The past ten years has seen increasing calls to makesecurity research more 'scientific'.On the surface, most agree that this is desirable, given universal recognition of 'science' as a positive force. However, we find that there is little clarity on what 'scientific' means inthe context of computer security research, or consensus onwhat a 'Science of Security' should look like. We selectively review work in the history and philosophy of scienceand more recent work under the label 'Science of Security'.We explore what has been done under the theme of relating science and security, put this in context with historical science, and offer observations and insights we hope maymotivate further exploration and guidance. Among our findings are thatpractices on which the rest of science has reached consensus appear little usedor recognized in security, and a pattern of methodological errors continues unaddressed.

Additional Metadata
Keywords Connections between research and observable world, History of science, Philosophy of science, Science of security, Security research
Persistent URL
Conference 2017 IEEE Symposium on Security and Privacy, SP 2017
Herley, C. (Cormac), & Van Oorschot, P. (2017). SoK: Science, Security and the Elusive Goal of Security as a Scientific Pursuit. In Proceedings - IEEE Symposium on Security and Privacy (pp. 99–120). doi:10.1109/SP.2017.38