Quis Custodiet ipsos Custodes? A New Paradigm for Analyzing Security Paradigms
- Author(s): Peisert, Sean;
- Bishop, Matt;
- Corris, Laura;
- Greenwald, Steven J
- et al.
Published Web Locationhttp://portal.acm.org/citation.cfm?id=1719041
Do you believe that more than one single security paradigm exists? We do.
We also believe that we have a major problem because of all these security paradigms: until we find a way to identify and understand how these paradigms restrict our analyses we will never have the ability to do a good job identifying risks and threats, let alone protect ourselves from them.
We also believe that the majority of people working in the security community use only one paradigm without recognizing that self-imposed constraint. The paradigm they use may change or even expand based on new data and experiences, but it still continues to limit their approaches and analyses, and therefore limit their effectiveness.
At NSPW 2009 we presented a panel simulation using four analysts in order to demonstrate how security paradigms constrain perceptions and points of view, and how the combination of the different paradigms confuses the analysts' conclusions. Our panel used real-time, interactive exploration to investigate how individuals in the security community work together within their different paradigms and how they often lack awareness of their particular paradigms while working in the same way that a fish does not notice the water in which it swims.
We presented a provocative, live scenario followed by an intensive analysis with NSPW audience participation. We hoped that this would illustrate the misunderstandings and erroneous conclusions that can emerge from the inadvertent and often faulty composition of differing universes of discourse.
Ultimately this led to a new paradigm for dealing with the compositions of the paradigms held by various individuals that we call "Multi-Paradigm Composition Analysis."