Unfalsifiability of security claims

Herley, Cormac

doi:10.1073/pnas.1517797113

Cited by 20 publications

(12 citation statements)

References 14 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Research in the eld of usable security has argued that the deviation of user behaviour is o en justi ed because many of these instructions are arbitrary (e.g., mixing of character types in passwords), unrealistic (e.g., requiring di erent passwords for each account [2]), ine ective (e.g., users having to change passwords every 90 days leads to weaker passwords [3]), or cumbersome (e.g., requiring users to con rm before every critical action). Security mechanisms can therefore cause friction in the way users want to interact with systems, and their usability is therefore critical for their acceptance by users (and ultimately their e ectiveness).…”

Section: Rstnamelastname@openacukmentioning

confidence: 99%

OASIS: Weakening User Obligations for Security-critical Systems

Tun

Bennaceur

Nuseibeh

2020

2020 IEEE 28th International Requirements Engineering Conference (RE)

View full text Add to dashboard Cite

Section: Rstnamelastname@openacukmentioning

confidence: 99%

OASIS: Weakening User Obligations for Security-critical Systems

Tun

Bennaceur

Nuseibeh

2020

2020 IEEE 28th International Requirements Engineering Conference (RE)

View full text Add to dashboard Cite

“…We may be able to speculate about their likelihood, but that's about it. Like many other claims in the security domain, claims on possible singularities are inherently counterfactual [18,19], making it hard to refute such claims on scientific grounds.…”

Section: Why We Should or Should Not Carementioning

confidence: 99%

On Security Singularities

Pieters

2018

Proceedings of the New Security Paradigms Workshop

View full text Add to dashboard Cite

In future studies involving artificial intelligence, the so-called technological singularity is a key theme. It refers to a hypothetical point in the future where technological progress becomes automated through the creation of a new form of intelligence. Under the assumption of adversarial behaviour, this could pose an existential threat to humanity. More modestly, singularities and tipping points refer to thresholds beyond which the behaviour of a system changes in a qualitative way. The nonlinearity of the behaviour causes existing control mechanisms to become obsolete, guiding the system towards a new balance, if this exists. In this paper, we ask the question to what extent the notions of singularity and tipping point can contribute to an analysis of security in 2038. Can we expect to have seen such phenomena in twenty years time, and will they have changed our perception of what security entails? Or are they useless forms of speculation diverting our attention away from the day-to-day best practices that are needed to keep our basic security up-to-date? We discuss examples of singularity-style developments, characterise them in terms of acceleration mechanisms and discontinuities, and discuss whether and how these characteristics should be used to prepare ourselves. We conclude that a broad discussion on potential security singularities and associated general adaptation strategies is more useful than focusing on one big singularity.

show abstract

“…Without taking this argument too far (right at the line is Herley's epistemological unfalsifiability of security claims [25]), our main point is that there are foundational scientific challenges that need to be resolved first before any results can be translated to the operational arena.…”

Section: Security Science and Mtdmentioning

confidence: 99%

The man-machine integration era

Bilar

2016

Preprint

View full text Add to dashboard Cite

Through sensor ubiquity, the man-machine integration era is upon us. This integration is taking place in distributed, continuously changing, optimizing/learning, finite precision feedback systems. Security challenges of such systems abound, also due to constantly co-evolving threat actors and changing environments. Are we adequately preparing to defend such systems, and more importantly: how do we ensure they are worth defending? This position paper posits we are ill-prepared, due to perverse incentives affecting methodology, results and foundational corpuses. With respect to the first question, we will corroborate this ill-preparedness in the context of a basic requirement – situational awareness – for so-called Moving Target Defenses. We’ll argue that the second question hinges on a deceptively straightforward permanence invariant: The ability to robustly encode the infinite value of a human being in finite precision systems. Here too, we are failing to develop needed toolsets and skills. Successfully tackling both questions may determine the future winning model of the man-machine integration era; whether we’ll lose the Republic of the People to the People’s Republic.

show abstract

Unfalsifiability of security claims

Cited by 20 publications

References 14 publications

OASIS: Weakening User Obligations for Security-critical Systems

OASIS: Weakening User Obligations for Security-critical Systems

On Security Singularities

The man-machine integration era

Contact Info

Product

Resources

About