Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Security Science (SecSci), Basic Concepts and Mathematical Foundations

Dusko Pavlovic, Peter-Michael Seidel

TL;DR

Security Science (SecSci) reframes security as a testable scientific discipline rather than a collection of proofs, addressing why deployed protocols fail and how non-local, adversarial interactions require formal models and experimental validation. The book builds a cohesive framework from resource security to data security, introducing the know-have-be taxonomy and formal access-control structures (e.g., $M_{ui}$ and $B_{ui}$ with $B_{ui}\subseteq M_{ui}$) to reason about authorization and availability, privacy, and integrity. It highlights the dual roles of dependability and security, the temporal dimensions of prevention/detection/deterrence, and the evolution toward multi-level security and scalable access control in cyberspace. By integrating these concepts with SecSci methodology, the work aims to bridge theory and practice, improving security design, education, and policy in sociotechnical systems.

Abstract

This textbook compiles the lecture notes from security courses taught at Oxford in the 2000s, at Royal Holloway in the 2010s, and currently in Hawaii. The early chapters are suitable for a first course in security. The middle chapters have been used in advanced courses. Towards the end there are also some research problems.

Security Science (SecSci), Basic Concepts and Mathematical Foundations

TL;DR

Security Science (SecSci) reframes security as a testable scientific discipline rather than a collection of proofs, addressing why deployed protocols fail and how non-local, adversarial interactions require formal models and experimental validation. The book builds a cohesive framework from resource security to data security, introducing the know-have-be taxonomy and formal access-control structures (e.g., and with ) to reason about authorization and availability, privacy, and integrity. It highlights the dual roles of dependability and security, the temporal dimensions of prevention/detection/deterrence, and the evolution toward multi-level security and scalable access control in cyberspace. By integrating these concepts with SecSci methodology, the work aims to bridge theory and practice, improving security design, education, and policy in sociotechnical systems.

Abstract

This textbook compiles the lecture notes from security courses taught at Oxford in the 2000s, at Royal Holloway in the 2010s, and currently in Hawaii. The early chapters are suitable for a first course in security. The middle chapters have been used in advanced courses. Towards the end there are also some research problems.

Paper Structure

This paper contains 29 sections, 2 equations, 16 figures, 5 tables.

Table of Contents

  1. Preface
  2. Introduction: On bugs and elephants
  3. On security engineering
  4. What is security engineering?
  5. Where did security engineering come from?
  6. Where is security engineering going?
  7. On security science
  8. Security space
  9. Range of security science
  10. The Earth is flat, and its perimeter is secure
  11. Science and deceit
  12. The best-kept secret
  13. Security concepts
  14. The dark side
  15. The timing
  16. ...and 14 more sections

Figures (16)

  • Figure 1: Tamper protection from 3700 BC: Bulla with tokens from Uruk (Iraq)
  • Figure 2: To withdraw her sheep from Bob's secure vault, Alice submits a tamper-proof token, like in Fig. \ref{['bulla']}.
  • Figure 3: Civilization as conversation
  • Figure 4: The process of science and the process of security
  • Figure 5: A race can be won by being the best and the fastest…
  • ...and 11 more figures

Theorems & Definitions (1)

  • Definition 3.1