{"title":"SoK: Science, Security and the Elusive Goal of Security as a Scientific Pursuit","authors":"Cormac Herley, P. V. Oorschot","doi":"10.1109/SP.2017.38","DOIUrl":null,"url":null,"abstract":"The past ten years has seen increasing calls to makesecurity research more \"scientific\".On the surface, most agree that this is desirable, given universal recognition of \"science\" as a positive force. However, we find that there is little clarity on what \"scientific\" means inthe context of computer security research, or consensus onwhat a \"Science of Security\" should look like. We selectively review work in the history and philosophy of scienceand more recent work under the label \"Science of Security\".We explore what has been done under the theme of relating science and security, put this in context with historical science, and offer observations and insights we hope maymotivate further exploration and guidance. Among our findings are thatpractices on which the rest of science has reached consensus appear little usedor recognized in security, and a pattern of methodological errors continues unaddressed.","PeriodicalId":6502,"journal":{"name":"2017 IEEE Symposium on Security and Privacy (SP)","volume":"41 1","pages":"99-120"},"PeriodicalIF":0.0000,"publicationDate":"2017-05-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"77","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2017 IEEE Symposium on Security and Privacy (SP)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SP.2017.38","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 77
Abstract
The past ten years has seen increasing calls to makesecurity research more "scientific".On the surface, most agree that this is desirable, given universal recognition of "science" as a positive force. However, we find that there is little clarity on what "scientific" means inthe context of computer security research, or consensus onwhat a "Science of Security" should look like. We selectively review work in the history and philosophy of scienceand more recent work under the label "Science of Security".We explore what has been done under the theme of relating science and security, put this in context with historical science, and offer observations and insights we hope maymotivate further exploration and guidance. Among our findings are thatpractices on which the rest of science has reached consensus appear little usedor recognized in security, and a pattern of methodological errors continues unaddressed.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
