InfoSec Seminar: Practicing a Science of Security: A Philosophy of Science Perspective

Speaker: Jonathan Spring

Date/Time: 14-Sep-2017, 16:00 UTC

Venue: Roberts G08 - Sir David Davies LT



We refocus the question about cybersecurity research from ‘is this process scientific’ to ‘why is this scientific process producing unsatisfactory results’. We focus on common complaints, many of which presume philosophical views that more recent scholarship has largely modified or rejected. Modern philosophy of science, supported by mathematical modeling methods, provides constructive resources to mitigate all purported challenges to a science of security. Therefore, we argue the community currently practices a science of cybersecurity. A philosophy of science perspective suggests the following form of practice: structured observation to seek intelligible explanations of phenomena, evaluating explanations in many ways, with specialized fields (including engineering and forensics) constraining explanations within their own expertise, inter-translating where necessary. A natural question to pursue in future work is how collecting, evaluating, and analyzing evidence for such explanations is different in security than other sciences.


The goal for this seminar will be to simulate and practice for my presentation at NSPW. The format will match NSPW -- a 10-15 minute presentation followed by constructive discussion. We'll also circulate a draft of the paper, which hopefully you can take a look at beforehand.


Jonathan Spring is a PhD student at UCL in PPLV, Infosec, and STS. He has about 5 years experience with the CERT program at Carnegie Mellon University's Software Engineering Institute, where he has studied network and DNS analysis and threat intelligence. He also has experience as a research fellow with ICANN's SSAC and an adjunct professor at the University of Pittsburgh.

Add to Calendar

This page was last modified on 27 Mar 2014.