Adopting Immunological Metaphors in Cybersecurity Applications
Abstract
The evolution of the computer virus remains constant, yet the metaphors used to explain the abstract ideas of computer science remain static. Previous cybersecurity research frames issues of security in physical security metaphors, using tangible ideas or icons, such as castles, to illustrate the need for defense-in-depth models for computer security. Research confirms that security techniques drawn from the castle metaphor serve to prevent infection by a previously identified variant of the virus, but those techniques are weak against novel strain or zero-day exploit. This thesis set out to answer the following question: What role can metaphors from emergent fields play in augmenting the dominant metaphors in cybersecurity applications? This research found metaphors provide limits for defenses and often carry assumptions about system design with them, allowing exploitation in unusual ways. When attacking computer systems designed around physical security models, malicious actors may take advantage of a system's inherent weak points, and infection is inevitable in any networked system. Because complex attacks cannot be prevented by adopting ideas from a single metaphor or discipline of study, this thesis proposes reimagining cybersecurity threats through a wide variety of metaphorical lenses and adopting a plurality of defenses to augment physical security or defense-in-depth metaphors when addressing wicked problems in cybersecurity applications.
Document Details
- Document Type
- Technical Report
- Publication Date
- Sep 01, 2022
- Accession Number
- AD1200489
Entities
People
- Robert J. Iii Duncan
Organizations
- Naval Postgraduate School