Distributed systems present a complex problem for assessing and modelling security attributes. Conceptually, non-monotone security is the notion that the integrity of an information system is dependent on the interplay of the infrastructure and real-world or `delivery service' components of the system which have non-trivial dependencies and processing capabilities. I consider an information system with infrastructure jointly delivered by mutually distrustful parties through some form of multiparty computation. Each of the infrastructure providers participates in economic activities in the delivery layer alongside a wider, potentially unlimited number of outside agents. When modelling such a system to ascertain future security scenarios, by simulation or other structural approximations, it is expected that such models will have finite windows of effectiveness. I introduce the concept of the model confidence set to distributed systems. Here, models are grouped by their relative efficacy in capturing multiple attributes of the system. I then provide a series of simple worked examples to demonstrate the usefulness of such models in real world cases.

This paper seeks to combine two disparate but related concepts from cyber-security and economic forecasting, notably non-monotonic security and model confidence sets to provide a framework for assessing different types of risk in a distributed system. Distributed systems are ubiquitous across a wide range of applications, notable examples are of course computer networks such as the internet, crypto-currencies, distributed asset exchanges and various database management systems. In many cases security is effectively restricted to the delivery infrastructure. However, in a non-monotone security structure valid actions in the delivery layer could invalidate an otherwise valid action in the infrastructure layer and, of course, vice versa. Whilst it might be achievable to design a single model that encompasses the entire set of interactions, it is unlikely.

Take for instance distributed markets. The types of models that describe the various financial outcomes and requirements (account margins, marking-to-market etc) are very different from those that might typically be employed modelling the multi-party computation underpinning the market structure. The objective of this paper is to outline the concept of a model confidence set, whereby multiple models of each component of the system have varying degrees of effectiveness in describing key components of that system. The role of the model confidence set is to appropriately allocate and rank models and allow a risk manager to interrogate exposures in a structured way.

Graph rewriting systems are natural verification and validation tools: they provide visual, intuitive representations of complex systems while specifying the dynamic behaviour of the system in a formal way. In this talk, we will describe the use of strategic port graph rewriting as a visual modelling tool and its implementation in PORGY. In the first part of the talk we will present attributed higher-order port graphs (HOPs) and a notion of strategic HOP-rewriting as a mechanism to model the dynamic behaviour of systems. The system modelled is represented by an initial graph and a collection of graph rewrite rules, together with a user-defined strategy to control the application of rules. In the second part of the talk, we will describe PORGY and give examples of application, including a simple model of rational negligence in financial markets.

There is a longstanding philosophical problem of how, if at all, we come to have knowledge that is in any way general, when we seem to be confined to particular experiences. Different disciplines have addressed this problem differently. One framing of this question is how we know when a mathematical model adequately describes a process in the world that we're interested in. But the problem applies to basically any scientific model. I'll discuss one way of resolving this issue in the life sciences, how we have applied that to information security, and whether it might be a useful, complementary tool for financial markets.

I report on some ongoing work with David Pym and Didier Galmiche on the modelling of distributed systems. The aim is to obtain a framework which focuses on high-level structural properties of such a system - think compositionality, interfaces and so on - while hiding as many technical properties (termination, deadlock-freeness, mutual exclusion…) as possible at a lower level. Of course, all of this should be carried out without sacrificing formal correctness or amenability to automated verification methods. Our current framework borrows ideas from Input/Output Automata Theory (due to Lynch and Ruttle) and Domain Theory (due to Scott).

Recently, there has been an increasing attention of the literature on the concept of ecosystem: the emergence of open access digital commons has enabled novel ways of collective participation, inclusiveness, public information sharing and distributed innovation; peer-to-peer (p2p) computer networks has enabled seamless interactions and exchanges between dispersed actors directly sharing private data and information among them; recent developments of blockchain technologies has ensured the autonomous and decentralised coordination of anonymous actors sharing common rules and understanding of the world. Yet, no clear and univocal understanding of ecosystems exists in the literature. This is even more problematic as current discussions over the emergence of decentralised systems is usually interwoven with the literature on ecosystems, where the latter is usually used to characterise the former and vice versa.

While the literature usually adopts different organizing typologies and conceptual taxonomies of the concept of ecosystem organized around the three layers of parts, boundaries or interfaces, and whole, we argue that the common concept linking all interpretative approaches to the concept of ecosystem is the one of interdependences, as ecosystems are usually treated as one way to make sense of the interdependence/independence interplay. We then discuss the various interpretations of the concept of interdependence as applied to ecosystems and make two main points. One, we provide a characterization of the concept of interdependence using a seven-fold taxonomy and provide implications for the concept of ecosystem, as well as for the meaning of the concept of decentralization. Two, we highlight the difference between first-order and second-order interdependences and argue that the meaning of interdependence varies based on whether it applies to the single parts or to the interplay between different analytical layers, between parts and whole. Implications for the concept of decentralization are also derived.

The increased cyber threats and attacks that affect the welfare of a wide variety of internet users has resulted in the establishment of a thriving cyber-security market where threatened agents seek advice and protection from cyber security experts. These are firms/individuals promoting themselves as agents able to offer protection from such threats by designing the appropriate defences against such attacks, and to restore the client's system after it has been subject to a successful cyber-attack.

In these markets there is a distinct possibility that the very nature of the competitive process will lead to of exploitative "rent-seeking" by unscrupulous suppliers resulting in a reduction of the average quality of services a phenomenon known as a "market for lemons". We find that it is pertinent to ask whether policy interventions may result in improved welfare for consumers and firms offering high quality security services.

Systems can be modelled using a distributed systems paradigm, which uses the concepts of location, resource, and process to represent the structure and behaviour of a system. This approach is compositional: models can be composed together, allowing models of smaller (sub-) systems to be combined to create a model that captures a larger part of the overall system. Additionally, models sit inside an environment, which represents the world outside of the system of interest; actions in the environment which affect the system are modelled stochastically. Interfaces define how models compose together and how the model interacts with the environment, specifying that, for example, that a specific action in one model can initiate an action in another across the interface.

Hawkes processes are self-exciting point process that can be used to model the arrival of events in time. Multivariate Hawkes processes capture the interdependence between multiple processes, where events on a process can excite other processes. In this work we observe that in models, actions-across-interface can be seen as events in time and different types of action can be seen as different processes. We explore how Hawkes process can be used to represent an interactive environment, which responds to outputs from a model, as well as how complex systems can be modelled in a lightweight way. Hawkes processes have previously been used to model different aspects of financial systems, and this approach could be used to compose such models with distributed systems models.