InfoSec Seminar: Practicing a Science of Security: A Philosophy of Science Perspective

Speaker: Jonathan Spring, UCL
UCL Contact: Vasilios Mavroudis (Visitors from outside UCL please email in advance).
Date/Time: 14 Sep 17, 16:00 - 17:00
Venue: Roberts G08

Abstract

We refocus the question about cybersecurity research from ‘is this process scientific’ to ‘why is this scientific process producing unsatisfactory results’. We focus on common complaints, many of which presume philosophical views that more recent scholarship has largely modified or rejected. Modern philosophy of science, supported by mathematical modeling methods, provides constructive resources to mitigate all purported challenges to a science of security. Therefore, we argue the community currently practices a science of cybersecurity. A philosophy of science perspective suggests the following form of practice: structured observation to seek intelligible explanations of phenomena, evaluating explanations in many ways, with specialized fields (including engineering and forensics) constraining explanations within their own expertise, inter-translating where necessary. A natural question to pursue in future work is how collecting, evaluating, and analyzing evidence for such explanations is different in security than other sciences.

Jonathan Spring

Jonathan Spring is a PhD student at UCL in PPLV, Infosec, and STS. He has about 5 years experience with the CERT program at Carnegie Mellon University's Software Engineering Institute, where he has studied network and DNS analysis and threat intelligence. He also has experience as a research fellow with ICANN's SSAC and an adjunct professor at the University of Pittsburgh.