07. – 10. April 2015, Dagstuhl-Seminar 15151

Assuring Resilience, Security and Privacy for Flexible Networked Systems and Organisations


David Hutchison (Lancaster University, GB)
Klara Nahrstedt (University of Illinois – Urbana-Champaign, US)
Marcus Schöller (Hochschule Reutlingen, DE)
Indra Spiecker gen. Döhmann (Goethe-Universität Frankfurt, DE)


Markus Tauber (AIT – Austrian Institute of Technology – Wien, AT)

Auskunft zu diesem Dagstuhl-Seminar erteilt

Dagstuhl Service Team


Dagstuhl Report, Volume 5, Issue 4 Dagstuhl Report


This report documents the programme and the outcomes of Dagstuhl Seminar 15151 on "Assuring Resilience, Security and Privacy for Flexible Networked Systems and Organisations". The main objective of the Seminar was to bring together researchers from different disciplines in order to establish a research agenda for securing services-to-come in our increasingly connected world. The backgrounds and interests of the participants included i) techno-legal, ii) resilience and systems security, and iii) socio-technical topics. The use case domains that were discussed covered the Internet of Things (IoT) as well as Cloud-based applications in which flexible service composition is paramount. We started the seminar using four introductory talks covering respectively the "big picture", the legal viewpoint, the technical viewpoint, and the organisational viewpoint. From this beginning, we derived initial research questions in small groups, and these questions and issues arising were then consolidated and refined into the resulting material that is presented below.

The opening speakers were the following:

  • Helmut Leopold, Head of the Digital Safety and Security Department at the Austrian Institute of Technology, who presented the "big picture", i.e. where our connected world is heading;
  • Burkhard Schafer, Professor of Computational Legal Theory at the University of Edinburgh, who presented his viewpoint on legal challenges within our ever interconnected society;
  • Thilo Ewald from Microsoft Deutschland GmbH, who explained his viewpoint on the organisational challenges in today’s world;
  • Marcus Brunner, Head of Standardization in the strategy and innovation department of Swisscom, presented his viewpoint on technological developments in designing and building flexible networked systems.

From this starting point we derived initial research questions in small groups. The organising team reviewed intermediate results and re-balanced groups and most significantly identified the core questions to work on. The groups were between 4 and 6 people at any time, and a good balance was maintained across the representatives of legal, organisational and technological experts and between the groups. The resulting questions and issues were:

  1. How to enable Resilience, by design, of composable flexible systems [1]?
  2. What is the role of law in supporting resilience, privacy [2] and security?
  3. Traceability of (personal and non-personal) data in service provision?
  4. How can we improve the perception of assurance [3], privacy, security and resilience for the end-user?
  5. What constitutes a security problem?
  6. How to deal with unforeseen new context of usage?

These questions were crucial, in that they formed the basis for the bulk of group discussions throughout the second and third days of the Seminar. Therefore, the organisers took great care - and a great deal of time during the first evening - formulating these questions, together with the related issues. At the start of the second day, these questions and issues were presented to the groups, who were invited to comment on them. The groups were invited to add their own interpretation, and to identify additional issues during their discussions. During the subsequent periods - broken up by refreshments and lunch - the organisers checked that the groups appeared to be productive and harmonious (which on both counts they turned out to be). Each group was asked to record the essence of their discussions, and conclusions, and to pass these to the organisers by the end of the Seminar. Every group did some additional work after the Seminar, and the report assembled here reflects the hard work of the participants as well as the organisers, during the Seminar itself and in the days that followed.


  1. Rohrer, Marcus Schöller, and Paul Smith. Resilience and survivability in communication networks: Strategies, principles, and survey of disciplines. Comput. Netw., 54(8):1245–1265, June 2010.
  2. Burkhard Schafer. All changed, changed utterly? Datenschutz und Datensicherheit – DuD, 35(9):634–638, 2011.
  3. Aleksandar Hudic, Markus Tauber, Thomas Lorunser, Maria Krotsiani, George Spanoudakis, Andreas Mauthe, and Edgar R. Weippl. A multi-layer and multitenant cloud assurance evaluation methodology. In Cloud Computing Technology and Science (CloudCom), 2014 IEEE 6th International Conference on, pages 386–393. IEEE, 2014.
Summary text license
  Creative Commons BY 3.0 Unported license
  David Hutchison and Klara Nahrstedt and Marcus Schöller and Indra Spiecker gen. Döhmann and Markus Tauber


  • Networks
  • Security / Cryptology
  • Society / Human-computer Interaction


  • Secure & resilient flexible networks and services
  • Critical infrastructures
  • Self-organisation
  • Virtual service and network composition
  • Socio-technical threat mitigation
  • Techno-legal aspects of digital evidence vs. data protection


In der Reihe Dagstuhl Reports werden alle Dagstuhl-Seminare und Dagstuhl-Perspektiven-Workshops dokumentiert. Die Organisatoren stellen zusammen mit dem Collector des Seminars einen Bericht zusammen, der die Beiträge der Autoren zusammenfasst und um eine Zusammenfassung ergänzt.


Download Übersichtsflyer (PDF).

Dagstuhl's Impact

Bitte informieren Sie uns, wenn eine Veröffentlichung ausgehend von Ihrem Seminar entsteht. Derartige Veröffentlichungen werden von uns in der Rubrik Dagstuhl's Impact separat aufgelistet  und im Erdgeschoss der Bibliothek präsentiert.


Es besteht weiterhin die Möglichkeit, eine umfassende Kollektion begutachteter Arbeiten in der Reihe Dagstuhl Follow-Ups zu publizieren.