm to let each agent i calculate the nonzero coefficients in the i-th column of the Cholesky decomposition of M. With respect to the state of the art, the proposed algorithm does not require orchestrators and finds application in sparse networks with limited bandwidth and memory requirements at each node.

#### Distributed C-means data clustering algorithm (2016)

###### Gabriele Oliva, Roberto Setola, Christoforos N Hadjicostis

2016 IEEE 55th Conference on Decision and Control (CDC)

In this paper we provide a distributed and asynchronous implementation of the C-means data clustering algorithm to let the agents in a sensor network partition themselves based on the observations available at each node (e.g., sensor data, positions, etc.) and to identify a small set of values which are representative of the observations. The clusters thus obtained are not mutually exclusive, in that each node is allowed to belong with different intensity to the different clusters. The proposed approach amounts to repeated depth-first visits of the network and imposes low requirements on memory, communication bandwidth and algorithmic complexity.

#### Railway Station Surveillance System Design: A Real Application of an Optimal Coverage Approach (2016)

###### Francesca De Cillis, Stefano De Muro, Franco Fiumara, Roberto Setola, Antonio Sforza, Claudio Sterle

International Conference on Critical Information Infrastructures Security

The design of an effective and efficient surveillance system is fundamental for the protection of the Critical Infrastructures. In a railway station, this requirement turns on as an urgent prerequisite: for its intrinsic nature, a station represents a complex environment to be monitored for both safety and security reasons. In this work, we show how the video surveillance system of a real terminal railway station can be effectively designed in terms of sensor placement problem using an optimal coverage approach. The obtained results confirm the effectiveness of the proposed method in supporting security experts in both the design and reconfiguration of a surveillance system, in order to increase the asset security level.

#### Critical clusters in interdependent economic sectors (2016)

###### Gabriele Oliva, Roberto Setola, Stefano Panzieri

The European Physical Journal Special Topics

In this paper we develop a data-driven hierarchical clustering methodology to group the economic sectors of a country in order to highlight strongly coupled groups that are weakly coupled with other groups. Specifically, we consider an input-output representation of the coupling among the sectors and we interpret the relation among sectors as a directed graph; then we recursively apply the spectral clustering methodology over the graph, without a priori information on the number of groups that have to be obtained. In order to do this, we resort to the eigengap criterion, where a suitable number of groups is selected automatically based on the intensity and structure of the coupling among the sectors. We validate the proposed methodology considering a case study for Italy, inspecting how the coupling among clusters and sectors changes from the year 1995 to 2011, showing that in the years the Italian structure underwent deep changes, becoming more and more interdependent, i.e., a large part of the economy has become tightly coupled.

#### Improving the Safety and the Operational Efficiency of Emergency Operators via On Field Situational Awareness (2016)

###### Francesca De Cillis, F Inderst, F Pascucci, R Setola, M Tesei, P Bragatto

Chemical Engineering Transactions

In rescue missions, the situational awareness represents an essential tool in supporting rescue team operating in unknown and complex indoor environments. In case of fire in highly congested industrial scenarios (eg, refineries, oil depots, petrochemical plants, etc.), the smoke may reduce the awareness of the rescuer about potential local resources/hazards, affecting both operational efficiency and personal safety. The mitigation of potential consequences arising from major accidents can be limited providing the emergency staff with tools able to foster their role on field. In this paper, we present the RISING (indooR localizatIon and building maintenance using radio frequency Identification and inertial NaviGation) project that is devoted to support on field operators supplying them with a system for situational awareness and personal indoor positioning. The RISING solution is based on the integration of the RFID technology with the inertial navigation. A set of RFID tags, conveniently preinstalled in the working environment, can store information about their absolute position and the site of local items. This information can be easily retrieved on-the-fly using RFID readers and displayed on smart devices with which the user is equipped (eg, tablet and/or smartphone) to allow on field situational awareness.

#### Access Time Eccentricity and Diameter (2016)

###### Gabriele Oliva, Antonio Scala, Roberto Setola, Luigi Glielmo

International Symposium on Positive Systems

In this chapter we study the access time on random walks, i.e., the expected time for a random walk starting at a node  to reach a node , an index that can be easily calculated resorting to the powerful tools of positive systems. In particular, we argue that such an index can be the base for developing novel topological descriptors, namely access time eccentricity and diameter. While regular eccentricities and diameter are defined considering minimum paths, the indices defined in this chapter are related to random movements across the network, which may follow inefficient paths, and are thus a complementary measure to identify central and peripheral nodes and to set adequate time-to-live for the packets in a network of distributed agents, where few or no routing information is available. A simulation campaign aimed at showing the characteristics of the proposed indices concludes the chapter.

#### A cost-effective, non-invasive system for pressure monitoring during epidural needle insertion: Design, development and bench tests (2016)

###### Marco Tesei, Paola Saccomandi, Carlo Massaroni, Rossella Quarta, Massimiliano Carassiti, Emiliano Schena, Roberto Setola

2016 38th Annual International Conference of the IEEE Engineering in Medicine and Biology Society (EMBC)

Epidural blockade procedures have gained large acceptance during last decades. However, the insertion of the needle during epidural blockade procedures is challenging, and there is an increasing alarming risk in accidental dural puncture. One of the most popular approaches to minimize the mentioned risk is to detect the epidural space on the base of the loss of resistance (LOR) during the epidural needle insertion. The aim of this paper is to illustrate an innovative and non-invasive system able to monitor the pressure exerted during the epidural blockade procedure in order to detect the LOR. The system is based on a Force Sensing Resistor (FSR) sensor arranged on the top of the syringe’s plunger. Such a sensor is able to register the resistance opposed to the needle by the different tissues transducing the pressure exerted on the plunger into a change of an electrical resistance. Hence, on the base of a peculiar algorithm, the system automatically detects LOR providing visual and acoustic feedbacks to the operator improving the safety of the procedure. Experiments have been performed to characterize the measurement device and to validate the whole system. Notice that the proposed solution is able to perform an effective detection of the LOR.

#### Distributed cycle detection and removal (2016)

###### Gabriele Oliva, Roberto Setola, Luigi Glielmo, Christoforos N Hadjicostis

IEEE Transactions on Control of Network Systems

In this paper, we provide distributed algorithms to detect and remove cycles in a directed relational graph by exploiting the underlying undirected communication graph; the relational graph models a relation among the agents, e.g., a pairwise ordering, while the communication graph captures how information can be shared among them. Specifically, we provide a synchronous distributed algorithm to detect cycles in the relational graph, by exploiting the fact that nodes with zero in-degree or zero outdegree can not be part of a cycle, and can be iteratively removed without creating new loops in the relational topology. The proposed algorithm considerably improves transmission efficiency (the number of messages and bandwidth required) compared to the state of the art. We demonstrate that the problem of making the relational graph acyclic by swapping the orientation of a minimum number of edges is NP-Complete and APX-Hard; for this reason, we develop an efficient, yet suboptimal, distributed algorithm to remove the cycles by swapping the direction of some of the links. The methodology provided in this paper finds application in several distributed control problems where the agents must be interconnected via a directed acyclic graph, such as cluster consensus, formation control or multiple leader election. Extensive numerical analysis emphasizes the effectiveness of the proposed solution with respect to the state of the art.

#### Critical node detection based on attacker preferences (2016)

###### Luca Faramondi, Gabriele Oliva, Federica Pascucci, Stefano Panzieri, Roberto Setola

2016 24th Mediterranean Conference on Control and Automation (MED)

The identification of Critical Nodes in technological, biological and social networks is a fundamental task in order to comprehend the behavior of such networks and to implement protection or intervention strategies aimed at reducing the network vulnerability. In this paper we focus on the perspective of an attacker that aims at disconnecting the network in several connected components, and we provide a formulation of the attacker behavior in terms of an optimization problem with two concurrent objectives: maximizing the damage dealt while minimizing the cost or effort of the attack. Such objectives are mediated according to the subjective preferences of the attacker. Specifically, the attacker identifies a set of nodes to be removed in order to disconnect the network in at least m connected components; the final objective is from one side to minimize the number of attacked nodes, and from another side to minimize the size of the largest connected component. We complement the paper by providing an heuristic approach to calculate an admissible solution to the problem at hand, based on the line graph of the original network topology and on the spectral clustering methodology.

#### Distributed finite-time calculation of node eccentricities, graph radius and graph diameter (2016)

###### Gabriele Oliva, Roberto Setola, Christoforos N Hadjicostis

Systems & Control Letters

The distributed calculation of node eccentricities, graph radius and graph diameter are fundamental steps to tune network protocols (eg, setting an adequate time-to-live of packets), to select cluster heads, or to execute distributed algorithms, which typically depend on these parameters. Most existing methods deal with undirected topologies and have high memory and/or bandwidth requirements (or simply provide a bound on the diameter to reduce such costs). Other approaches, instead, require nodes able to communicate with their neighbors on a point-to-point basis, thus requiring each node to be aware of its neighbors. In this paper, we consider strongly connected directed graphs or connected undirected graphs, and we develop an algorithm that takes advantage of the robustness and versatility of the max-consensus algorithm, and has low computational, memory and bandwidth requirements.

#### Localization of networks with presence and distance constraints based on 1-hop and 2-hop mass–spring optimization (2016)

###### Gabriele Oliva, Roberto Setola, Stefano Panzieri, Federica Pascucci

ICT Express

In this paper we consider the localization of a sensor network where the nodes are heterogeneous, in that some of them are able to measure the distance from their neighbors, while some others are just able to detect their presence, and we provide a post-processing algorithm that can be used to improve an initial estimate for the location of the nodes, based on a mass–spring optimization approach, taking into account presence and distance information, as well as one-hop and two-hop information.

#### A new model for the length of stay of hospital patients (2016)

###### Marco Papi, Luca Pontecorvi, Roberto Setola

Health care management science

Hospital Length of Stay (LoS) is a valid proxy to estimate the consumption of hospital resources. Average LoS, however, albeit easy to quantify and calculate, can be misleading if the underlying distribution is not symmetric. Therefore the average does not reflect the nature of such underlying distribution and may mask different effects. This paper uses routinely collected data of an Italian hospital patients from different departments over a period of 5 years. This will be the basis for a running example illustrating the alternative models of patients length of stay. The models includes a new density model called Hypergamma. The paper concludes by summarizing these various modelling techniques and highlighting the use of a risk measure in bed planning.

#### Distributed finite-time average-consensus with limited computational and storage capability (2016)

###### Gabriele Oliva, Roberto Setola, Christoforos N Hadjicostis

IEEE Transactions on Control of Network Systems

Consensus is a fundamental feature of distributed systems, and it is the prerequisite for several complex tasks, such as flocking of mobile robots, localization in wireless-sensor networks, or decentralized control of smart grids. Average consensus, in particular, is quite challenging, because it is typically obtained asymptotically, while few finite-time algorithms are available. In this paper, we provide a methodology to achieve distributed average consensus in finite time, while maintaining low computational and memory requirements, and small completion times. The provided solution, namely, finite-time average-consensus by iterated max-consensus (FAIM) is based on several runs of the max-consensus algorithm, and has low memory requirements for each node. Compared to existing Flooding approaches, the proposed algorithm requires less memory, at the cost of a slight increase in the number of steps required for termination. The FAIM algorithm assumes that the nodes are aware of an upper bound on the network diameter. To relax this assumption, we complement this paper with a novel distributed algorithm that, in the case of undirected graphs, provides an upper bound on the network diameter which, in the worst case, is twice the actual diameter. A comparison of the proposed finite-time algorithm against the state of the art concludes this paper.

#### Distributed, Sparse and Asynchronous C-Means for Robust Coverage with Networked Robots (2016)

###### Gabriele Oliva, Andrea Gasparri, Adriano Fagiolini, Christoforos N Hadjicostis

CoRR

In this paper we present a novel coverage framework for a network of mobile robots that aim at covering a finite and discrete set of points of interest. The proposed framework is non-exclusive, in that each point of interest can be covered by multiple robots with different intensities, thus resulting in a partly overlapping segmentation of the points of interest in groups covered each by a specific robot. This property improves robustness of our solution for the fact that each point of interest may remain covered by secondary robots, in case the main one becomes unable to fully perform its intended functions. Moreover, the intensity of the associations represents valuable meta-information that can be the basis for implementing complex interaction tasks among robots and points of interests, eg, in order to define priorities or to elect a leader in case of emergency at some specific point of interest. The proposed algorithm is distributed, asynchronous, and near-optimal, and it is based on the C-means, originally proposed for non-exclusive clustering and for cluster centroid identification of a set of observations. We also cope with limited sensing range of robots, which cannot be addressed by traditional C-means, thus leading to an unfeasible coverage solution. In fact, the proposed sparse C-means can enforce robots to take into account only neighboring points of interest.

#### Critical clusters in interdependent economic sectors A data-driven spectral clustering analysis (2016)

###### Gabriele Oliva, Roberto Setola, Stefano Panzieri

The European Physical Journal Special Topics

In this paper we develop a data-driven hierarchical clustering methodology to group the economic sectors of a country in order to highlight strongly coupled groups that are weakly coupled with other groups. Specifically, we consider an input-output representation of the coupling among the sectors and we interpret the relation among sectors as a directed graph; then we recursively apply the spectral clustering methodology over the graph, without a priori information on the number of groups that have to be obtained. In order to do this, we resort to the eigengap criterion, where a suitable number of groups is selected automatically based on the intensity and structure of the coupling among the sectors. We validate the proposed methodology considering a case study for Italy, inspecting how the coupling among clusters and sectors changes from the year 1995 to 2011, showing that in the years the Italian structure underwent deep changes, becoming more and more interdependent, i.e., a large part of the economy has become tightly coupled.

#### Positive Systems (2016)

###### Filippo Cacace, Lorenzo Farina, Roberto Setola, Alfredo Germani

Lecture Notes in Control and Information Sciences LNCIS

Positive systems are dynamical systems whose state variables are positive (or at least nonnegative) in value at all times. Such exceedingly simple definition is nevertheless full of far-reaching consequences both on theory and applications of dynamical systems. Moreover, positivity of variables is readily available information, stemming directly from the intrinsic nature of the phenomenon of interest. It is therefore not surprising that many researchers, coming from very different areas of dynamical systems and control, joined together in Rome, for the second time from 2003, to give rise to the fifth edition of the POSTA conference (Positive Systems Theory and Applications) in September 14–16, 2016.

#### Managing the complexity of critical infrastructures (2016)

###### Roberto Setola, Vittorio Rosato, Elias Kyriakides, Erich Rome

Studies in Systems, Decision and Control

This book collects the tutorial material developed by the authors during the six editions of the Master Classes and Courses on Modelling, Simulation and Analysis of Critical Infrastructures. These training events attracted more than 200 students from all over Europe and represented the cornerstone instrument for the training program developed inside the Critical Infrastructure Preparedness and Resilience Research Network (CIPRNet) project.
CIPRNet is a Network of Excellence in the field of Critical Infrastructure Protection (CIP) composed of twelve outstanding institutions on the different topics involved in the CIP domain and co-funded by the European Union under the Seventh Framework Programme (FP7) for research, technological development and demonstration.

#### Modelling dependencies between critical infrastructures (2016)

###### Roberto Setola, Marianthi Theocharidou

Managing the complexity of critical infrastructures

This chapter provides an overview about dependencies among infrastructures and discusses how they can be adequately captured, modelled and analyzed. It provides a taxonomy overview of the most adopted methods with a focus on the IIM (Input-output Inoperability Model) and on topological approaches.

#### Critical infrastructures, protection and resilience (2016)

###### Roberto Setola, Eric Luiijf, Marianthi Theocharidou

Managing the Complexity of Critical Infrastructures

This chapter introduces the concept of Critical Infrastructure (CI). Although old civilisations had CI, the protection and resilience of CI has come to the fore again in the last two decades. The risk to society due to inadvertent and deliberate CI disruptions has largely increased due to interrelation, complexity, and dependencies of these infrastructures. The increased use of information and telecommunication technologies (ICT) to support, monitor, and control CI functionalities has contributed to this. The interest in CI and complex systems is strongly related to initiatives by several governments that from the end of the 90s of the previous century recognised the relevance of the undisturbed functioning of CI for the wellbeing of their population, economy, and so on. Their policies highlighted early the increasing complexity of CI and the challenges of providing such CI services without disruption, especially when accidental or malicious events occur. In recent years, most national policies have evolved following a direction from protection towards resilience. The need for this shift in perspective and these concepts are also analysed in this chapter.

#### Game Theoretical Approach for Dynamic Active Patrolling in a Counter-Piracy Framework (2016)

###### Francesca De Simio, Marco Tesei, Roberto Setola

Recent Advances in Computational Intelligence in Defense and Security

Maritime piracy has become an important security focus area due to the influence that this phenomenon has on the global economy (Bowden, The economic costs of maritime piracy. Technical Report. Oceans Beyond Piracy, One Earth Future Foundation, 2011

# Anno 2015

#### Communications network analysis in a SCADA system testbed under cyber-attacks (2015)

###### Estefanía Etchevés Miciolino, Giuseppe Bernieri, Federica Pascucci, Roberto Setola

2015 23rd Telecommunications Forum Telfor (TELFOR)

Cyber-Physical Systems become more and more complex due to the technological evolution of components and interconnections. The network assessment of these systems becomes complicated due to the significant consequences of possible incidents, as Critical Infrastructure represent remarkable systems. Thus, despite the large literature on cyber-attacks, few works address the network unavailability in industrial control systems. In this paper, the results of several cyber-attacks against a Cyber-Physical testbed, in terms of communications, are investigated.

#### Characterization of protein–protein interfaces through a protein contact network approach (2015)

###### Luisa Di Paola, Chiara Bianca Maria Platania, Gabriele Oliva, Roberto Setola, Federica Pascucci, Alessandro Giuliani

Frontiers in Bioengineering and Biotechnology

Anthrax toxin comprises of three different proteins, jointly acting to exert toxic activity: a non-toxic protective agent (PA), toxic edema factor (EF) and lethal factor (LF). Binding of PA to anthrax receptors promotes oligomerization of PA, binding of EF and LF, then endocytosis of the complex. Homomeric forms of PA, complexes of PA bound to LF and to the endogenous receptor capillary morphogenesis gene 2 (CMG2) were analyzed. In this work, we characterized protein-protein interfaces (PPIs) and identified key residues at PPIs of complexes, by means of a protein contact network (PCN) approach. Flexibility, global and local topological properties of each PCN were computed. The vulnerability of each PCN was calculated using different node removal strategies, with reference to specific PCN topological descriptors: participation coefficient, contact order and degree. The participation coefficient P, the topological descriptor of the node’s ability to intervene in protein inter-module communication, was the key descriptor of PCN vulnerability of all structures. High P residues were localized both at PPIs and other regions of complexes, so that we argued an allosteric mechanism in protein-protein interactions. The identification of residues, with key role in the stability of PPIs, has a huge potential in the development of new drugs; which would be designed to target not only PPIs but also residues localized in allosteric regions of supramolecular complexes.

#### Augmenting rescuer safety using wireless sensor networks (2015)

###### Federica Inderst, Federica Pascucci, Gabriele Oliva, Roberto Setola

2015 International Conference on Indoor Positioning and Indoor Navigation (IPIN)

Localization and tracking are fundamental features in emergency response operations, where the mission leader needs to be aware of the team location. This paper addresses the localization for rescuers by exploiting wireless sensor networks embedded in the environment. Specifically, a pre-deployed network is considered and a localization algorithm is designed to find the location of the node and to track the rescuers cooperatively. Nodes estimate their own positions, while rescuers improve and augment their location awareness during mission by navigating across via points suggested by the network, thus improving the overall localizability. Experimental results show the effectiveness of the approach.

#### Identifying critical infrastructure clusters via spectral analysis (2015)

###### Gabriele Oliva, Stefano Panzieri, Roberto Setola

International Conference on Critical Information Infrastructures Security

In this paper we discuss how to identify groups composed of strictly dependent infrastructures or subsystems. To this end we suggest the use of spectral clustering methodologies, which allow to partition a set of elements in groups with strong intra-group connections and loose inter-group coupling. Moreover, the methodology allows to calculate in an automatic way a suitable number of subsets in which the network can be decomposed. The method has been applied to the Italian situation to identify, on the base of the Inoperability Input-Output model, which are the most relevant set of infrastructures. The same approach has been applied also to partition in a suitable way a network, as illustrated with respect to the IEEE 118 Bus Test Case electric grid.

#### The Professional Figure of the Security Liaison Officer in the Council Directive 2008/114/EC (2015)

###### Maria Carla De Maggio, Marzia Mastrapasqua, Roberto Setola

International Conference on Critical Information Infrastructures Security

The Council Directive 2008/114/EC represents a cornerstone for a common European strategy for the protection of Critical Infrastructures. Article 6 comma 2 of the Directive deals with the designation of a Security Liaison Officer for each European Critical Infrastructure. Although his designation is mandatorily stated by the Directive, his role and duties in the organization are not clearly defined. To overcome this lack of standardization across Europe, the present study aims to define and analyze the current scenario of Critical Infrastructure security, and gather opinions regarding the aspiring evolution of the regulatory framework, in order to create a “European vision” of the SLO in terms of background, competences and role.

#### Strategies to improve Critical Infrastructures Robustness against the IEMI threat: a Review of relevant Standards and Guidelines on the topic (2015)

###### Francesca De Simio, Francesca De Cillis, Giustino Fumagalli, Maria Carla De Maggio, Stefan van de Beek, John Dawson, Linda Dawson, Roberto Setola

International Conference on Critical Information Infrastructures Security

This paper aims to provide a brief overview of relevant standards, procedures and guidelines to standard bodies to manage the impact of the Intentional ElectroMagnetic Interference (IEMI) threat. It also provides guidelines for CI operators on how to reduce their exposure on IEMI hazards.

#### Apparatus and method for videorhinohygrometric (VRI) measures (2015)

###### Manuele Casale, Fabrizio Salvinelli, Roberto Setola, Paolo Soda, Valerio Cusimano

Patent for Apparatus and method for videorhinohygrometric (VRI) measures

A videorhinohygrometric measuring apparatus (1) for evaluating parameters associated to the expiratory flow outlet from the nostrils, comprising a camera (4) for acquiring the dynamic image of the condensation that the flow generates on a suitable collecting surface (21) and a processor (5) for the acquired image, operatively connected to the camera (4) and apt to output at least one of the above-mentioned entities.

#### Fall-detection solution for mobile platforms using accelerometer and gyroscope data (2015)

###### Francesca De Cillis, Francesca De Simio, Floriana Guido, Raffaele Antonelli Incalzi, Roberto Setola

2015 37th Annual International Conference of the IEEE Engineering in Medicine and Biology Society (EMBC)

Falls are a major health risk that diminish the quality of life among elderly people. Apart from falls themselves, most dramatic consequences are usually related with long lying periods that can cause serious side effects. These findings call for pervasive long-term fall detection systems able to automatically detect falls. In this paper, we propose an effective fall detection algorithm for mobile platforms. Using data retrieved from wearable sensors, such as Inertial Measurements Units (IMUs) and/or SmartPhones (SPs), our algorithm is able to detect falls using features extracted from accelerometer and gyroscope. While mostly of the mobile-based solutions for fall management deal only with accelerometer data, in the proposed approach we combine the instantaneous acceleration magnitude vector with changes of the user’s heading in a Threshold Based Algorithm (TBA). In such a way, we were able to handle falls detection with minimal computational load, increasing the overall system accuracy with respect to traditional fall management methods. Experimental results show the strong detection performance of the proposed solution in discriminating between falls and typical Activities of Daily Living (ADLs) presenting fall-like acceleration patterns.

#### Noisy localization over unit disk graphs: The shadow edge approach (2015)

###### Gabriele Oliva, Stefano Panzieri, Federica Pascucci, Roberto Setola

2015 American Control Conference (ACC)

Trilateration is an effective way to localize a sensor network based on relative distance measures, but the conditions that guarantee the existence of a solution are quite restrictive. If the network topology is a unit disk graph, however, the localization of the network can be achieved also when the standard trilateration fails, using a priori information about “not being connected”. Such an information can be modeled as additional links, namely shadow edges, that can be used to localize also networks that are not localizable via trilateration. In this paper we inspect the applicability of shadow edge localization in the noisy setting, showing some conditions that guarantee the existence of solution and comparing the results of trilateration and shadow edge localization algorithms in a noisy setting, with respect to the error after a post processing done by means of a recursive least square algorithm. The results show that, besides localizing more nodes, the shadow edge approach has better results in terms of localization error.

#### Railway Infrastructure Security (2015)

###### Roberto Setola, Antonio Sforza, Valeria Vittorini, Concetta Pragliola

Springer

Critical infrastructure protection is a very hard problem, which has been widely tackled in the last 20 years by experts coming from different fields (security managers, university researchers, companies, etc.). The main aim of the research activity has been to develop a deeper understanding of the vulnerabilities of these systems, in order to provide efficient and effective strategies to reduce the risk of attacks and their consequences. The “Railway Infrastructure Security” book arises with the scope of improving this understanding with particular reference to the Railway Infrastructure Systems (RISs), which notwithstanding their symbolic and economic value have not gained the proper attention. To this aim, the book collects different experiences coming from international security experts, academic authorities and leading railway service providers.

#### Distributed data clustering via opinion dynamics (2015)

###### Gabriele Oliva, Damiano La Manna, Adriano Fagiolini, Roberto Setola

International Journal of Distributed Sensor Networks

We provide a distributed method to partition a large set of data in clusters, characterized by small in-group and large out-group distances. We assume a wireless sensors network in which each sensor is given a large set of data and the objective is to provide a way to group the sensors in homogeneous clusters by information type. In previous literature, the desired number of clusters must be specified a priori by the user. In our approach, the clusters are constrained to have centroids with a distance at least ε between them and the number of desired clusters is not specified. Although traditional algorithms fail to solve the problem with this constraint, it can help obtain a better clustering. In this paper, a solution based on the Hegselmann-Krause opinion dynamics model is proposed to find an admissible, although suboptimal, solution. The Hegselmann-Krause model is a centralized algorithm; here we provide a distributed implementation, based on a combination of distributed consensus algorithms. A comparison with k-means algorithm concludes the paper.

#### Sensor networks localization: Extending trilateration via shadow edges (2015)

###### Gabriele Oliva, Stefano Panzieri, Federica Pascucci, Roberto Setola

IEEE Transactions on Automatic Control

Distance-based network localization is known to have solution, in general, if the network is globally rigid. In this technical note we relax this condition with reference to unit disk graphs. To this end, shadow edges are introduced to model the fact that selected nodes are not able to sense each other. We provide a localization algorithm based on such edges and a necessary and sufficient localizability condition. We also investigate the relation between the proposed approach and trilateration, showing from both a theoretical and empirical perspective that shadow edge localization succeeds also when trilateration fails.

#### Inertial-based smart indoor localisation system (2015)

###### Federica Inderst, Federica Pascucci, Francesca De Cillis, Roberto Setola

SemanticScholar

The location-aware technologies are crucial for cyber physical applications. In this contribution, a smart indoor localisation system is proposed: it is able to recognise and track user activities, given the initial pose. The key idea is the well-known prediction-correction approach used in field robotics. To this end, a rough estimate of the user position is formed by exploiting proprioceptive sensors (eg, inertial measurement unit), thereafter it is refined by data collected from the smart environment (eg, radio frequency systems).

#### Vulnerability assessment in RIS scenario through a synergic use of the CPTED methodology and the system dynamics approach (2015)

###### Francesca De Cillis, Maria Carla De Maggio, Roberto Setola

Railway Infrastructure Security

The 9/11 attacks dramatically stressed the fragility of our CI against terrorist and criminal actions. For their peculiarities and symbolic value, CI are largely exposed to attacks, as evident by the large number of targeted incidents that occurred. Within this context, the Railway Infrastructure System (RIS) holds a high-ranking position. Vulnerability analysis and quantitative simulation approach play a crucial role in identifying weak-points and outlying new and more appealing protection strategies. In this chapter, a vulnerability assessment mean fulfilled through a synergic use of System Dynamics method, CPTED (Crime Prevention Through Environmental Design) multidisciplinary approach and crime opportunity theories is depicted. The aim consists in analyzing how different factors may influence the railway asset attractiveness, fragility and vulnerability.

#### Infrastructure interdependencies: Modeling and analysis (2015)

###### Gabriele Oliva, Roberto Setola

Intelligent monitoring, control, and security of critical infrastructure systems

In this chapter some of the most well established approaches to model Critical Infrastructure Interdependencies are discussed. Specifically the holistic methods, where the interaction among infrastructures is seen from a very high level of abstraction, are compared with agent-based models, where the dependency phenomena that may arise among subsystems are considered both in terms of functional and topological relations. In order to better clarify the different approaches, the Input–Output Inoperability Model is discussed as one of the most representative Holistic methodologies; Agent-based methods are then discussed with particular reference to the Agent-Based Input–Output Inoperability Model, an extension of the Input–Output Inoperability Model, developed by the authors.

# Anno 2014

#### Hybrid sensor networks localization dealing with range-capable and range-free nodes (2014)

###### Gabriele Oliva, Christos Laoudias, Federica Pascucci, Roberto Setola, Christos G Panayiotou

2014 International Conference on Indoor Positioning and Indoor Navigation (IPIN)

Distance-based network localization is a very effective way to obtain the position of nodes in a network via range measuring; this, however, requires nodes with nontrivial sensing capabilities. Range-free techniques, conversely, use much simpler nodes but often provide just a rough estimate on the node’s position. In this paper we develop a hybrid localization algorithm that combines range-free and distance-based sensors. A detailed simulation campaign aimed at corroborating the findings and at showing the potentialities of the approach concludes the paper.

#### Improving Situational Awareness for First Responders (2014)

###### Francesca De Cillis, Francesca De Simio, Federica Inderst, Luca Faramondi, Federica Pascucci, Roberto Setola

International Conference on Critical Information Infrastructures Security

This paper aims at exploring a novel approach for indoor localisation by exploiting data fusion. Specifically, personnel localisation in rescue scenarios is addressed: the key idea is to increase the situation awareness of rescuers. A pedestrian dead reckoning algorithm based on waist mounted inertial sensors is designed to cope with different human activities. The drifting estimate is re-calibrated by using information gathered from the environment. The outcomes of experimental trials performed in a real scenario are reported.

#### Critical infrastructure online fault detection: Application in water supply systems (2014)

###### Constantinos Heracleous, Estefanía Etchevés Miciolino, Roberto Setola, Federica Pascucci, Demetrios G Eliades, Georgios Ellinas, Christos G Panayiotou, Marios M Polycarpou

International Conference on Critical Information Infrastructures Security

In this paper we first introduce a testbed that is able to emulate the operation and common faults of a water supply system, as well as its interaction with a SCADA system. Then we implement an online fault detection algorithm based on a fault diagnosis architecture for nonlinear uncertain discrete-time systems, that we apply and test with the testbed. We finally present some experimental results illustrating the effectiveness of this approach.

#### Dependencies analysis in emergency scenarios (2014)

###### Roberto Setola, Domenico Lorusso, Maria Carla De Maggio

2014 International Carnahan Conference on Security Technology (ICCST)

Recently, the “All Hazard” paradigm gained a large interest in the framework of Critical Infrastructure Protection, stressing the importance to guarantee an adequate level of service continuity in spite of any type of negative events, ranging from natural disasters to technological faults, considering both accidental and malicious actions. However, such an approach makes more difficult the analysis of the scenario, because experts have to consider a multitude of possible causes and their possible effects. Moreover, there is the need to consider, further to the direct consequences, also those induced by second or higher-level effects, i.e. the consequences induced by dependencies on other systems and cascading effects on the population. To help experts in this hard task, within the EC co-funded project Threvi2, the authors developed an approach to manage the cause-effect relationships using a taxonomic framework, where the different causes are decomposed in their elementary effects, and then grouped into classes of threats.

#### Indoor positioning system using walking pattern classification (2014)

###### Francesca De Cillis, Francesca De Simio, Luca Faramondi, Federica Inderst, Federica Pascucci, Roberto Setola

22nd Mediterranean Conference on Control and Automation

In the age of automation the ability to navigate persons and devices in indoor environments has become increasingly important for a rising number of applications. While Global Positioning System can be considered a mature technology for outdoor localization, there is no off-the-shelf solution for indoor tracking. In this contribution, an infrastructure-less Indoor Positioning System based on walking feature detection is presented. The proposed system relies on the differences characterizing different human actions (e.g., walking, ascending or descending stairs, taking the elevator). The motion features are extracted in time domain by exploiting data provided by a 9DoF Inertial Measurement Unit. The positioning algorithm is based on walking distance and heading estimation. Step count and step length are used to determine the walking distance, while the heading is computed by quaternions.

#### Distance-constrained data clustering by combined k-means algorithms and opinion dynamics filters (2014)

###### Gabriele Oliva, Damiano La Manna, Adriano Fagiolini, Roberto Setola

22nd Mediterranean Conference on Control and Automation

Data clustering algorithms represent mechanisms for partitioning huge arrays of multidimensional data into groups with small in-group and large out-group distances. Most of the existing algorithms fail when a lower bound for the distance among cluster centroids is specified, while this type of constraint can be of help in obtaining a better clustering. Traditional approaches require that the desired number of clusters are specified a priori, which requires either a subjective decision or global meta-information knowledge that is not easily obtainable. In this paper, an extension of the standard data clustering problem is addressed, including additional constraints on the cluster centroid distances. Based on the well-known Hegelsmann-Krause opinion dynamics model, an algorithm that is capable to find admissible solutions is given. A key feature of the algorithm is the ability to partition the original set of data into a suitable number of clusters, without the necessity to specify such a number in advance. In the proposed approach, instead, the maximum distance among any pair of cluster centroids is specified.

#### Decentralized route guidance architectures with user preferences in urban transportation networks (2014)

###### L Adacher, G Oliva, F Pascucci

Procedia-Social and Behavioral Sciences

In the last decades, the increase of traffic and the limited capacity of urban networks, has led to the development of algorithms for traffic management and route guidance. The route guidance systems may cause a well-known dilemma by suggesting the same path to too many drivers. We propose a multiple path routing algorithm, in which each vehicle computes its own route on the basis of (i) its specific settings reflecting user’s preferences/constraints and (ii) traffic information provided by the reference station. Our aim is to propose a solution that represents a good trade off between single user satisfaction and system optimum.

#### Decentralized assignment for intelligent electric vehicles to recharge stations (2014)

###### Ludovica Adacher, Federica Pascucci, Gabriele Oliva

2014 UKSim-AMSS 16th International Conference on Computer Modelling and Simulation

In this paper the problem of assigning electric cars to charging stations in a distributed manner is addressed, resorting to Lagrangian-based distributed algorithms. Within such algorithms, the routing process is the result of a cooperation among several decision makers, having each one a local knowledge of the system. The decision makers are in charge to decide the type of information to be exchanged. Our focus is to investigate the performance of different algorithms based on different knowledge degrees of the system. The implementation issues and the effectiveness of the algorithms are analysed via simulation. The trade-off between knowledge degree and system performance is currently under study.

#### An amendment to “Distributed synchronization under uncertainty: A fuzzy approach” (2014)

###### Gabriele Oliva, Stefano Panzieri, Roberto Setola

Fuzzy Sets and Systems

In a recent work we provided a framework for the synchronization of Critical Infrastructure Interdependency models with fuzzy state. In such a paper, however, a too restrictive condition is given, in that the possibility to synchronize the interdependency models without disclosing sensitive information is not completely feasible. In this note we provide an amendment providing a solution to the problem.

#### Fuzzy importance measures for ranking key interdependent sectors under uncertainty (2014)

###### Gabriele Oliva, Roberto Setola, Kash Barker

IEEE Transactions on Reliability

In the field of reliability engineering, several approaches have been developed to identify those components that are important to the operation of the larger interconnected system. We extend the concept of component importance measures to the study of industry criticality in a larger system of economically interdependent industry sectors that are perturbed when underlying infrastructures are disrupted. We provide measures of (i) those industries that are most vulnerable to disruptions and (ii) those industries that are most influential to cause interdependent disruptions. However, difficulties arise in the identification of critical industries when uncertainties exist in describing the relationships among sectors. This work adopts fuzzy measures to develop criticality indices, and we offer an approach to rank industries according to these fuzzy indices. Much like decision makers with the knowledge of the most critical components in a physical system, the identification of these critical industries provides decision makers with priorities for resources. We illustrate our approach with an interdependency model driven by US Bureau of Economic Analysis data to describe industry interconnectedness.

#### Distributed gabriel graph construction and meta-information gathering (2014)

###### Gabriele Oliva, Roberto Setola, Marios Polycarpou

20th IMEKO TC4 International Symposium and 18th International Workshop on ADC Modelling and Testing

In this paper we provide a distributed way to transform the network topology underlying a set of agents embedded in a bi-dimensional space into a planar graph, and specifically into a Gabriel graph. Moreover, a distributed algorithm based on synchronized consensus methodologies is provided in order to gather some useful pieces of meta-information (number of faces, average size of the faces, size of the boundary, etc.) and to let each node in the Gabriel graph identify its “role”(ie, node that links two subgraphs, node on a branch ending with a leaf, node belonging to a face, etc.). The insights obtained by means of the proposed approach may contribute to develop better geographic routing techniques as well as to improve the local decision capability of the agents in distributed environments.

#### Discrete-time linear systems with fuzzy dynamics (2014)

###### Gabriele Oliva, Stefano Panzieri, Roberto Setola

Journal of Intelligent & Fuzzy Systems

This paper analyzes linear discrete-time dynamic systems where both state variables and model coefficients are represented by fuzzy numbers. Since fuzzy numbers are not a closed group with respect to multiplication, the evolution of a system with fuzzy dynamic parameters can not be directly obtained in a closed form. To overcome this limit the systems have to be analyzed in terms of admissible solutions, hence the analysis has to be performed in the framework of Fuzzy Difference Inclusions. The evolution of such systems, while easy to characterize in the case of non-negative coefficients, becomes more complex for general systems, and in this paper the general problem is addressed resorting to an internally positive realization of the system.

# Anno 2013

#### Distributed k-means algorithm (2013)

###### Gabriele Oliva, Roberto Setola, Christoforos Hadjicostis

arXiv

In this paper we provide a fully distributed implementation of the k-means clustering algorithm, intended for wireless sensor networks where each agent is endowed with a possibly high-dimensional observation (e.g., position, humidity, temperature, etc.) The proposed algorithm, by means of one-hop communication, partitions the agents into measure-dependent groups that have small in-group and large out-group “distances”. Since the partitions may not have a relation with the topology of the network–members of the same clusters may not be spatially close–the algorithm is provided with a mechanism to compute the clusters’centroids even when the clusters are disconnected in several sub-clusters.The results of the proposed distributed algorithm coincide, in terms of minimization of the objective function, with the centralized k-means algorithm. Some numerical examples illustrate the capabilities of the proposed solution.

#### Vulnerability modeling and analysis for critical infrastructure protection applications (2013)

###### Stefano Marrone, Roberto Nardone, Annarita Tedesco, Pasquale D’Amore, Valeria Vittorini, Roberto Setola, Francesca De Cillis, Nicola Mazzocca

International Journal of Critical Infrastructure Protection

Effective critical infrastructure protection requires methodologies and tools for the automated evaluation of the vulnerabilities of assets and the efficacy of protection systems. This paper presents a modeling language for vulnerability analysis in critical infrastructure protection applications. The language extends the popular Unified Modeling Language (UML) to provide vulnerability and protection modeling functionality. The extended language provides an abstract representation of concepts and activities in the infrastructure protection domain that enables model-to-model transformations for analysis purposes. The application of the language is demonstrated through a use case that models vulnerabilities and physical protection systems in a railway station.

#### An enhanced indoor positioning system for first responders (2013)

Luca Faramondi, Federica Inderst, Federica Pascucci, Roberto Setola, Uberto Delprato

International Conference on Indoor Positioning and Indoor Navigation

Localization and tracking support is useful in many contexts and becomes crucial in emergency response scenarios: being aware of team location is one of the most important knowledge for incident commander. In this work both localization and tracking for rescuers are addressed in the framework of REFIRE project. The designed positioning system is based on the well-known prediction-correction schema adopted in field robotics. Proprioceptive sensors, i.e., inertial sensors and magnetometer, mounted on the waist of the rescuers, are used to form a coarse estimation of the locations. Due to the drift of inertial sensors, the position estimate needs to be updated by exteroceptive sensors, i.e., RFID system composed by tags embedded in the emergency signs as exteroceptive sensors and a wearable tag-reader. In long-lasting mission RFID tags reset the drift by providing a positioning having room-level accuracy.

#### On field gesture-based human-robot interface for emergency responders (2013)

###### Francesca De Cillis, Gabriele Oliva, Federica Pascucci, Roberto Setola, Marco Tesei

2013 IEEE International Symposium on Safety, Security, and Rescue Robotics (SSRR)

Coordination and control of rescue robots is a hard task, especially in harsh and hazardous environments, that potentially limit both the mobility and endurance of the robots and the safety of a human interaction. In this paper we provide a fast, flexible and cost effective framework for human-robot interaction specifically designed for the on-field interaction of human operators and robots, using as input a cheap Microsoft Kinect camera. The proposed architecture is based on a quick and cost effective gesture recognition algorithm developed in LabView and integrated into a ROS based communication framework that allows to decouple the mobile robot and the user terminal. The proposed architecture has been tested simulating harsh conditions by considering darkness, smoke, crowds, and user wearing firefighter uniforms.

#### Analysis of criminal and terrorist related episodes in railway infrastructure scenarios (2013)

###### Francesca De Cillis, Maria Carla De Maggio, Concetta Pragliola, Roberto Setola

Journal of Homeland Security and Emergency Management

Prevention and preparedness of risks in railway transportation systems is crucial for homeland security and require, among other things, a proper analysis of the vulnerabilities of the assets, a clear awareness of criticalities, possible countermeasures and adequate methods to design, scale and optimize the protection. To this end, in this paper we present an analysis of various security incidents and terrorist attacks that took place from 1972 to 2011; all involving railway infrastructures. All of the collected information has been stored in a database, aptly named RISTAD (Railway Infrastructure Systems Terrorist Attacks Database). Specifically, this research focuses on railway assets in order to identify those environmental, architectonic and infrastructural aspects that make such targets more “attractive” from a criminal point of view. We analyzed about 540 criminal-related episodes utilizing open source documents in an effort to correlate the acts with the peculiar characteristics of the asset. The last section is specifically focused on stations, attempting to emphasize both interesting and, for some aspects, non-intuitive correlation among collected data (e.g., lethality and number of attacks as a function of the number of tracks, the number of daily passengers, station extension, presence and type of security systems, etc.).

#### Optimization models in a smart tool for the railway infrastructure protection (2013)

###### International Workshop on Critical Information Infrastructures Security

8th International Workshop, CRITIS 2013

In this paper we describe a smart tool, developed for the European project METRIP (MEthodological Tool for Railway Infrastructure Protection) based on optimal covering integer programming models to be used in designing the security system for a Railway Infrastructure. Two models are presented and tested on a railway station scheme. The results highlight the role that the optimization models can fulfill in the design of an effective security system.

#### Analysis of severe space weather on critical infrastructures (2013)

###### Francesco Gaetano, Gabriele Oliva, Stefano Panzieri, Claudio Romani, Roberto Setola

International Workshop on Critical Information Infrastructures Security

Space threats pose nontrivial issues to the safety of the population and to the correct functioning of critical infrastructures. In this paper we analyze the most significant threats posed by solar wind in terms of impact due to both direct consequences on satellite and critical infrastructure so as the subsequent domino effects. To this end we provide a model based on the CISIA platform with a case study related to the area of Rome, Italy.

#### Dynamic contrast-enhanced MR evaluation of prostate cancer before and after endorectal high-intensity focused ultrasound (2013)

###### R Del Vescovo, F Pisanti, V Russo, S Battisti, RL Cazzato, F D’Agostino, F Giurazza, CC Quattrocchi, E Faiella, R Setola, R Giulianelli, RF Grasso, B Beomonte Zobel

The authors sought to determine the diagnostic performance of dynamic contrast-enhanced magnetic resonance (DCE-MR) imaging in the evaluation of prostate cancer before and after transrectal high-intensity focused ultrasound (HIFU) treatment.

#### Network localization by shadow edges (2013)

###### Gabriele Oliva, Stefano Panzieri, Federica Pascucci, Roberto Setola

2013 European Control Conference (ECC)

Localization is a fundamental task for sensor networks. Traditional network localization approaches allow to obtain localized networks requiring the nodes to be at least tri-connected (in 2D), i.e., the communication graph needs to be globally rigid. In this paper we exploit, besides the information on the neighbors sensed by each robot/sensor, also the information about the lack of communication among nodes. The result is a framework where the nodes need to be at least bi-connected and the communication graph has to be rigid. This is possible considering a novel typology of link, namely Shadow Edge, that accounts for the lack of communication among nodes and allows to reduce the uncertainty associated to the position of the nodes.

#### Pervasive surveillance system management (2013)

###### Allaa R Hilal, O Basir, F Flammini, R Setola, G Franceschetti

Effective Surveillance For Homeland Security: Balancing Technology and Social Issues

The aim of this chapter is to provide an introduction to pervasive surveillance systems and discuss the needs and challenges of designing an intelligent sensor management framework for such systems. The chapter is organized as follows: a brief introduction of pervasive surveillance and its applications is given in Section 9.1. In Section 9.2, sensor management (SM), its properties, and challenges are discussed. Section 9.3 describes the different organizational architectures used to address the SM problem. Section 9.4 surveys four popular problem-solving strategies for SM. Current commercial products, as well as future research trends and directions, are summarized in Section 9.5. Finally, Section 9.6 provides some concluding remarks of the chapter.

#### Effective surveillance for homeland security: balancing technology and social issues (2013)

###### Francesco Flammini, Roberto Setola, Giorgio Franceschetti

Chapman and Hall/CRC

It is a common feeling for people living in developed countries that their privacy is being increasingly threatened by surveillance and tracking technologies. The fact that surveillance is essential to reduce criminal acts is only partially supported by evidence, and that raises big questions about the effectiveness of technologies and of how they are managed.

#### Moving from measuring to understanding: Situation Awareness in Homeland Security (2013)

###### Giusj Digoia, Chiara Foglietta, Gabriele Oliva, Stefano Panzieri, Roberto Setola

Effective Surveillance for Homeland Security. Balancing Technology and Social Issues

While attempting to perform any homeland surveillance strategy, an essential step is to define and implement methodologies for the assessment of the actual situation, as well as its near-future evolution.

#### Simultaneous localization and routing in sensor networks using shadow edges (2013)

###### G Oliva, Stefano Panzieri, F Pascucci, R Setola

IFAC Proceedings Volumes

In the last decade, Wireless Sensor Networks (WSN) have been adopted in a wide range of industrial and consumer applications to perform various monitoring tasks such as search, rescue, disaster relief, target tracking and smart environments control. In many such tasks, node localization is inherently one of the system parameters. Node localization is required to gain spatial awareness of the supervised area. In this work a simultaneous localization and routing algorithm is proposed. The localization is obtained by a ranging technique, exploiting network topology provided by the routing algorithm to reduce the network signaling communication, which is the most power-consuming operation in WSN, as much as possible. To this end, Shadow Edges, a novel class of links, is considered to take into account the lack of communication among nodes.

#### Assessing protein resilience via a complex network approach (2013)

###### Gabriele Oliva, Luisa Di Paola, Alessandro Giuliani, Federica Pascucci, Roberto Setola

2013 IEEE 2nd Network Science Workshop (NSW)

In recent years the topological study of proteins is gaining momentum rapidly, and several studies are providing more and more insights on the structural and dynamical properties of proteins by exploiting topological indexes based on Complex Network Theory. To this end the amino acid residues play the role of graph vertices, while non-covalent contacts are the arcs. Topological structure of proteins can be imagined as resulting by folding a thread of pearls (primary sequence of aminoacids) in which amino acid (nodes) relatively distant along the sequence come into contact thanks to the folding process. The result is a configuration sharing some properties with Complex Networks. In this work we derive insights on the resilience of protein contact networks by evaluating the degradation in the size of the giant component with respect to iterated node removal.

#### Exploiting routing information in wireless sensor networks localization (2013)

###### Gabriele Oliva, Stefano Panzieri, Federica Pascucci, Roberto Setola

2013 IEEE 2nd Network Science Workshop (NSW)

In this work, an integrated solution to jointly solve the localization and data routing problems in sensor networks is proposed. It is based on a scalable “divide et impera” approach. The network is divided into 1-hop cluster and the localization is hierarchically performed inside each cluster, thereafter among clusters. The key advantage of the algorithm is that no additional communication is required to perform localization, which is obtained by a ranging technique, exploiting network topology provided by the routing algorithm. To this end, Shadow Edges, a novel class of links, are introduced to encompass the lack of communication among nodes. The proposed dual procedure to solve the localization and routing, represents a novel trend for Wireless Sensor Networks, where multiple problems are jointly solved by providing affordable and integrated solutions.

#### Time-varying input-output inoperability model (2013)

###### Roberto Setola, Gabriele Oliva, Francesco Conte

Journal of infrastructure systems

Representing interdependent critical infrastructures is mandatory for implementing protection policies and strategies. Among the several interdependency models provided over the years, the input-output inoperability model (IIM) has attracted widespread attention due to its simplicity and compactness. Such a model can emphasize cascading effects induced in a complex scenario by dependencies and interdependencies; however, the model is typically set up based on economic data, and the stationary assumption greatly reduces the applicability of the framework. These aspects are crude approximations due to the intrinsic limits of the methodology. Indeed, in modeling realistic scenarios, the coupling of different infrastructures and sectors is expected to increase with outage duration. In this paper, a different formulation of the IIM is proposed where time-varying interdependency coefficients are considered. Such coefficients are defined to explicitly account for the severity and duration of negative phenomena. Some interesting results are obtained from a complex case study including several infrastructures in Italy, emphasizing the features of the proposed methodology. The proposed framework, based directly on operator experience, captures the behaviors induced by the various backup strategies.

#### Distributed Multi-Robot Localization (2013)

###### Stefano Panzieri, Federica Pascucci, Lorenzo Sciavicco, Roberto Setola

Mobile Ad Hoc Robots and Wireless Robotic Systems: Design and Implementation

In this chapter, the design of a completely decentralized and distributed multi-robot localization algorithm is presented. The issue is approached using an Interlaced Extended Kalman Filter (IEKF) algorithm. The proposed solution allows the dynamic correction of the position computed by any single robot through information shared during the random rendezvous of robots. The agents are supposed to carry short-range antennas to enable data communication when they have a “visual” contact. The information exchange is limited to the pose variables and the associated covariance matrix. The algorithm combines the robustness of a full-state EKF with the effortlessness of its interlaced implementation. The proposed unsupervised method provides great flexibility by using exteroceptive sensors, even if it does not guarantee the same position estimate accuracy for each agent.

#### Distributed opinion dynamics with heterogeneous reputation (2013)

###### Estefanía Etchevés Miciolino, Gabriele Oliva, Roberto Setola

International Journal of System of Systems Engineering

The Hegelsmann-Krause Opinion Dynamics model provides a description of the social behaviour of humans among which a decision making process is taking place. In contrast to simpler agreement models, the opinions are not granted to converge to a single value, but may eventually split. Within such a framework, each agent is influenced by the others provided that the difference in their opinion does not exceed a threshold, which is common to all the agents. In this paper, we introduce an extension where each agent is associated with a different threshold value representing the reliability of the information carried by the agent. Moreover, we consider an additional topological constraint in order to take into account also geographical proximity, and the result is a distributed data aggregation and decision making algorithm.

#### System Dynamics for Railway Infrastructure Protection (2013)

###### Maria Carla De Maggio, Roberto Setola

Critical Information Infrastructures Security

The railway infrastructure represents, for its symbolic value and accessibility, a very attractive target for criminals and terrorists alike. This paper intends to address the security issues of such systems, beginning with the railway stations themselves., The peculiarities of the railway infrastructure, in terms of geographical dispersion and mass transportation, present a formidable challenge considering the ratio of limited resources against the most vulnerable components, (i.e. stations that show the largest gap between terrorist attractiveness and implemented counter-measures). To this end, we used a System Dynamics approach to model how the different factors influence the railway station target attractiveness, fragility and vulnerability. Specifically, a deep analysis of past incidents (and near incidents) allows us to quantify the effectiveness of the different elements.

#### Distributed consensus under ambiguous information (2013)

###### Gabriele Oliva, Stefano Panzieri, Roberto Setola

International Journal of System of Systems Engineering

This paper addresses the problem of composing different ambiguous and vague pieces of information without a central authority through a set of distributed agents, each with limited perspective, converging to a shared point of view by exchanging information only with a reduced subset of nodes (ie, their respective neighbourhood). To this end, the distributed consensus problem is extended in the fuzzy fashion. As a result, the framework allows to compose several heterogeneous and ambiguous/linguistically expressed opinions in a decentralised way, both in terms of value with higher belief and in terms of ambiguity associated to the final agreement value. The proposed framework is applied to a case study related to crisis management for critical infrastructures, where human operators, each able to observe directly the state of a given infrastructure (or of a given area considering the vast and geographically dispersed infrastructures), reach a distributed consensus on the overall criticality of a situation expressed in a linguistic, fuzzy way. Such a consensus is reached in terms of actual severity of the scenario (single integrators) or in terms of both severity and evolution tendency (double integrators).

#### Aware online interdependency modelling via evidence theory (2013)

###### Giusj Digioia, Chiara Foglietta, Gabriele Oliva, Stefano Panzieri

International Journal of Critical Infrastructures 6

Critical infrastructure interdependency models are typically used in a simulation-based perspective, in order to perform ‘what if?’analyses and identify structural vulnerabilities in a dynamic perspective. While in the literature some attempts have been made to use interdependency models at real time, such approaches are flawed by the inability to properly determine the ongoing situation. Such models, typically, receive data from SCADA systems, which are mostly able to assess the effects of failures rather than the causes, while knowing the typology of failure would increase dramatically the predictive-ability of online interdependency models. In this paper, a situation awareness framework is provided with the aim to complement online interdependency models by providing more specific information on the causes of the outages highlighted by sensor data. In order to determine such causes, in this paper a transferable belief model representation is adopted to increase the awareness of interdependency models on fault causes. Moreover in this paper some of the limitations of evidence theory methods are highlighted and discussed, with particular reference to a real time context, providing some insights on how to overcome them, especially the closed-world assumption.

# Anno 2012

#### Discrete-time LTI fuzzy systems: stability and representation (2012)

###### Gabriele Oliva, Stefano Panzieri, Roberto Setola

2012 IEEE 51st IEEE Conference on Decision and Control (CDC)

In this paper linear discrete-time systems where both state variables and model coefficients are represented by fuzzy numbers are studied. Fuzzy numbers are not a closed group with respect to multiplication, hence the analysis had to be performed in the framework of Fuzzy Difference Inclusions. Some stability criteria are provided, as well as a characterization of the bounds of the set of solutions in the case of positive systems.

#### Assessing bone loss in micro-gravity: A fuzzy approach (2012)

###### Bruno Beomonte Zobel, Riccardo Del Vescovo, Gabriele Oliva, Valentina Russo, Roberto Setola

Computer methods and programs in biomedicine

A prolonged stay in microgravity has various negative effects on the human body; one of these problems is a noticeable demineralization of bone tissues. Such effects are quite similar to those experienced by subjects on earth affected by osteoporosis; therefore it seems quite straightforward to adopt a similar pharmacological therapy during the stay in the space. In this paper a first step in the identification of a monitoring procedure for the bone demineralization in microgravity, as well as some guidelines for the choice of adequate therapies are given. Such a procedure is based on a mathematical model of the interaction of the most relevant blood and urine indicators of bone demineralization. Specifically, some bone metabolites have been identified, which are relevant to the phenomena and are feasible to be evaluated in the space.

#### Consensus of agents with fuzzy state (2012)

###### Gabriele Oliva, Stefano Panzieri, Roberto Setola

The 6th International Conference on Soft Computing and Intelligent Systems, and The 13th International Symposium on Advanced Intelligence Systems

The problem of distributed consensus of several clashing pieces of information has been studied for many purposes, such as for distributed estimation or mobile robot coordination problems. In this paper we apply this framework to a criticality estimation problem. Specifically, several human observers, each with a partial, incomplete and subjective view, are in charge to evaluate the severity of a failure in an highly interdependent critical infrastructure scenario. In order to cope with the subjectivity and the ambiguity of human reasoning, in this paper the classical distributed consensus problem is extended in order to handle ambiguous opinions modeled as fuzzy numbers. To this end, in this paper some convergence conditions are given, showing that the stability does not depend on the fuzzyness of the opinions.

#### A REference implementation of interoperable indoor location & communication systems for First REsponders: The REFIRE project (2012)

###### Federica Pascucci, Stefano Panzieri, Stefano Marsella, Marcello Marzoli, Gianni Borelli, Maurizio Carpanelli, Roberto Setola, Gabriele Oliva, Uberto Delprato

2012 IEEE International Symposium on Safety, Security, and Rescue Robotics (SSRR)

Localization and navigation support in GPS-denied areas represents a challenge for humans and robots operating in emergency situations. Although a great deal of effort has been performed around this topics in the last decade, to date, there is not any off-the-shelf solution to provide location and data communication services for fire responders in deep indoor environments. Most of the solutions available are based on proprietary infrastructures deployed in the environment and able to provide accurate localization. These systems are not suitable for interoperating; hence, there is the need to develop standard communication and localization protocols. To overcome the above-mentioned limitations the REFIRE project proposes a system composed of deployable solutions exploiting low-cost, simple, highly standardized pre-installed landmarks. The REFIRE project has ambitious targets: to validate such solution in realistic scenarios and to anticipate the proliferation of unfitting proprietary location systems unable to interoperate.

#### Distributed synchronization under uncertainty: A fuzzy approach (2012)

###### Gabriele Oliva, Stefano Panzieri, Roberto Setola

Fuzzy Sets and Systems

In this paper the synchronization of a network of identical systems with fuzzy initial conditions is introduced, as a convenient framework to obtain a shared estimation of the state of a system based on partial and distributed observations, in the case where such a state is affected by ambiguity and/or vagueness. After discussing the synchronization of crisp systems, providing a criteria to find the information sharing law that lets the network converge to a shared trajectory, Discrete-Time Fuzzy Systems (DFSs) are introduced as an extension of scalar fuzzy difference equations. Besides providing a stability condition for a general DFS, in the linear case it is proven that, under a non-negativity assumption for the coefficients of the system, the fuzzyfication of the initial conditions does not compromise the stability of the crisp system. A framework for the synchronization of arrays of linear DFS is then introduced, proving that the crisp synchronization is a particular case of the proposed approach. Finally, a case study in the field of Critical Infrastructure Protection is provided.

#### Online distributed synchronizability check for networks of interconnected systems (2012)

###### Andrea Gasparri, Gabriele Oliva, Mauro Franceschelli, Stefano Panzieri

2012 IEEE 9th International Conference on Mobile Ad-Hoc and Sensor Systems (MASS 2012)

The synchronization problem of a network of interconnected systems has been deeply analyzed by the scientific community. In the case of identical systems, under suitable hypotheses, the synchronization depends on the network topology, and specifically on the ratio between the second smallest eigenvalue (algebraic connectivity) and spectral radius of the Laplacian matrix corresponding to the network topology. In this paper a distributed algorithm for the estimation of such a ratio is given, hence providing a distributed synchronizability check for networks of interconnected systems. Simulations results are provided to show the effectiveness of the proposed algorithm.

#### Adding and removing nodes in consensus (2012)

###### Gabriele Oliva, Stefano Panzieri, Attilio Priolo, Giovanni Ulivi

2012 20th Mediterranean Conference on Control & Automation (MED)

The distributed consensus problem has been widely studied in the literature, either with fixed and with time-varying topologies. Typically, the set of agents involved in the consensus does not vary over time. In this paper the possibility to dynamically add or remove nodes during consensus is investigated. Specifically, a framework for the achievement of consensus while dynamically adding nodes to the network is provided, together with a stability condition. Moreover, the effects of removing a single node in the network at a given time instant are inspected, characterizing the difference between the asymptotic values with and without the removed node, depending on the removal time instant. A further result provided in this paper is the relation between the node removal at a given time instant and the initial removal of that node (i.e., at the initial time step).

#### Fuzzy opinion dynamics (2012)

###### Andrea Gasparri, Gabriele Oliva

2012 American Control Conference (ACC)

The problem of reaching an agreement in a multiagent system has been widely investigated. Opinion Dynamics is a similar problem where agents are assumed to interact in order to reach an agreement on their opinion. The key aspect of this formulation is that the time-varying network topology describing the interaction among agents is defined according the closeness of their opinion. This model aims to describe the process which takes place when human beings work together to reach an agreement on their standpoints. A well-established approach is to consider the opinion of each human being through a numeric value. However, this model does not embody the inherent uncertainty of the human reasoning process. Indeed, the complex facets of human opinions, often expressed in linguistic ways, are heavily affected by vagueness and ambiguity. In this paper, resorting to the fuzzy theory, a framework to model the agreement of agents with vague opinions is provided. This represents a generalization of the original opinion dynamics modeling. Similarities with both the consensus and the original opinion dynamics problems are presented.

#### Fuzzy chaotic logistic maps (2012)

###### Gabriele Oliva, Stefano Panzieri, Roberto Setola

World Automation Congress 2012

In the literature the relations between chaotic and fuzzy systems have been deeply inspected, with the aim to provide more insights on the relation between these two branches. However the focus of such researches is mainly on the approximation or control of chaotic behaviors by means of fuzzy rule-based systems.

#### Critical Infrastructure Protection: Advances in Critical Infrastructure Protection: Information Infrastructure Models, Analysis, and Defense (2012)

###### Javier Lopez, Roberto Setola, Stephen Wolthusen

Springer Science & Business Media

The present volume aims to provide an overview of the current understanding of the so-called Critical Infrastructure (CI), and particularly the Critical Information Infrastructure (CII), which not only forms one of the constituent sectors of the overall CI, but also is unique in providing an element of interconnection between sectors as well as often also intra-sectoral control mechanisms. The 14 papers of this book present a collection of pieces of scientific work in the areas of critical infrastructure protection. In combining elementary concepts and models with policy-related issues on one hand and placing an emphasis on the timely area of control systems, the book aims to highlight some of the key issues facing the research community.

#### Stability and Level-Wise Representation of Fuzzy Systems (2012)

###### G Oliva

International Journal of Fuzzy Systems

In this paper a framework for the representation and stability analysis of discrete-time systems with fuzzy state is provided, inspecting some conditions where the dynamics of the system is not required to be positive. Specifically, the paper addresses the stability analysis of such systems, as well as the representation of the α-level sets and the relation between stability of the fuzzy system and stability of the α-level sets.

#### Fuzzy Systems: agreement and modeling: with applications to Critical Infrastructure Protection problems (2012)

###### Gabriele Oliva

Università degli studi Roma Tre

Protecting Critical Infrastructures is a hard task, since these systems are becoming more and more interdependent for many reasons, while the knowledge on their behavior is becoming more and more sector speci c. In order to provide instruments for their protection, a rst step is to de ne convincing frameworks able to assess and predict the evolution of their working condition by sharing information among infrastructures on a real-time basis. Moreover, due to the lack of adequate quantitative data about the interaction among infrastructures and their subsystems, there is the need to provide formalisms able to handle the information elicited by experts and stakeholders, which typically express in a linguistic and vague way. This was the aim of MICIE European project, where a distributed real-time framework based on a fuzzy interdependency model was adopted.

#### Fat liver analysis software loading and processing MR DICOM images as a feasible tool to evaluate and to monitor non-alcoholic liver steatosis before and during dietetic therapy (2012)

###### Ilaria Sansoni, Claudia Lucia Piccolo, Francesca Pitocco, Riccardo Del Vescovo, Roberto Setola, Bruno Beomonte Zobel

European Congress of Radiology 2012

Purpose
To test a new dedicated software, Fat Liver Analysis (FLA), to evaluate statosis. To assessMR feasibility in evaluating fat liver variation after dietetic therapy, comparing it with Body-Mass-Index (BMI) and Fat-Tissue (FT) thickness. To define which sequence (GRE vs TSE) demonstrates the higher accuracy if compared to the overall MR examination results

#### Modeling and simulation of critical infrastructures (2012)

###### Gabriele Oliva, Stefano Panzieri, Roberto Setola

WIT Transactions on State-of-the-art in Science and Engineering

While the knowledge of human operators and stakeholders is becoming more and more sector specifi c, infrastructures are becoming more and more interoperable and interdependent. Hence representing the behavior and the characteristics of such a scenario is a mandatory task, in order to assess the risk of multiple disruptions and domino effects, and in order to provide adequate policies and countermeasures to react to structural vulnerabilities, failures, or even intentional attacks. In the literature many approaches have been proposed; holistic methods consider infrastructures with an high level of abstraction, while topological frameworks consider the interaction of multiple homogeneous subsystems. Nevertheless, simulative approaches are focused on a detailed representation of isolated subsystems or agents, evaluating their interaction by means of simulation platforms. Finally multilayer methodologies consider interconnected agents according to multiple levels of abstraction or perspectives. Keywords: Critical Infrastructures, Interdependency Modeling, System of Systems

#### Security aspects of SCADA and DCS environments (2012)

###### Cristina Alcaraz, Gerardo Fernandez, Fernando Carvajal

Critical Infrastructure Protection

SCADA Systems can be seen as a fundamental component in Critical Infrastructures, having an impact in the overall performance of other Critical Infrastructures interconnected. Currently, these systems include in their network designs different types of Information and Communication Technology systems (such as the Internet and wireless technologies), not only to modernize operational processes but also to ensure automation and real-time control. Nonetheless, the use of these new technologies will bring new security challenges, which will have a significant impact on both the business process and home users. Therefore, the main purpose of this Chapter is to address these issues and to analyze the interdependencies of Process Control Systems with ICT systems, to discuss some security aspects and to offer some possible solutions and recommendations.

#### Overview of critical information infrastructure protection (2012)

###### Javier Lopez, Roberto Setola, Stephen D Wolthusen

Critical Infrastructure Protection

The present volume aims to provide an overview of the current understanding of the so-called Critical Infrastructure (CI), and particularly the Critical Information Infrastructure (CII), which not only forms one of the constituent sectors of the overall CI, but also is unique in providing an element of interconnection between sectors as well as often also intra-sectoral control mechanisms.

One problem faced by research on C(I)I is the extreme range of scales at which security problems may arise. This is true for the time dimension where policy-level decisions such as the deployment of physical infrastructure like roads and high-tension transmission lines have impacts measured in decades whilst industrial control systems must provide guaranteed and secure real-time responses in the millisecond range. It is, moreover, also the case for the physical extent of infrastructures where single physical facilities such as vaccine plants may be a vital element of national or supra-national infrastructures, but where the trans-national electrical power or natural gas transmission networks span entire continents.

The book hence surveys not only key high-level concepts and selected technical research areas with an emphasis on control systems as a highly active research area, but also seeks to include policy aspects as well as a discussion on models for validation and verification. This is rounded off by several studies of specific issues and challenges faced by individual CI sectors including the telecommunications, electricity, transportation, and financial services sectors.

# Anno 2011

#### An adaptive localization system for first responders (2011)

###### Federica Pascucci, Roberto Setola

Proceedings of the 1st International Conference on Wireless Technologies for Humanitarian Relief

In this contribution a technique for first responders localization support in emergency indoor scenarios is presented. Although localization and mapping has been largely investigated in the field of mobile robotics, it is still a big challenge in emergency response due to the demanding operating conditions. The peculiarity of the proposed system relies on the integration between human operators and robots in a hybrid team. Localization technique takes advantages both from a pre-installed set of landmarks and a self-deployable sensor network composed by tags dropped by rescuers. The main contribution of the paper is the development and the testing of a localization procedure for hybrid rescue teams, able to handle both a priori knowledge, ie, maps of the environment, with large uncertainties and information updated during rescue tasks.

#### Online distributed interdependency estimation for critical infrastructures (2011)

###### Gabriele Oliva, Stefano Panzieri, Roberto Setola

2011 50th IEEE Conference on Decision and Control and European Control Conference

The paper deals with the problem to provide a global estimation of a scenario composed by several and interdependent infrastructures. Due to the increasing presence of interdependencies, to correctly manage any infrastructure it is more and more relevant to have information about the “state” of the others, especially in critical situations. However, it is unfeasible both any centralized solution and to exchange detailed data about the state of each infrastructure, due to their huge volumes and in order to avoid the disclosure of critical information. To overcome such problems in this paper a fully distributed approach is proposed, attesting a copy of the whole model inside each one of the infrastructures’ control room; each copy directly receives information coming from its own field and shares with the others only aggregated and non-sensible data. Moreover, in order to provide consistent outputs, the different copies have to synchronize. To this end a specific procedure has been developed, and some conditions for the convergence have been identified. In this way the proposed system is able to operate as an Online Distributed Interdependency Estimation (ODIE) System. The approach is under experimental tests on a national wide electric and telecommunication networks inside the European Project MICIE.

#### Fuzzy dynamic input–output inoperability model (2011)

###### Gabriele Oliva, Stefano Panzieri, Roberto Setola

International Journal of Critical Infrastructure Protection

This paper describes an extension of the input–output inoperability model (IIM) that accommodates uncertain and vague data. In the resulting “fuzzy version” of the dynamic IIM model (FD-IIM), the level of inoperability of each infrastructure and the Leontief coefficients are specified using fuzzy variables that express expert knowledge about infrastructure interdependences. An important result is that, under certain conditions, solution convergence for the fuzzy model can be inferred based on the stability properties of the “crisp” (non-fuzzy) version of the system of interest. A case study involving the Italian critical infrastructure is used to demonstrate the feasibility and utility of the approach.

#### How to Perform Verification and Validation of Critical Infrastructure Modeling Tools (2011)

###### Alfonso Farina, Antonio Graziano, Stefano Panzieri, Federica Pascucci, Roberto Setola

International Workshop on Critical Information Infrastructures Security

Simulation tools appear the only solution suitable for with the complexity of the actual critical infrastructure scenarios. Indeed, due to interdependency phenomena and the fast innovation of the technologies, our capability to predict the global behavior of such system of systems on the basis of past history and experiences is dramatically reduced, especially in the presence of anomalous or crisis situations. This drives many groups to develop simulation platforms also able to support decisions during crisis. However, a crucial and not adequately investigated aspect in this framework is the qualification of the predictable capabilities of these tools. This paper would start a discussion on how to validate different approaches, and how to asses their predictable capabilities, providing some insights on this strategic and very challenging task.

#### Countermeasures Selection via Evidence Theory (2011)

###### Giusj Digioia, Chiara Foglietta, Gabriele Oliva, Stefano Panzieri

International Workshop on Critical Information Infrastructures Security

In this paper an approach to understand the possible causes of outages in different and interconnected infrastructures, based on the evidences of detected failures is provided. Moreover, causes inferred are used to estimate possible not detected failures that, together with those detected, allow to better understand the infrastructure vulnerability and the impact of outages. Such a kind of analysis is regarded as a useful support to identify effective countermeasures, in order to mitigate risks related to malfunctioning behavior of critical infrastructures.

#### Fuzzy input-output inoperability model (2011)

###### Gabriele Oliva, Roberto Setola, Stefano Panzieri

International Workshop on Critical Information Infrastructures Security

In this paper the Input Output Inoperability Model (IIM) is extended in order to model perturbations by means of Fuzzy numbers, thus allowing to set up the model by means of vague and linguistic data.

#### How to Perform Verification and Validation of Critical Infrastructure Modeling Tools (2011)

###### Alfonso Farina, Antonio Graziano, Stefano Panzieri, Federica Pascucci, Roberto Setola

International Workshop on Critical Information Infrastructures Security

Simulation tools appear the only solution suitable for with the complexity of the actual critical infrastructure scenarios. Indeed, due to interdependency phenomena and the fast innovation of the technologies, our capability to predict the global behavior of such system of systems on the basis of past history and experiences is dramatically reduced, especially in the presence of anomalous or crisis situations. This drives many groups to develop simulation platforms also able to support decisions during crisis. However, a crucial and not adequately investigated aspect in this framework is the qualification of the predictable capabilities of these tools. This paper would start a discussion on how to validate different approaches, and how to asses their predictable capabilities, providing some insights on this strategic and very challenging task.

#### Fuzzy input-output inoperability model (2011)

###### Gabriele Oliva, Roberto Setola, Stefano Panzieri

International Workshop on Critical Information Infrastructures Security

In this paper the Input Output Inoperability Model (IIM) is extended in order to model perturbations by means of Fuzzy numbers, thus allowing to set up the model by means of vague and linguistic data.

#### On the Stability of Linear Discrete-Time Fuzzy Systems (2011)

###### Gabriele Oliva, Stefano Panzieri, Roberto Setola

arXiv

In this paper the linear and stationary Discrete-time systems with state variables and dynamic coefficients represented by fuzzy numbers are studied, providing some stability criteria, and characterizing the bounds of the set of solutions in the case of positive systems.

#### Fuzzy consensus and synchronization: theory and application to critical infrastructure protection problems (2011)

###### Stefano Panzieri, Gabriele Oliva, Roberto Setola

arXiv

In this paper the Distributed Consensus and Synchronization problems with fuzzy-valued initial conditions are introduced, in order to obtain a shared estimation of the state of a system based on partial and distributed observations, in the case where such a state is affected by ambiguity and/or vagueness. The Discrete-Time Fuzzy Systems (DFS) are introduced as an extension of scalar fuzzy difference equations and some conditions for their stability and representation are provided. The proposed framework is then applied in the field of Critical Infrastructures; the consensus framework is used to represent a scenario where human operators, each able to observe directly the state of a given infrastructure (or of a given area considering vast and geographically dispersed infrastructures), reach an agreement on the overall situation, whose severity is expressed in a linguistic, fuzzy way; conversely synchronization is used to provide a distributed interdependency estimation system, where an array of interdependency models is synchronized via partial observation.

#### Modeling real networks with deterministic preferential attachment (2011)

###### Gabriele Oliva, Stefano Panzieri

2011 19th Mediterranean Conference on Control & Automation (MED)

Most of real networks show a structure that can be represented quite well by means of growth and probabilistic preferential attachment, leading to optimal features, such as high clustering or scale-freeness. Real networks, however, are not the result of a global optimization strategy; indeed it is more realistic to let new nodes selfishly chose to connect to the existing nodes that maximize their utility, regardless of the global optimality of the resulting network. On the other hand real networks exist and deploy in metric spaces; spatial network models are characterized by some properties because the generated nodes are discarded if they do not comply with some criteria (e.g., too far from existing nodes), while in real situations the arise of a new node in a given position can not be neglected.

#### Discrete event simulation of a proton therapy facility: A case study (2011)

###### Uliana Corazza, Roberto Filippini, Roberto Setola

Computer methods and programs in biomedicine

Proton therapy is a type of particle therapy which utilizes a beam of protons to irradiate diseased tissue. The main difference with respect to conventional radiotherapy (X-rays, γ-rays) is the capability to target tumors with extreme precision, which makes it possible to treat deep-seated tumors and tumors affecting noble tissues as brain, eyes, etc. However, proton therapy needs high-energy cyclotrons and this requires sophisticated control-supervision schema to guarantee, further than the prescribed performance, the safety of the patients and of the operators. In this paper we present the modeling and simulation of the irradiation process of the PROSCAN facility at the Paul Scherrer Institut. This is a challenging task because of the complexity of the operation scenario, which consists of deterministic and stochastic processes resulting from the coordination–interaction among diverse entities such as distributed automatic control systems, safety protection systems, and human operators.

#### A new approach to the internally positive representation of linear MIMO systems (2011)

###### Filippo Cacace, Alfredo Germani, Costanzo Manes, Roberto Setola

IEEE transactions on automatic control

The problem of representing linear systems through combination of positive systems is relevant when signal processing schemes, such as filters, state observers, or control laws, are to be implemented using “positive” technologies, such as Charge Routing Networks and fiber optic filters. This problem, well investigated in the SISO case, can be recasted into the more general problem of Internally Positive Representation (IPR) of systems. This paper presents a methodology for the construction of such IPRs for MIMO systems, based on a suitable convex positive representation of complex vectors and matrices. The stability properties of the IPRs are investigated in depth, achieving the important result that any stable system admits a stable IPR of finite dimension. A main algorithm and three variants, all based on the proposed methodology, are presented for the construction of stable IPRs. All of them are straightforward and are characterized by a very low computational cost. The first and second may require a large state-space dimension to provide a stable IPR, while the third and the fourth are aimed to provide stable IPRs of reduced order.

#### Non alcoholic liver steatosis definition and monitoring with Fat Liver Analysis (FLA) Software, loading and processing different Magnetic Resonance (MR) DICOM images (2011)

###### Ilaria Sansoni, Vincenzo Russo, Antonio Picardi, Riccardo Del Vescovo, Claudia Lucia Piccolo, Roberto Setola, Bruno Beomonte Zobel

European Congress of Radiology 2011

To define MR capability in evaluating fat liver variation after a specific dietetic therapy, compared with body-mass-index (BMI) and subcutaneous abdominal fat tissue (FT) thickness and to define which sequence (GRE vs TSE) demonstrates the higher accuracy if compared to the overall MR examination results, testing a new dedicated software (Liver Sight), developed using MatLab environment, in steatosis definition.

#### A risk assessment of the food supply chain: vulnerability against terrorist or criminal contamination (2011)

###### MJ Alvarez, A Alvarez, M De Giacomo, MC De Maggio, R Onori, A Oses, JM Sarriegi, R Setola, M Trombetta

International Journal of Food Safety, Nutrition and Public Health

The food supply chain has been recognised by the USA and the EU as a critical infrastructure, and it should be considered a target for possible terrorist attacks. In this paper, we present a methodological approach developed within the EU project SecuFood to evaluate the risk associated with this threat. The usefulness of the approach is related to the improvement of the analysis of food supply chain risk in terms of the potential threats, the vulnerability of the system, and the effectiveness of counter measures. The followed approach is based on identifying biological and chemical hazards, analysing those biological and chemical agents, and determining the risk level they present in the main phases of the food supply chain. We consider the feasibility of an attack (what we call likelihood), taking into account the accessibility and manageability of the contamination agents, the vulnerability of the supply chain for specific products, and the possible adverse consequences.

#### An indoor localization framework for hybrid rescue teams (2011)

###### Federica Pascucci, Roberto Setola

IFAC Proceedings Volumes

Localization capabilities represent fundamental supports in emergency situations. Although localization has been largely investigated in the field of mobile robotics and produced a large variety of applications, in emergency response scenarios it still remain a challenge, due to the demanding operating conditions. In this contribution, an indoor localization framework for rescue teams is presented. The peculiarity of the proposed system relies on the integration between human operators and robots. Moreover, a network composed by RFID tags is used to structure the environment and to reduce positioning uncertainties. The paper represents a preliminary study and presents mainly a conceptual architecture for rescue localization.

#### Tracking motion of deformable organ in DCE framework (2011)

###### Roberto Setola, Valentina Russo

IFAC Proceedings Volumes

A technique of growing importance to perform non invasive analysis is the Dynamic Contrast Enhancement (DCE). It is based on the dynamic analysis of the perfusion of a contrast agent in tissues and exploits the fact that for several diseases, such as cancer, the vascular substrate is developed differently (hypervascular) if compared to the healthy parenchyma. A challenge for a correct analysis of the DCE is to compensate deformations and displacements of organs/lesions due to patient breathing, interior peristalsis, etc. The compensation for such artifacts is complex because signal intensity varies over time due to the diffusion of the contrast agent and organs suffer of deformation in order of their nature of soft tissues. In this paper we describe a technique based on the use of active contours to compensate such artifacts. The method has been successfully tested on different types of real organs of several patients.

# Anno 2010

#### Video-rhino-hygrometer: A new method for evaluation of nasal breathing after nasal surgery (2010)

###### Manuele Casale, Marco Pappacena, Roberto Setola, Paolo Soda, Valerio Cusimano, Massimiliano Vitali, Ranko Mladina, Fabrizio Salvinelli

American journal of rhinology & allergy

Nasal obstruction is one of the most frequent symptoms in the ear, nose, and throat (ENT) setting. It can be evaluated either subjectively or objectively. In a subjective way, a visual analog scale (VAS) and the Sino-Nasal Outcome Test 20 (SNOT 20) can rapidly quantify the degree of obstruction, whereas the most commonly used objective methods are nasal endoscopy and active anterior rhinomanometry (AAR). It is still a matter of controversy to what extent the sense of nasal obstruction is associated with objective measures for nasal space and airflow. The aim of the study was to evaluate nasal breathing before and after functional nasal surgery by video-rhino-hygrometer (VRH) comparing the results with widely accepted methods.

#### Differentiation of normal and neoplastic bone tissue in dynamic gadolinium-enhanced magnetic resonance imaging: validation of a semiautomated technique (2010)

###### F D’Agostino, P Dell’Aia, CC Quattrocchi, R Del Vescovo, R Setola, RF Grasso, B Beomonte Zobel

This study was undertaken to clinically validate the accuracy of a semiautomated software tool for analysing the enhancement curve in focal malignant bone lesions.

#### Agent-based input–output interdependency model (2010)

###### Gabriele Oliva, Stefano Panzieri, Roberto Setola

International Journal of Critical Infrastructure Protection

The modeling and analysis of critical infrastructures and their interdependencies are essential to discovering hidden vulnerabilities and the related threats to national and international security. Over the past few years, several approaches have been proposed to address this problem. The so-called holistic approaches are relatively abstract, but are easily validated using real economic data. Other approaches based on agent-based models provide deeper views of the interdependencies existing between subsystems of different infrastructures. However, agent-based models are often difficult to validate because quantitative data of the appropriate granularity may not be available.

#### Protecting the food supply chain from terrorist attack (2010)

###### Maria Jesus Alvarez, Ainara Alvarez, Maria Carla De Maggio, Ainhoa Oses, Marcella Trombetta, Roberto Setola

International Conference on Critical Infrastructure Protection

The food supply chain is a critical infrastructure that is an attractive target for terrorist attacks. Despite its importance, relatively little research has focused on improving the security of the food supply chain infrastructure. This is largely due to a lack of awareness on the part of food supply chain stakeholders and authorities about the threats. This paper describes a methodology for assessing the risk associated with threats to the food supply chain, with the goal of enhancing awareness and helping develop appropriate security measures.

#### Fat liver analysis (FLA) software loading and processing different magnetic resonance (MR) DICOM images as a reliable tool to define non alcoholic liver steatosis and to monitor it during dietetic therapy (2010)

###### Ilaria Sansoni, Antonio Picardi, Valentina Russo, Riccardo Del Vescovo, Roberto Setola, Bruno Beomonte Zobel

European Congress of Radiology 2010

To assess MR capability in evaluating fat liver variation after dietetic therapy, compared with Body-Mass-Index (BMI) and Fat-Tissue (FT) thickness, and to define the most accurate MR sequence for that purpose. To test a new dedicated software (Fat Liver Analysis – FLA), developed using MatLab Enviroment, in steatosis definition.

#### A two-stage approach to simulate interdependent critical infrastructures (2010)

###### Emiliano Casalicchio, Roberto Setola, Sandro Bologna

2010 Complexity in Engineering

Nowadays the simulation of scenarios composed by interdependent critical infrastructures is a challenge. One of the main challenge is how to manage into a single framework heterogeneous and interdependent infrastructures characterized by very different time scales, modeling paradigms and functional behavior. In this paper we propose a two-stage approach, where several sector specific simulators are integrated within a common framework by means of multi-domain simulation platforms. We describe the rational behind our approach and its advantages with reference to two complementary implementations: CISIA and Federated ABMS.

#### Online distributed interdependency estimation with partial information sharing (2010)

###### Andrea Gasparri, Francesco Iovino, Gabriele Oliva, Stefano Panzieri

2010 Complexity in Engineering

Infrastructures are becoming more and more interoperable, while stakeholders are not aware of the overall behavior. In order achieve a global awareness, in this paper the need for cooperation is stressed; however, due to security and commercial issues, only few, very abstract data can be shared.In this paper a distributed interdependency estimation framework is provided, able to grant a minimal disclosure of data among the infrastructures, while letting operators make decisions with a wider perspective.The final objective of this research is to define an effective framework for the problem at hand, and then implement and validate an on-line distributed state/interdependency estimator within the EU IST MICIE project.

#### Improving resilience of interdependent critical infrastructures via an on-line alerting system (2010)

###### Paolo Capodieci, Stefano Diblasi, Ester Ciancamerla, Michele Minichino, Chiara Foglietta, Davide Lefevre, Gabriele Oliva, Stefano Panzieri, Roberto Setola, Stefano De Porcellinis, Francesco Delli Priscoli, Marco Castrucci, Vincenzo Suraci, Leonid Lev, Yosi Shneck, Djamel Khadraoui, Jocelyn Aubert, Serguei Iassinovski, Jianmin Jiang, Paulo Simoes, Felipe Caldeira, Agnieszka Spronska, Carlo Harpes, Matthieu Aubigny

2010 Complexity in Engineering

This paper illustrates the activities under development within the FP7 EU MICIE project. The project is devoted to design and implement an on-line alerting system, able to evaluate, in real time, the level of risk of interdependent Critical Infrastructures (CIs). Such a risk is generated by undesired events and by the high level of interconnection of the different infrastructures. Heterogeneous models are under development to perform short term predictions of the Quality of Service (QoS) of each CI according to the QoS of the others, to the level of interdependency among the Infrastructures, and according to the undesired events identified in the reference scenario.

#### Methodologies for pharmacokinetic post-contrastographic dynamic contrast enhancement (2010)

###### Luisa Di Paola, Antonio Fasano, Valentina Russo, Roberto Setola

International Journal of Modelling, Identification and Control

Post-contrastographic dynamic contrast enhancement (DCE) technique is a non-invasive method aimed at inquiring the vascularisation induced by lesions; it relies on the analysis of the perfusion’s dynamics of contrast agent (CA) within body tissue. The images derived from magnetic resonance (MR), computer tomography (CT) or ultra sound (US) assessments are analysed to derive a contrast enhancement curve, from which some parameters, useful for diagnosis, are acquired. This approach is only qualitative and the estimated parameters have a poor precision and a scarce physical meaning. To overcome these drawbacks, pharmacokinetic models have been introduced for quantitative DCE analysis. In this work, a pharmacokinetic model is proposed, based on physical parameters; it has been applied to the study of post-contrastographic DCE images and parameter estimation has been performed through a maximum likelihood procedure. Results show anomalous value of blood vessel permeability for ill tissues, when compared to healthy ones.

#### How to measure the degree of interdependencies among critical infrastructures (2010)

###### Roberto Setola

International Journal of System of Systems Engineering

In the last years, the problem of analysing the interdependencies existing among critical infrastructures (CI) has assumed a great importance. Some attempts have been done to characterise, qualify and quantify these phenomena. Unfortunately, the largest part of these studies is devoted to model interdependencies and to emphasise the causes. Conversely, very few works are devoted to define methodologies and tools able to provide a measurement of it. This paper summarises and critically reviews some of the results reported into the literature on how to ‘measure’ interdependencies and propose a unified framework that could represent a useful starting point to try to answer to the following question: “Are these two infrastructures too dangerously interdependent?”.

# Anno 2009

#### Proteins as networks: a mesoscopic approach using haemoglobin molecule as case study (2009)

###### Alessandro Giuliani, Luisa Di Paola, Roberto Setola

Bentham Science Publishers

Protein structures allow for a straightforward representation in terms of graph theory being the nodes the aminoacid residues and the edges the scoring of a spatial contact between the node pairs. Such a representation allows for a direct use in the realm of protein science of the vast repertoire of graph invariants developed in the analysis of complex networks. In this work we give a general overview of the protein as networks paradigm with a special emphasis on haemoglobin where the most important features of protein systems like allostery, protein-protein contacts and differential effect of mutations were demonstrated to be amenable to a graph theory oriented translation.

#### Critical infrastructure dependency assessment using the input–output inoperability model (2009)

###### Roberto Setola, Stefano De Porcellinis, Marino Sforna

International Journal of Critical Infrastructure Protection

The input–output inoperability model (IIM) is a simple, but powerful, mechanism for analyzing the cascading effects induced by critical infrastructure dependencies and interdependencies. IIM typically uses financial data as a measure of the dependency phenomena. Since financial data is only one of the many dimensions for analyzing dependency phenomena, the quality of IIM parameters and, thus, the reliability of IIM results can be affected negatively. This paper proposes a methodology for evaluating IIM parameters based on technical and operational data. The data is collected by interviewing experts and is processed using a fuzzy set based methodology. A case study involving Italian critical infrastructure sectors is used to demonstrate the effectiveness of the methodology.

#### Security of the food supply chain (2009)

###### Roberto Setola, Maria Carla De Maggio

2009 Annual International Conference of the IEEE Engineering in Medicine and Biology Society

The food supply chain could became a dangerous weapon in the hands of enemies, for this reason the strategies developed to fight food adulteration (food safety) should be complemented with specific actions devoted to improve food ldquosecurityrdquo in the sense of food defence. This paper illustrate the methodological approach used in the EU project SecuFood to analyze threats, vulnerabilities and countermeasures existing in major European countries about what concerns deliberate attacks and manipulations of food.

#### Critical Information Infrastructure Security: Third International Workshop, CRITIS 2008, Rome, Italy, October 13-15, 2008 (2009)

###### Roberto Setola, Stefan Geretshuber

Springer

This book constitutes the thoroughly refereed post-conference proceedings of the Third International Workshop on Critical Information Infrastructures Security, CRITIS 2008, held in Rome, Italy, in October 2008. The 39 revised full papers presented were carefully reviewed and selected from a total of 70 submissions. All the contributions highlight the current development in the field of Critical (Information) Infrastructures and their Protection. Specifically they emphasized that the efforts dedicated to this topic are beginning to provide some concrete results. Some papers illustrated interesting and innovative solutions devoted to understanding, analyzing and modeling a scenario composed by several heterogeneous and interdependent infrastructures. Furthermore, issues concerning crisis management scenarios for interdependent infrastructures have been illustrated. Encouraging preliminarily results have been presented about the development of new technological solutions addressing self-healing capabilities of infrastructures, that is regarded as one of the most promising research topics to improve the infrastructures’ resilience.

#### Path planning using a lazy spatial network PRM (2009)

###### Andrea Gasparri, Gabriele Oliva, Stefano Panzieri

IEEE

Motion planning is an important step in any complex robotic motion task. Many algorithms deal with this problem and a lot of effective approaches makes use of random generation of roadmaps or motion commands. In this paper, a novel algorithm for random roadmap generation is proposed. This approach, which addresses the planning problem with a resilience philosophy, relies on a network model with some particular topological properties. These properties of robustness against random faults and intentional attacks are functional to devising a suitable solution for the planning problem. Comparative simulations against several algorithms have been performed to show the effectiveness of the proposed approach.

#### On the distributed synchronization of on-line IIM Interdependency Models (2009)

###### Andrea Gasparri, Gabriele Oliva, Stefano Panzieri

2009 7th IEEE International Conference on Industrial Informatics

In the last few years critical infrastructures have become more and more tightly interconnected and their protection is one of the major issues for the national and international security. In order to achieve that, many modeling techniques for the interdependencies existing among them have been proposed. Now, a crucial issue is how to use such models to develop tools able to estimate the status of key elements of CIs, quantify the possible threats and suggest adequate countermeasures to human operators and actors. Due to security, commercial and technological aspects, the only feasible approach is to provide distributed and interconnected state/interdependency estimators. In this paper the general problem of the state estimation of interconnected systems sharing the same model is introduced. A first step in the solution of such a challenging problem is then provided in the case of linear systems. The final objective of this research is to define an effective framework for the problem at hand, and then implement and validate an on-line distributed state/interdependency estimator within the EU IST MICIE project.

#### A holistic-reductionistic approach for modeling interdependencies (2009)

###### Stefano De Porcellinis, Gabriele Oliva, Stefano Panzieri, Roberto Setola

International Conference on Critical Infrastructure Protection

Modeling and analyzing critical infrastructures and their interdependencies are essential to discovering hidden vulnerabilities and threats. Several current approaches engage a holistic perspective and rely on abstract models; others incorporate a reductionistic perspective and focus on inter-domain and intra-domain interactions among elementary components. This paper proposes a mixed approach in which holism and reductionism coexist. A critical infrastructure is expressed at different, albeit interrelated, levels of abstraction, and intermediate entities that provide specific aggregate resources or services are introduced.

#### Critical Information Infrastructure Security: Third International Workshop, CRITIS 2008, Rome, Italy, October 13-15, 2008 (2009)

###### Roberto Setola, Stefan Geretshuber

CRITIS 2008: International Workshop on Critical Infomation Infrastructure Security

This book constitutes the thoroughly refereed post-conference proceedings of the Third International Workshop on Critical Information Infrastructures Security, CRITIS 2008, held in Rome, Italy, in October 2008. The 39 revised full papers presented were carefully reviewed and selected from a total of 70 submissions. All the contributions highlight the current development in the field of Critical (Information) Infrastructures and their Protection. Specifically they emphasized that the efforts dedicated to this topic are beginning to provide some concrete results. Some papers illustrated interesting and innovative solutions devoted to understanding, analyzing and modeling a scenario composed by several heterogeneous and interdependent infrastructures. Furthermore, issues concerning crisis management scenarios for interdependent infrastructures have been illustrated. Encouraging preliminarily results have been presented about the development of new technological solutions addressing self-healing capabilities of infrastructures, that is regarded as one of the most promising research topics to improve the infrastructures’ resilience.

#### Dynamic Contrast Enhancement: Analysis’s Models and Methodologies (2009)

###### Valentina Russo, Roberto Setola

Handbook of Research on Advanced Techniques in Diagnostic Imaging and Biomedical Applications

The aim of this chapter is to provide an overview about models and methodologies used for the Dynamic Contrast Enhancement (DCE) analysis. DCE is a non-invasive methodology aimed to diagnostic the nature of a lesion on the base of the perfusion’s dynamic of specific contrast agents. The idea at the base of DCE is that, in several pathological tissues, including tumors and inflammatory diseases, the angiogenic process is abnormal, hence the characterization of vascularisation structure may be used to support the diagnosis. In this chapter, we will describe the basic DCE procedures and introduce some of its most innovative evolution based on the pharmacokinetic analysis technique (PK), and the empirical model (EM). Even if DCE is still a medical research topic, there is large interest for this type of approach in biomedical applications as witnessed by the availability of specific tools in the last generation top-class US, CT and MR machines.

#### Complex networks and critical infrastructures (2009)

###### Roberto Setola, Stefano De Porcellinis

Modelling, estimation and control of networked complex systems

The term “Critical Infrastructures” indicates all those technological infrastructures such as: electric grids, telecommunication networks, railways, healthcare systems, financial circuits, etc. that are more and more relevant for the welfare of our countries. Each one of these infrastructures is a complex, highly non-linear, geographically dispersed cluster of systems, that interact with their human owners, operators, users and with the other infrastructures. Their augmented relevance and the actual political and technological scenarios, which have increased their exposition to accidental failure and deliberate attacks, demand for different and innovative protection strategies (generally indicate as CIP – Critical Infrastructure Protection). To this end it is mandatory to understand the mechanisms that regulate the dynamic of these infrastructures. In this framework, an interesting approach is those provided by the complex networks. In this paper we illustrate some results achieved considering structural and functional properties of the corresponding topological networks both when each infrastructure is assumed as an autonomous system and when we take into account also the dependencies existing among the different infrastructures.

#### Modelling critical infrastructure via a mixed holistic reductionistic approach (2009)

###### Stefano De Porcellinis, Stefano Panzieri, Roberto Setola

International journal of critical infrastructures

Infrastructure systems and their interaction mechanisms can be interpreted following a multitude of different approaches, depending on different perspectives and levels of abstraction. In this paper, we propose a mixed approach, in which different representations of the same infrastructure is used in order to define the interdependencies and interactions among infrastructures and their elements. We explicitly introduce into our model the three concepts of: infrastructure, component and interaction; and model, on one hand, intra-domain dependencies with a reductionistic approach and, on the other hand, inter-domain dependencies mainly using a holistic vision.

# Anno 2008

#### An integrated approach for simulating interdependencies (2008)

###### Roberto Setola, Sandro Bologna, Emiliano Casalicchio, Vincenzo Masucci

International Conference on Critical Infrastructure Protection

The detailed simulation of interdependent critical infrastructures is a hard problem. Major challenges include modeling multiple heterogeneous infrastructures in a single framework and expressing internal dependencies and interdependencies between infrastructures. This paper attempts to address these issues by proposing a simulation framework where several sector-specific simulators (vertical simulators) are integrated into a general simulation environment (horizontal simulator). Specialized software implemented in the vertical simulators models individual infrastructures and their intra-domain dynamics. The horizontal simulator effectively captures inter-domain relationships and merges heterogeneous information from the vertical simulators to facilitate comprehensive infrastructure simulations.

#### R&D activities in Europe on critical information infrastructure protection (2008)

###### Sandro Bologna, Eric Luiijf, Roberto Setola

International Journal of System of Systems Engineering

In the last few years, there has been an increasing worry about Critical Information Infrastructures, their reliability, security and protection. Due to the huge complexity and novelty of the topic and the new challenge that it poses, world-wide large investment in R&D are planned for the future. Our study has shown that Critical Information Infrastructure Protection (CIIP) represents still a very immature field of research with very fuzzy and confused boundaries. This paper reports some of the results collected during the EU project CI²RCO about R&D activities on CIIP in Europe to illustrate the state of art and to emphasise the major areas of research. The study also identified the most relevant gaps between the stakeholder needs and the current research activities. This represents the base point to draw a R&D agenda on CIIP for Europe.

#### Simultaneous localisation and mapping of a mobile robot via interlaced extended Kalman filter (2008)

###### Stefano Panzieri, Federica Pascucci, Roberto Setola

International Journal of Modelling, Identification and Control

A crucial task for automatic explorations is the ability for a robot to real-time estimate its position in an unknown environment. To this end, the robot is required to simultaneously localise itself and to build a map of the surroundings (Simultaneous Localisation and Mapping (SLAM) problem). This problem represents an interesting test-bed for non-linear estimator techniques. In this paper we propose to illustrate a solution based on the Extended Kalman Filter (EKF) approach, able to considerably reduce the computational burden and memory occupancy requirements, both of them representing two of the main drawbacks for this class of solutions. Specifically, we adopt the Interlaced Extended Kalman Filter (IEKF) formulation where the whole estimation problem is decomposed into a number of semi-autonomous subproblems. To partially compensate the decoupling errors introduced, process and measurements covariance matrices are suitably augmented. Two different implementations are analysed and compared with traditional EKF-based approaches. Experimental results emphasise that, even if the IEKF formulations suffer for a slight degraded estimation, they dramatically reduce computational burden. In this way, IEKF solutions to SLAM problems appear to be a good trade-off between accuracy and computational requirements, making it suitable for real time implementations.

#### Failures propagation in critical interdependent infrastructures (2008)

###### Stefano Panzieri, Roberto Setola

International Journal of Modelling, Identification and Control

Welfare in developed countries strongly relies on many heterogeneous infrastructures generically named as critical infrastructures. These infrastructures, designed as autonomous systems, are actually more and more mutually dependent. This introduces new and extremely dangerous vulnerabilities in the overall system because an accidental or a malicious fault (e.g. terroristic attack) could exploit these ‘connections’to unpredictably spread, amplifying its negative consequences and affecting unforeseeable and haphazard sets of users. In this paper, we analyse performance degradation induced on this system of systems by the presence and spreading of failures in order to emphasise the most critical links existing among different phenomena. Due to uncertainties that characterise these systems, we use Fuzzy Numbers (FNs) to represent involved quantities. This allows a modelling approach that can be set up using also qualitative information that are easier to obtain from experts and stakeholders. Moreover, this choice brings to a better characterisation of the level of confidence of our results. Preliminary results on a simple case study illustrate the effectiveness of the proposed approach.

#### Simulation of heterogeneous and interdependent critical infrastructures (2008)

###### Stefano De Porcellinis, Roberto Setola, Stefano Panzieri, Giovanni Ulivi

International Journal of Critical Infrastructures

In this paper, a simulation tool specifically designed for the analysis of heterogeneous and (inter)dependent infrastructures is proposed. The simulator, named Critical Infrastructure Simulation by Interdependent Agents (CISIA), adopts a modular and sufficiently abstract representation of the different infrastructures’ components to allow consistent descriptions, starting from the incomplete and generic data acquirable from stakeholders. An important part of the modelling effort was reserved for the representation of the dependencies and interdependencies, these being the cause of the complex behaviours we are interested in. Each component interacts with the others via a multitude of mechanisms that codify different concepts of proximity. The simulator has been used to analyse, in a simplified scenario, crisis evolution in the urban area of Rome, in the presence of a failure in the electric power system.

#### Modelling interdependent infrastructures using interacting dynamical models (2008)

###### Vittorio Rosato, Limor Issacharoff, Fabio Tiriticco, Sandro Meloni, S Porcellinis, Roberto Setola

International Journal of Critical Infrastructures

We investigate the consequence of failures, occurring on the electrical grid, on a telecommunication network. We have focused on the Italian electrical transmission network and the backbone of the internet network for research (GARR). Electrical network has been simulated using the DC power flow method; data traffic on GARR by a model of the TCP/IP basic features. The status of GARR nodes has been related to the power level of the (geographically) neighbouring electrical nodes (if the power level of a node is lower than a threshold, all communication nodes depending on it are switched off). The electrical network has been perturbed by lines removal: the consequent re-dispatching reduces the power level in all nodes. This reduces the number of active GARR nodes and, thus, its Quality of Service (QoS). Averaging over many configurations of perturbed electrical network, we have correlated the degradation of the electrical network with that of the communication network. Results point to a sizeable amplification of the effects of faults on the electrical network on the communication network, also in the case of a moderate coupling between the two networks.

# Anno 2007

#### The old‐fashioned politzer maneuver: a video clip demonstration (2007)

###### Manuele Casale, Vittorio Rinaldi, Roberto Setola, Fabrizio Salvinelli

The Laryngoscope

Politzer maneuver causes retrograde inflation of the middle ear by forcing air through the eustachian tube, and it has been proposed by many authors as the main nonsurgical treatment of middle ear effusion. To our knowledge, this is the first case in the literature in which air entering into a middle ear with effusion through a Politzer maneuver has been captured on video

#### A methodology to estimate input-output inoperability model parameters (2007)

###### Roberto Setola, Stefano De Porcellinis

International Workshop on Critical Information Infrastructures Security

Input-output Inoperability Model (IIM) is a simple tool able to emphasize cascade effects induced in a complex infrastructure scenario by dependencies phenomena. One of the most challenging tasks for its use is the estimation of the model parameters. In the literature they are generally evaluated on the base of the amount of mutual economical exchanges. In this paper we illustrate a methodology to evaluate IIM parameters on the base of behavioural characteristics of the different infrastructures during a crisis. The approach exploits data collected via experts’ interviews handling also information about failure duration, estimation confidence and expert reliability. The methodology has been applied, as case study, to analyse Italian situation.

#### Use of a robot platoon to implement mobile ad-hoc network in rescue scenario-preliminary experimental results (2007)

###### Gianluca Antonelli, Filippo Arrichiello, Stefano Chiaverini, Simone Contrafatto, Roberto Setola

2007 IEEE International Workshop on Safety, Security and Rescue Robotics

This paper proposes the use of a platoon of mobile robots to carry a number of repeater antennas in order to guarantee a constant communication between a rescue operator (human or robot) and a fixed base station. These mobile antennas suitably move to dynamically ensure a multi-hop communication link, handling the occurrence of obstacles, signal fading area and failures such as, e.g., the fault of one or more mobile robots. The control objective is achieved in the framework of a kind of behavioral control, namely the null-space-based behavioral control (NSB). The effectiveness of the proposed strategy is verified in preliminary experiments obtained using a platoon of Khepera II mobile robots.

#### An innovative device to support Politzer manoeuvre (2007)

###### Stefano De Porcellinis, Roberto Setola, Manuele Casale, Federico Bianchi di Castelbianco, Fabrizio Salvinelli

2007 29th Annual International Conference of the IEEE Engineering in Medicine and Biology Society

Politzer manoeuvre causes retrograde inflation of the middle ear by forcing air through the Eustachian tube. It has been proposed as nonsurgical treatment of middle ear with effusion, Eustachian tube dysfunction and negative middle ear pressure from elevation changes. Even if Politzer manoeuvre can be considered a classical technique, it is generally performed without any feedback about its correctness neither about qualitative evidence about its efficacy. In this paper we describe an innovative device, named OtoFree, specifically designed to support medical doctors during Politzer manoeuvre. OtoFree provides information about the correctness of the manoeuvre and also useful hints about the treatments results.

#### DyCoH: an innovative tool to Dynamic Contrast Enhancement analysis (2007)

###### Valentina Russo, Roberto Setola, Riccardo Del Vescovo, Rosario Francesco Grasso, Bruno Beomonte Zobel

2007 29th Annual International Conference of the IEEE Engineering in Medicine and Biology Society

Contrast-Enhancement (CE) is an innovative approach, used in radiological framework, to evaluate the vascularization of the diseases. This non-invasive method determines the nature of a diseases, analysing the perfusion’s dynamic of contrast media in the tissues. In this paper we present an innovative tool named DyCoH (Dynamic Contrast Enhancement). This software, being specifically designed for this type of analysis, provides to medical doctor, in a very user-friendly framework, all the information needed to perform the CE analysis. DyCoH produces four inspectionable colour-maps that radiologists can use to identify the most relevant areas over which dynamically evaluates the contrast enhancement curve. However, the most interesting feature of DyCoH is its capability to manage, into a single framework, DICOM images produced by US, CT and MR of different vendors, allowing to support many types of clinical tests and to compare results provided by different diagnostic devices. Clinical tests have shown the effectiveness of the software and its capability to concretely support CE diagnoses.

#### Analysis of Interdependencies Between Italy’s Economic Sectors (2007)

###### Roberto Setola

International Conference on Critical Infrastructure Protection

The infrastructure sectors of developed countries have direct and indirect interdependencies. These interdependencies make national infrastructures extremely prone to the cascading effects of perturbations or failures. A negative event that reduces the operability of one infrastructure sector rapidly spreads to other sectors and back to the original sector in a feedback loop, amplifying the negative consequences throughout the national economy. This paper uses the Input-output Inoperability Model (IIM) to analyze interdependencies in Italy’s economic sectors. Economic data from 1995 to 2003 provided by the Italian National Institute of Statistics (ISTAT) is used to investigate the interdependencies in 57 sectors. The results demonstrate that interdependencies between economic sectors have an overall increasing trend, which can dramatically enhance the negative consequences of any sector perturbation or failure.

#### Simulazione di infrastrutture critiche eterogenee e interdipendenti (2007)

###### Manuela Aprile, Stefano De Porcellinis, Roberto Setola, Stefano Panzieri

Automazione Plus

Il simulatore, denominato Cisia, adotta una rappresentazione modulare e sufficientemente astratta dei differenti componenti delle infrastrutture tale da permettere descrizioni consistenti a partire anche da dati incompleti e generici, quali quelli spesso acquisibili dagli stakeholder. Una parte importante del lavoro di modellazione delle infrastrutture è stata riservata alla rappresentazione delle dipendenze e delle interdipendenze tra le loro componenti, essendo queste la principale causa dei comportamenti complessi e imprevedibili oggetto della nostra analisi. Secondo la rappresentazione adottata, ogni componente interagisce con gli altri attraverso una moltitudine di meccanismi, che codificano differenti concetti di prossimità. Il simulatore è stato utilizzato per analizzare, in una rappresentazione semplificata, gli effetti, in un’aerea urbana di Roma, in presenza di un failure nel sistema di trasmissione dall’energia elettrica.

#### Identifying and evaluating risks related to enterprise dependencies: a practical goal-driven risk analysis framework (2007)

###### Paolo Donzelli, Roberto Setola

International Journal of Risk Assessment and Management

This paper suggests a framework for identifying the extent to which an organisation depends on services and resources provided by either external or internal technological infrastructures and for evaluating the corresponding business risks. By combining the advantages provided by a goal-driven organization modelling technique with the analysis capabilities of an infrastructures simulator, the proposed framework provides a valuable managerial support for identifying, analysing, and eventually mitigating risks associated with enterprise dependencies. Its practical application is illustrated in a simplified context using e-government project data.

#### Availability of healthcare services in a network-based scenario (2007)

###### Roberto Setola

International journal of networking and virtual organisations

In this paper, we illustrate how the third millennium healthcare system is strongly related to many networked infrastructures. This contributes to improving its efficiency and efficacy but, at the same time, introduces new and very dangerous elements of vulnerability that should be carefully taken into account. These vulnerabilities are mainly induced by the presence of different, and many times hidden or poorly known, dependencies and interdependencies existing among the different infrastructures. These interdependencies induce an augmentation of possible threats and the occurrence that negative consequences of a failure might be largely amplified owing to the presence of the cascade and/or feedback phenomena. To better illustrate the possible catastrophic scenarios induced by this framework, the Input-output Inoperability Model (IIM) has been applied on a modern hospital to compare its behaviour, in the presence of a failure in the IP network, with that of a more classical structure.

# Anno 2006

#### Multirobot localisation using interlaced extended kalman filter (2006)

###### Stefano Panzieri, Federica Pascucci, Roberto Setola

2006 IEEE/RSJ International Conference on Intelligent Robots and Systems

This paper deals with a new approach to multi robot localization. An Interlaced extended Kalman filter is shown to be a good solution to the problem of estimating the pose of a team of robots with a fully decentralized algorithm. Moreover, it is feasible to dynamically “correct” the estimation autonomously evaluated by each single robot, updating this quantity anytime two robots randomly come across. The algorithm combines the robustness of a full state EKF with the simplicity of its interlaced implementation. It does not need global supervision, and allows a large flexibility in using exteroceptive sensors. The paper presents some simulations to show the feasibility of the approach considering a set of robots equipped with different combinations of sensors and with wireless communication devices able to support data exchange when they are sufficiently close.

#### High-speed intrusion detection in support of critical infrastructure protection (2006)

###### Salvatore D’Antonio, Francesco Oliviero, Roberto Setola

International Workshop on Critical Information Infrastructures Security

Telecommunication network plays a fundamental role in the management of critical infrastructures since it is largely used to transmit control information among the different elements composing the architecture of a critical system. The health of a networked system strictly depends on the security mechanisms that are implemented in order to assure the correct operation of the communication network. For this reason, the adoption of an effective network security strategy is seen as an important and necessary task of a global methodology for critical infrastructure protection. In this paper we present 2 contributions. First, we present a distributed architecture that aims to secure the communication network upon which the critical infrastructure relies. This architecture is composed of an intrusion detection system (IDS) which is built on top of a customizable flow monitor. Second, we propose an innovative method to extrapolate real-time information about user behavior from network traffic. This method consists in monitoring traffic flows at different levels of granularity in order to discover ongoing attacks.

#### An overview of r&d activities in europe on critical information infrastructure protection (CIIP) (2006)

###### Sandro Bologna, Giovanni Di Costanzo, Eric Luiijf, Roberto Setola

International Workshop on Critical Information Infrastructures Security

In recent years there has been an increasing R&D interest in critical infrastructures and their protection. However, this represents a still very immature field of research with very fuzzy and confused boundaries. This paper reports an initial overview of R&D activities in Europe on this topic to illustrate the state of art and to emphasize the major areas of research but also to identify the most relevant lacks.

#### A dynamical model for the study of complex system’s interdependence (2006)

###### Limor Issacharoff, Sandro Bologna, Vittorio Rosato, Giovanni Dipoppa, Roberto Setola, Enrico Tronci

Proc. of the International Workshop on Complex Network and Infrastructure Protection (CNIP 2006)

In this paper we report the main ideas and some preliminary results of a multi-scale approach to complex system’s interdependence. Critical Infrastructures can be modelled as complex networks hosting specific entities flowing along them. The dynamics and the behavior of those flows depends on both the level of functioning of the hosting networks but also on that of other networks to which they are functionally coupled. The proposed method consists in two steps: in the first, microscopic-models of complex networks are simulated, firstly as stand-alone systems and then by connecting them together via some empirical interconnection law. In the second, the resulting susceptibilities (connecting the level of service of one network to that of the others) are used in a Leontief-type analysis to predict the macroscopic behavior of the interconnected systems.

#### Coordinated Control of Mobile Antennas for Ad-Hoc Networks in Cluttered Environments (2006)

###### Gianluca Antonelli, Filippo Arrichiello, Stefano Chiaverini, Roberto Setola

IAS-9, Proceedings of the 9th International Conference on Intelligent Autonomous Systems

Mobile ad-hoc networks are used to extend and adapt the area covered by a static network of antennas. This is the case of an autonomous agent moving in a cluttered environment that needs to be connected to a fixed, limited-range, base station. The wireless network can be obtained by resorting to a platoon of mobile robots carrying each one antenna. Self-configuration of the robots’ platoon is achieved by a singularity-robust task-priority inverse kinematics algorithm via the definition of suitable task functions. The effectiveness of the proposed algorithm has been extensively verified via numerical simulations involving an autonomous mobile robot moving in a cluttered environment.

#### Modelling and simulation of interdependent critical infrastructure: the road ahead (2006)

###### Emiliano Casalicchio, Paolo Donzelli, Roberto Setola, Salvatore Tucci

Communication Networks and Computer Systems: A Tribute to Professor Erol Gelenbe

Developed societies base their existence on services and resources provided by an increasingly complex network of interdependent critical infrastructures, from power distribution and communication networks, to logistics and healthcare systems, to the Internet. Understanding the behaviour of this system of systems under normal and exceptional circumstances is a mandatory step in order to reduce our dependence and design strategies to increase its dependability. Unfortunately, its complexity overcomes the capability of available methods. In the chapter, we provide an overview of the emerging methodologies and tools, discussing relative potentials and limits.

#### Video-Rhino-Hygrometer (RH) (2006)

###### Manuele Casale, Valerio Cusimano, Fabrizio Salvinelli, Roberto Setola, Paolo Soda

2006 International Conference of the IEEE Engineering in Medicine and Biology Society

Rhinomanometry includes a set of methodologies to diagnose pathological alterations of the nostrils and nasal cavities. Some anatomic variations could cause partial or sub total obstruction of one or both nostrils, leading to insufficient nasal respiration. Rhinomanometry measures the airflow through one nostril at time, while a pad occludes the other. This method has some drawbacks, such as the alteration of airflow in the not-occluded nostril due to the presence of the pad, the low reproducibility, and a reduced patient comfort. In this paper we propose a new methodologies that, we call Video-Rhino- Hygrometer (VRH) and illustrate specific device to perform it. VRH may be considered as an automatized evolution of the classical Glatzel methods, because it infers information on clinical parameters analysing the image produced by the condense of the breath on a suitable surface. Specifically, VRH uses a web-cam to record these images and, after a suitable processing, it is able to compute a set of clinical features useful to perform diagnosis. Encouraging clinical tests show that the proposed approach provides results comparable with classical rhinomanometry tools without using the pad, obtaining reproducibility results, with an higher comfort for the patient and with a reduced examination time.

#### Coordinated control of mobile antennas for ad hoc networks (2006)

###### Gianluca Antonelli, Filippo Arrichiello, Stefano Chiaverini, Roberto Setola

IJMIC

This paper investigates the implementation of a wireless mobile ad-hoc network to guarantee that an autonomous agent, ie, an autonomously driven mobile vehicle or a human, remains connected to a fixed base station while performing its own mission. To the purpose, the use of a platoon of mobile robots is proposed to carry a number of repeater antennas; these are suitably moved to dynamically ensure a multi-hop communication link to the moving agent, hence extending and adapting the area covered by the sole base station. Self configuration of the robots’ platoon is achieved by a singularity-robust task-priority inverse kinematics algorithm via the definition of suitable task functions. The obtained simulation results show the effectiveness of the proposed approach.

# Anno 2005

#### Le infrastrutture critiche informatizzate (2005)

###### Sandro Bologna, Roberto Setola, Salvatore Tucci

Mondo Digitale

Lo sviluppo tecnologico, finanziario e so-ciale dei paesi industrializzati dipende, e dipenderà sempre più, dalla disponibilità e dal corretto funzionamento di infrastrutture tecnologiche quali: rete di trasmissione e distribuzione dell’energia (elettrica, del gas ecc.), reti di telecomunicazione, reti di calcolatori, reti di trasporto (automobilistico, ferroviario, aereo ecc.), sistema sanitario, circuiti bancari e finanziari, sistemi idrici ecc.. Per la loro rilevanza queste infrastrutture sono generalmente indicate globalmente con il termine di Infrastrutture Critiche poiché un loro non corretto funzionamento, anche per un periodo di tempo limitato, può incidere negativamente sull’economia di singoli o di gruppi, comportando perdite economiche se non addirittura mettendo a rischio la sicurezza di cose e persone.

#### The need to improve local self-awareness in CIP/CIIP (2005)

###### Sandro Bologna, Roberto Setola

First IEEE International Workshop on Critical Infrastructure Protection (IWCIP’05)

Interdependences represent one of the most relevant elements in the actual techno-social scenario. Indeed, especially due to the wide spread of ICT, we observe an exponential increase in the points of contact among the different infrastructures. This phenomenon is largely due to (or induced by) the increased need to exchange information among large communities of users and stakeholders in order to improve efficiency, to reduce costs and to supply innovative services. Unfortunately, these interdependencies have dramatically increased the level of complexity and introduced, as emphasised by some recent episodes, new and very dangerous vulnerabilities. The need to improve robustness and resilience of the system of systems composed by the different interdependent infrastructures represents a very hard challenge for the next years. In the paper we emphasize that, from the technological point of view, strategies to reach this goal should be based on a better use of information. Indeed in the presence of global threats, we need to improve the local capability to autonomously react to anomaly situations. This capability is largely related, further to an amount of distributed intelligence, to our ability to improve information gathering (from environment) and sharing (among infrastructures). However, as stressed in the paper, technology is just one dimension along which we have to work; indeed, we should consider also social, economical and political activity: critical infrastructure protection is a global task, it calls for global solution.

#### Interlaced extended kalman filter for real time navigation (2005)

###### Stefano Panzieri, Federica Pascucci, Roberto Setola

2005 IEEE/RSJ International Conference on Intelligent Robots and Systems

Real-time applications ask for reduced computational cost algorithms. In robotic exploration of unstructured environments the problem is more challenging: several tasks, at the same time, must be carried on ranging from reactive behaviours to the building of a structured representation of the environment itself. Many sensor signals have to be processed at each step to estimate both landmarks and robot positions. This mapping aptitude can be implemented through an extended Kalman filter recently proposed in a previous paper. Due to the large number of estimated variables, and real-time constraints, the filter is better implemented in its interlaced version. The novelty of this paper consists in extending the IEKF filter, removing some hypothesis on the linearity of both state transition and observation mapping, in order to further reduce computational burden and then achieve a better tradeoff among computational load and accuracy.

#### A self-configuring MANET for coverage area adaptation through kinematic control of a platoon of mobile robots (2005)

###### Gianluca Antonelli, Filippo Arrichiello, Stefano Chiaverini, Roberto Setola

2005 IEEE/RSJ international conference on intelligent robots and systems

This paper investigates the implementation of a wireless mobile ad-hoc network to guarantee that an autonomously driven mobile vehicle remains connected to a limited-coverage base antenna during its motion. To the purpose, the use of a platoon of mobile robots is proposed to carry a number of repeater antennas; these must be suitably moved to dynamically ensure a multi-hop communication link to the vehicle that extends outside the area covered by the sole base antenna. Self configuration of the robots’ platoon is then achieved by a singularity-robust task-priority inverse kinematics algorithm via the definition of suitable task functions. The obtained simulation results show the effectiveness of the proposed approach.

#### Simultaneous localization and map building algorithm for real-time applications (2005)

###### Stefano Panzieri, Federica Pascucci, Roberto Setola

IFAC Proceedings Volumes

Mobile robot navigation in unstructured environment is a challenging task due to the uncertain nature of the real world. Navigating using visual landmarks could be a mandatory skill together with the ability of building a representation of the world around the robot. This mapping aptitude should be implemented as an efficient real-time task, even if a large number of elements have to be included in the map itself. To this aim, and to help in localising the robot, a promising technique is given by the Extended Kalman Filter in its interlaced version. The resulting SLAM algorithm, proposed in this paper, has a reduced computational cost preserving, at the same time, a good performance.

#### An approach to model complex interdependent infrastructures (2005)

###### Stefano Panzieri, Roberto Setola, Giovanni Ulivi

IFAC Proceedings Volumes

Developed countries rely on many infrastructures as energy transportation, water supply telecommunication, etc., which are more and more mutually dependent. This phenomenon represents a new and very dangerous vulnerability: an accidental or malicious (e.g., terroristic attack) fault could spread across, amplifying its negative consequences. This imposes to develop methodologies and tools to support decision makers and infrastructures’ stakeholders in the analysis of these new scenarios, and in defining suitable protection strategies. To this end, in this paper, we propose an approach to model interdependent infrastructures which, on the bases of mostly qualitative information, is able to set up a (rather sophisticated) simulator.

# Anno 2004

#### An agent based simulator for critical interdependent infrastructures (2004)

###### S Panzieri, R Setola, G Ulivi

Securing Critical Infrastructures, CRIS2004: Conference on Critical Infrastructures

The increasing relevance of the technological infrastructures (energy, communication, water supply, transportation, etc.) on our life imposes great attention about their protection. These infrastructures are complex networks, geographically dispersed and can be defined as non-linear systems that interact both among themselves, and with their human owners, operators and users [1]. Moreover, the presence of an increasing number of interdependencies among them has dramatically augmented the complexity of the whole system and, at the same time, has increased its vulnerability. Indeed, due to the tight coupling showed by these infrastructures, an accidental or malicious failure in one of them may easily spread across the networks amplifying its negative consequences and affecting remote (from geographical and/or logical point of view) users.

#### An Overview on Modelling And Simulation Techniques for Critical Infrastructures (2004)

###### Emiliano Casalicchio, Roberto Setola, Salvatore Tucci

IEEE

The increasing relevance of the technological infrastructures (energy, communication, transportation, etc.) on our life imposes great attention about their protection. However, due to the complexity of these systems and of their tight interdependencies, the very first step is the developing of methodologies and tools able to help us to better understand the behavior of the huge system composed by the different interdependent infrastructures. In this paper we summarize some of the most promising approaches developed into the literature for the study and the simulation of this system of systems.

#### Identifying and Evaluating Critical Infrastructures-A Goal-driven Dependability Analysis Framework (2004)

###### Paolo Donzelli, Roberto Setola, Salvatore Tucci

Proceedings of the International Conference on Communications in Computing, CIC ’04

Organizations increasingly depend on the correct functioning(dependability) of technological infrastructures (critical infrastructures) that are generally out of their control: banking and financial services, electricity, fuel and water supply networks, and information and telecommunication networks. Being able of clearly identifying the specific elements of these infrastructures upon which they strictly depend, and understanding the impact of any possible failure in business terms (at strategic and financial level), is crucial for organizations to identify, and prioritise the investments to reduce their vulnerability (dependability investments). To address this issue, the paper proposes a goal-driven dependability analysis framework, which combines high-level requirements engineering techniques for socio-technical systems with a fuzzy logic simulator. An on-going e-government project is used for illustration.

#### Vulnerabilità informatica dei sistemi SCADA connessi alle reti pubbliche (2004)

###### Stefano Panzieri, Ilaria Scarano, Roberto Setola

Valutazione e gestione del rischio negli insediamenti civili ed industriali. VGR

I sistemi informatici SCADA, generalmente impiegati per il controllo ed il monitoraggio di reti di distribuzione dell’energia elettrica, del gas, o dell’acqua, oppure impiegati nella supervisione di impianti industriali, sono stati storicamente progettati come elementi autonomi ed isolati rispetto alle altre reti telematiche aziendali. Per una serie di ragioni di natura economica, sociale, organizzativa e tecnologica questo scenario è andato rapidamente modificandosi nell’ultimo decennio. I sistemi SCADA risultano, infatti, ora profondamente integrati con le altre reti informatiche aziendali al punto da risultare affetti dalle stesse vulnerabilità che caratterizzano queste ultime. Ciò impone la necessità di modificare le strategie di sicurezza iniziando a considerare, in parallelo alle minacce fisiche, anche quelle provenienti dal cyberspace.

#### Vulnerabilità indotta dal Cyberspace sui Sistemi di Monitoraggio e Controllo (2004)

###### Stefano Panzieri, Roberto Setola

Atti del Convegno Nazionale ANIPLA–ENERSIS

La sempre maggiore integrazione dei sistemi di monitoraggio e controllo, utilizzati per la supervisione degli impianti di distribuzione dell’energia elettrica e del gas, con le reti informatiche aziendali oltre che l’utilizzo di canali di comunicazione e software commerciali impongono la necessità di considerare anche le vulnerabilità indotte dal cyberspace e, quindi, opportune strategie e procedure di sicurezza.

# Anno 2003

#### La protezione delle Infrastrutture Critiche informatizzate (2003)

###### Roberto Setola

Automazione e Strumentazione

Le Infrastrutture Critiche costituiscono la spina dorsale delle economie dei Paesi sviluppati. La convergenza dei media utilizzati, e in particolare l’utilizzo di Internet, sta portando alla creazione di un’infrastruttura globale world-wide. Purtroppo questo fenomeno, contribuendo ad accoppiare le diverse infrastrutture, incrementa la vulnerabilità dell’intero sistema poiché ogni errore o guasto che si verifica in un’infrastruttura può propagarsi ad altre infrastrutture provocando inconvenienti e danni anche a soggetti remoti (sia dal punto di vista geografico che logico) rispetto alla causa del danno.

# Anno 2002

#### Handling the knowledge acquired during the requirements engineering process: a case study (2002)

###### Paolo Donzelli, Roberto Setola

Proceedings of the 14th international conference on Software engineering and knowledge engineering

Performing the requirements engineering process for software-intensive systems, characterized by a high organizational impact, requires the analysts to handle a large amount of information, related to desires, needs, and constraints of a vast number of completely different stakeholders. The paper presents an organization modeling-based requirements engineering framework, where advanced requirements engineering techniques are combined with software quality modelling approaches to support the analysts in capturing, and formalising the knowledge embedded in the organisation, from which the sought system functionality and quality attributes may be derived. The collected knowledge will not only support the specific project but will represent an organizational assetto be exploited for future systems/organization evolution.

# Anno 2001

#### Agents and goals in the requirements engineering process—a case study (2001)

###### Paolo Donzelli, Roberto Setola

Proceedings of the 2002 Conference of the Italian Automatic Computation Association, Pisa, Italy

The paper presents an organization modeling-based Requirements Engineering Framework, where advanced requirements engineering techniques, such as agents and goals, are combined with software quality modeling approaches to better assist and drive analysts and stakeholders to an early definition and validation of the desired system functionality and quality attributes, while supporting the redesign of the application context to better exploit the new system’s capabilities. As a case study, this paper reports on a real project, concerned with the introduction of a Electronic Record Management System within the Italian Office of the Prime Minister, as a first step towards a paperless knowledge workplace.

#### A low cost vision based localization system for mobile robots (2001)

###### S Panzieri, F Pascucci, R Setola, G Ulivi

Computer Science

Articial vision is one of the most versatile sensory systems. It can be used in many environments such as indoor, outdoor, space, and even in underwater contexts. Most of times, vision based localization requires complex algorithms and hardware resources when related to general environment features. However, using simple landmarks can reduce dramatically the cost and the complexity of the recognition system. In typical indoor environments, in particular in o±ces, ceiling lamps are all of the same type and are placed in a quite regular way. Moreover, they can be easily seen, as generally no obstacles can exist between them and the robot vision system. These peculiarities motivated a study on the possibility of implementing a very low cost localization procedure using a standard onboard webcam. Inexpensive hardware implies several problems: among the others, the need for a procedure that compensate for optical distortions, the poor quality of image, and the slow transfer rate.

# Anno 1999

#### HERMES: A new stand-alone platform for active noise control and damage detection (1999)

###### Massimo Viscardi, Nicola Marino, Gianluca Isernia, Roberto Setola

INTER-NOISE and NOISE-CON Congress and Conference Proceedings

In this paper, a new stand-alone board explicitly designed to active noise and vibration control and for damage detection, is presented. The system is based on ADSP-21060 SHARK and for flexibility the hardware is divided in two parts: the main processor board, containing the A/D and D/A converters, able to work as stand-alone or in a multiprocessor system being configurable without any hardware change; the I/O interface boards. All the boards are accommodated in a compact rack. The authors have developed all the software tools needed for application in the active noise control or damage detection framework. The software parameters may be changed by the user via a user friendly interface from a host PC connected to the system via a RS232 port.

#### A sliding manifold approach for vibration reduction of flexible systems (1999)

###### Alberto Cavallo, Giuseppe De Maria, Roberto Setola

Automatica

In this paper an active vibration controller for flexible systems is developed using a sliding manifold approach. The controller is designed to “eliminate” the system modes whose frequencies are close to the disturbance frequencies. The sliding surface consists of a time-invarying part which “eliminates” the selected modes without affecting the remaining dynamics, and a time-varying part which bounds the control amplitude and its rate in the transient. Moreover, the features of the controller allows one to reduce the excitation of the high-frequency modes to reduce the spillover phenomenon.

#### An interlaced extended Kalman filter (1999)

###### Luigi Glielmo, Roberto Setola, Francesco Vasca

IEEE Transactions on automatic control

An estimation algorithm for a class of discrete time nonlinear systems is proposed. The system structure we deal with is partitionable into in subsystems, each affine w.r.t. the corresponding part of the state vector. The algorithm consists of a bank of m interlaced Kalman filters, and each of them estimates a part of the state, considering the remaining parts as known time-varying parameters whose values are evaluated by the other filters at the previous step. The procedure neglects the subsystem coupling terms in the covariance matrix of the state estimation error and counteracts the errors so introduced by suitably “increasing” the noise covariance matrices. Comparisons through numerical simulations with the extended Kalman filter and its modified versions proposed in the literature illustrate the good trade-off provided by the algorithm between the reduction of the computational load and the estimation accuracy.

#### Interlaced extended Kalman filter as deterministic nonlinear observer (1999)

###### Luigi Glielmo, Roberto Setola, Francesco Vasca

1999 European Control Conference (ECC)

In this paper a Kalman filter based observer for a class of deterministic discrete-time nonlinear systems is proposed. Exploiting the system structure, we propose an observer consisting of interlaced Kalman filters and we establish sufficient conditions that guarantee the local convergence of the observer. Numerical simulations illustrate the good trade-off provided by the algorithm between the reduction of the computational load and the estimation accuracy.

# Anno 1998

#### Robust vibration control of a DC9 aircraft frame (1998)

###### Alberto Cavallo, Giuseppe de Maria, GD Leccia, R Setola

Proceedings of the 37th IEEE Conference on Decision and Control

An active vibration controller for a DC9 fuselage frame is proposed. The controller is based on singular perturbation theory in order to guarantee robustness properties with respect to model uncertainties and disturbances. More specifically, the control defines a time-varying sliding manifold which is designed in order to “eliminate” the modes close to disturbance frequencies, without modifying the remaining dynamics. Moreover, the proposed approach allows one to avoid discontinuities in the control signal and to bound its rate of variation to reduce the excitation of high-frequency dynamics (spillover phenomenon).

#### Experimental results on a second order sliding manifold approach for tracking problems (1998)

###### Alberto Cavallo, E Leccia, R Setola

Proceedings of the 1998 IEEE International Conference on Control Applications

A second order sliding manifold approach is used to design a robust controller for linear systems. The proposed approach, based on the singular perturbation theory, allows one to obtain robust performance also assuring a smooth control signal. The effectiveness of the controller is experimentally investigated on a DC servodrive system.

#### A spline-based state reconstruction for active vibration control of a flexible beam (1998)

###### R Setola

Journal of sound and vibration

In this paper a technique for “instantaneous” reconstruction of state variables of a flexible beam is proposed. The reconstructor uses spline shape functions to interpolate the available measurements and to take into account the boundary conditions. Unlike usual dynamic observers, this technique does not require a copy of the system neither any information about the inputs, hence it is able to work even in the presence of persistent disturbances and uncertain parameters. The spline functions introduce a sort of “spatial filtering” on the high-frequency modes, this phenomenon increases the robustness of the control scheme against spillover. Computer simulations show that this reconstructor, joined to a suitable controller, is able to reduce the vibration of beams subject to persistent multifrequency disturbances acting at unknown beam abscissae.

# Anno 1997

#### A robust controller for active vibration control of flexible systems (1997)

###### Alberto Cavallo, Giuseppe De Maria, E Leccia, R Setola

Proceedings of the 36th IEEE conference on decision and control

In this paper an active vibration controller for flexible systems is developed using a sliding manifold approach. The sliding surface consists of a time-invariant part which “eliminates” the selected modes without affecting the other dynamics, and a time-varying part which bounds the control amplitude and its rate in the transient. If the state is not available an observer is needed to implement the control law. In particular, a time varying term is introduced in the observer in order to avoid peaking phenomena. Moreover it is shown that it is possible to asymptotically recover the state feedback performance using a modified LTR procedure. The proposed control strategy reduces the excitation of the high frequencies modes, hence reducing the spillover phenomenon.

#### Sliding manifold approach to vibration control of flexible systems subject to narrow-band disturbances (1997)

###### Alberto Cavallo, Giuseppe De Maria, R Setola

1997 European Control Conference (ECC)

A control strategy for vibration reduction of flexible structures subject to persistent narrow band disturbances is presented. The controller is developed using the singular perturbation theory. In particular, the controller is designed by means of a suitable time-varying sliding surface which ensures bounds on control amplitude and on its rate of variation. Moreover, the surface is designed to eliminate the modes close to disturbance frequencies in order to reduce the vibration, without modifying the remaining ones. The control scheme is implemented on two different pinned-pinned beam with uniform and nonuniform cross section, respectively.

#### Vibration Control of Flexible Systems via Sliding Manifold Approach (1997)

###### Alberto Cavallo, Giuseppe De Maria, R Setola

IFAC Proceedings Volumes

In this paper an active vibration controller for flexible systems is developed using a sliding manifold approach. The controller is designed to “eliminate” the system’s mode whose frequency is closer to the disturbance frequency. The sliding approach ensures the robustness of the control scheme against large uncertainties generally present in flexible structure models. The sliding surface consists of a time-invarying part which “eliminates” the selected mode without affecting the other dynamics, and a time-varying part which bounds the control amplitude and its rate in the transient. If the state is not available an observer is needed to implement the control law. In particular, a time varying term is introduced in the observer in order to avoid the peaking phenomenon. The features of the controller and observer allow one to reduce the excitation of high frequency modes, hence to reduce the spillover phenomenon.

#### A multivariable stability margin in the presence of time-varying, bounded rate gains (1997)

###### F Amato, M Corless, Massimiliano Mattei, R Setola

International Journal of Robust and Nonlinear Control: IFAC‐Affiliated Journal

In this paper we consider a MIMO asymptotically stable linear plant. For such a system the classical concepts of quadratic stability margin and multivariable gain margin can be defined. These margins have the following interpretation: consider the closed‐loop system composed of the plant and several real parameters, one inserted in each channel of the loop; then any time‐varying (time‐invariant) parameters whose amplitudes are smaller than the quadratic stability (multivariable gain) margin result in a stable closed‐loop system. For time‐varying parameters whose magnitudes are between these two stability measures, stability may depend on the rate of variation of the parameters. Therefore it makes sense to consider the stability margin given by the maximal allowable rate of variation of the parameters which guarantees stability of the closed loop system. As shown in this paper, a lower bound on this margin can be obtained with the aid of parameter dependent Lyapunov functions.

# Anno 1996

#### Integrated model of a flexible beam with piezoelectric plates for active vibration control (1996)

###### G Ambrosino, G Celentano, R Setola
A new approach to the integrated modelling of a mechanical structure and piezoelectric plates is presented. Tn particular a beam-like structure is considered, i.e. a structure which may be modelled by means of the elastic line equations. It is shown how to include into the beam model the interaction with the piezoelectric sensors and actuators dynamics and with the dynamics of the electric network at which the piezoelectric devices are connected. The resulting model is particularly useful for the design of control systems.

#### Robust Stability in the Presence of a Bounded and Bounded Rate, Time-Varying, Uncertain Parameter (1996)

###### F Amato, M Corless, A Pironti, R Setola

IFAC Proceedings Volumes

In this paper a linear time-varying uncertain system depending in structured, norm-bounded, one-block fashion on an uncertain, real, time-varying parameter, whose magnitude is between the complex stability radius and the real stability radius, is considered. In this case, stability of the system can depend on the time rate of variation of the parameter. By utilizing parameter dependent Lyapunov functions, one can take the parameter rate of change into account and obtain sufficient conditions for stability which are less restrictive than those imposed by parameter independent Lyapunov functions.

#### A technique for narrow-band persistent-disturbance attenuation (1996)

###### G Celentano, R Setola

IFAC Proceedings Volumes

A control strategy for the reduction of a narrow-band disturbance is presented. The controller is based on a modified version of the Internal Model Principle within an LQ state feedback. The performance of the controller is further increased by means of a suitable optimization procedure.

#### Robust vibration control of flexible structures by using piezoelectric devices (1996)

###### G Celentano, U Ciniglio, S Scala, R Setola

International congress on noise control engineering

Pascal 001 Exact sciences and technology/001B Physics/001B40 Fundamental areas of phenomenology (including applications)/001B40F Solid mechanics/001B40F30 Structural and continuum mechanics/001B40F30M Vibration, mechanical wave, dynamic stability (aeroelasticity, vibration control…)

#### Using Matlab, Simulink and Control Toolbox. A practical approach (1996)

###### Alberto Cavallo, Roberto Setola, Francesco Vasca

Prentice Hall

This book is essentially a supplementary manual to MATLAB, Simulink and Control Toolbox. The distinguishing feature of the volume is its high number of worked examples. These allow the reader to proceed from the basic MATLAB commands to the more sophisticated Control System Toolbox procedures and to the optimized SIMULINK scheme, avoiding unnecessary functions. The material begins assuming no familiarity with MATLAB. Chapter One explains how to insert data from keyboard and external files. However, advanced techniques are presented throughout the book in highlighted paragraphs.

# Anno 1995

#### A spline approach to state reconstruction for optimal active vibration control of flexible systems (1995)

###### G Ambrosino, G Celentano, R Setola

Proceedings of International Conference on Control Applications

In this paper a new technique for “instantaneous” reconstruction of the state variables of a flexible system is proposed. The reconstructor is based on the use of spline shape functions to interpolate available measurements by taking into account both constraints and boundary conditions. Unlike the usual dynamic observers, this technique does not require the use of a copy of the system neither any information about the inputs hence it is able to work well even in presence of persistent disturbances and uncertain parameters. The spline shape property of smoothest interpolation introduces a “spatial filtering” phenomenon on the high-frequency modes which increases the robustness of the control scheme against spillover.

# Anno 1994

#### Parallel Kalman filter algorithm for state estimation in bilinear systems (1994)

###### L Glielmo, P Marino, R Setola, F Vasca

Proceedings of 1994 33rd IEEE Conference on Decision and Control

In this paper an algorithm for the state estimation of a class of bilinear systems in the presence of noise is proposed. The systems considered are such that a suitable partition of the state vector into two parts allows a bilinear representation of the system. The proposed algorithm is obtained paralleling two Kalman filters: each of them estimates a part of the state, considering the other part as known time-varying parameters.

#### Reduced Kalman filtering for indirect adaptive control of the induction motor (1994)

###### L Glielmo, Pompeo Marino, R Setola, F Vasca

International journal of adaptive control and signal processing

Parameter variations strongly affect the application of indirect field‐oriented control (FOC) of the induction motor. To estimate those parameters which cannot be obtained by means of a direct measure, an augmented state observer can be constructed; in particular, the presence of noise introduced by the inverter and sensors suggests the use of an extended Kalman filter (EKF). In this paper, by analysing the indirect FOC technique via a two‐time‐scale approach, we formally justify its effectiveness and propose a reduced‐order EKF which is used to construct an adaptive version of the FOC method. The practical drawback of reduced‐order EKFs, i.e. the necessity to differentiate measured quantities, is avoided by exploiting some peculiarities of the field‐oriented controller.

# Anno 1993

#### Reduced order extended kalman filter for estimation of induction motor rotor resistance (1993)

###### L Glielmo, P Marino, R Setola, F Vasca

Proceedings of 32nd IEEE Conference on Decision and Control

In this paper the induction motor rotor resistance is estimated by a reduced-order extended Kalman filter which, by decreasing the computational burden, allows real-time applications.