Treffer: Co-designing heterogeneous models: a distributed systems approach.

The nature of information security has been, and probably will continue to be, marked by the asymmetric competition of attackers and defenders over the control of an uncertain environment. The reduction of this degree of uncertainty via an increase in understanding of that environment is a primary objective for both sides. Models are useful tools in this context because they provide a way to understand and experiment with their targets without the usual operational constraints. However, given the technological and social advancements of today, the object of modelling has increased in complexity. Such objects are no longer singular entities but heterogeneous socio-technical systems interlinked to form large-scale ecosystems. Furthermore, the underlying components of a system might be based on very different epistemic assumptions and methodologies for construction and use. Naturally, consistent, rigorous reasoning about such systems is hard but necessary for achieving both security and resilience. The goal of this paper is to present a modelling approach tailored for heterogeneous systems based on three elements: an inferentialist interpretation of what a model is, a distributed systems metaphor to structure that interpretation and a co-design cycle to describe the practical design and construction of the model. The underlying idea is that an open-world interpretation, supported by a formal, yet generic abstraction facilitating knowledge translation and providing properties for structured reasoning and, used in practice according to the co-design cycle could lead to models that are more likely to achieve their pre-stated goals. We explore the suitability of this method in the context of two different security-oriented models: an organizational recovery under ransomware model and a surge capacity trauma unit model. [ABSTRACT FROM AUTHOR]

Copyright of Journal of Cybersecurity is the property of Oxford University Press / USA and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)