Socio-technical analysis of system-of-systems using responsibility modelling

Abstract

Society is challenging systems engineers by demanding increasingly complex and integrated IT systems (Northrop et al., 2006; RAE, 2004) e.g. integrated enterprise resource planning systems, integrated healthcare systems and business critical services provisioned using cloud based resources. These types of IT system are often systems-of-systems (SoS). That is to say they are composed of multiple systems that are operated and managed by independent parties and are distributed across multiple organisational boundaries, geographies or legal jurisdictions (Maier, 1998). SoS are notorious for becoming problematic due to interconnected technical and social issues. Practitioners claim that they are ill equipped to deal with the sociotechnical challenges posed by system-of-systems. One of these challenges is to identify the socio-technical threats associated with building, operating and managing systems whose parts are distributed across organisational boundaries. Another is how to troubleshoot these systems when they exhibit undesirable behaviour. This thesis aims to provide a modelling abstraction and an extensible technique that enables practitioners to identify socio-technical threats prior to implementation and troubleshoot SoS post-implementation. This thesis evaluates existing modelling abstractions for their suitability to represent SoS and suggests that an agent-responsibility based modelling abstraction may provide a practical and scalable way of representing SoS for socio-technical threat identification and troubleshooting. The practicality and scalability of the abstraction is explored through the use of case studies that motivate the extension of existing responsibility-based techniques so that new classes of system (coalitions-of-systems) and new classes of threat (agent-related threats) may be analysed. This thesis concludes that the notion of ‘responsibility’ is a promising abstraction for representing and analysing systems that are composed of parts that are independently managed and maintained by agents spanning multiple organisational boundaries e.g. systems-of-systems, enterprise-scale systems.