Dagstuhl Seminar 15151
Assuring Resilience, Security and Privacy for Flexible Networked Systems and Organisations
( Apr 07 – Apr 10, 2015 )
Permalink
Organizers
- David Hutchison (Lancaster University, GB)
- Klara Nahrstedt (University of Illinois - Urbana-Champaign, US)
- Marcus Schöller (Hochschule Reutlingen, DE)
- Indra Spiecker gen. Döhmann (Goethe-Universität Frankfurt, DE)
Coordinator
- Markus Tauber (AIT Austrian Institute of Technology - Wien, AT)
Contact
- Andreas Dolzmann (for scientific matters)
- Dagmar Glaser (for administrative matters)
The concept of on-demand composable systems is progressively pervading all areas of IT usage. Thus, IT systems’ composability will in future encompass not only traditional office and industrial applications, but also new critical infrastructure applications. Using flexible service composition, computational work is increasingly done in a shared manner among different physical infrastructures and devices, virtualised resources and providers. Furthermore, composable and flexible services will include the utilisation of a wide variety of devices, including wearables, physical enhancements via IT or control devices in (critical) infrastructures. A framework for flexible service composition may even enable multiple tenants to operate or use services on particular devices simultaneously. In such applications, it is of uttermost importance to be able to assure security, privacy and perhaps above all the property of resilience, which is the ability to continue to provide the required – and indeed the legally contracted – quality of service to the system’s users. Several multi-disciplinary challenges need to be addressed and solved before benefits of engineering such services can be achieved:
- New concepts and mechanisms for resilience are needed, going beyond security, and focusing on the resilience of the service rather than solely of the underlying infrastructure; also taking into account the decentralised and composed nature of the artefacts under consideration.
- Socio-technical implications of decentralised and composed services have to be considered. As these systems will span multiple organisational boundaries, new models and methods for inter-organisational interaction, and responsibility and accountability of people in building and controlling the respective systems, are needed.
- New techno-legal approaches will be required to properly address situations arising from the decentralised and multi-organisational nature of future systems. In this regard, the challenge lies within the investigation of the balance between data protection and digital evidence gathering.
- Assurance of promised qualities will be much more complex than today. Given the dependency of a service on multiple underlying systems, new models and metrics need to be identified to assure the operation of composed services in a secure, authentic and lawful manner. At the same time, the concept of assurance will have to be extended to the dimension of assuring key properties against the provider(s) of dynamically allocated infrastructure elements.
- Deliberations must be aligned with industrial views and needs in order to ensure practical relevance and applicability. Any proposed approach must therefore be critically evaluated against concrete use cases regarding the above challenges. Hence it is important to involve industry from the very beginning of this scientific, engineering and practical endeavour.
These challenges are highly interrelated and therefore have to be addressed concurrently, by researchers and industry experts from different disciplines. The issues above have mainly been investigated individually and not collectively so far.
Hence the goal of this seminar is to bring together researchers, engineers and practitioners from appropriate backgrounds who have explored key parts of this space, and who can contribute to the overall goals of helping create a research agenda in assuring the resilience, security and privacy of networked systems and organisations. We consider it crucial to take into account the industry drivers in this endeavour, in regard to the system and its individual parts. As an outcome of this seminar, gaps among different research communities will be bridged, common research questions identified, and as a result their research agendas will be mutually enlarged and more strongly aligned. One of the major outcomes intended by the organizers of this seminar shall be a publication in ACM SIGCOMM CCR to report on the results to a wider networking and systems community. Another possible outcome is a proposal for a workshop at one of the leading security conferences such as ACM CCS, the IEEE Symposium on Security and Privacy, or the USENIX Security Conferences.
This report documents the programme and the outcomes of Dagstuhl Seminar 15151 on "Assuring Resilience, Security and Privacy for Flexible Networked Systems and Organisations". The main objective of the Seminar was to bring together researchers from different disciplines in order to establish a research agenda for securing services-to-come in our increasingly connected world. The backgrounds and interests of the participants included i) techno-legal, ii) resilience and systems security, and iii) socio-technical topics. The use case domains that were discussed covered the Internet of Things (IoT) as well as Cloud-based applications in which flexible service composition is paramount. We started the seminar using four introductory talks covering respectively the "big picture", the legal viewpoint, the technical viewpoint, and the organisational viewpoint. From this beginning, we derived initial research questions in small groups, and these questions and issues arising were then consolidated and refined into the resulting material that is presented below.
The opening speakers were the following:
- Helmut Leopold, Head of the Digital Safety and Security Department at the Austrian Institute of Technology, who presented the "big picture", i.e. where our connected world is heading;
- Burkhard Schafer, Professor of Computational Legal Theory at the University of Edinburgh, who presented his viewpoint on legal challenges within our ever interconnected society;
- Thilo Ewald from Microsoft Deutschland GmbH, who explained his viewpoint on the organisational challenges in today’s world;
- Marcus Brunner, Head of Standardization in the strategy and innovation department of Swisscom, presented his viewpoint on technological developments in designing and building flexible networked systems.
From this starting point we derived initial research questions in small groups. The organising team reviewed intermediate results and re-balanced groups and most significantly identified the core questions to work on. The groups were between 4 and 6 people at any time, and a good balance was maintained across the representatives of legal, organisational and technological experts and between the groups. The resulting questions and issues were:
- How to enable Resilience, by design, of composable flexible systems [1]?
- What is the role of law in supporting resilience, privacy [2] and security?
- Traceability of (personal and non-personal) data in service provision?
- How can we improve the perception of assurance [3], privacy, security and resilience for the end-user?
- What constitutes a security problem?
- How to deal with unforeseen new context of usage?
These questions were crucial, in that they formed the basis for the bulk of group discussions throughout the second and third days of the Seminar. Therefore, the organisers took great care - and a great deal of time during the first evening - formulating these questions, together with the related issues. At the start of the second day, these questions and issues were presented to the groups, who were invited to comment on them. The groups were invited to add their own interpretation, and to identify additional issues during their discussions. During the subsequent periods - broken up by refreshments and lunch - the organisers checked that the groups appeared to be productive and harmonious (which on both counts they turned out to be). Each group was asked to record the essence of their discussions, and conclusions, and to pass these to the organisers by the end of the Seminar. Every group did some additional work after the Seminar, and the report assembled here reflects the hard work of the participants as well as the organisers, during the Seminar itself and in the days that followed.
References
- Rohrer, Marcus Schöller, and Paul Smith. Resilience and survivability in communication networks: Strategies, principles, and survey of disciplines. Comput. Netw., 54(8):1245–1265, June 2010.
- Burkhard Schafer. All changed, changed utterly? Datenschutz und Datensicherheit – DuD, 35(9):634–638, 2011.
- Aleksandar Hudic, Markus Tauber, Thomas Lorunser, Maria Krotsiani, George Spanoudakis, Andreas Mauthe, and Edgar R. Weippl. A multi-layer and multitenant cloud assurance evaluation methodology. In Cloud Computing Technology and Science (CloudCom), 2014 IEEE 6th International Conference on, pages 386–393. IEEE, 2014.
- Ali Alshawish (Universität Passau, DE) [dblp]
- Silvia Balaban (KIT - Karlsruher Institut für Technologie, DE)
- Saleem Bhatti (University of St. Andrews, GB) [dblp]
- Roland Bless (KIT - Karlsruher Institut für Technologie, DE) [dblp]
- Marcus Brunner (Swisscom AG - Bern, CH) [dblp]
- György Dan (KTH Royal Institute of Technology, SE) [dblp]
- Jerker Delsing (Luleå University of Technology, SE) [dblp]
- Thilo Ewald (Microsoft Deutschland GmbH - Unterschleissheim, DE) [dblp]
- Andreas Fischer (Universität Passau, DE) [dblp]
- David Hutchison (Lancaster University, GB) [dblp]
- Youki Kadobayashi (Nara Institute of Science and Technology, JP) [dblp]
- Graham Kirby (University of St. Andrews, GB) [dblp]
- Helmut Leopold (AIT Austrian Institute of Technology - Wien, AT) [dblp]
- Andreas Mauthe (Lancaster University, GB) [dblp]
- Simon Oechsner (NEC Laboratories Europe - Heidelberg, DE) [dblp]
- Frank Pallas (KIT - Karlsruher Institut für Technologie, DE) [dblp]
- Oliver Raabe (KIT - Karlsruher Institut für Technologie, DE) [dblp]
- Alberto Egon Schaeffer-Filho (Federal University of Rio Grande do Sul, BR) [dblp]
- Burkhard Schafer (University of Edinburgh, GB) [dblp]
- Marcus Schöller (Hochschule Reutlingen, DE) [dblp]
- Sean W. Smith (Dartmouth College - Hanover, US) [dblp]
- Christoph Sorge (Universität des Saarlandes, DE) [dblp]
- Indra Spiecker gen. Döhmann (Goethe-Universität Frankfurt, DE) [dblp]
- James P. G. Sterbenz (University of Kansas, US) [dblp]
- Burkhard Stiller (Universität Zürich, CH) [dblp]
- Markus Tauber (AIT Austrian Institute of Technology - Wien, AT) [dblp]
- Gene Tsudik (University of California - Irvine, US) [dblp]
- Pal Varga (Budapest University of Technology & Economics, HU) [dblp]
- Edgar Weippl (Secure Business Austria Research, AT) [dblp]
Classification
- networks
- security / cryptology
- society / human-computer interaction
Keywords
- Secure & resilient flexible networks and services
- critical infrastructures
- self-organisation
- virtual service and network composition
- socio-technical threat mitigation
- techno-legal aspects of digital evidence vs. data protection