Validating Computer Security Methods: Meta-methodology for an Adversarial Science
This addresses the challenge of validating security methods for researchers and practitioners, but it is incremental as it builds on existing interdisciplinary foundations without introducing new empirical results.
The paper tackles the problem of justifying the validity of computer security methods by developing a taxonomy and decision tree for adversarial interactions, resulting in a meta-methodological framework for validation in this field.
How can we justify the validity of our computer security methods? This meta-methodological question is related to recent explorations on the science of computer security, which have been hindered by computer security's unique properties. We confront this by developing a taxonomy of properties and methods. Interdisciplinary foundations provide a solid grounding for a set of essential concepts, including a decision tree for characterizing adversarial interaction. Several types of invalidation and general ways of addressing them are described for technical methods. An interdisciplinary argument from theory explains the role that meta-methodological validation plays in the adversarial science of computer security.