Towards a Science of Trust

TL;DR

This paper draws an analogy between security and science, emphasizing that both rely on inductive inference, and proposes applying scientific methods like hypothesis testing and statistical inference to trust building and security evaluation.

Contribution

It introduces a framework viewing security as a scientific process, advocating for the use of algorithmic learning and statistical inference in trust assessment.

Findings

Trust hypotheses can be formulated using algorithmic learning.

Security claims are inherently provisional and require continuous testing.

Applying scientific inference enhances robustness of trust evaluation.

Abstract

The diverse views of science of security have opened up several alleys towards applying the methods of science to security. We pursue a different kind of connection between science and security. This paper explores the idea that security is not just a suitable subject for science, but that the process of security is also similar to the process of science. This similarity arises from the fact that both science and security depend on the methods of inductive inference. Because of this dependency, a scientific theory can never be definitely proved, but can only be disproved by new evidence, and improved into a better theory. Because of the same dependency, every security claim and method has a lifetime, and always eventually needs to be improved. In this general framework of security-as-science, we explore the ways to apply the methods of scientific induction in the process of trust. The process of trust building and updating is viewed as hypothesis testing. We propose to formulate the trust hypotheses by the methods of algorithmic learning, and to build more robust trust testing and vetting methodologies on the solid foundations of statistical inference.