RISI 2013 - 3rd International Workshop on Resilience and IT-Risk in Social Infrastructures (RISI 2013)

Information technology (IT) supports domains of social infrastructures in monitoring and controlling their physical environment. These embedded systems must inevitable deliver correct services for at least the critical functions according to the current situation. However, interferences due to crime, terrorism, and natural disasters threaten IT support and therewith safety. Affected systems should adapt to both the changed situation and the failure of services. Adaptive systems following the computing paradigm of Ubiquitous Computing promise to achieve liveness properties of data processing in any case of faults and changes. Hence, they are an option for improving cyber-physical systems in monitoring and controlling social infrastructures even in hostile environments. Although on demand orchestration of services creates adaptive systems of systems to implement the required functionality, these desired interdependencies bear vulnerabilities by, e.g., covert channels.
Whereas many security solutions are well studied for models and their implementation for separated security domains, this is not the case for adaptive systems. Firstly, adaptive systems change continuously their state. A model can only consider those states, which have already passed. Secondly, security domains overlap in adaptive systems, which demand a disclosure of private data to third parties resulting in data aggregation at services of different security domains. Thirdly, some processing purposes are not predictable at the time of data collection and service orchestration should not be excluded for new services. Enforcement of security in adaptive systems equals to enforcement of liveness and safety properties to achieve correct services by means of dependable and secure computing. The ability of a system to maintain an acceptable level of service in the face of any faults and challenges to normal operation is understood as resilience.
Since resilience research is still in its infancy, the main objective of this workshop is to identify research problems and to discuss future research initiatives regarding IT support for "Resilience in Social Infrastructures" as well as the necessity to take non-technical aspects into consideration. We encourage academic researchers and industry experts to present and discuss novel ideas and ongoing work. Contributions addressing promising approaches to provide and manage resilient infrastructures are invited as research in progress and best practices.
Topics of interest comprise but are not limited to:
Autonomic and dependable computing
Methods and techniques for self-configuration, self-healing, self-protecting, etc.
Flexible and secure orchestration of IT services
Trustworthy organic computing
Risk assessment and vulnerability analysis
Economics of controls
Risk assessment within adaptive systems
Identification of vulnerabilities in Service-Oriented Computing
Policy Management
Policy languages for isolation in adaptive systems
Matching of high-level policies with security-related execution traces
Automatic identification of conflicts between policies
Automatic resolution of policy conflicts
Pattern-driven security engineering
Policy enforcement
Recovery-Oriented Computing
Enforcement of data removal
Usage control mechanisms
Observability of control and data flows
Simulations of system behavior
Conformance checking
Data provenance
Model checking for adaptive systems
Digital forensics
Methods for resilience & best practices
Privacy and security in participatory sensing
Business continuity plan and business continuity management
Critical information infrastructure protection
Human-centric resilience systems
Measurements of resilience
Resilience in cryptographic and communications protocols