April 7 – 10 , 2015, Dagstuhl Seminar 15151

Assuring Resilience, Security and Privacy for Flexible Networked Systems and Organisations


David Hutchison (Lancaster University, GB)
Klara Nahrstedt (University of Illinois – Urbana-Champaign, US)
Marcus Schöller (Hochschule Reutlingen, DE)
Indra Spiecker gen. Döhmann (Goethe-Universität Frankfurt, DE)


Markus Tauber (AIT – Austrian Institute of Technology – Wien, AT)

For support, please contact

Dagstuhl Service Team


Dagstuhl Report, Volume 5, Issue 4 Dagstuhl Report
Aims & Scope
List of Participants


This report documents the programme and the outcomes of Dagstuhl Seminar 15151 on "Assuring Resilience, Security and Privacy for Flexible Networked Systems and Organisations". The main objective of the Seminar was to bring together researchers from different disciplines in order to establish a research agenda for securing services-to-come in our increasingly connected world. The backgrounds and interests of the participants included i) techno-legal, ii) resilience and systems security, and iii) socio-technical topics. The use case domains that were discussed covered the Internet of Things (IoT) as well as Cloud-based applications in which flexible service composition is paramount. We started the seminar using four introductory talks covering respectively the "big picture", the legal viewpoint, the technical viewpoint, and the organisational viewpoint. From this beginning, we derived initial research questions in small groups, and these questions and issues arising were then consolidated and refined into the resulting material that is presented below.

The opening speakers were the following:

  • Helmut Leopold, Head of the Digital Safety and Security Department at the Austrian Institute of Technology, who presented the "big picture", i.e. where our connected world is heading;
  • Burkhard Schafer, Professor of Computational Legal Theory at the University of Edinburgh, who presented his viewpoint on legal challenges within our ever interconnected society;
  • Thilo Ewald from Microsoft Deutschland GmbH, who explained his viewpoint on the organisational challenges in today’s world;
  • Marcus Brunner, Head of Standardization in the strategy and innovation department of Swisscom, presented his viewpoint on technological developments in designing and building flexible networked systems.

From this starting point we derived initial research questions in small groups. The organising team reviewed intermediate results and re-balanced groups and most significantly identified the core questions to work on. The groups were between 4 and 6 people at any time, and a good balance was maintained across the representatives of legal, organisational and technological experts and between the groups. The resulting questions and issues were:

  1. How to enable Resilience, by design, of composable flexible systems [1]?
  2. What is the role of law in supporting resilience, privacy [2] and security?
  3. Traceability of (personal and non-personal) data in service provision?
  4. How can we improve the perception of assurance [3], privacy, security and resilience for the end-user?
  5. What constitutes a security problem?
  6. How to deal with unforeseen new context of usage?

These questions were crucial, in that they formed the basis for the bulk of group discussions throughout the second and third days of the Seminar. Therefore, the organisers took great care - and a great deal of time during the first evening - formulating these questions, together with the related issues. At the start of the second day, these questions and issues were presented to the groups, who were invited to comment on them. The groups were invited to add their own interpretation, and to identify additional issues during their discussions. During the subsequent periods - broken up by refreshments and lunch - the organisers checked that the groups appeared to be productive and harmonious (which on both counts they turned out to be). Each group was asked to record the essence of their discussions, and conclusions, and to pass these to the organisers by the end of the Seminar. Every group did some additional work after the Seminar, and the report assembled here reflects the hard work of the participants as well as the organisers, during the Seminar itself and in the days that followed.


  1. Rohrer, Marcus Schöller, and Paul Smith. Resilience and survivability in communication networks: Strategies, principles, and survey of disciplines. Comput. Netw., 54(8):1245–1265, June 2010.
  2. Burkhard Schafer. All changed, changed utterly? Datenschutz und Datensicherheit – DuD, 35(9):634–638, 2011.
  3. Aleksandar Hudic, Markus Tauber, Thomas Lorunser, Maria Krotsiani, George Spanoudakis, Andreas Mauthe, and Edgar R. Weippl. A multi-layer and multitenant cloud assurance evaluation methodology. In Cloud Computing Technology and Science (CloudCom), 2014 IEEE 6th International Conference on, pages 386–393. IEEE, 2014.
Summary text license
  Creative Commons BY 3.0 Unported license
  David Hutchison and Klara Nahrstedt and Marcus Schöller and Indra Spiecker gen. Döhmann and Markus Tauber


  • Networks
  • Security / Cryptology
  • Society / Human-computer Interaction


  • Secure & resilient flexible networks and services
  • Critical infrastructures
  • Self-organisation
  • Virtual service and network composition
  • Socio-technical threat mitigation
  • Techno-legal aspects of digital evidence vs. data protection


In the series Dagstuhl Reports each Dagstuhl Seminar and Dagstuhl Perspectives Workshop is documented. The seminar organizers, in cooperation with the collector, prepare a report that includes contributions from the participants' talks together with a summary of the seminar.


Download overview leaflet (PDF).

Dagstuhl's Impact

Please inform us when a publication was published as a result from your seminar. These publications are listed in the category Dagstuhl's Impact and are presented on a special shelf on the ground floor of the library.


Furthermore, a comprehensive peer-reviewed collection of research papers can be published in the series Dagstuhl Follow-Ups.