Co-designing heterogeneous models: a distributed systems approach

The nature of information security has been, and probably will continue to be, marked by the asymmetric competition of attackers and defenders over the control of an uncertain environment. The reduction of this degree of uncertainty via an increase in understanding of that environment is a primary objective for both sides. Models are useful tools in this context because they provide a way to understand and experiment with their targets without the usual operational constraints. However, given the technological and social advancements of today, the object of modelling has increased in complexity. Such objects are no longer singular entities, but heterogeneous socio-technical systems interlinked to form large-scale ecosystems. Furthermore, the underlying components of a system might be based on very different epistemic assumptions and methodologies for construction and use. Naturally, consistent, rigorous reasoning about such systems is hard, but necessary for achieving both security and resilience. The goal of this paper is to present a modelling approach tailored for heterogeneous systems based on three elements: an inferentialist interpretation of what a model is, a distributed systems metaphor to structure that interpretation and a co-design cycle to describe the practical design and construction of the model. The underlying idea is that an open world interpretation, supported by a formal, yet generic abstraction facilitating knowledge translation and providing properties for structured reasoning and, used in practice according to the co-design cycle could lead to models that are more likely to achieve their pre-stated goals. We explore the suitability of this method in the context of three different security-oriented models: a physical data loss model, an organisational recovery under ransomware model and an surge capacity trauma unit model.