Justifying Security Measures — a Position Paper

  • Cormac Herley
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10492)


There is a problem with the way we reason about problems in security. The justifications that we offer for many security measures reduce to unfalsifiable claims or circular statements. This position paper argues that reliance on less-than-solid arguments acts as a brake on progress in security.


  1. 1.
    Herley, C.: Unfalsifiability of security claims. Proc. Nat. Acad. Sci. 113(23), 6415–6420 (2016)CrossRefGoogle Scholar
  2. 2.
    Chalmers, A.F.: What Is This Thing Called Science?, 4th edn. Hackett Publishing, Indianapolis (2013)Google Scholar
  3. 3.
    Godfrey-Smith, P.: Theory And Reality: An Introduction To The Philosophy Of Science. University of Chicago Press, Chicago (2009)Google Scholar
  4. 4.
    Herley, C., van Oorschot, P.: SoK: science, security, and the elusive goal of security as a scientific pursuit. In: IEEE Symposium on Security and Privacy (Oakland 2017) (2017)Google Scholar
  5. 5.
    Florêncio, D., Herley, C., Van Oorschot, P.C.: Pushing on string: the“don’t care” region of password strength. Commun. ACM 59(11), 66–74 (2016)CrossRefGoogle Scholar
  6. 6.
    Zhang, Y., Monrose, F., Reiter, M. K.: The security of modern password expiration: an algorithmic framework and empirical analysis. In: Proceedings ACM CCS, pp. 176–186 (2010)Google Scholar
  7. 7.
    Morris, R., Thompson, K.: Password security: a case history. Commun. ACM 22(11), 594–597 (1979)CrossRefGoogle Scholar
  8. 8.
    Weir, M., Aggarwal, S., Collins, M., Stern, H.: Testing metrics for password creation policies by attacking large sets of revealed passwords. In: Proceedings ACM CCS, pp. 162–175 (2010)Google Scholar
  9. 9.
    Ives, B., Walsh, K.R., Schneider, H.: The domino effect of password re-use. Commun. ACM 47(4), 75–78 (2004)CrossRefGoogle Scholar
  10. 10.
    US-Cyber Emergency Response Readiness Team: CyberSecurity Tips.
  11. 11.
    Popper, K.: Conjectures and Refutations: The Growth of Scientific Knowledge. Routledge, London (1959)Google Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  1. 1.Microsoft ResearchRedmondUSA

Personalised recommendations