60 likes | 76 Views
Explore SLA-driven system design, trust boundaries, resilience, security, and legal implications in interconnected networks. Address complexity, liability, human roles, and end-user assurance for secure systems.
E N D
Dagstuhl Seminar 15151 Day 2 – Topic 1 (and 4) 8-10 April 2015
Issues / questions 1 • SLA-driven system design (for composable systems and services) • -> relationship to policy? (regulation, law?) • We need to model and understand the resilience of (composed) interconnected and/or interdependent networks ( overcoming complexity) • How to specify resilience at the enterprise level? • and how to map this into the system layers and mechanisms?
Issues / questions 2 • Interface abstractions and tussles between entities that are unwilling to exchange information • A study of trust boundaries in composed and multi-level systems • policy and legal implications • For safety-critical systems do we think about resilience differently? • societal importance • publication of information, etc.
Issues / questions 3 • We must ensure that resilience mechanisms do not make systems more fragile, even though we may have made them more complex • In what ways are composed systems able to be structured to reduce complexity? • where components are not necessarily fully described or understood • Can we structure (or architecht) systems to create boundaries or interfaces that act as trust boundaries? • or at least clear functional or ownership boundaries
Issues / questions 4 • Composed (virtualised) systems may cause difficulties with attributing liability (responsibility) • --> (monitoring) recording? • Towards autonomic operation: can removing the human in the loop make safer systems? • (cf. human on the loop) • --> implications and legal liability? (responsibility) • Understanding and modeling the roles of humans in (composed) systems • - how to assess risks, and how to assure resilience?
Issues / questions 5 • Improving trust / security by use of descriptions / language appropriate for the end user; not 'technical' language • education / awareness / understanding • (not marketing) • How can end-users be assured that their system is secure / resilient • active assurances? • warnings of any dangers? • Need to educate users (including young people) about te importance of avoiding security problems • improving user interfaces (ethnography, usability)