涌现视角下的网络空间安全挑战(14)

根据文献[1]的观点，STAMP(STPA)及其衍生物对系统控制能力的要求比较高，比较适合军事、政府、工业这类层级结构和控制结构都很明确的场景，而面对很多控制力较弱的商用场景就会稍显乏力(比如消费者的行为就是很难以控制的一个重要因素).因此，在使用这类工具的时候，应当更加注意其适用性.另外，期待未来会出现更多针对商用场景的系统化分析工具.

5 结 语

本文以提升对网络空间安全涌现性的认识和促进新思想、新理论的发展为目标，讨论了在网络空间安全领域研究涌现现象的意义，并回顾了涌现理论自身的含义与研究状况；借助若干典型案例，从涌现性的视角对网络空间安全所面临的挑战进行了全面考察；简要地梳理了网络空间安全涌现性研究的发展历程，并按照研究的主题和深度对其进行了系统化的分类和阐释；围绕着“可以采用哪些理论、模型和工具开展进一步的研究工作”这一主题，分析了目前工作的不足并尝试提出了未来的发展方向.

诚然，本文的工作仍然处于网络空间安全研究的初级阶段.但是，我们希望该项工作能够激发对涌现式安全思想的共鸣，能够唤起对网络空间安全涌现性的重视.我们也希望该项工作的成果有助于系统地认识网络空间涌现式安全问题研究的发展状况和未来趋势，为今后的进一步研究和问题的解决建立良好的基础.

[1] Husted N, Myers S. Emergent properties & security: The complexity of security as a science[C] //Proc of the 5th New Security Paradigms Workshop. New York: ACM, 2014: 1-14

[2] McGraw G. Software security[J]. IEEE Security & Privacy, 2004, 2(2): 80-83

[3] Ross R, McEvilley M, Oren J. Systems security engineering: Considerations for a multidisciplinary approach in the engineering of trustworthy secure systems, (NIST SP)-800-160[R]. Gaithersburg, MD: National Institute of Standards and Technology, 2018

[4] Yurcik W, Koenig G A, Meng Xin, et al. Cluster security as a unique problem with emergent properties: Issues and techniques[C] //Proc of the 5th LCI Int Conf on Linux Clusters. Champaign, IL: National Center for Super-computing Applications, 2004: 18-28

[5] Pieters W,Dechesne F. Cyber security as social experiment[C] //Proc of the 5th New Security Paradigms Workshop. New York: ACM, 2014: 15-24

[6] Zhang Zhikai, Cho M C Y, Shieh S. Emerging security threats and countermeasures in IoT[C] //Proc of the 10th ACM Symp on Information, Computer and Communications Security. New York: ACM, 2015: 1-6

[7] Conti M, Li Qianqian, Maragno A, et al. The dark side (-channel) of mobile devices: A survey on network traffic analysis[J]. Piscataway, NJ: IEEE Communications Surveys & Tutorials, 2018, 20(4): 2658-2713

[8] Brauer F. Compartmental models in epidemiology[M] //Mathematical Epidemiology. Berlin: Springer, 2008: 19-79

[9] Leveson N. Engineering a Safer World: Systems Thinking Applied to Safety[M]. Cambridge, MA: MIT Press, 2011

[10] Rokseth B, Utne I B, Vinnem J E. Deriving verification objectives and scenarios for maritime systems using the systems-theoretic process analysis[J]. Reliability Engineering & System Safety, 2018, 169: 18-31

[11] Williams A D. Beyond a series of security nets: Applying STAMP & STPA to port security[J]. Journal of Transportation Security, 2015, 8(3/4): 139-157

[12] Abdulkhaleq A, Lammering D, Wagner S, et al. A systematic approach based on STPA for developing a dependable architecture for fully automated driving vehicles[J]. Procedia Engineering, 2017, 179: 41-51

[13] Shapiro S S. Privacy risk analysis based on system control structures: Adapting system-theoretic process analysis for privacy engineering[C] //Proc of the 2nd IEEE Security and Privacy Workshops (SPW). Piscataway, NJ: IEEE, 2016: 17-24

[14] Adams M D, Hitefield S D, Hoy B, et al. Application of cybernetics and control theory for a new paradigm in cybersecurity[J]. arXiv preprint arXiv:1311. 0257, 2013

[15] Saydjari O S. Cyber defense: Art to science[J]. Communications of the ACM, 2004, 47(3): 52-57

[16] Longstaff T, Balenson D, Matties M. Barriers to science in security[C] //Proc of the 26th Annual Computer Security Applications Conf. New York: ACM, 2010: 127-129

[17] Schneider F B. Blueprint for a science of cybersecurity[R]. New York: Cornell University, 2011

[18] Forrest S. The complex science of cyber-defense[C/OL] //Proc of the Annual Meeting of the American Association for the Advancement of Science. Washington, DC: American Association for the Advancement of Science, 2015[2019-06-10].

[19] Maxion R A, Longstaff T A, McHugh J. Why is there no science in cyber science: A panel discussion at NSPW 2010[C] //Proc of the 1st New Security Paradigms Workshop. New York: ACM, 2010: 1-6

[20] Evans D. Workshop report[C] //Proc of the NSF/IARPA/NSA Workshop on the Science of Security. Charlottesville, VA: University of Virginia, 2008: 1-8

文章来源：《系统科学学报》 网址: http://www.xtkxxb.cn/qikandaodu/2021/0730/597.html