SoK - Science, Security, and the Elusive Goal of Security as a Scientific Pursuit

Explore a thought-provoking IEEE conference talk that delves into the challenges of establishing security as a scientific discipline. Examine the intersection of science, security, and philosophy as the speaker critically analyzes the current state of security research. Gain insights into the methodological issues plaguing the field and the lack of consensus on what constitutes a "Science of Security." Learn about key scientific concepts such as induction, deduction, falsifiability, and the importance of reasonable assumptions. Discover how these principles apply to computer security and why mathematical proofs alone do not equate to scientific rigor. Through a running example, understand the complexities of aligning security practices with established scientific methods. Conclude with a reflection on the path forward for security research and its potential to evolve into a more scientifically grounded discipline.

Intro
Survey
Science and Security
Philosophy of Science
Consensus
Induction and Deduction
Falsifiability
Math is not science
Reasonableness of assumptions
Summary
Security
An example
A running story
Assumptions
Conclusion
Questions