07.04.15 - 10.04.15, Seminar 15151

Assuring Resilience, Security and Privacy for Flexible Networked Systems and Organisations

Diese Seminarbeschreibung wurde vor dem Seminar auf unseren Webseiten veröffentlicht und bei der Einladung zum Seminar verwendet.

Motivation

The concept of on-demand composable systems is progressively pervading all areas of IT usage. Thus, IT systems’ composability will in future encompass not only traditional office and industrial applications, but also new critical infrastructure applications. Using flexible service composition, computational work is increasingly done in a shared manner among different physical infrastructures and devices, virtualised resources and providers. Furthermore, composable and flexible services will include the utilisation of a wide variety of devices, including wearables, physical enhancements via IT or control devices in (critical) infrastructures. A framework for flexible service composition may even enable multiple tenants to operate or use services on particular devices simultaneously. In such applications, it is of uttermost importance to be able to assure security, privacy and perhaps above all the property of resilience, which is the ability to continue to provide the required – and indeed the legally contracted – quality of service to the system’s users. Several multi-disciplinary challenges need to be addressed and solved before benefits of engineering such services can be achieved:

  • New concepts and mechanisms for resilience are needed, going beyond security, and focusing on the resilience of the service rather than solely of the underlying infrastructure; also taking into account the decentralised and composed nature of the artefacts under consideration.
  • Socio-technical implications of decentralised and composed services have to be considered. As these systems will span multiple organisational boundaries, new models and methods for inter-organisational interaction, and responsibility and accountability of people in building and controlling the respective systems, are needed.
  • New techno-legal approaches will be required to properly address situations arising from the decentralised and multi-organisational nature of future systems. In this regard, the challenge lies within the investigation of the balance between data protection and digital evidence gathering.
  • Assurance of promised qualities will be much more complex than today. Given the dependency of a service on multiple underlying systems, new models and metrics need to be identified to assure the operation of composed services in a secure, authentic and lawful manner. At the same time, the concept of assurance will have to be extended to the dimension of assuring key properties against the provider(s) of dynamically allocated infrastructure elements.
  • Deliberations must be aligned with industrial views and needs in order to ensure practical relevance and applicability. Any proposed approach must therefore be critically evaluated against concrete use cases regarding the above challenges. Hence it is important to involve industry from the very beginning of this scientific, engineering and practical endeavour.

These challenges are highly interrelated and therefore have to be addressed concurrently, by researchers and industry experts from different disciplines. The issues above have mainly been investigated individually and not collectively so far.

Hence the goal of this seminar is to bring together researchers, engineers and practitioners from appropriate backgrounds who have explored key parts of this space, and who can contribute to the overall goals of helping create a research agenda in assuring the resilience, security and privacy of networked systems and organisations. We consider it crucial to take into account the industry drivers in this endeavour, in regard to the system and its individual parts. As an outcome of this seminar, gaps among different research communities will be bridged, common research questions identified, and as a result their research agendas will be mutually enlarged and more strongly aligned. One of the major outcomes intended by the organizers of this seminar shall be a publication in ACM SIGCOMM CCR to report on the results to a wider networking and systems community. Another possible outcome is a proposal for a workshop at one of the leading security conferences such as ACM CCS, the IEEE Symposium on Security and Privacy, or the USENIX Security Conferences.