SoK: Science, Security and the Elusive Goal of Security as a Scientific Pursuit

Cormac Herley, P. V. Oorschot
{"title":"SoK: Science, Security and the Elusive Goal of Security as a Scientific Pursuit","authors":"Cormac Herley, P. V. Oorschot","doi":"10.1109/SP.2017.38","DOIUrl":null,"url":null,"abstract":"The past ten years has seen increasing calls to makesecurity research more \"scientific\".On the surface, most agree that this is desirable, given universal recognition of \"science\" as a positive force. However, we find that there is little clarity on what \"scientific\" means inthe context of computer security research, or consensus onwhat a \"Science of Security\" should look like. We selectively review work in the history and philosophy of scienceand more recent work under the label \"Science of Security\".We explore what has been done under the theme of relating science and security, put this in context with historical science, and offer observations and insights we hope maymotivate further exploration and guidance. Among our findings are thatpractices on which the rest of science has reached consensus appear little usedor recognized in security, and a pattern of methodological errors continues unaddressed.","PeriodicalId":6502,"journal":{"name":"2017 IEEE Symposium on Security and Privacy (SP)","volume":"41 1","pages":"99-120"},"PeriodicalIF":0.0000,"publicationDate":"2017-05-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"77","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2017 IEEE Symposium on Security and Privacy (SP)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SP.2017.38","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 77

Abstract

The past ten years has seen increasing calls to makesecurity research more "scientific".On the surface, most agree that this is desirable, given universal recognition of "science" as a positive force. However, we find that there is little clarity on what "scientific" means inthe context of computer security research, or consensus onwhat a "Science of Security" should look like. We selectively review work in the history and philosophy of scienceand more recent work under the label "Science of Security".We explore what has been done under the theme of relating science and security, put this in context with historical science, and offer observations and insights we hope maymotivate further exploration and guidance. Among our findings are thatpractices on which the rest of science has reached consensus appear little usedor recognized in security, and a pattern of methodological errors continues unaddressed.
科学、安全以及作为科学追求的安全的难以实现的目标
过去十年,越来越多的人呼吁让安全研究更加“科学”。从表面上看,大多数人认为这是可取的,因为人们普遍承认“科学”是一种积极的力量。然而,我们发现,在计算机安全研究的背景下,“科学”的含义很少明确,或者对“安全科学”应该是什么样子的共识也很少。我们在“安全科学”的标签下,选择性地回顾了科学史和哲学方面的工作,以及最近的工作。我们围绕科学与安全的关系这一主题,结合历史科学,对已取得的成就进行了探讨,并提出了自己的观察和见解,希望能够推动进一步探索和指导。我们的发现包括,其他科学领域已经达成共识的做法在安全领域似乎很少被使用或认可,而且一种方法错误的模式仍然没有得到解决。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信