There is little doubt among cyber security researchers about the lack of scientic rigor that underlies much of the liter-ature. The issues are manifold and are well documented. Further complicating the problem is insufficient scientic methods to address these issues. Cyber security melds man and machine: we inherit the challenges of computer science, sociology, psychology, and many other elds and create new ones where these elds interface. In this paper we detail a partial list of challenges imposed by rigorous science and survey how other sciences have tackled them, in the hope of applying a similar approach to cyber security science. This paper is by no means comprehensive: its purpose is to foster discussion in the community on how we can improve rigor in cyber security science.
Revised: April 28, 2015 |
Published: July 18, 2012
Citation
Carroll T.E., D.O. Manz, T.W. Edgar, and F.L. Greitzer. 2012.Realizing Scientific Methods for Cyber Security. In LASER '12: Proceedings of the 2012 Workshop on Learning from Authoritative Security Experiment Results, July 18-19, 2012, Arlington, Virginia, 19-24. New York:Association for Computing Machinery.PNNL-SA-87207.doi:10.1145/2379616.2379619