How to Design Computer Security Experiments

  • Sean Peisert
  • Matt Bishop
Part of the IFIP — International Federation for Information Processing book series (IFIPAICT, volume 237)


In this paper, we discuss the scientific method and how it can be applied to computer security experiments. We reiterate a number of general scientific principles, such as falsifiable hypotheses, scientific controls, reproducible results, and data quality.


  1. [AriCE]
    Aristotle. Organon. 100 B.C.E.Google Scholar
  2. [Bis03]
    Matt Bishop. Computer Security: Art and Science. Addison-Wesley Professional, Boston, MA, 2003.Google Scholar
  3. [Boy61]
    Robert Boyle. The Unsuccessful Experiment. In Certain Physiological Essays. Henry Herringman, London, 1661.Google Scholar
  4. [Huf54]
    Darrell Huff. How to Lie With Statistics. Norton, 1954.Google Scholar
  5. [Kuh62]
    Thomas S. Kuhn. The Structure of Scientific Revolutions. University of Chicago Press, Chicago, 1962.Google Scholar
  6. [Lin53]
    James Lind. A Treatise of the Scurvy. Sands, Murray, and Cochran for A Kincaid and A Donaldson, 1753.Google Scholar
  7. [New87]
    Sir Isaac Newton. Philosophiae Naturalis Prmcipia Mathematica. The Royal Society, 1687.Google Scholar
  8. [Pop59]
    Karl Raimund Popper. The Logic of Scientific Discovery. Routledge, 1959.Google Scholar
  9. [Spi03]
    Lance Spitzner. The Honeynet Project: Trapping the Hackers. IEEE Security & Privacy, 1(2): 15–23, Mar–Apr 2003.Google Scholar
  10. [Wik07]
    The Free Encyclopedia Wikipedia. Scientific method., January 30 09:59 UTC 2007.Google Scholar

Copyright information

© International Federation for Information Processing 2007

Authors and Affiliations

  • Sean Peisert
    • 1
  • Matt Bishop
    • 2
  1. 1.Dept. of Computer Science & EngineeringUniversity of CaliforniaSan Diego
  2. 2.Department of Computer ScienceUniversity of CaliforniaDavis

Personalised recommendations