SERSCIS is generating new system architecture modelling ontologies. The Springboard software tool developed by QinetiQ can use the models based on these ontologies to automatically produce ‘systems of systems views’. An example picture is shown here that has been captured from the tool (click picture for full detail).
Here Springboard is showing interdependencies that have been found between the resource “Natural Gas” and the many services and functionality that ultimately rely on natural gas. The key innovation in Springboard is that it is able to automatically infer and visualise such relationships and interdependencies. In this way Springboard can discover the system of systems that emerges even where it is not readily apparent apart from in details in underlying data and provide.
The ontology used in the picture above includes description logics which specify what action is taken in the case of a direct or indirect failure of a resource. For example, a catastrophic failure of the Electricity Generation service will have a direct effect on the service functions it provides. However, the service functions of the Telecoms service may be resilient to a failure in the Electricity Generation service (and the consequent absence of Electricity) since it is also dependent on Natural Gas. The understanding of such system-level inter-dependencies could show the user to put the necessary precautions and alternative planning mechanisms in place at the service level using SERSCIS components.
In the next picture (click picture for full detail) a different ontology is being processed. The text in the top left reads “DBSy.pprj” because the user has loaded a DBSy-based InfoSec model into Springboard. In fact Springboard is using the same model used to produce security views in the SERSCIS Decision Support Tool as shown in the centre of this figure from decision support.
From this display the user can see the potential problem of cascading failure or propagating attacks from one domain to another. In this case the criticality of the domains are probably equal. But in other cases seemingly less important (and possibly less well protected) parts of a system of systems will be connected to more crucial parts. An attacker may choose to target those less critical, less protected, systems and still manage to adversely affect more crucial systems. Workshops conducted by QinetiQ with threat analysis experts have corroborated the real word significance of propagating attack strategies including in the scenarios used in the application case studies.
The importance of loading a variety of model types is that it demonstrates how Springboard can be used as a common and unifying tool for discovering dependency issues by drawing on lots of types of SERSCIS related models. In the final demonstration our aim is to show that SERSCIS system modelling supports dependability analysis of a very wide range of modelling schemes.
Some of the associations between resources, services and service providers in the pictures above may have already been obvious to the operator. However, using SERSCIS system modelling tools users can gain a greater understanding of the systems they oversee and manage the dependencies within them and those that relate to systems beyond their direct control.
This is important because dependencies – particularly interdependencies – may not be fully appreciated for reasons such as:
- changes in low-level details;
- changes in Service Level Agreements;
- changes in potential impacts;
- overall system complexity and/or dynamism.
Recent Comments