short-paper

Step One Towards Science of Security

Authors:

Mahran Al-Zyoud,

Laurie Williams,

Jeffrey C. CarverAuthors Info & Claims

SafeConfig '17: Proceedings of the 2017 Workshop on Automated Decision Making for Active Cyber Defense

Pages 31 - 35

https://doi.org/10.1145/3140368.3140374

Published: 03 November 2017 Publication History

Get Access

Abstract

Science of security necessitates conducting methodologically-defensible research and reporting such research comprehensively to enable replication and future research to build upon the reported study. The comprehensiveness of reporting is as important as the research itself in building a science of security. Key principles of science - replication, meta-analysis, and theory building - are affected by the ability to understand the context and findings of published studies. The goal of this paper is to aid the security research community in understanding the state of scientific communication through the analysis of research published at top security conferences. To analyze scientific communication, we use literature on scientific evaluation to develop a set of rubrics as a guide to check the comprehensiveness of papers published in the IEEE Security and Privacy and ACM Computer and Communications Security conferences. Our review found that papers often omit certain types of information from their reports, including research objectives and threats to validity. Our hope is that this effort sheds some light on one of the essential steps towards advancement of the science of security.

References

[1]

2010. The science of cyber-security. Technical Report JSR-10-102. MITRE.

Google Scholar

[2]

Morgan Burcham, Mahran Al-Zyoud, Jeffrey C Carver, Mohammed Alsaleh, Hongying Du, Fida Gilani, Jun Jiang, Akond Rahman, Özgür Kafali, Ehab AlShaer, et al. 2017. Characterizing Scientific Reporting in Security Literature: An analysis of ACM CCS and IEEE S&P Papers. In Proceedings of the Hot Topics in Science of Security: Symposium and Bootcamp. ACM, 13--23.

Digital Library

Google Scholar

[3]

Bobby J Calder, Lynn W Phillips, and Alice M Tybout. 1982. The concept of external validity. Journal of Consumer Research 9, 3 (1982), 240--244.

Crossref

Google Scholar

[4]

Jeffrey C. Carver, Morgan Burcham, Sedef Akinli Kocak, Ayse Bener, Michael Felderer, Matthias Gander, Jason King, Jouni Markkula, Markku Oivo, Clemens Sauerwein, et al. 2016. Establishing a baseline for measuring advancement in the science of security: an analysis of the 2015 IEEE security & privacy proceedings. In Proceedings of the Symposium and Bootcamp on the Science of Security. ACM, 38--51.

Digital Library

Google Scholar

[5]

Carl F. Craver. 2002. Structures of scientific theories. The Blackwell Guide to the (2002), 55.

Google Scholar

[6]

Anna-Bettina Haidich. 2010. Meta-analysis in medical research. Hippokratia 14, Suppl 1 (2010), 29.

Google Scholar

[7]

Andreas Jedlitschka, Marcus Ciolkowski, and Dietmar Pfahl. 2008. Reporting experiments in software engineering. In Guide to advanced empirical software engineering. Springer, 201--228.

Google Scholar

[8]

Andreas Jedlitschka and Dietmar Pfahl. 2005. Reporting guidelines for controlled experiments in software engineering. In Empirical Software Engineering, 2005. 2005 International Symposium on Empir. Soft. Eng. IEEE, 10--pp.

Crossref

Google Scholar

[9]

Barbara A. Kitchenham and Shari L. Pfleeger. 2008. Personal opinion surveys. Guide to Advanced Empirical Software Engineering (2008), 63--92.

Google Scholar

[10]

Frederick T. L. Leong and James T. Austin. 2006. The psychology research handbook: A guide for graduate students and research assistants. Sage.

Google Scholar

[11]

Per Runeson and Martin Höst. 2009. Guidelines for conducting and reporting case study research in software engineering. Empirical software engineering 14, 2 (2009), 131.

Google Scholar

[12]

William R. Shadish, Thomas D. Cook, and Donald Thomas Campbell. 2002. Experimental and quasi-experimental designs for generalized causal inference. Wadsworth Cengage learning.

Google Scholar

[13]

Justin Zobel. 2005. Writing for computer science (3rd ed.). Springer-Verlag.

Google Scholar

Cited By

View all

Le Pochat VJoosen W(2023)Analyzing Cyber Security Research Practices through a Meta-Research FrameworkProceedings of the 16th Cyber Security Experimentation and Test Workshop10.1145/3607505.3607523(64-74)Online publication date: 7-Aug-2023
https://dl.acm.org/doi/10.1145/3607505.3607523

Index Terms

Step One Towards Science of Security

Recommendations

Characterizing Scientific Reporting in Security Literature: An analysis of ACM CCS and IEEE S&P Papers
HoTSoS: Proceedings of the Hot Topics in Science of Security: Symposium and Bootcamp

Scientific advancement is fueled by solid fundamental research, followed by replication, meta-analysis, and theory building. To support such advancement, researchers and government agencies have been working towards a "science of security". As in other ...
An expert-based bibliometric for a science of security: poster
HoTSoS '18: Proceedings of the 5th Annual Symposium and Bootcamp on Hot Topics in the Science of Security

Security science research is often disseminated in the form of conference papers, presentations, and journal articles. Yet traditional bibliometrics, such as citation counts and journal impact factors, are inadequate for assessing the impact of these ...
Establishing a baseline for measuring advancement in the science of security: an analysis of the 2015 IEEE security & privacy proceedings
HotSos '16: Proceedings of the Symposium and Bootcamp on the Science of Security

To help establish a more scientific basis for security science, which will enable the development of fundamental theories and move the field from being primarily reactive to primarily proactive, it is important for research results to be reported in a ...

Comments

Information & Contributors

Information

Published In

SafeConfig '17: Proceedings of the 2017 Workshop on Automated Decision Making for Active Cyber Defense

November 2017

46 pages

ISBN:9781450352031

DOI:10.1145/3140368

General Chairs:
Nicholas J. Multari
Pacific Northwest National Lab,, USA
,
Anoop Singhal
National Institute of Standards and Technology, USA
,
Program Chair:
Erin Miler
Pacific Northwest National Lab, USA

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 03 November 2017

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Short-paper

Funding Sources

National Security Agency

Conference

CCS '17

Sponsor:

SIGSAC

CCS '17: 2017 ACM SIGSAC Conference on Computer and Communications Security

November 3, 2017

Texas, Dallas, USA

Acceptance Rates

SafeConfig '17 Paper Acceptance Rate 5 of 10 submissions, 50%;

Overall Acceptance Rate 22 of 61 submissions, 36%

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

1
Total Citations
View Citations
172
Total Downloads

Downloads (Last 12 months)5
Downloads (Last 6 weeks)1

Reflects downloads up to 18 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

View all

Le Pochat VJoosen W(2023)Analyzing Cyber Security Research Practices through a Meta-Research FrameworkProceedings of the 16th Cyber Security Experimentation and Test Workshop10.1145/3607505.3607523(64-74)Online publication date: 7-Aug-2023
https://dl.acm.org/doi/10.1145/3607505.3607523

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Abstract

References

Cited By

Index Terms

Recommendations

Characterizing Scientific Reporting in Security Literature: An analysis of ACM CCS and IEEE S&P Papers

An expert-based bibliometric for a science of security: poster

Establishing a baseline for measuring advancement in the science of security: an analysis of the 2015 IEEE security & privacy proceedings

Comments

Information

Published In

Sponsors

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Funding Sources

Conference

Acceptance Rates

Upcoming Conference

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

Login options

Full Access

View options

PDF

eReader

Share

Share this Publication link

Share on social media

Affiliations