EEMCS

Home > Publications
Home University of Twente
Education
Research
Prospective Students
Jobs
Publications
Intranet (internal)
 
 Nederlands
 Contact
 Search
 Organisation

EEMCS EPrints Service


26393 “If you were attacked, you’d be sorry”: Counterfactuals as security arguments
Home Policy Brochure Browse Search User Area Contact Help

Herley, C. and Pieters, W. (2015) “If you were attacked, you’d be sorry”: Counterfactuals as security arguments. In: New Security Paradigm Workshop (NSPW), 8-11 Sept 2015, Twente, Netherlands. pp. 112-123. ACM. ISBN 978-1-4503-3754-0

Full text available as:

PDF
- Univ. of Twente only
258 Kb

Official URL: http://dx.doi.org/10.1145/2841113.2841122

Exported to Metis

Abstract

Counterfactuals (or what-if scenarios) are often employed as security arguments, but the dos and don’ts of their use are poorly understood. They are useful to discuss vulnerability of systems under threats that haven’t yet materialized, but they can also be used to justify investment in obscure controls. In this paper, we shed light on the role of counterfactuals in security, and present conditions under which counterfactuals are legitimate arguments, linked to the exclusion or inclusion of the threat environment in security metrics. We provide a new paradigm for security reasoning by deriving essential questions to ask in order to decide on the acceptability of specific counterfactuals as security arguments, which can serve as a basis for further study in this field. We conclude that counterfactuals are a necessary evil in security, which should be carefully controlled.

Item Type:Conference or Workshop Paper (Full Paper, Talk)
Research Group:EWI-SCS: Services, Cyber security and Safety
Research Program:CTIT-General
Research Project:TREsPASS: Technology-supported Risk Estimation By Predictive Assessment Of Socio-technical Security
Additional Information:Foreground = 50% ;Type of activity = workshop;Main leader = UT;Type of audience = scientific community; Size of audience = 35;Countries addressed = International;
ID Code:26393
Status:Published
Deposited On:09 November 2015
Refereed:Yes
International:Yes
More Information:statisticsmetis

Export this item as:

To request a copy of the PDF please email us request copy

To correct this item please ask your editor

Repository Staff Only: edit this item