A new schema for security in dynamic uncertain environments

It is our hypothesis that for a complex system of systems operating in a dynamic, uncertain environment the traditional approach of forward, static security is insufficient. What is required are macroscopic schemata for security that incorporate mechanisms which monitor the overall environment and feed their observations back into the security mechanisms so that they can adjust their 'posture' accordingly. Such schemata must also account for system-wide aggregated security risks in addition to risk presented by the individual users and information objects. We propose one such schema in this work. To illustrate the utility of macroscopic schemata, we use the examples of two recent studies of access control systems and map their results to the proposed schema and distill macroscopic insights that are otherwise lost in details. We hope that such security schemata will lead to a systematic analysis of security of complex systems akin to what is already available for complex social, biological, and mechanical systems. We hope that macroscopic models based on such schemata will be able to provide, through analysis, large-scale simulations, or by other means, a quantified assessment of the resilience of the security of a system of systems, and in the long run, provide systematic controls that can be used to adjust the security posture of a complex system.