Validating Computer Security Methods: Meta-methodology for an Adversarial Science

TL;DR

This paper develops a meta-methodology and taxonomy to validate computer security methods, addressing the unique challenges posed by adversarial interactions and interdisciplinary foundations in the field.

Contribution

It introduces a taxonomy of properties and methods, along with a decision tree for adversarial interactions, to systematically validate security techniques.

Findings

A comprehensive taxonomy of validation properties

A decision tree for characterizing adversarial interactions

Framework for addressing invalidation in security methods

Abstract

How can we justify the validity of our computer security methods? This meta-methodological question is related to recent explorations on the science of computer security, which have been hindered by computer security's unique properties. We confront this by developing a taxonomy of properties and methods. Interdisciplinary foundations provide a solid grounding for a set of essential concepts, including a decision tree for characterizing adversarial interaction. Several types of invalidation and general ways of addressing them are described for technical methods. An interdisciplinary argument from theory explains the role that meta-methodological validation plays in the adversarial science of computer security.