Validating Computer Security Methods: Meta-methodology for an Adversarial Science

Abstract

How can we justify the validity of our computer security methods? This meta-methodological question is related to recent explorations on the science of computer security, which have been hindered by computer security's unique properties. We confront this by developing a taxonomy of properties and methods. Interdisciplinary foundations provide a solid grounding for a set of essential concepts, including a decision tree for characterizing adversarial interaction. Several types of invalidation and general ways of addressing them are described for technical methods. An interdisciplinary argument from theory explains the role that meta-methodological validation plays in the adversarial science of computer security.