Explainable Security

TL;DR

This paper introduces Explainable Security (XSec), a new paradigm inspired by DARPA's XAI, emphasizing transparency and understanding in security systems involving multiple stakeholders and complex reasoning.

Contribution

It proposes the XSec paradigm, discusses its unique characteristics, and outlines a research roadmap for developing explainable security techniques.

Findings

XSec involves multiple stakeholders including developers, analysts, users, and attackers.

XSec requires reasoning about system models, threat models, and security properties.

A research roadmap for XSec is proposed, highlighting future directions.

Abstract

The Defense Advanced Research Projects Agency (DARPA) recently launched the Explainable Artificial Intelligence (XAI) program that aims to create a suite of new AI techniques that enable end users to understand, appropriately trust, and effectively manage the emerging generation of AI systems. In this paper, inspired by DARPA's XAI program, we propose a new paradigm in security research: Explainable Security (XSec). We discuss the ``Six Ws'' of XSec (Who? What? Where? When? Why? and How?) and argue that XSec has unique and complex characteristics: XSec involves several different stakeholders (i.e., the system's developers, analysts, users and attackers) and is multi-faceted by nature (as it requires reasoning about system model, threat model and properties of security, privacy and trust as well as about concrete attacks, vulnerabilities and countermeasures). We define a roadmap for XSec that identifies several possible research directions.