1.3. Cualidades de un receptor:
1.3.3. Linealidad
between engineering and science. In the two extreme viewpoints, Simon (1996) tries to subsume engineering under science as a science of design, and Koen (2003) tries to subsume science under engineering as a special case of heuristic problem solving. There are also more nuanced views. Engineering as usually practised generates understanding and depends, in part, on sci- ence (Vincenti,1990). At the same time science as usually practised generates artefacts and depends, in part, on engineering (Dear, 2006). Therefore, it seems unjustified to place science over engineering or vice versa. If people are going to engineer secure systems, in the sense of Anderson (2008), we will need a science of cybersecurity to extract and generalize the knowledge with which to build. Both building artefacts and extracting knowledge have their
3.5 a science of security very much exists 133 own challenges, making it sensible to distinguish the tasks. Security should
continue the traditional, close interplay between science and engineering. Dear (2006) exposes a duality within science: between natural philosophy and instrumentality as twin, mutually indispensable, explanatory strategies for making nature intelligible. This duality blurs a divide between science and engineering. A more detailed exposition of the relationship between science, engineering, and forensics is left as future work. But as an example, I am sym- pathetic to Leonelli’s conception of scientific understanding, which embraces this blurred duality between science and engineering:
“Understanding can only be qualified as ‘scientific’ when obtained through the skilful and consistent use of tools, instruments, meth- ods, theories and/or models: these are the means through which researchers can effectively understand a phenomenon as well as communicate their understanding to others” (Leonelli,2009).
Clearly science, forensics, and engineering interact tightly. When systems break, practitioners conduct forensics to learn why and how. They then em- ploy science to update knowledge, improve models, or document edge-cases based on this why and how. Adequate updates may include further, purpose- designed structured observations. Practitioners then employ engineering to adapt this new knowledge to build a better system, less likely to break. Thus, a feedback loop from engineering to forensics and science back to engineering which contains no sharp distinction between a science of cybersecurity and security engineering. This thesis will focus on the scientific enterprise,where science is understood as generalized-knowledge, evidence-based, explanation- generation activities.
3.5 a science of security very much exists
My argument has been that security is, as practised, a science with its own unique challenges. This statement contrasts with the surveyed views, which posit that whatever makes security hard also makes it a qualitatively differ- ent sort of enterprise than science. These detractors often accidentally over- emphasize some scientific field in conceiving science generally. Of course secur- ity is not particle physics, nor molecular biology. This conception of science is too narrow. This overly-narrow view can, in many cases, be traced back to outdated views related to logical empiricism.
The common complaints against a science of security are: experiments are impossible, reproducibility is impossible, there are no laws of nature, there is no common ontology of terms, and it is ‘just’ engineering. I forwarded alternative perspectives on all these complaints that already accommodate security: structured observations of the empirical world, multiple methods for evaluating evidence, mechanistic explanation of phenomena, specialization ne- cessitates scientific translation, and the interplay between science, engineering, and forensics.
Cybersecurity suffers from the same sorts of challenges as other sciences. It is not qualitatively different. However, different fields of science are defined, largely, by the characteristic challenges of their subject matter and how those challenges are approached. Cybersecurity must learn from challenges common with other sciences while at the same time pushing forward with novel solu- tions to those challenges and approaches unique to cybersecurity. Where this chapter suggested existing solutions to challenges shared with other sciences, Chapter 4will attempt to overcome some challenges specific to security.
Also like other sciences, a science of security faces important social ques- tions. Three possible directions are the gap between research and practice; the customers or recipients of knowledge produced by a science of security; and how the secretive nature its practice alters the science being done. Dykstra (2015) and Metcalf and Casey (2016) attempt to narrow the knowledge gap between practitioners and scientists; but the nature and social function of the gap should also be studied. Some customers are policy makers; future work would likely build on Jasanoff (1990). Perhaps some knowledge customers are practitioners, but as Vincenti (1990) argues, academia also receives knowledge from practitioners. Systemic secrecy has caused different scientific practice in the case of biological weapons development (Balmer,2013); something related may happen in cybersecurity. An example question is how students with a classified PhD thesis might differ from those with a publicly published thesis.
It is less important to quibble over whether cybersecurity is a science than it is to lay out a satisfactory decision-making process for studying cybersecurity. It is certainly the case that cybersecurity has moved to the forefront of societal concerns. I seek to move past the debate over science or non-science. A better concern is to identify robust decision-making and evidence-gathering tools that enable satisfactory results within a topic of crucial social importance.
I view challenges in security as challenges to building generalized, shareable knowledge. In many cases, the science of cybersecurity community has hinted
3.6 research plan 135 at this conception of the challenge. Generalization is woven through the dis- cussions of the difficulty of confirming observations, designing experiments, and developing a common language. Generalization is implicit in the discus- sion of laws because, traditionally, laws are a formal vehicle for expressing generalizations. These descriptions may accurately identify that generaliza- tion is hard in a science of cybersecurity, but the diagnosis of the cause of this challenge misses the mark, as Section 3.4 demonstrated. This concep- tion of generalization as the core problem of a science of cybersecurity works with my tentative framework of engineering-science-forensics. Engineering and forensics are about applying knowledge or discovering particulars, whereas sci- ence is the aspect of security concerned with abstracting knowledge. Justified generalization is also the key to accurate prediction.
A community can tackle the problem of building general, shareable know- ledge better if the problem is seen clearly for what it is: a problem shared by all sciences, with particular strategies more or less transferable between fields depending on the details of what a field studies. Part of the solution is to integrate other fields into security, as advocated by security practitioners such as Shostack and Stewart (2008). But simply bringing in new perspectives is not enough. Morgan (2014) argues that generalization, which she handles under the umbrella of resituating knowledge, is hard because knowledge is al- ways produced locally. Knowledge transfers must be painstakingly warranted. 3.6 research plan
Chapter2identified “how to satisfactorily make clear and explicit the reason- ing process used by individualCSIRanalysts” as the research question. Given
the state of the art in the science of/for security literature, I propose the following research plan. In order to improve CSIR analysis I need to know
what knowledge ought to look like and what reasoning ought to look like. At present, there is not a satisfying answer that is applicable toCSIR. The main
task of the thesis will be to build credible accounts of knowledge and reasoning applicable toCSIR(which may apply in security more generally). Throughout,
I will accompany this construction task with examples and demonstrations of cases where the construction is an aid to good knowledge creation or reasoning.
These research tasks will be localised in the following chapters. Chapter4
will build an account the structure of general knowledge in security and some examples of building it successfully. Chapter7will build a logico-mathematical
model for reasoning in incident analysis. Chapter5will work through several examples of incident analysis to both demonstrate the use of my account of the structure of knowledge as well as gather case studies of reasoning in CSIRto
inform the logic definition. To further inform my logic specification, Chapter6
will investigate how heuristic and hypothetical reasoning has been formalised in program verification and what features of a logic make it more likely to succeed at scale.