SoSE 2018 Special Session on SoS Resilience
SoS resilience stake and aims
SoS are characterized by the increase of the operational interdependence between systems within a business domain, the multiplicity of operators and stakeholders, the diversity of the operational and economic models, the interoperability and the openness, the diversity of the threats, and the resulting increase of the surface of attack of the global system. Moreover, rapid changes in technology and its use, diversity of systems’ lifecycles, huge information exchanges, and uncertainties in economic and political environments have drastically increased the complexity of SoS. This complexity induces main critical issues, among them safety, security and privacy. A SoS should have the capability to maintain an appropriate privacy, security and safety level along its lifecycle, whatever happens.
Resilience is the ability to provide required capability in the face of adversity, or the system’s ability to “evolve and adapt” to future threats and unknown-unknowns, that is to resist, tolerate, absorb, recover from, prepare for, or adapt to an adverse occurrence that causes harm, destruction, or loss.
Safety is the most critical issue that drives resilience. The aim is to reduce harmful consequences of accidental events. Privacy is another critical issue because many exchanged information may concerns people behaviour, habits or characteristics (sexual habit, religious beliefs, geographic positioning …). Security (or cybersecurity), in the sense of vulnerability against hostile acts, is another critical issue since threats can affect directly or indirectly systems safety and privacy.
These three issues are not independent, but complementary or opposite, function of the context and the situation.
SoS resilience main issues
Most research on safety, privacy and security for critical systems does not deal yet with SoS safety, privacy and security, especially when security is managed for some systems and not managed for others. For instance, the residual vulnerabilities, the interconnections between systems for which security is not managed at the same level, as well as the multiplicity of threats, increase drastically the surface of attack of the systems and affect the security at SoS level.
SoS resilience necessitates to integrate together safety, security and privacy and evaluate their interactions.
Scope and Objectives
The purpose of this special session is to bring together a group of experts and researchers from different disciplines to explore how we can provide and maintain SoS safety, security and privacy alongside their lifecycles. Specific goals of the special session are to:
- Identify the safety, security and privacy interactions and their impacts on the SoS architectures and processes;
- Discuss technological versus legal issues related to SoS resilience;
- Find the key research questions and challenges in building and maintaining SoS resilience;
- Expose the state-of-the-art research results in this area.
Topics of Interest
We welcome submissions from both academia and industry on this emerging multi-disciplinary research field. Papers are expected to explore fundamental or applied research and engineering problems as well as legal problems related to all areas pertinent to SoS Resilience and the related fields. The special session will cover the following non exhaustive list of topics:
- Interaction between safety, security and privacy in a SoS context;
- Design of safe, secure and privacy friendly SoS architectures;
- Processes related to safety, security and privacy maintenance;
- Cooperation between different disciplines.
– Jean-René Ruault (DGA, INCOSE / AFIS member)
– Jean-Luc Wippler (Thales / Ecole Polytechnique, INCOSE / AFIS member)
– Jean Pariès (Dédale)