SEsCPS 2017

“Having Divided to Conquer We Must Reunite [to] Rule”. Decomposition of problems and systems into smaller, more manageable units has been at the heart of software engineering practice for decades. “Separation of concerns” gives software engineers the conceptual and practical tools to focus their attention, and their tools, on the parts of the problem or solution to which they are best suited. Perhaps one of the earliest boundaries used to separate concerns is that which exists between hardware and software – once that boundary is drawn, software engineers were able to focus their attention on the development of software within the hardware boundaries chosen. There has however, been a steady erosion of such boundaries: digital and physical connectivity have become the norm, and increasingly such connectivity can be ad hoc, spontaneous, and often unplanned (perhaps best exemplified by the Internet of Things paradigm). Moreover, the fluid and disappearing boundaries between technology and people have radically affected social behaviours (again, perhaps well exemplified by the proliferation of mobile and ubiquitous computing such as wearable and ‘smart’ technologies used in variety of personal and community settings). Such convergence between digital, physical, and social spaces has provided exciting opportunities for software engineers to, literally, ‘cross boundaries’, and, as a result, to have an impact on the physical and social worlds in which the software they build will operate. But in this brave new world with porous boundaries, security engineering and privacy management challenges abound. Effective security depends on the ability to control access to assets protected by boundaries. Effective privacy management depends on informed, consensual sharing of information across boundaries. Our thesis is that, although increasingly invisible, and rightly so, explicit awareness and sometimes representation of boundaries in cyber-physical-social systems facilitate good old fashioned separation of concerns, which in turn enables more effective software engineering of secure, privacy-aware software. We support our thesis with examples from our research in adaptive security and privacy.