Paul Perrotin
Directeur(s): Salah Sadou
Encadrant(s): Antoine Beugnard & Nicolas Belloir
Cybersecurity, Safety by design, System vulnerability, Human vulnerability

SUJET DE THÈSE
Analysis of Human Vulnerability in Socio-Technical Systems of Systems
General Context of the Study
Driven by digital advancements, an increasing number of systems are interconnected, forming what is known as a System of Systems (SoS). Among the many definitions of SoS, INCOSE proposes the following [1]: "An SoS is a system in which the elements are managerially and operationally independent systems that together produce results that cannot be achieved by the individual systems alone." In this context, an "emergent behavior" refers to a behavior that arises from the collaboration between the constituent systems. These types of behaviors are generally envisioned by the SoS designer to address complex problems that the individual systems alone cannot handle. Dyson et al. [2] define emergent behavior as: "that which cannot be predicted by analyzing a system at a lower level than that of the system as a whole. [...] Emergent behavior, by definition, is what remains when everything else has been explained." While emergent behavior is often the intended goal of constructing an SoS, this is not always the case. According to Jeffrey Mogul [3], although emergence is not inherently bad, its unpredictability is itself considered undesirable. This implies the need to classify emergent behaviors into two categories: desired and undesired. The former is the very reason for constructing an SoS, while the latter also results from its implementation but was not considered an objective, thus representing a potential vulnerability of the SoS.
Furthermore, the widespread integration of digital systems—whether in society at large or in microcosms such as enterprises—means that humans can be considered as integral components of an SoS. Through direct interaction with SoS or via systems such as IoT, individuals may engage with one or more systems within the SoS, potentially contributing to emergent behaviors, whether anticipated or not. Such systems are referred to as Socio-Technical Systems of Systems (SoSTS).
Objectives of the Study and Proposed Work
This doctoral research aims to extend previous work [4] conducted within our team by further incorporating human vulnerability into SoSTS analysis. Even if the individual constituent systems of a SoSTS are considered secure in isolation, their interactions within an SoSTS can give rise to new vulnerabilities—whether system-related, human-related, or interaction-related. In this context, several challenges related to SoSTS constraints must be addressed. The primary challenge will be to develop a unified methodology for vulnerability assessment, particularly incorporating emergence to account for the unexpected. This will require considering the human factor in risk assessment: various cognitive and emotional aspects will need to be studied, including the impact of mental workload, situational awareness, and stress on individual and team decision-making effectiveness and performance. Additionally, we will examine the influence of a single individual within an SoSTS. To achieve these objectives, this research will draw on social and cognitive sciences to integrate human vulnerability insights into systems engineering processes.
Expected Results:
Références bibliographiques :
[1] SE Handbook Working Group Et al. « Systems engineering handbook: A guide for system life cycle processes and activities ». International Council on Systems Engineering (INCOSE): San Diego, CA, USA, pages 1–386, 2011.
[2] George B. Dyson. “Darwin Among the Machines: The Evolution of Global Intelligence”. Perseus Books, Cambridge, MA,USA, 1998.
[3] Jeffrey C. Mogul. “Emergent (mis)behavior vs. complex software systems”. In Proceedings of the 1st ACM SIGOPS/EuroSys European Conference on Computer Systems 2006,
[4] Rymel Benabidallah, Salah Sadou, Mohamed Ahmed Nacer, “Using Systems of Systems’s States for Identifying EmergentMisbihaviors”, 13 th Systems of Systems Engineering Conference, Paris, France, June 19- 22, 2018, IEEE.