Vulnerabilities as monsters: the cultural foundations of computer security (extended abstract)


Pieters, W. and Consoli, L. (2006) Vulnerabilities as monsters: the cultural foundations of computer security (extended abstract). In: Proceedings of the European Computing and Philosophy Conference (E-CAP 2006), 22-24 Jun 2006, Trondheim, Norway.

Abstract:This paper is part of a project to investigate the philosophical aspects
of the scientific discipline of information security. This eld of research investigates
the means to protect information systems against attacks, typically by modelling
the system according to a certain security model, and verifying the conformance.
In this contribution, we study the relation between models of information
security, and cultural categories that help us to describe the world. According
to Martijntje Smits, cultural categories necessarily produce phenomena that do
not fit in the categorisation. From a negative perspective, these phenomena can
be characterised as monsters: they have properties of two categories that were
thought to be mutually exclusive, like many monsters that appear in films. Smits
applies this anthropological approach to explain controversies around the introduction
of new technologies in our society, such as the current debate on genetically
manipulated food. We translate this framework to the scientific enterprise
of information security, by explicating the analogy between Smits's monsters in
society and system vulnerabilities in information security. We argue that several
important security threats, such as viruses in Word documents, have been produced
by phenomena that did not fit into existing cultural categories of computer
science, in this case the categories of programs and data. Therefore, they were
not included in security models. Based on our analysis, we describe the cultural
foundations of information security research, we search for strategies for dealing
with vulnerabilities-as-monsters analogous to Smits's strategies for dealing
with monsters in society, and we discuss the consequences of our approach for
responsibilities of computer scientists.
Item Type:Conference or Workshop Item
Electrical Engineering, Mathematics and Computer Science (EEMCS)
Research Group:
Link to this item:
Official URL:
Export this item as:BibTeX
HTML Citation
Reference Manager


Repository Staff Only: item control page