Science of Cyber Security as a System of Models and Problems (1512.00407v1)

Abstract: Terms like "Science of Cyber" or "Cyber Science" have been appearing in literature with growing frequency, and influential organizations initiated research initiatives toward developing such a science even though it is not clearly defined. We propose to define the domain of the science of cyber security by noting the most salient artifact within cyber security -- malicious software -- and defining the domain as comprised of phenomena that involve malicious software (as well as legitimate software and protocols used maliciously) used to compel a computing device or a network of computing devices to perform actions desired by the perpetrator of malicious software (the attacker) and generally contrary to the intent (the policy) of the legitimate owner or operator (the defender) of the computing device(s). We further define the science of cyber security as the study of relations -- preferably expressed as theoretically-grounded models -- between attributes, structures and dynamics of: violations of cyber security policy; the network of computing devices under attack; the defenders' tools and techniques; and the attackers' tools and techniques where malicious software plays the central role. We offer a simple formalism of these key objects within cyber science and systematically derive a classification of primary problem classes within cyber science.