Responsibility modeling for identifying sociotechnical threats to the dependability of coalitions of systems

With the rise of cloud computing and system-of-systems we are entering an era where mission critical services and applications will be dependent upon ‘coalitions-of-systems’. Coalitions-of-systems (CoS) are a class of system similar to systems-of-systems but they differ in that they interact to further overlapping self-interests rather than an overarching mission. Assessing the sociotechnical dependability of CoS is an open research question of societal importance as existing sociotechnical dependability analysis techniques typically do not assess threats associated with coalition partners reneging on responsibilities or leaving a coalition. We use a cloud computing based case study to demonstrate that a responsibility modeling based risk analysis approach enables the identification of these threats. We provide first evidence that inspecting the distribution of liabilities among coalition partners may indicate the fragility of overlapping self-interests.

[1]  G. Baxter,et al.  Responsibility modelling for risk analysis , 2010 .

[2]  Mary Shaw,et al.  Strategies for Achieving Robustness in Coalitions of Systems , 2006 .

[3]  Greg Goth Ultralarge Systems: Redefining Software Engineering? , 2008, IEEE Software.

[4]  John E. Dobson,et al.  ORDIT: a new methodology to assist in the process of eliciting and modelling organizational requirements , 1993, COCS '93.

[5]  Peter Kroes,et al.  Modeling engineering systems as socio-technical systems , 2004, 2004 IEEE International Conference on Systems, Man and Cybernetics (IEEE Cat. No.04CH37583).

[6]  Maurizio Sebastianis,et al.  Risk as Dependability Metrics for the Evaluation of Business Solutions: A Model-driven Approach , 2008, 2008 Third International Conference on Availability, Reliability and Security.

[7]  Carl E. Landwehr,et al.  Basic concepts and taxonomy of dependable and secure computing , 2004, IEEE Transactions on Dependable and Secure Computing.

[8]  Ketil Stølen,et al.  The CORAS methodology: model-based risk assessment using UML and UP , 2003 .

[9]  John E. Dobson,et al.  How responsibility modelling leads to security requirements , 1993, NSPW '92-93.

[10]  Neil Maiden,et al.  Analysing i * System Models for Dependability Properties : The Uberlingen Accident , 2006 .

[11]  Ian Sommerville,et al.  Cloud Migration: A Case Study of Migrating an Enterprise IT System to IaaS , 2010, 2010 IEEE 3rd International Conference on Cloud Computing.

[12]  N. Maiden,et al.  Dependability in RESCUE : A Concurrent Engineering Approach to the Specification of Requirements for Air Traffic Management , 2004 .

[13]  Mark W. Maier,et al.  Architecting Principles for Systems‐of‐Systems , 1996 .

[14]  Ian Sommerville,et al.  Socio-technical systems: From design methods to systems engineering , 2011, Interact. Comput..

[15]  Fabio Massacci,et al.  From Trust to Dependability through Risk Analysis , 2007, The Second International Conference on Availability, Reliability and Security (ARES'07).

[16]  John E. Dobson,et al.  Models for Understanding Responsibilities , 2007 .

[17]  Eric Yu,et al.  Social Modeling for Requirements Engineering , 2011, Cooperative information systems.

[18]  Douglas C. Schmidt,et al.  Ultra-Large-Scale Systems: The Software Challenge of the Future , 2006 .

[19]  Eric Dubois,et al.  Requirements Engineering for Improving Business/IT Alignment in Security Risk Management Methods , 2007, IESA.

[20]  Ian Sommerville,et al.  Dependability and Trust in Organisational and Domestic Computer Systems , 2006, Trust in Technology.

[21]  Hans de Bruijn,et al.  System and Actor Perspectives on Sociotechnical Systems , 2009, IEEE Transactions on Systems, Man, and Cybernetics - Part A: Systems and Humans.

[22]  Ian Sommerville,et al.  Responsibility modelling for civil emergency planning , 2009 .