Co-designing heterogeneous models: a distributed systems approach
Marius-Constantin Ilau, Tristan Caulfield, David Pym
TL;DR
To handle the rising complexity of security-relevant systems, the authors propose an integrative co-design methodology that fuses an inferentialist conception of models with a distributed-systems metaphor and a translation-zone bridging domain knowledge and constructed representations. They argue that multimethod epistemology and participatory knowledge translation are essential for aligning goals and interpretations across heterogeneous actors. The method is illustrated with three security-oriented case studies (physical data loss, organizational ransomware recovery, and trauma-unit surge capacity), showing how the translation zone facilitates domain-concept translation, verification, and iterative scope adjustment. The work advances a practical framework for producing open-world, interoperable representations with potential for bias analysis and broader application in resilience planning.
Abstract
The nature of information security has been, and probably will continue to be, marked by the asymmetric competition of attackers and defenders over the control of an uncertain environment. The reduction of this degree of uncertainty via an increase in understanding of that environment is a primary objective for both sides. Models are useful tools in this context because they provide a way to understand and experiment with their targets without the usual operational constraints. However, given the technological and social advancements of today, the object of modelling has increased in complexity. Such objects are no longer singular entities, but heterogeneous socio-technical systems interlinked to form large-scale ecosystems. Furthermore, the underlying components of a system might be based on very different epistemic assumptions and methodologies for construction and use. Naturally, consistent, rigorous reasoning about such systems is hard, but necessary for achieving both security and resilience. The goal of this paper is to present a modelling approach tailored for heterogeneous systems based on three elements: an inferentialist interpretation of what a model is, a distributed systems metaphor to structure that interpretation and a co-design cycle to describe the practical design and construction of the model. The underlying idea is that an open world interpretation, supported by a formal, yet generic abstraction facilitating knowledge translation and providing properties for structured reasoning and, used in practice according to the co-design cycle could lead to models that are more likely to achieve their pre-stated goals. We explore the suitability of this method in the context of three different security-oriented models: a physical data loss model, an organisational recovery under ransomware model and an surge capacity trauma unit model.