Proceedings ICPW'07: 2nd International Conference on the Pragmatic Web, 22-23 Oct. 2007, Tilburg: NL

Proceedings ICPW'07: 2nd International Conference on the Pragmatic Web, 22-23 Oct. 2007, Tilburg: N

Promises, Impositions, and other Directionals

Promises, impositions, proposals, predictions, and suggestions are categorized as voluntary co-operational methods. The class of voluntary co-operational methods is included in the class of so-called directionals. Directionals are mechanisms supporting the mutual coordination of autonomous agents. Notations are provided capable of expressing residual fragments of directionals. An extensive example, involving promises about the suitability of programs for tasks imposed on the promisee is presented. The example illustrates the dynamics of promises and more specifically the corresponding mechanism of trust updating and credibility updating. Trust levels and credibility levels then determine the way certain promises and impositions are handled. The ubiquity of promises and impositions is further demonstrated with two extensive examples involving human behaviour: an artificial example about an agent planning a purchase, and a realistic example describing technology mediated interaction concerning the solution of pay station failure related problems arising for an agent intending to leave the parking area.Comment: 55 page

ANCHOR: logically-centralized security for Software-Defined Networks

While the centralization of SDN brought advantages such as a faster pace of innovation, it also disrupted some of the natural defenses of traditional architectures against different threats. The literature on SDN has mostly been concerned with the functional side, despite some specific works concerning non-functional properties like 'security' or 'dependability'. Though addressing the latter in an ad-hoc, piecemeal way, may work, it will most likely lead to efficiency and effectiveness problems. We claim that the enforcement of non-functional properties as a pillar of SDN robustness calls for a systemic approach. As a general concept, we propose ANCHOR, a subsystem architecture that promotes the logical centralization of non-functional properties. To show the effectiveness of the concept, we focus on 'security' in this paper: we identify the current security gaps in SDNs and we populate the architecture middleware with the appropriate security mechanisms, in a global and consistent manner. Essential security mechanisms provided by anchor include reliable entropy and resilient pseudo-random generators, and protocols for secure registration and association of SDN devices. We claim and justify in the paper that centralizing such mechanisms is key for their effectiveness, by allowing us to: define and enforce global policies for those properties; reduce the complexity of controllers and forwarding devices; ensure higher levels of robustness for critical services; foster interoperability of the non-functional property enforcement mechanisms; and promote the security and resilience of the architecture itself. We discuss design and implementation aspects, and we prove and evaluate our algorithms and mechanisms, including the formalisation of the main protocols and the verification of their core security properties using the Tamarin prover.Comment: 42 pages, 4 figures, 3 tables, 5 algorithms, 139 reference

Correlation and causality

This paper provides an analysis of the argument from cause and effect and a comparison of its various types with the argument from correlation. It will be claimed that arguments from causality and from correlation should be treated as equivalent for argumentative purposes. The main advantages of this approach (theoretical economy and impact on the taxonomy of critical questions) as well as possible theo-retical objections will be discussed

The need of diagrams based on Toulmin schema application: an aeronautical case study

In this article, Justification Diagrams are introduced for structuring evidence to support conclusions that are reached from results of simulation studies. An industrial application is used to illustrate the use of the Justification Diagrams. Adapted from the Toulmin schema, the aim of Justification Diagram is to define a comprehensive, auditable and shareable notation to explain the results, the input data, the assumptions made and the techniques applied, to construct a cogent conclusion. Further, the Justification Diagrams provide a visual representation of the argument that aims to corroborate the specified claims, or conclusions. A large part of this work is based on the application of the Justification Diagrams in the context of the European project, TOICA. The Justification Diagrams were used to structure all justifications that would be needed to convince an authority that a simulation process, and the associated results, upheld a particular conclusion. These diagrams are built concurrently in a product development process that accompanies the various stages of Verification and Validation (V&V) and where, for each design stage of V&V, argumentation is constructed by aggregating evidence and documents produced at this design stage

Computer trading and systemic risk: a nuclear perspective

Financial markets have evolved to become complex adaptive systems highly reliant on the communication speeds and processing power afforded by digital systems. Their failure could cause severe disruption to the provision of financial services and possibly the wider economy. In this study we consider whether a perspective from the nuclear industry can provide additional insights

Assuring Safety and Security

Large technological systems produce new capabilities that allow innovative solutions to social, engineering and environmental problems. This trend is especially important in the safety-critical systems (SCS) domain where we simultaneously aim to do more with the systems whilst reducing the harm they might cause. Even with the increased uncertainty created by these opportunities, SCS still need to be assured against safety and security risk and, in many cases, certified before use. A large number of approaches and standards have emerged, however there remain challenges related to technical risk such as identifying inter-domain risk interactions, developing safety-security causal models, and understanding the impact of new risk information. In addition, there are socio-technical challenges that undermine technical risk activities and act as a barrier to co-assurance, these include insufficient processes for risk acceptance, unclear responsibilities, and a lack of legal, regulatory and organisational structure to support safety-security alignment. A new approach is required. The Safety-Security Assurance Framework (SSAF) is proposed here as a candidate solution. SSAF is based on the new paradigm of independent co-assurance, that is, keeping the disciplines separate but having synchronisation points where required information is exchanged. SSAF is comprised of three parts - the Conceptual Model defines the underlying philosophy, and the Technical Risk Model (TRM) and Socio-Technical Model (STM) consist of processes and models for technical risk and socio-technical aspects of co-assurance. Findings from a partial evaluation of SSAF using case studies reveal that the approach has some utility in creating inter-domain relationship models and identifying socio-technical gaps for co-assurance. The original contribution to knowledge presented in this thesis is the novel approach to co-assurance that uses synchronisation points, explicit representation of a technical risk argument that argues over interaction risks, and a confidence argument that explicitly considers co-assurance socio-technical factors