EMotor_2014_D33_v4 Documentation

Model: Adjudicator (Left)

Model: Adjudicator (Right)

Place Attributes:
Place Names Initial Markings

CCF_active 0

CCF_enabler CC_enabler

CH1_OK 1

CH1_Safe_Failure 0

CH1_US_Failure 0

CH2_OK 1

CH2_Safe_Failure 0

CH2_US_Failure 0

System_OK 1

System_Safe_Failure 0

System_Unsafe_State 0

**Place Attributes**:
Place Names	Initial Markings
CCF_active	0
CCF_enabler	CC_enabler
CH1_OK	1
CH1_Safe_Failure	0
CH1_US_Failure	0
CH2_OK	1
CH2_Safe_Failure	0
CH2_US_Failure	0
System_OK	1
System_Safe_Failure	0
System_Unsafe_State	0

Timed Activity: Common_failure

Distribution Parameters Rate

CC_failure_rate

Activation Predicate (none)

Reactivation Predicate (none)

Timed Activity:	Common_failure
Distribution Parameters	Rate CC_failure_rate
Activation Predicate	(none)
Reactivation Predicate	(none)

Instantaneous Activities Without Cases:

System_OK_Act

System_SS_Act

System_US_Act

Instantaneous Activities Without Cases:
System_OK_Act
System_SS_Act
System_US_Act

Input Gate: Common_mode_enabler

Predicate
((CH1_OK->Mark() > 0) && (CH2_OK->Mark() > 0) && (System_OK->Mark() > 0) && (CCF_enabler->Mark() > 0))

Function
;

Input Gate:	Common_mode_enabler
Predicate	((CH1_OK->Mark() > 0) && (CH2_OK->Mark() > 0) && (System_OK->Mark() > 0) && (CCF_enabler->Mark() > 0))
Function	;

Input Gate: Sys_OK_Gate

Predicate
(((CH1_OK->Mark() != 0) || (CH2_OK->Mark() != 0)) && (System_OK->Mark() == 0))

Function
;

Input Gate:	Sys_OK_Gate
Predicate	(((CH1_OK->Mark() != 0) \|\| (CH2_OK->Mark() != 0)) && (System_OK->Mark() == 0))
Function	;

Input Gate: System_SS

Predicate
(CH1_OK->Mark() == 0) && (CH2_OK->Mark() == 0) && (System_Safe_Failure->Mark() == 0) && ((CH1_Safe_Failure->Mark() != 0) || (CH2_Safe_Failure->Mark() != 0))

Function
;

Input Gate:	System_SS
Predicate	(CH1_OK->Mark() == 0) && (CH2_OK->Mark() == 0) && (System_Safe_Failure->Mark() == 0) && ((CH1_Safe_Failure->Mark() != 0) \|\| (CH2_Safe_Failure->Mark() != 0))
Function	;

Input Gate: System_US_Gate

Predicate
(CH1_OK->Mark() == 0) && (CH2_OK->Mark() == 0) && (CH1_Safe_Failure->Mark() == 0) && (CH2_Safe_Failure->Mark() == 0) && (System_Unsafe_State->Mark() == 0)

Function
;

Input Gate:	System_US_Gate
Predicate	(CH1_OK->Mark() == 0) && (CH2_OK->Mark() == 0) && (CH1_Safe_Failure->Mark() == 0) && (CH2_Safe_Failure->Mark() == 0) && (System_Unsafe_State->Mark() == 0)
Function	;

Input Gate: System_state_enabler

Predicate
(System_OK->Mark() > 0)

Function
;

Input Gate:	System_state_enabler
Predicate	(System_OK->Mark() > 0)
Function	;

Output Gate: Set_both_Gate

Function
CCF_active->Mark() = 2;

Output Gate:	Set_both_Gate
Function	CCF_active->Mark() = 2;

Output Gate: Syste_US_Gate

Function
System_OK->Mark() = 0; System_Safe_Failure->Mark() = 0; System_Unsafe_State->Mark() = 1;

Output Gate:	Syste_US_Gate
Function	System_OK->Mark() = 0; System_Safe_Failure->Mark() = 0; System_Unsafe_State->Mark() = 1;

Output Gate: System_OK_Gate

Function
System_OK->Mark() = 1; System_Safe_Failure->Mark() = 0; System_Unsafe_State->Mark() = 0;

Output Gate:	System_OK_Gate
Function	System_OK->Mark() = 1; System_Safe_Failure->Mark() = 0; System_Unsafe_State->Mark() = 0;

Output Gate: System_SF_Gate

Function
System_OK->Mark() = 0; System_Safe_Failure->Mark() = 1; System_Unsafe_State->Mark() = 0;

Output Gate:	System_SF_Gate
Function	System_OK->Mark() = 0; System_Safe_Failure->Mark() = 1; System_Unsafe_State->Mark() = 0;

Model: Adversary (Left)

Model: Adversary (Right)

Place Attributes:
Place Names Initial Markings

AttackedID_1 0

AttackedID_2 0

C_CH_1_attacked 0

C_CH_2_attacked 0

Channel1_attacked 0

Channel2_attacked 0

ConfAttack_in_progress 0

ControlAttack_in_progress 0

Start attack_count

Torque_Attack_in_progress 0

single_both_enabler single_SS_enabler_is_0

**Place Attributes**:
Place Names	Initial Markings
AttackedID_1	0
AttackedID_2	0
C_CH_1_attacked	0
C_CH_2_attacked	0
Channel1_attacked	0
Channel2_attacked	0
ConfAttack_in_progress	0
ControlAttack_in_progress	0
Start	attack_count
Torque_Attack_in_progress	0
single_both_enabler	single_SS_enabler_is_0

Timed Activity: Attacker_Profile

Distribution Parameters Rate

AttackRate

Activation Predicate (none)

Reactivation Predicate (none)

Case Distributions case 1

SS_Conf_Attack
case 2

TorqueAttack
case 3

ControlConfAttack

Timed Activity:	Attacker_Profile
Distribution Parameters	Rate AttackRate
Activation Predicate	(none)
Reactivation Predicate	(none)
Case Distributions	case 1 SS_Conf_Attack case 2 TorqueAttack case 3 ControlConfAttack

Instantaneous Activity: C_CH_Select

Case Distributions case 1

0.5
case 2

0.5

Instantaneous Activity:	C_CH_Select
Case Distributions	case 1 0.5 case 2 0.5

Instantaneous Activity: SW_CH_Select

Case Distributions case 1

0.5
case 2

0.5

Instantaneous Activity:	SW_CH_Select
Case Distributions	case 1 0.5 case 2 0.5

Instantaneous Activities Without Cases:

Both_SS_conf_attacked

Instantaneous Activities Without Cases:
Both_SS_conf_attacked

Input Gate: BothChannels_attacked_enabled

Predicate
(single_both_enabler->Mark() > 0)

Function
;

Input Gate:	BothChannels_attacked_enabled
Predicate	(single_both_enabler->Mark() > 0)
Function	;

Input Gate: SingleChannel_attacked_enabler

Predicate
(single_both_enabler->Mark() == 0)

Function
;

Input Gate:	SingleChannel_attacked_enabler
Predicate	(single_both_enabler->Mark() == 0)
Function	;

Output Gate: Both_Gate

Function
AttackedID_1->Mark()=1; Channel1_attacked->Mark()=1; AttackedID_2->Mark()=2; Channel2_attacked->Mark()=1;

Output Gate:	Both_Gate
Function	AttackedID_1->Mark()=1; Channel1_attacked->Mark()=1; AttackedID_2->Mark()=2; Channel2_attacked->Mark()=1;

Output Gate: SetID_1

Function
AttackedID_1->Mark()=1;

Output Gate:	SetID_1
Function	AttackedID_1->Mark()=1;

Output Gate: SetID_2

Function
AttackedID_2->Mark()=2;

Output Gate:	SetID_2
Function	AttackedID_2->Mark()=2;

Model: Control_configuration_channel

Place Attributes:
Place Names Initial Markings

Attack_in_progress 0

Correct 1

Incorrect 0

OK_state 1

Safe_failure 0

Unsafe_state_2 0

**Place Attributes**:
Place Names	Initial Markings
Attack_in_progress	0
Correct	1
Incorrect	0
OK_state	1
Safe_failure	0
Unsafe_state_2	0

Timed Activity: Correct_incorrect

Distribution Parameters Rate

0.01

Activation Predicate (none)

Reactivation Predicate (none)

Case Distributions case 1

0.5
case 2

0.5

Timed Activity:	Correct_incorrect
Distribution Parameters	Rate 0.01
Activation Predicate	(none)
Reactivation Predicate	(none)
Case Distributions	case 1 0.5 case 2 0.5

Timed Activity: Detection_window

Distribution Parameters Mean

0.125
Variance

0.00001

Activation Predicate (none)

Reactivation Predicate (none)

Timed Activity:	Detection_window
Distribution Parameters	Mean 0.125 Variance 0.00001
Activation Predicate	(none)
Reactivation Predicate	(none)

Timed Activity: Repair_conf

Distribution Parameters Rate

100

Activation Predicate (none)

Reactivation Predicate (none)

Case Distributions case 1

0.9
case 2

0.1

Timed Activity:	Repair_conf
Distribution Parameters	Rate 100
Activation Predicate	(none)
Reactivation Predicate	(none)
Case Distributions	case 1 0.9 case 2 0.1

Input Gate: Attack_enabler

Predicate
((OK_state->Mark() != 0) || (Safe_failure->Mark() != 0))

Function
;

Input Gate:	Attack_enabler
Predicate	((OK_state->Mark() != 0) \|\| (Safe_failure->Mark() != 0))
Function	;

Output Gate: Successful_attack

Function
Unsafe_state_2->Mark() = 1; OK_state->Mark() = 0; Safe_failure->Mark() = 0; Correct->Mark() = 1; // The last statement is only here to allow for future attacks // if unsafe_2 is recovered from. // Once Unsafe_state_2 is set to non-zero, // the future attackes will be blocked by the input gate, Attack_enabler.

Output Gate:	Successful_attack
Function	Unsafe_state_2->Mark() = 1; OK_state->Mark() = 0; Safe_failure->Mark() = 0; Correct->Mark() = 1; // The last statement is only here to allow for future attacks // if unsafe_2 is recovered from. // Once Unsafe_state_2 is set to non-zero, // the future attackes will be blocked by the input gate, Attack_enabler.

Model: SW_channel (Left)

Model: SW_channel (Right)

Place Attributes:
Place Names Initial Markings

CCF_active 0

Channel_OK 1

Configuration_state 1

Safe_state 0

System_OK 1

Unsafe_state 0

Unsafe_state_2 0

channel_failure 0

**Place Attributes**:
Place Names	Initial Markings
CCF_active	0
Channel_OK	1
Configuration_state	1
Safe_state	0
System_OK	1
Unsafe_state	0
Unsafe_state_2	0
channel_failure	0

Timed Activity: Diagnosis

Distribution Parameters Value

0.0000277778

Activation Predicate (none)

Reactivation Predicate (none)

Case Distributions case 1

return(failure_coverage);
case 2

return((double)(1.0) - failure_coverage);

Timed Activity:	Diagnosis
Distribution Parameters	Value 0.0000277778
Activation Predicate	(none)
Reactivation Predicate	(none)
Case Distributions	case 1 return(failure_coverage); case 2 return((double)(1.0) - failure_coverage);

Timed Activity: OK_failure

Distribution Parameters Rate

channel_failure_rate

Activation Predicate (none)

Reactivation Predicate (none)

Timed Activity:	OK_failure
Distribution Parameters	Rate channel_failure_rate
Activation Predicate	(none)
Reactivation Predicate	(none)

Timed Activity: Repair_unsafe

Distribution Parameters Rate

USF_repair_rate

Activation Predicate (none)

Reactivation Predicate (none)

Timed Activity:	Repair_unsafe
Distribution Parameters	Rate USF_repair_rate
Activation Predicate	(none)
Reactivation Predicate	(none)

Timed Activity: Safe_fail_OK

Distribution Parameters Rate

SS_repair_rate

Activation Predicate (none)

Reactivation Predicate (none)

Timed Activity:	Safe_fail_OK
Distribution Parameters	Rate SS_repair_rate
Activation Predicate	(none)
Reactivation Predicate	(none)

Instantaneous Activities Without Cases:

CCF_propagate

Instantaneous Activities Without Cases:
CCF_propagate

Input Gate: Input_Gate1

Predicate
(System_OK->Mark() > 0)

Function
;

Input Gate:	Input_Gate1
Predicate	(System_OK->Mark() > 0)
Function	;

Input Gate: Unsafe_Gate

Predicate
((Unsafe_state->Mark() > 0) || (Unsafe_state_2->Mark() > 0))

Function
// Repar results in resets unsafe fail states. Unsafe_state->Mark() = 0; Unsafe_state_2->Mark() = 0;

Input Gate:	Unsafe_Gate
Predicate	((Unsafe_state->Mark() > 0) \|\| (Unsafe_state_2->Mark() > 0))
Function	// Repar results in resets unsafe fail states. Unsafe_state->Mark() = 0; Unsafe_state_2->Mark() = 0;

Output Gate: safe_vs_unsafe2_gate

Function
if(Configuration_state->Mark() > 0) { Safe_state->Mark() = 1; Unsafe_state_2->Mark() = 0; } else { Unsafe_state_2->Mark() = 1; Safe_state->Mark() = 0; } // Now set Channel_OK to 0 Channel_OK->Mark() = 0;

Output Gate:	safe_vs_unsafe2_gate
Function	if(Configuration_state->Mark() > 0) { Safe_state->Mark() = 1; Unsafe_state_2->Mark() = 0; } else { Unsafe_state_2->Mark() = 1; Safe_state->Mark() = 0; } // Now set Channel_OK to 0 Channel_OK->Mark() = 0;

Model: T_Conf_channel (Left)

Model: T_Conf_channel (Right)

Place Attributes:
Place Names Initial Markings

Attack_Active 0

Attack_in_progress 0

Debugging 0

Detected_safely 0

Detected_unsafely 0

Detection_prob 0

Last_Valid_Torque_timestamp 0

Missed_OK 0

Missed_unsafe 0

System_OK 1

System_safe 0

System_unsafe 0

T_a_cur_value 0

T_cur_value 0

T_increment 0

T_value_step 0

Torque_state 1

step_rate 0

window_start 0

**Place Attributes**:
Place Names	Initial Markings
Attack_Active	0
Attack_in_progress	0
Debugging	0
Detected_safely	0
Detected_unsafely	0
Detection_prob	0
Last_Valid_Torque_timestamp	0
Missed_OK	0
Missed_unsafe	0
System_OK	1
System_safe	0
System_unsafe	0
T_a_cur_value	0
T_cur_value	0
T_increment	0
T_value_step	0
Torque_state	1
step_rate	0
window_start	0

Timed Activity: Detection_window

Distribution Parameters Value

t_window

Activation Predicate (none)

Reactivation Predicate (none)

Timed Activity:	Detection_window
Distribution Parameters	Value t_window
Activation Predicate	(none)
Reactivation Predicate	(none)

Timed Activity: T_inc_step

Distribution Parameters Rate

step_rate->Mark()

Activation Predicate (none)

Reactivation Predicate (none)

Timed Activity:	T_inc_step
Distribution Parameters	Rate step_rate->Mark()
Activation Predicate	(none)
Reactivation Predicate	(none)

Timed Activity: Torque_request

Distribution Parameters Rate

torque_req_rate

Activation Predicate (none)

Reactivation Predicate (none)

Timed Activity:	Torque_request
Distribution Parameters	Rate torque_req_rate
Activation Predicate	(none)
Reactivation Predicate	(none)

Instantaneous Activities Without Cases:

torque_loop_step

Instantaneous Activities Without Cases:
torque_loop_step

Input Gate: Detection_enabler

Predicate
(System_OK->Mark() > 0)

Function
;

Input Gate:	Detection_enabler
Predicate	(System_OK->Mark() > 0)
Function	;

Input Gate: OneAttack_Gate

Predicate
(T_increment->Mark() == 0)

Function
;

Input Gate:	OneAttack_Gate
Predicate	(T_increment->Mark() == 0)
Function	;

Input Gate: Zoom_Gate

Predicate
(T_increment->Mark() > 0)

Function
;

Input Gate:	Zoom_Gate
Predicate	(T_increment->Mark() > 0)
Function	;

Output Gate: Normal_Torque_Gate

Function
Last_Valid_Torque_timestamp->Mark() = BaseModelClass::LastActionTime; T_cur_value->Mark() = (double)(0.0); // Overrides whatever it might have become. // Here could set T_cur_value to a non-zero value, but not done yet. // In other words, the model assumes implicitly that T_cur_value will // be 0 at the time a torque attack is launched.

Output Gate:	Normal_Torque_Gate
Function	Last_Valid_Torque_timestamp->Mark() = BaseModelClass::LastActionTime; T_cur_value->Mark() = (double)(0.0); // Overrides whatever it might have become. // Here could set T_cur_value to a non-zero value, but not done yet. // In other words, the model assumes implicitly that T_cur_value will // be 0 at the time a torque attack is launched.

Output Gate: T_Gate

Function
static UserDistributions dist(0, 31415); // Set the value of the offset. double offset = dist.Normal(T_V_Offset_mean,T_V_Offset_stddev); double value = (double)(T_V_steps_min); if(T_V_steps_min != T_V_steps_max) value = dist.Uniform((double)(T_V_steps_min),(double)(T_V_steps_max)); // assigns a random number of tokens to Torque_increment, i.e.how many steps will be used to set the new torque. T_increment->Mark() = (int)(value); // Detection probability is defined as a global variable D_T_attack_prob (double). Detection_prob->Mark() = D_T_attack_prob; // Set the T_value_step T_value_step->Mark() = offset / T_increment->Mark(); // The torque value remains unchanged step_rate->Mark() = T_V_step_interval_mean; // Now take the tamstamp of the start of the window window_start->Mark() = (double)(0.0); // Attack starts only after the first increment. T_a_cur_value->Mark() = T_cur_value->Mark(); // Takes a snapshot of the current values.

Output Gate:	T_Gate
Function	static UserDistributions dist(0, 31415); // Set the value of the offset. double offset = dist.Normal(T_V_Offset_mean,T_V_Offset_stddev); double value = (double)(T_V_steps_min); if(T_V_steps_min != T_V_steps_max) value = dist.Uniform((double)(T_V_steps_min),(double)(T_V_steps_max)); // assigns a random number of tokens to Torque_increment, i.e.how many steps will be used to set the new torque. T_increment->Mark() = (int)(value); // Detection probability is defined as a global variable D_T_attack_prob (double). Detection_prob->Mark() = D_T_attack_prob; // Set the T_value_step T_value_step->Mark() = offset / T_increment->Mark(); // The torque value remains unchanged step_rate->Mark() = T_V_step_interval_mean; // Now take the tamstamp of the start of the window window_start->Mark() = (double)(0.0); // Attack starts only after the first increment. T_a_cur_value->Mark() = T_cur_value->Mark(); // Takes a snapshot of the current values.

Output Gate: T_S_Gate

Function
static UserDistributions dist_output(0, 31415); double detect_output = dist_output.Uniform((double)(0.0),(double)(1.0)); double old_value = T_cur_value->Mark(); T_a_cur_value->Mark() += T_value_step->Mark(); double old_stamp = Last_Valid_Torque_timestamp->Mark(); Last_Valid_Torque_timestamp->Mark() = BaseModelClass::LastActionTime; double offset = T_a_cur_value->Mark() - T_cur_value->Mark(); double stamp_offset = Last_Valid_Torque_timestamp->Mark() - old_stamp; double t_difference = Last_Valid_Torque_timestamp->Mark() - window_start->Mark(); Debugging->Mark() = 0; if(offset > v_delta) Debugging->Mark() += 1; if(stamp_offset < t_delta) Debugging->Mark() += 2; if(detect_output > D_T_attack_prob) Debugging->Mark() += 4; if((offset > v_delta) || (stamp_offset < t_delta) || (detect_output > D_T_attack_prob)) { // Here the difference between the 'correct' value/stamp and // the 'current' value/stamp exceeds the thresholds // or detection on the output (D_T_attack_prob). // Detection of a violation of the thresholds. if((t_difference < t_window) || (window_start->Mark() == (double)(0.0))) { // Here dection on time. If first increment in a chain always on time. Detected_safely->Mark()++; } else { if(Detected_safely->Mark() == 0) // If detected safely, then ignore subsequent detections. Detected_unsafely->Mark() = 1; } } else { // Here is the attack has not been detected. // Now check if T_a_cur_value->Mark()deviation is grater than v_delta if(T_a_cur_value->Mark() > v_delta) Missed_unsafe->Mark()++; else Missed_OK->Mark()++; } T_cur_value->Mark() = T_a_cur_value->Mark(); if(window_start->Mark() == (double)(0.0)) window_start->Mark() = BaseModelClass::LastActionTime;

Output Gate:	T_S_Gate
Function	static UserDistributions dist_output(0, 31415); double detect_output = dist_output.Uniform((double)(0.0),(double)(1.0)); double old_value = T_cur_value->Mark(); T_a_cur_value->Mark() += T_value_step->Mark(); double old_stamp = Last_Valid_Torque_timestamp->Mark(); Last_Valid_Torque_timestamp->Mark() = BaseModelClass::LastActionTime; double offset = T_a_cur_value->Mark() - T_cur_value->Mark(); double stamp_offset = Last_Valid_Torque_timestamp->Mark() - old_stamp; double t_difference = Last_Valid_Torque_timestamp->Mark() - window_start->Mark(); Debugging->Mark() = 0; if(offset > v_delta) Debugging->Mark() += 1; if(stamp_offset < t_delta) Debugging->Mark() += 2; if(detect_output > D_T_attack_prob) Debugging->Mark() += 4; if((offset > v_delta) \|\| (stamp_offset < t_delta) \|\| (detect_output > D_T_attack_prob)) { // Here the difference between the 'correct' value/stamp and // the 'current' value/stamp exceeds the thresholds // or detection on the output (D_T_attack_prob). // Detection of a violation of the thresholds. if((t_difference < t_window) \|\| (window_start->Mark() == (double)(0.0))) { // Here dection on time. If first increment in a chain always on time. Detected_safely->Mark()++; } else { if(Detected_safely->Mark() == 0) // If detected safely, then ignore subsequent detections. Detected_unsafely->Mark() = 1; } } else { // Here is the attack has not been detected. // Now check if T_a_cur_value->Mark()deviation is grater than v_delta if(T_a_cur_value->Mark() > v_delta) Missed_unsafe->Mark()++; else Missed_OK->Mark()++; } T_cur_value->Mark() = T_a_cur_value->Mark(); if(window_start->Mark() == (double)(0.0)) window_start->Mark() = BaseModelClass::LastActionTime;

Output Gate: close_window_Gate

Function
if((Detected_safely->Mark() > 0) || (System_OK->Mark() == 0)) { // If the system is not OK, then no changes of the system state will apply. // Similarly, if safe detection has taken place, the attack has no consequences (i.e. will be filtered). } else { if(Detected_unsafely->Mark() > 0) { // This will lead to an attempt to move to a safe state. if(System_OK->Mark() > 0) { // Set the system to System_safe state (detected but, but attack longer than 3 cycles). System_OK->Mark() = 0; System_safe->Mark() = 1; System_unsafe->Mark() = 0; } } else { if(Missed_unsafe->Mark() > 0) // If only OK misses - do nothing. { // Here the attack has not been detected at all and at least one of the misses is unsafe. // The system will be moving to a unsafe state. System_OK->Mark() = 0; System_safe->Mark() = 0; System_unsafe->Mark() = 1; } } } // Now reset the leftovers from the attack. T_increment->Mark() = 0; Detected_safely->Mark() = 0; Detected_unsafely->Mark() = 0; Missed_OK->Mark() = 0; Missed_unsafe->Mark() = 0; T_cur_value->Mark() = (double)(0.0); T_value_step->Mark() = (double)(0.0); Attack_Active->Mark() = 0; // Abort dealing with the attack.

Output Gate:	close_window_Gate
Function	if((Detected_safely->Mark() > 0) \|\| (System_OK->Mark() == 0)) { // If the system is not OK, then no changes of the system state will apply. // Similarly, if safe detection has taken place, the attack has no consequences (i.e. will be filtered). } else { if(Detected_unsafely->Mark() > 0) { // This will lead to an attempt to move to a safe state. if(System_OK->Mark() > 0) { // Set the system to System_safe state (detected but, but attack longer than 3 cycles). System_OK->Mark() = 0; System_safe->Mark() = 1; System_unsafe->Mark() = 0; } } else { if(Missed_unsafe->Mark() > 0) // If only OK misses - do nothing. { // Here the attack has not been detected at all and at least one of the misses is unsafe. // The system will be moving to a unsafe state. System_OK->Mark() = 0; System_safe->Mark() = 0; System_unsafe->Mark() = 1; } } } // Now reset the leftovers from the attack. T_increment->Mark() = 0; Detected_safely->Mark() = 0; Detected_unsafely->Mark() = 0; Missed_OK->Mark() = 0; Missed_unsafe->Mark() = 0; T_cur_value->Mark() = (double)(0.0); T_value_step->Mark() = (double)(0.0); Attack_Active->Mark() = 0; // Abort dealing with the attack.

Model: configuration_channel (Left)

Model: configuration_channel (Right)

Place Attributes:
Place Names Initial Markings

Attack_in_progress 0

Channel_attacked_ID 0

Correct 1

Incorrect_1 0

Incorrect_2 0

**Place Attributes**:
Place Names	Initial Markings
Attack_in_progress	0
Channel_attacked_ID	0
Correct	1
Incorrect_1	0
Incorrect_2	0

Timed Activity: Correct_Incorrect_1

Distribution Parameters Rate

100

Activation Predicate (none)

Reactivation Predicate (none)

Case Distributions case 1

switch(Channel_attacked_ID->Mark()) { case 1: return((double)(1.0) - attack_CH1_success_pr); break; case 2: return((double)(1.0) - attack_CH2_success_pr); break; default : return(1.0); break; } // if(Channel_attacked_ID->Mark() == 1) // return((double)(1.0) - attack_CH1_success_pr); // else // return((double)(1.0) - attack_CH2_success_pr);
case 2

switch(Channel_attacked_ID->Mark()) { case 1: return(attack_CH1_success_pr); break; case 2: return(attack_CH2_success_pr); break; default : return(0.0); break; } // if(Channel_attacked_ID->Mark() == 1) // return(attack_CH1_success_pr); // else // return(attack_CH2_success_pr);

Timed Activity: Correct_Incorrect_2

Distribution Parameters Rate

100

Activation Predicate (none)

Reactivation Predicate (none)

Case Distributions case 1

switch(Channel_attacked_ID->Mark()) { case 1: return((double)(1.0) - attack_CH1_success_pr); break; case 2: return((double)(1.0) - attack_CH2_success_pr); break; default : return(1.0); break; } // if(Channel_attacked_ID->Mark() == 1) // return((double)(1.0) - attack_CH1_success_pr); // else // return((double)(1.0) - attack_CH2_success_pr);
case 2

switch(Channel_attacked_ID->Mark()) { case 1: return(attack_CH1_success_pr); break; case 2: return(attack_CH2_success_pr); break; default : return(0.0); break; } // if(Channel_attacked_ID->Mark() == 1) // return(attack_CH1_success_pr); // else // return(attack_CH2_success_pr);

Timed Activity: Incorrect_1_Incorrect_2

Distribution Parameters Rate

0.0000001

Activation Predicate (none)

Reactivation Predicate (none)

Case Distributions case 1

switch(Channel_attacked_ID->Mark()) { case 1: return((double)(1.0) - attack_CH1_success_pr); break; case 2: return((double)(1.0) - attack_CH2_success_pr); break; default : return(0.0); break; } // if(Channel_attacked_ID->Mark() == 1) // return((double)(1.0) - attack_CH1_success_pr); // else // return((double)(1.0) - attack_CH2_success_pr);
case 2

switch(Channel_attacked_ID->Mark()) { case 1: return(attack_CH1_success_pr); break; case 2: return(attack_CH2_success_pr); break; default : return(1.0); break; } // if(Channel_attacked_ID->Mark() == 1) // return(attack_CH1_success_pr); // else // return(attack_CH2_success_pr);

Timed Activity: Incorrect_2_Incorrect_1

Distribution Parameters Rate

0.00001

Activation Predicate (none)

Reactivation Predicate (none)

Case Distributions case 1

switch(Channel_attacked_ID->Mark()) { case 1: return((double)(1.0) - attack_CH1_success_pr); break; case 2: return((double)(1.0) - attack_CH2_success_pr); break; default : return(0.0); break; } // if(Channel_attacked_ID->Mark() == 1) // return((double)(1.0) - attack_CH1_success_pr); // else // return((double)(1.0) - attack_CH2_success_pr);
case 2

switch(Channel_attacked_ID->Mark()) { case 1: return(attack_CH1_success_pr); break; case 2: return(attack_CH2_success_pr); break; default : return(1.0); break; } // if(Channel_attacked_ID->Mark() == 1) // return(attack_CH1_success_pr); // else // return(attack_CH2_success_pr);

Timed Activity: Restore_Conf_1

Distribution Parameters Value

Configuration_validation_Duration

Activation Predicate (none)

Reactivation Predicate (none)

Case Distributions case 1

return(Config_repair_success);
case 2

return((double)(1.0) - Config_repair_success);

Timed Activity: Restore_Conf_2

Distribution Parameters Value

Configuration_validation_Duration

Activation Predicate (none)

Reactivation Predicate (none)

Case Distributions case 1

return(Config_repair_success);
case 2

return((double)(1.0) - Config_repair_success);

Output Gate: R_Output_Gate_1

Function
if(Attack_in_progress->Mark() == 0) Channel_attacked_ID->Mark() = 0;

Output Gate: R_Output_Gate_2

Function
if(Attack_in_progress->Mark() == 0) Channel_attacked_ID->Mark() = 0;

Model: Common_failure

Join Node: Simultaneous_failure :
Action Name Submodel Action

OK_failure CH_1->Common_failure

CH_2->Common_failure

Model: Div_SW

Join Node: Channel_1 :
State Variable Name Submodel Variables

Attack_enabled configuration_channel_1->Attack_in_progress

CCF_active SW_channel_1->CCF_active

CH_OK SW_channel_1->Channel_OK

Control_conf_channel_1->OK_state

C_attack_enabled Control_conf_channel_1->Attack_in_progress

Channel_attacked_ID configuration_channel_1->Channel_attacked_ID

ConfigurationOK SW_channel_1->Configuration_state

configuration_channel_1->Correct

Safe_state SW_channel_1->Safe_state

Control_conf_channel_1->Safe_failure

System_OK SW_channel_1->System_OK

Unsafe_state_2 SW_channel_1->Unsafe_state_2

Control_conf_channel_1->Unsafe_state_2

Join Node: Channel_2 :
State Variable Name Submodel Variables

Attack_enabled configuration_channel_2->Attack_in_progress

CCF_active SW_channel_2->CCF_active

CH2_OK SW_channel_2->Channel_OK

Control_conf_channel_2->OK_state

CH2_Safe_state SW_channel_2->Safe_state

Control_conf_channel_2->Safe_failure

C_attack_enabled Control_conf_channel_2->Attack_in_progress

Channel_attacked_ID configuration_channel_2->Channel_attacked_ID

ConfigurationOK SW_channel_2->Configuration_state

configuration_channel_2->Correct

System_OK SW_channel_2->System_OK

Unsafe_state_2 SW_channel_2->Unsafe_state_2

Control_conf_channel_2->Unsafe_state_2

Join Node: Div_Software :
State Variable Name Submodel Variables

Attack_conf_1 Channel_1->Attack_enabled

Adversary->Channel1_attacked

Attack_conf_2 Channel_2->Attack_enabled

Adversary->Channel2_attacked

AttackedID_1 Channel_1->Channel_attacked_ID

Adversary->AttackedID_1

AttackedID_2 Channel_2->Channel_attacked_ID

Adversary->AttackedID_2

CCF_active Channel_1->CCF_active

Channel_2->CCF_active

Adjudicator->CCF_active

CH1_OK Channel_1->CH_OK

Adjudicator->CH1_OK

CH1_Safe_State Channel_1->Safe_state

Adjudicator->CH1_Safe_Failure

CH2_OK Channel_2->CH2_OK

Adjudicator->CH2_OK

CH2_Safe_State Channel_2->CH2_Safe_state

Adjudicator->CH2_Safe_Failure

C_CH_1_attacked Channel_1->C_attack_enabled

Adversary->C_CH_1_attacked

C_CH_2_attacked Channel_2->C_attack_enabled

Adversary->C_CH_2_attacked

System_OK Channel_1->System_OK

Channel_2->System_OK

Adjudicator->System_OK

T_Conf_channel->System_OK

System_Safe_Failure Adjudicator->System_Safe_Failure

T_Conf_channel->System_safe

System_Unsafe_State Adjudicator->System_Unsafe_State

T_Conf_channel->System_unsafe

Torque_Attack_in_progress Adversary->Torque_Attack_in_progress

T_Conf_channel->Attack_in_progress

Performance Variable Model: MTT_emotor

Top Level Model Information Child Model Name Div_SW

Model Type Rep/Join

Performance Variable : MTT_SF

Affecting Models Adjudicator

Impulse Functions

Reward Function (Reward is over all Available Models)
if(Adjudicator->System_Safe_Failure->Mark() > 0) return(0.0); else return(1.0);

Simulator Statistics Type Interval of Time

Options Estimate Mean

Include Lower Bound on Interval Estimate

Include Upper Bound on Interval Estimate

Estimate Distribution

Estimate out of Range Probabilities

Confidence Level is Relative

Parameters Start Time 0.0,

Stop Time 100000.0,

Distributions Lower Bound on Distribution Estimate 0.0

Upper Bound on Distribution Estimate 100000.0

Step Size on Distribution Estimate 1000.0

Confidence Confidence Level 0.95

Confidence Interval 1.0

Performance Variable : MTT_USF

Affecting Models Adjudicator

Impulse Functions

Reward Function (Reward is over all Available Models)
if(Adjudicator->System_Unsafe_State->Mark() > 0) return(0.0); else return(1.0);

Simulator Statistics Type Interval of Time

Options Estimate Mean

Include Lower Bound on Interval Estimate

Include Upper Bound on Interval Estimate

Estimate Distribution

Estimate out of Range Probabilities

Confidence Level is Relative

Parameters Start Time 0.0,

Stop Time 100000.0,

Distributions Lower Bound on Distribution Estimate 0.0

Upper Bound on Distribution Estimate 100000.0

Step Size on Distribution Estimate 1000.0

Confidence Confidence Level 0.95

Confidence Interval 1.0

Performance Variable : system_SF_count

Affecting Models Adjudicator

Impulse Functions Adjudicator->System_SS_Act

(Reward is over all Available Models)
return(1.0);

Reward Function (Reward is over all Available Models)

Simulator Statistics Type Interval of Time

Options Estimate Mean

Include Lower Bound on Interval Estimate

Include Upper Bound on Interval Estimate

Estimate Distribution

Estimate out of Range Probabilities

Confidence Level is Relative

Parameters Start Time 0.0,

Stop Time 100000.0,

Distributions Lower Bound on Distribution Estimate 0.0

Upper Bound on Distribution Estimate 1000.0

Step Size on Distribution Estimate 100.0

Confidence Confidence Level 0.95

Confidence Interval 0.1

Performance Variable : System_failure

Affecting Models Adjudicator

Impulse Functions

Reward Function (Reward is over all Available Models)
if((Adjudicator->System_Safe_Failure->Mark() > 0) || (Adjudicator->System_Unsafe_State->Mark())) return(1.0); else return(0.0);

Simulator Statistics Type Interval of Time

Options Estimate Mean

Include Lower Bound on Interval Estimate

Include Upper Bound on Interval Estimate

Estimate Distribution

Estimate out of Range Probabilities

Confidence Level is Relative

Parameters Start Time 0.0,

Stop Time 100000,

Distributions Lower Bound on Distribution Estimate 0.0

Upper Bound on Distribution Estimate 100000.0

Step Size on Distribution Estimate 1000.0

Confidence Confidence Level 0.95

Confidence Interval 0.1

Performance Variable : System_OK

Affecting Models Adjudicator

Impulse Functions

Reward Function (Reward is over all Available Models)
if(Adjudicator->System_OK->Mark() > 0) return(1.0); else return(0.0);

Simulator Statistics Type Interval of Time

Options Estimate Mean

Include Lower Bound on Interval Estimate

Include Upper Bound on Interval Estimate

Estimate Distribution

Estimate out of Range Probabilities

Confidence Level is Relative

Parameters Start Time 0.0,

Stop Time 100000.0,

Distributions Lower Bound on Distribution Estimate 0.0

Upper Bound on Distribution Estimate 100000.0

Step Size on Distribution Estimate 1000.0

Confidence Confidence Level 0.95

Confidence Interval 0.1

Performance Variable : impulse_SF

Affecting Models Adjudicator

Impulse Functions

Reward Function (Reward is over all Available Models)
if(Adjudicator->System_Safe_Failure->Mark() > 0) return(1.0); else return(0.0);

Simulator Statistics Type Instant of Time

Options Estimate Mean

Include Lower Bound on Interval Estimate

Include Upper Bound on Interval Estimate

Estimate out of Range Probabilities

Confidence Level is Relative

Parameters Start Time 0.0,1000.0,2000.0,3000.0,4000.0,5000.0,6000.0,7000.0,8000.0,9000.0,10000.0,11000.0,12000.0,13000.0,14000.0,15000.0,16000.0,17000.0,18000.0,19000.0,20000.0,21000.0,22000.0,23000.0,24000.0,25000.0,26000.0,27000.0,28000.0,29000.0,30000.0,31000.0,32000.0,33000.0,34000.0,35000.0,36000.0,37000.0,38000.0,39000.0,40000.0,41000.0,42000.0,43000.0,44000.0,45000.0,46000.0,47000.0,48000.0,49000.0,50000.0,51000.0,52000.0,53000.0,54000.0,55000.0,56000.0,57000.0,58000.0,59000.0,60000.0,61000.0,62000.0,63000.0,64000.0,65000.0,66000.0,67000.0,68000.0,69000.0,70000.0,71000.0,72000.0,73000.0,74000.0,75000.0,76000.0,77000.0,78000.0,79000.0,80000.0,81000.0,82000.0,83000.0,84000.0,85000.0,86000.0,87000.0,88000.0,89000.0,90000.0,91000.0,92000.0,93000.0,94000.0,95000.0,96000.0,97000.0,98000.0,99000.0,100000.0,

Confidence Confidence Level 0.95

Confidence Interval 0.1

Performance Variable : impulse_USF

Affecting Models Adjudicator

Impulse Functions

Reward Function (Reward is over all Available Models)
if(Adjudicator->System_Unsafe_State->Mark() > 0) return(1.0); else return(0.0);

Simulator Statistics Type Instant of Time

Options Estimate Mean

Include Lower Bound on Interval Estimate

Include Upper Bound on Interval Estimate

Estimate out of Range Probabilities

Confidence Level is Relative

Parameters Start Time 0.0,1000.0,2000.0,3000.0,4000.0,5000.0,6000.0,7000.0,8000.0,9000.0,10000.0,11000.0,12000.0,13000.0,14000.0,15000.0,16000.0,17000.0,18000.0,19000.0,20000.0,21000.0,22000.0,23000.0,24000.0,25000.0,26000.0,27000.0,28000.0,29000.0,30000.0,31000.0,32000.0,33000.0,34000.0,35000.0,36000.0,37000.0,38000.0,39000.0,40000.0,41000.0,42000.0,43000.0,44000.0,45000.0,46000.0,47000.0,48000.0,49000.0,50000.0,51000.0,52000.0,53000.0,54000.0,55000.0,56000.0,57000.0,58000.0,59000.0,60000.0,61000.0,62000.0,63000.0,64000.0,65000.0,66000.0,67000.0,68000.0,69000.0,70000.0,71000.0,72000.0,73000.0,74000.0,75000.0,76000.0,77000.0,78000.0,79000.0,80000.0,81000.0,82000.0,83000.0,84000.0,85000.0,86000.0,87000.0,88000.0,89000.0,90000.0,91000.0,92000.0,93000.0,94000.0,95000.0,96000.0,97000.0,98000.0,99000.0,100000.0,

Confidence Confidence Level 0.95

Confidence Interval 0.1

Performance Variable : impulse_OK

Affecting Models Adjudicator

Impulse Functions

Reward Function (Reward is over all Available Models)
if(Adjudicator->System_OK->Mark() > 0) return(1.0); else return(0.0);

Simulator Statistics Type Instant of Time

Options Estimate Mean

Include Lower Bound on Interval Estimate

Include Upper Bound on Interval Estimate

Estimate out of Range Probabilities

Confidence Level is Relative

Parameters Start Time 0.0,1000.0,2000.0,3000.0,4000.0,5000.0,6000.0,7000.0,8000.0,9000.0,10000.0,11000.0,12000.0,13000.0,14000.0,15000.0,16000.0,17000.0,18000.0,19000.0,20000.0,21000.0,22000.0,23000.0,24000.0,25000.0,26000.0,27000.0,28000.0,29000.0,30000.0,31000.0,32000.0,33000.0,34000.0,35000.0,36000.0,37000.0,38000.0,39000.0,40000.0,41000.0,42000.0,43000.0,44000.0,45000.0,46000.0,47000.0,48000.0,49000.0,50000.0,51000.0,52000.0,53000.0,54000.0,55000.0,56000.0,57000.0,58000.0,59000.0,60000.0,61000.0,62000.0,63000.0,64000.0,65000.0,66000.0,67000.0,68000.0,69000.0,70000.0,71000.0,72000.0,73000.0,74000.0,75000.0,76000.0,77000.0,78000.0,79000.0,80000.0,81000.0,82000.0,83000.0,84000.0,85000.0,86000.0,87000.0,88000.0,89000.0,90000.0,91000.0,92000.0,93000.0,94000.0,95000.0,96000.0,97000.0,98000.0,99000.0,100000.0,

Confidence Confidence Level 0.95

Confidence Interval 0.1

Set Study: exp1a:
Experiment Variable Type Value

Base_line AttackRate double 0.01

CC_enabler short 1

CC_failure_rate double 1.0E-4

Config_repair_success double 0.6

Configuration_validation_Duration double 0.1

Configuration_validation_increments short 50

ControlConfAttack double 0.0

D_T_attack_prob double 0.0

SS_Conf_Attack double 1.0

SS_repair_rate double 36.0

T_V_Offset_mean double 0.5

T_V_Offset_stddev double 0.1

T_V_step_interval_mean double 0.05

T_V_steps_max short 7

T_V_steps_min short 3

TorqueAttack double 0.5

USF_repair_rate double 360.0

attack_CH1_success_pr double 0.2

attack_CH2_success_pr double 0.1

attack_count short 10

channel_failure_rate double 0.001

failure_coverage double 0.8

single_SS_enabler_is_0 short 0

t_delta double 10.0

t_window double 25.0

torque_req_rate double 0.02

v_delta double 0.2

No_attack_CC_enabled_03 AttackRate double 0.001

CC_enabler short 1

CC_failure_rate double 1.00E-04

Config_repair_success double 0.6

Configuration_validation_Duration double 0.01

Configuration_validation_increments short 50

ControlConfAttack double 0

D_T_attack_prob double 0

SS_Conf_Attack double 1

SS_repair_rate double 36

T_V_Offset_mean double 0.5

T_V_Offset_stddev double 0.1

T_V_step_interval_mean double 0.01

T_V_steps_max short 3

T_V_steps_min short 1

TorqueAttack double 0.5

USF_repair_rate double 360

attack_CH1_success_pr double 0.2

attack_CH2_success_pr double 0.1

attack_count short 0

channel_failure_rate double 0.001

failure_coverage double 0.3

single_SS_enabler_is_0 short 0

t_delta double 30

t_window double 25

torque_req_rate double 0.02

v_delta double 0.2

No_attack_CC_enabled_05 AttackRate double 0.001

CC_enabler short 1

Set Study: exp1b:
Experiment Variable Type Value

No_attack_CC_enabled_05 CC_failure_rate double 1.00E-04

Config_repair_success double 0.6

Configuration_validation_Duration double 0.01

Configuration_validation_increments short 50

ControlConfAttack double 0

D_T_attack_prob double 0

SS_Conf_Attack double 1

SS_repair_rate double 36

T_V_Offset_mean double 0.5

T_V_Offset_stddev double 0.1

T_V_step_interval_mean double 0.01

T_V_steps_max short 3

T_V_steps_min short 1

TorqueAttack double 0.5

USF_repair_rate double 360

attack_CH1_success_pr double 0.2

attack_CH2_success_pr double 0.1

attack_count short 0

channel_failure_rate double 0.001

failure_coverage double 0.5

single_SS_enabler_is_0 short 0

t_delta double 30

t_window double 25

torque_req_rate double 0.02

v_delta double 0.2

No_attack_CC_enabled_08 AttackRate double 0.001

CC_enabler short 1

CC_failure_rate double 1.00E-04

Config_repair_success double 0.6

Configuration_validation_Duration double 0.01

Configuration_validation_increments short 50

ControlConfAttack double 0

D_T_attack_prob double 0

SS_Conf_Attack double 1

SS_repair_rate double 36

T_V_Offset_mean double 0.5

T_V_Offset_stddev double 0.1

T_V_step_interval_mean double 0.01

T_V_steps_max short 3

T_V_steps_min short 1

TorqueAttack double 0.5

USF_repair_rate double 360

attack_CH1_success_pr double 0.2

attack_CH2_success_pr double 0.1

attack_count short 0

channel_failure_rate double 0.001

failure_coverage double 0.8

single_SS_enabler_is_0 short 0

t_delta double 30

t_window double 25

torque_req_rate double 0.02

v_delta double 0.2

No_attack_no_CC AttackRate double 0.001

CC_enabler short 0

CC_failure_rate double 1.00E-04

Config_repair_success double 0.6

Set Study: exp1c:
Experiment Variable Type Value

No_attack_no_CC Configuration_validation_Duration double 0.1

Configuration_validation_increments short 50

ControlConfAttack double 0

D_T_attack_prob double 0

SS_Conf_Attack double 1

SS_repair_rate double 36

T_V_Offset_mean double 0.5

T_V_Offset_stddev double 0.1

T_V_step_interval_mean double 0.05

T_V_steps_max short 7

T_V_steps_min short 3

TorqueAttack double 0.5

USF_repair_rate double 360

attack_CH1_success_pr double 0.2

attack_CH2_success_pr double 0.1

attack_count short 0

channel_failure_rate double 0.001

failure_coverage double 0.8

single_SS_enabler_is_0 short 0

t_delta double 10

t_window double 25

torque_req_rate double 0.02

v_delta double 0.2

SS_conf_CC_enabled_both_ch_36_36 AttackRate double 0.001

CC_enabler short 1

CC_failure_rate double 1.00E-04

Config_repair_success double 0.6

Configuration_validation_Duration double 0.1

Configuration_validation_increments short 50

ControlConfAttack double 0

D_T_attack_prob double 0

SS_Conf_Attack double 1

SS_repair_rate double 36

T_V_Offset_mean double 0.5

T_V_Offset_stddev double 0.1

T_V_step_interval_mean double 0.05

T_V_steps_max short 7

T_V_steps_min short 3

TorqueAttack double 0.5

USF_repair_rate double 36

attack_CH1_success_pr double 0.2

attack_CH2_success_pr double 0.1

attack_count short 10

channel_failure_rate double 0.001

failure_coverage double 0.8

single_SS_enabler_is_0 short 1

t_delta double 10

t_window double 25

torque_req_rate double 0.02

v_delta double 0.2

SS_conf_attack_CC_both_enabled_360_36 AttackRate double 0.001

CC_enabler short 1

CC_failure_rate double 1.00E-04

Config_repair_success double 0.6

Configuration_validation_Duration double 0.1

Configuration_validation_increments short 50

Set Study: exp1d:
Experiment Variable Type Value

SS_conf_attack_CC_both_enabled_360_36 ControlConfAttack double 0

D_T_attack_prob double 0

SS_Conf_Attack double 1

SS_repair_rate double 360

T_V_Offset_mean double 0.5

T_V_Offset_stddev double 0.1

T_V_step_interval_mean double 0.05

T_V_steps_max short 7

T_V_steps_min short 3

TorqueAttack double 0.5

USF_repair_rate double 36

attack_CH1_success_pr double 0.2

attack_CH2_success_pr double 0.1

attack_count short 10

channel_failure_rate double 0.001

failure_coverage double 0.8

single_SS_enabler_is_0 short 1

t_delta double 10

t_window double 25

torque_req_rate double 0.02

v_delta double 0.2

SS_conf_attack_CC_enabled_both__ch_3.6_36 AttackRate double 0.001

CC_enabler short 1

CC_failure_rate double 1.00E-04

Config_repair_success double 0.6

Configuration_validation_Duration double 0.1

Configuration_validation_increments short 50

ControlConfAttack double 0

D_T_attack_prob double 0

SS_Conf_Attack double 1

SS_repair_rate double 3.6

T_V_Offset_mean double 0.5

T_V_Offset_stddev double 0.1

T_V_step_interval_mean double 0.05

T_V_steps_max short 7

T_V_steps_min short 3

TorqueAttack double 0.5

USF_repair_rate double 36

attack_CH1_success_pr double 0.2

attack_CH2_success_pr double 0.1

attack_count short 10

channel_failure_rate double 0.001

failure_coverage double 0.8

single_SS_enabler_is_0 short 1

t_delta double 10

t_window double 25

torque_req_rate double 0.02

v_delta double 0.2

SS_conf_attack_CC_enabled_both_ch_36_360 AttackRate double 0.001

CC_enabler short 1

CC_failure_rate double 1.00E-04

Config_repair_success double 0.6

Configuration_validation_Duration double 0.1

Configuration_validation_increments short 50

ControlConfAttack double 0

D_T_attack_prob double 0

Set Study: exp1e:
Experiment Variable Type Value

SS_conf_attack_CC_enabled_both_ch_36_360 SS_Conf_Attack double 1

SS_repair_rate double 36

T_V_Offset_mean double 0.5

T_V_Offset_stddev double 0.1

T_V_step_interval_mean double 0.05

T_V_steps_max short 7

T_V_steps_min short 3

TorqueAttack double 0.5

USF_repair_rate double 360

attack_CH1_success_pr double 0.2

attack_CH2_success_pr double 0.1

attack_count short 10

channel_failure_rate double 0.001

failure_coverage double 0.8

single_SS_enabler_is_0 short 1

t_delta double 10

t_window double 25

torque_req_rate double 0.02

v_delta double 0.2

HTML generated by Möbius Documentor

Timed Activity:	Incorrect_1_Incorrect_2
Distribution Parameters	Rate 0.0000001
Activation Predicate	(none)
Reactivation Predicate	(none)
Case Distributions	case 1 switch(Channel_attacked_ID->Mark()) { case 1: return((double)(1.0) - attack_CH1_success_pr); break; case 2: return((double)(1.0) - attack_CH2_success_pr); break; default : return(0.0); break; } // if(Channel_attacked_ID->Mark() == 1) // return((double)(1.0) - attack_CH1_success_pr); // else // return((double)(1.0) - attack_CH2_success_pr); case 2 switch(Channel_attacked_ID->Mark()) { case 1: return(attack_CH1_success_pr); break; case 2: return(attack_CH2_success_pr); break; default : return(1.0); break; } // if(Channel_attacked_ID->Mark() == 1) // return(attack_CH1_success_pr); // else // return(attack_CH2_success_pr);

Timed Activity:	Incorrect_2_Incorrect_1
Distribution Parameters	Rate 0.00001
Activation Predicate	(none)
Reactivation Predicate	(none)
Case Distributions	case 1 switch(Channel_attacked_ID->Mark()) { case 1: return((double)(1.0) - attack_CH1_success_pr); break; case 2: return((double)(1.0) - attack_CH2_success_pr); break; default : return(0.0); break; } // if(Channel_attacked_ID->Mark() == 1) // return((double)(1.0) - attack_CH1_success_pr); // else // return((double)(1.0) - attack_CH2_success_pr); case 2 switch(Channel_attacked_ID->Mark()) { case 1: return(attack_CH1_success_pr); break; case 2: return(attack_CH2_success_pr); break; default : return(1.0); break; } // if(Channel_attacked_ID->Mark() == 1) // return(attack_CH1_success_pr); // else // return(attack_CH2_success_pr);

Timed Activity:	Restore_Conf_1
Distribution Parameters	Value Configuration_validation_Duration
Activation Predicate	(none)
Reactivation Predicate	(none)
Case Distributions	case 1 return(Config_repair_success); case 2 return((double)(1.0) - Config_repair_success);

Action Name	Submodel Action
OK_failure	CH_1->Common_failure
OK_failure	CH_2->Common_failure

State Variable Name	Submodel Variables
Attack_enabled	configuration_channel_1->Attack_in_progress
CCF_active	SW_channel_1->CCF_active
CH_OK	SW_channel_1->Channel_OK
CH_OK	Control_conf_channel_1->OK_state
C_attack_enabled	Control_conf_channel_1->Attack_in_progress
Channel_attacked_ID	configuration_channel_1->Channel_attacked_ID
ConfigurationOK	SW_channel_1->Configuration_state
ConfigurationOK	configuration_channel_1->Correct
Safe_state	SW_channel_1->Safe_state
Safe_state	Control_conf_channel_1->Safe_failure
System_OK	SW_channel_1->System_OK
Unsafe_state_2	SW_channel_1->Unsafe_state_2
Unsafe_state_2	Control_conf_channel_1->Unsafe_state_2

State Variable Name	Submodel Variables
Attack_enabled	configuration_channel_2->Attack_in_progress
CCF_active	SW_channel_2->CCF_active
CH2_OK	SW_channel_2->Channel_OK
CH2_OK	Control_conf_channel_2->OK_state
CH2_Safe_state	SW_channel_2->Safe_state
CH2_Safe_state	Control_conf_channel_2->Safe_failure
C_attack_enabled	Control_conf_channel_2->Attack_in_progress
Channel_attacked_ID	configuration_channel_2->Channel_attacked_ID
ConfigurationOK	SW_channel_2->Configuration_state
ConfigurationOK	configuration_channel_2->Correct
System_OK	SW_channel_2->System_OK
Unsafe_state_2	SW_channel_2->Unsafe_state_2
Unsafe_state_2	Control_conf_channel_2->Unsafe_state_2

State Variable Name	Submodel Variables
Attack_conf_1	Channel_1->Attack_enabled
Attack_conf_1	Adversary->Channel1_attacked
Attack_conf_2	Channel_2->Attack_enabled
Attack_conf_2	Adversary->Channel2_attacked
AttackedID_1	Channel_1->Channel_attacked_ID
AttackedID_1	Adversary->AttackedID_1
AttackedID_2	Channel_2->Channel_attacked_ID
AttackedID_2	Adversary->AttackedID_2
CCF_active	Channel_1->CCF_active
	Channel_2->CCF_active
	Adjudicator->CCF_active
CH1_OK	Channel_1->CH_OK
CH1_OK	Adjudicator->CH1_OK
CH1_Safe_State	Channel_1->Safe_state
CH1_Safe_State	Adjudicator->CH1_Safe_Failure
CH2_OK	Channel_2->CH2_OK
CH2_OK	Adjudicator->CH2_OK
CH2_Safe_State	Channel_2->CH2_Safe_state
CH2_Safe_State	Adjudicator->CH2_Safe_Failure
C_CH_1_attacked	Channel_1->C_attack_enabled
C_CH_1_attacked	Adversary->C_CH_1_attacked
C_CH_2_attacked	Channel_2->C_attack_enabled
C_CH_2_attacked	Adversary->C_CH_2_attacked
System_OK	Channel_1->System_OK
	Channel_2->System_OK
	Adjudicator->System_OK
	T_Conf_channel->System_OK
System_Safe_Failure	Adjudicator->System_Safe_Failure
System_Safe_Failure	T_Conf_channel->System_safe
System_Unsafe_State	Adjudicator->System_Unsafe_State
System_Unsafe_State	T_Conf_channel->System_unsafe
Torque_Attack_in_progress	Adversary->Torque_Attack_in_progress
Torque_Attack_in_progress	T_Conf_channel->Attack_in_progress

Performance Variable Model: MTT_emotor
Top Level Model Information	Child Model Name	Div_SW
Top Level Model Information	Model Type	Rep/Join

Performance Variable : MTT_SF
Affecting Models	Adjudicator
Impulse Functions
Reward Function	(Reward is over all Available Models) if(Adjudicator->System_Safe_Failure->Mark() > 0) return(0.0); else return(1.0);
Simulator Statistics	Type	Interval of Time
	Options	Estimate Mean
		Include Lower Bound on Interval Estimate
		Include Upper Bound on Interval Estimate
		Estimate Distribution
		Estimate out of Range Probabilities
		Confidence Level is Relative
	Parameters	Start Time	0.0,
	Parameters	Stop Time	100000.0,
	Distributions	Lower Bound on Distribution Estimate	0.0
		Upper Bound on Distribution Estimate	100000.0
		Step Size on Distribution Estimate	1000.0
	Confidence	Confidence Level	0.95
	Confidence	Confidence Interval	1.0

Experiment	Variable	Type	Value
Base_line	AttackRate	double	0.01
	CC_enabler	short	1
	CC_failure_rate	double	1.0E-4
	Config_repair_success	double	0.6
	Configuration_validation_Duration	double	0.1
	Configuration_validation_increments	short	50
	ControlConfAttack	double	0.0
	D_T_attack_prob	double	0.0
	SS_Conf_Attack	double	1.0
	SS_repair_rate	double	36.0
	T_V_Offset_mean	double	0.5
	T_V_Offset_stddev	double	0.1
	T_V_step_interval_mean	double	0.05
	T_V_steps_max	short	7
	T_V_steps_min	short	3
	TorqueAttack	double	0.5
	USF_repair_rate	double	360.0
	attack_CH1_success_pr	double	0.2
	attack_CH2_success_pr	double	0.1
	attack_count	short	10
	channel_failure_rate	double	0.001
	failure_coverage	double	0.8
	single_SS_enabler_is_0	short	0
	t_delta	double	10.0
	t_window	double	25.0
	torque_req_rate	double	0.02
	v_delta	double	0.2
No_attack_CC_enabled_03	AttackRate	double	0.001
	CC_enabler	short	1
	CC_failure_rate	double	1.00E-04
	Config_repair_success	double	0.6
	Configuration_validation_Duration	double	0.01
	Configuration_validation_increments	short	50
	ControlConfAttack	double	0
	D_T_attack_prob	double	0
	SS_Conf_Attack	double	1
	SS_repair_rate	double	36
	T_V_Offset_mean	double	0.5
	T_V_Offset_stddev	double	0.1
	T_V_step_interval_mean	double	0.01
	T_V_steps_max	short	3
	T_V_steps_min	short	1
	TorqueAttack	double	0.5
	USF_repair_rate	double	360
	attack_CH1_success_pr	double	0.2
	attack_CH2_success_pr	double	0.1
	attack_count	short	0
	channel_failure_rate	double	0.001
	failure_coverage	double	0.3
	single_SS_enabler_is_0	short	0
	t_delta	double	30
	t_window	double	25
	torque_req_rate	double	0.02
	v_delta	double	0.2
No_attack_CC_enabled_05	AttackRate	double	0.001
No_attack_CC_enabled_05	CC_enabler	short	1

Experiment	Variable	Type	Value
No_attack_no_CC	Configuration_validation_Duration	double	0.1
	Configuration_validation_increments	short	50
	ControlConfAttack	double	0
	D_T_attack_prob	double	0
	SS_Conf_Attack	double	1
	SS_repair_rate	double	36
	T_V_Offset_mean	double	0.5
	T_V_Offset_stddev	double	0.1
	T_V_step_interval_mean	double	0.05
	T_V_steps_max	short	7
	T_V_steps_min	short	3
	TorqueAttack	double	0.5
	USF_repair_rate	double	360
	attack_CH1_success_pr	double	0.2
	attack_CH2_success_pr	double	0.1
	attack_count	short	0
	channel_failure_rate	double	0.001
	failure_coverage	double	0.8
	single_SS_enabler_is_0	short	0
	t_delta	double	10
	t_window	double	25
	torque_req_rate	double	0.02
	v_delta	double	0.2
SS_conf_CC_enabled_both_ch_36_36	AttackRate	double	0.001
	CC_enabler	short	1
	CC_failure_rate	double	1.00E-04
	Config_repair_success	double	0.6
	Configuration_validation_Duration	double	0.1
	Configuration_validation_increments	short	50
	ControlConfAttack	double	0
	D_T_attack_prob	double	0
	SS_Conf_Attack	double	1
	SS_repair_rate	double	36
	T_V_Offset_mean	double	0.5
	T_V_Offset_stddev	double	0.1
	T_V_step_interval_mean	double	0.05
	T_V_steps_max	short	7
	T_V_steps_min	short	3
	TorqueAttack	double	0.5
	USF_repair_rate	double	36
	attack_CH1_success_pr	double	0.2
	attack_CH2_success_pr	double	0.1
	attack_count	short	10
	channel_failure_rate	double	0.001
	failure_coverage	double	0.8
	single_SS_enabler_is_0	short	1
	t_delta	double	10
	t_window	double	25
	torque_req_rate	double	0.02
	v_delta	double	0.2
SS_conf_attack_CC_both_enabled_360_36	AttackRate	double	0.001
	CC_enabler	short	1
	CC_failure_rate	double	1.00E-04
	Config_repair_success	double	0.6
	Configuration_validation_Duration	double	0.1
	Configuration_validation_increments	short	50

Experiment	Variable	Type	Value
SS_conf_attack_CC_enabled_both_ch_36_360	SS_Conf_Attack	double	1
	SS_repair_rate	double	36
	T_V_Offset_mean	double	0.5
	T_V_Offset_stddev	double	0.1
	T_V_step_interval_mean	double	0.05
	T_V_steps_max	short	7
	T_V_steps_min	short	3
	TorqueAttack	double	0.5
	USF_repair_rate	double	360
	attack_CH1_success_pr	double	0.2
	attack_CH2_success_pr	double	0.1
	attack_count	short	10
	channel_failure_rate	double	0.001
	failure_coverage	double	0.8
	single_SS_enabler_is_0	short	1
	t_delta	double	10
	t_window	double	25
	torque_req_rate	double	0.02
	v_delta	double	0.2