eprintid: 10041450 rev_number: 28 eprint_status: archive userid: 608 dir: disk0/10/04/14/50 datestamp: 2018-01-16 12:57:52 lastmod: 2021-11-23 01:17:20 status_changed: 2018-02-02 10:53:09 type: proceedings_section metadata_visibility: show creators_name: Spring, JM creators_name: Moore, T creators_name: Pym, D title: Practicing a Science of Security: A Philosophy of Science Perspective ispublished: pub divisions: UCL divisions: B04 divisions: C05 divisions: F48 keywords: Security research; science of security; cybersecurity; history of science; philosophy of science; ethics of security note: This version is the author accepted manuscript. For information on re-use, please refer to the publisher’s terms and conditions. abstract: Our goal is to refocus the question about cybersecurity research from 'is this process scientific' to 'why is this scientific process producing unsatisfactory results'. We focus on five common complaints that claim cybersecurity is not or cannot be scientific. Many of these complaints presume views associated with the philosophical school known as Logical Empiricism that more recent scholarship has largely modified or rejected. Modern philosophy of science, supported by mathematical modeling methods, provides constructive resources to mitigate all purported challenges to a science of security. Therefore, we argue the community currently practices a science of cybersecurity. A philosophy of science perspective suggests the following form of practice: structured observation to seek intelligible explanations of phenomena, evaluating explanations in many ways, with specialized fields (including engineering and forensics) constraining explanations within their own expertise, inter-translating where necessary. A natural question to pursue in future work is how collecting, evaluating, and analyzing evidence for such explanations is different in security than other sciences. date: 2017-10-01 date_type: published publisher: Association for Computing Machinery (ACM) official_url: http://dx.doi.org/10.1145/3171533.3171540 oa_status: green full_text_type: other language: eng primo: open primo_central: open_green verified: verified_manual elements_id: 1524842 doi: 10.1145/3171533.3171540 isbn_13: 9781450363846 lyricists_name: Pym, David lyricists_name: Spring, Jonathan lyricists_id: DPYMX87 lyricists_id: JSPRI00 actors_name: Spring, Jonathan actors_id: JSPRI00 actors_role: owner full_text_status: public series: New Security Paradigms Workshop volume: 2017 place_of_pub: New York, NY, USA pagerange: 1-18 event_title: 2017 New Security Paradigms Workshop (NSPW 2017) event_location: Santa Cruz, California, USA event_dates: 01 October 2017 - 04 October 2017 institution: New Security Paradigms Workshop book_title: NSPW 2017: Proceedings of the 2017 New Security Paradigms Workshop citation: Spring, JM; Moore, T; Pym, D; (2017) Practicing a Science of Security: A Philosophy of Science Perspective. In: NSPW 2017: Proceedings of the 2017 New Security Paradigms Workshop. (pp. pp. 1-18). Association for Computing Machinery (ACM): New York, NY, USA. Green open access document_url: https://discovery-pp.ucl.ac.uk/id/eprint/10041450/1/spring-moore-pym_2017_practicing-science-of-security.pdf