Home > Publications
Home University of Twente
Prospective Students
Intranet (internal)

EEMCS EPrints Service

26393 “If you were attacked, you’d be sorry”: Counterfactuals as security arguments
Home Policy Brochure Browse Search User Area Contact Help

Herley, C. and Pieters, W. (2015) “If you were attacked, you’d be sorry”: Counterfactuals as security arguments. In: New Security Paradigm Workshop (NSPW), 8-11 Sept 2015, Twente, Netherlands. pp. 112-123. ACM. ISBN 978-1-4503-3754-0

Full text available as:

- Univ. of Twente only
258 Kb

Official URL:

Exported to Metis


Counterfactuals (or what-if scenarios) are often employed as security arguments, but the dos and don’ts of their use are poorly understood. They are useful to discuss vulnerability of systems under threats that haven’t yet materialized, but they can also be used to justify investment in obscure controls. In this paper, we shed light on the role of counterfactuals in security, and present conditions under which counterfactuals are legitimate arguments, linked to the exclusion or inclusion of the threat environment in security metrics. We provide a new paradigm for security reasoning by deriving essential questions to ask in order to decide on the acceptability of specific counterfactuals as security arguments, which can serve as a basis for further study in this field. We conclude that counterfactuals are a necessary evil in security, which should be carefully controlled.

Item Type:Conference or Workshop Paper (Full Paper, Talk)
Research Group:EWI-SCS: Services, Cyber security and Safety
Research Program:CTIT-General
Research Project:TREsPASS: Technology-supported Risk Estimation By Predictive Assessment Of Socio-technical Security
Additional Information:Foreground = 50% ;Type of activity = workshop;Main leader = UT;Type of audience = scientific community; Size of audience = 35;Countries addressed = International;
ID Code:26393
Deposited On:09 November 2015
More Information:statisticsmetis

Export this item as:

To request a copy of the PDF please email us request copy

To correct this item please ask your editor

Repository Staff Only: edit this item