[ Changed 5th September 1997 ]
Emergent behaviours are those that result from interaction between the behaviour of the components of a composite system. We show that they play a role in the composite system's security properties: they may give rise to vulnerabilities directly, or result in the non-composability of security properties.
Using an emergent properties analysis, we can identify which aspects of component behaviour lead to undesirable emergent behaviour. This may enable us to strengthen individual systems so that desired properties compose. We can also use this approach to identify, a priori, when non-composable properties will be violated within a composite system.
We have shown how to apply this approach to several toy examples and are currently using it to analyse a Network Reference Monitor.
NOTE: the time is nonstandard for a security seminar.