The Science of Security: Introduction from the Perspective of Secure Collaboration

Despite sustained research effort in security, current security practice conveys a decidedly ad hoc flavor-find a bug; patch it; find the next bug; and so on. This methodology is sometimes termed engineering, using the term in the narrow sense of developing solutions to specific problems. The past few years have seen a growing push to develop a science of security (SoS), viewed as a systematic body of knowledge with strong theoretical and empirical underpinnings that inform the engineering of secure information systems. I introduce SoS, briefly describing its key elements. I then motivate some of the foundational challenges of SoS from the standpoint of systems of autonomous participants, sometimes termed systems of systems. I describe how security is an element of the governance of such systems and advocate an approach based on a new formulation of norms and accountability.