Paul Perrotin

Directeur(s): Salah Sadou
Encadrant(s): Antoine Beugnard & Nicolas Belloir

Cybersecurity, Safety by design, System vulnerability, Human vulnerability

SUJET DE THÈSE

Analysis of Human Vulnerability in Socio-Technical Systems of Systems

General Context of the Study

Driven by digital advancements, an increasing number of systems are interconnected, forming what is known as a System of Systems (SoS). Among the many definitions of SoS, INCOSE proposes the following [1]: "An SoS is a system in which the elements are managerially and operationally independent systems that together produce results that cannot be achieved by the individual systems alone." In this context, an "emergent behavior" refers to a behavior that arises from the collaboration between the constituent systems. These types of behaviors are generally envisioned by the SoS designer to address complex problems that the individual systems alone cannot handle. Dyson et al. [2] define emergent behavior as: "that which cannot be predicted by analyzing a system at a lower level than that of the system as a whole. [...] Emergent behavior, by definition, is what remains when everything else has been explained." While emergent behavior is often the intended goal of constructing an SoS, this is not always the case. According to Jeffrey Mogul [3], although emergence is not inherently bad, its unpredictability is itself considered undesirable. This implies the need to classify emergent behaviors into two categories: desired and undesired. The former is the very reason for constructing an SoS, while the latter also results from its implementation but was not considered an objective, thus representing a potential vulnerability of the SoS.

Furthermore, the widespread integration of digital systems—whether in society at large or in microcosms such as enterprises—means that humans can be considered as integral components of an SoS. Through direct interaction with SoS or via systems such as IoT, individuals may engage with one or more systems within the SoS, potentially contributing to emergent behaviors, whether anticipated or not. Such systems are referred to as Socio-Technical Systems of Systems (SoSTS).

Objectives of the Study and Proposed Work

This doctoral research aims to extend previous work [4] conducted within our team by further incorporating human vulnerability into SoSTS analysis. Even if the individual constituent systems of a SoSTS are considered secure in isolation, their interactions within an SoSTS can give rise to new vulnerabilities—whether system-related, human-related, or interaction-related. In this context, several challenges related to SoSTS constraints must be addressed. The primary challenge will be to develop a unified methodology for vulnerability assessment, particularly incorporating emergence to account for the unexpected. This will require considering the human factor in risk assessment: various cognitive and emotional aspects will need to be studied, including the impact of mental workload, situational awareness, and stress on individual and team decision-making effectiveness and performance. Additionally, we will examine the influence of a single individual within an SoSTS. To achieve these objectives, this research will draw on social and cognitive sciences to integrate human vulnerability insights into systems engineering processes.

Expected Results:

Definition of human factors impacting the security of a SoSTS,

Creation of a modeling language for socio-technical systems (STS),

Approach for identifying vulnerabilities,

Preliminary experimentation.

Références bibliographiques :

[1] SE Handbook Working Group Et al. « Systems engineering handbook: A guide for system life cycle processes and activities ». International Council on Systems Engineering (INCOSE): San Diego, CA, USA, pages 1–386, 2011.

[2] George B. Dyson. “Darwin Among the Machines: The Evolution of Global Intelligence”. Perseus Books, Cambridge, MA,USA, 1998.

[3] Jeffrey C. Mogul. “Emergent (mis)behavior vs. complex software systems”. In Proceedings of the 1st ACM SIGOPS/EuroSys European Conference on Computer Systems 2006,

[4] Rymel Benabidallah, Salah Sadou, Mohamed Ahmed Nacer, “Using Systems of Systems’s States for Identifying EmergentMisbihaviors”, 13 th Systems of Systems Engineering Conference, Paris, France, June 19- 22, 2018, IEEE.

Publications

Paul Perrotin. Analyse de la vulnérabilité humaine dans les systèmes de systèmes socio-techniques. Modélisation et simulation. Ecole nationale supérieure Mines-Télécom Atlantique, 2022. Français. ⟨NNT : 2022IMTA0335⟩. ⟨tel-03969366⟩ Consultable sur HAL

Perrotin, Paul & Belloir, Nicolas & Sadou, Salah & Hairion, David & Beugnard, Antoine. (2022). Using the architecture of Socio-Technical System to analyse its vulnerability. 361-366. 10.1109/SOSE55472.2022.9812648.

Paul Perrotin, Nicolas Belloir, Salah Sadou, David Hairion, Antoine Beugnard. HoS-ML: Socio-Technical System ADL Dedicated to Human Vulnerability Identification. 26th International Conference on Engineering of Complex Computer Systems ( ICECCS 2022), Mar 2022, Hiroshima, Japan. ⟨hal-03637271⟩

Paul Perrotin, Salah Sadou, David Hairion, and Antoine Beugnard. 2020. Detecting human vulnerably in socio-technical systems: a naval case study. In Proceedings of the 23rd ACM/IEEE International Conference on Model Driven Engineering Languages and Systems: Companion Proceedings (MODELS '20). Association for Computing Machinery, New York, NY, USA, Article 56, 1–8. https://doi.org/10.1145/3417990.3420045

Retour