Publications

2019

A Refinement to the General Mechanistic Account European Journal for Philosophy of Science, DOI: 10.1007/s13194-018-0237-1.

(With Jonathan Spring) Phyllis Illari and Jon Williamson propose a formulation for a general mechanistic account, the purpose of which is to capture the similarities across mechanistic accounts in the sciences. Illari and Williamson extract insight from mechanisms in astrophysics—which are notably different from the typical biological mechanisms discussed in the literature on mechanisms—to show how their general mechanistic account accommodates mechanisms across various sciences. We present argumentation that demonstrates why an amendment is necessary to the ontology (entities and activities) referred to by the general mechanistic account provided by Illari and Williamson. The amendment is required due to the variability of some components in computing mechanisms: the very same component serves as either entity or activity, both between levels and within the same level of the explanatory hierarchy. We argue that the proper ontological account of these mechanistic components involves disambiguation via explicitly indexing them as entities or activities.

2018

The Protoscience of Cybersecurity Journal of Defense Modeling and Simulation: Applications, Methodology, Technology 15(1): 5-12. DOI: 10.1177/1548512917737635.

I argue that marking a proper distinction between two types of research in the cybersecurity field obviates the present debate concerning a “science of cybersecurity.” Once the terminology has been properly disambiguated, the accurate descriptor for the current state of the practice of cybersecurity becomes apparent: it is a protoscience. Further, once we specify a definition for “science," we can see that the protoscientific state is capable of trending in the proper direction, namely toward science and away from pseudoscience.

2017

Thinking About Intrusion Kill Chains as Mechanisms Journal of Cybersecurity, DOI 10.1093/cybsec/tyw012.

(With Jonathan Spring) We integrate two established modeling methods from disparate fields: mechanisms from the philosophy of science literature and intrusion kill chain modeling from the computer security literature. The result demonstrates that model accuracy can be improved by incorporating methods from philosophy of science. Modeling security accurately is a key function in the science of security. Mechanistic modeling of computer security incidents clarifies the existing model and points towards areas for substantive improvement for computer security professionals. Additional models of computer security incidents are translated mechanistically to compare results and to demonstrate such modeling can be applied in multiple situations. This integration of philosophy of science and computer security is sensible only by integrating new adaptations to mechanistic modeling specifically conceived to enable better modeling of engineered systems such as computers. The results indicate continued integration of the fields of philosophy of science and information security will be fruitful.

Blacklist Ecosystem Analysis: January - June, 2017 Whitepaper. CERT Coordination Center, Pittsburgh, PA, published at https://resources.sei.cmu.edu/asset_files/WhitePaper/2017_019_001_499689.pdf.

(With Leigh Metcalf) This short report provides a summary of the various analyses of the blacklist ecosystem performed to date. It also appends the latest additional data to those analyses; the added data in this report covers the time period from January 1, 2017 through June 30, 2017.

Blacklist Ecosystem Analysis: July - December, 2016 Whitepaper. CERT Coordination Center, Pittsburgh, PA, published at https://resources.sei.cmu.edu/asset_files/WhitePaper/2017_019_001_499689.pdf.

2016

Blacklist Ecosystem Analysis: January - June, 2016 Whitepaper. CERT Coordination Center, Pittsburgh, PA, published at https://resources.sei.cmu.edu/asset_files/WhitePaper/2016_019_001_485289.pdf.

Blacklist Ecosystem Analysis: 2016 Update Whitepaper. CERT Coordination Center, Pittsburgh, PA, published at https://resources.sei.cmu.edu/asset_files/WhitePaper/2016_019_001_466029.pdf.

(With Leigh Metcalf and Jonathan M. Spring) This update, which is the latest in a series of regular updates, builds upon the analysis of blacklists presented in our 2013 and 2014 reports. In those reports, we established that the contents of blacklists generally fail to overlap substantially with each other [1, 2]. This report further corroborates that overarching result. Our results suggest that available blacklists present an incomplete and fragmented picture of the malicious infrastructure on the Internet, and practitioners should be aware of that insight. This result also provides a starting point for further investigation to understand the dynamics of the blacklist ecosystem.

We have included 123 lists in our latest analysis. This includes 88 IP-address-based lists and 35 domainname-based lists. The number of indicators included on any individual list varies from under 1,000 to over 50 million. Our analysis covers the 18-month period from July 1, 2014 to December 31, 2015.

In this report, we revisit three of the metrics considered in the 2014 report to characterize overlaps: reverse counts, list counts, and pairwise intersection counts. We have omitted the following metric in order to give the issue of following a more complete treatment in a future report. We have added two new metrics: a reverse lookup metric to capture counts of domains seen being resolved in passive DNS, and a persistence in blacklists metric that captures persistence of IPs on blacklists over long spans of time.

Most indicators appear on a single list. Our analysis revealed that 86.6% of IP address indicators appear on exactly one of the lists included in the study. For domain name indicators, 93.7% appear on a single list. Additionally, in the case of domain-name-based lists, there are two distinct “clusters” of lists: 13 of the lists (out of 35) are populated in such a way that fewer than half of the domain names listed are active, while 18 of the 35 are populated such that 80% or more of their entries do resolve.

2014

Exploring a Mechanistic Approach to Experimentation in Computing Philosophy & Technology 27: 441-459, DOI 10.1007/s13347-014-0164-9.

(With Jonathan Spring) The mechanistic approach in philosophy of science contributes to our understanding of experimental design. Applying the mechanistic approach to experimentation in computing is beneficial for two reasons. It connects the methodology of experimentation in computing with the methodology of experimentation in established sciences, thereby strengthening the scientific reputability of computing and the quality of experimental design therein. Furthermore, it pinpoints the idiosyncrasies of experimentation in computing: computing deals closely with both natural and engineered mechanisms. Better understanding of the idiosyncrasies, which manifest in terms of a nonstandard role for experimentation, are interesting both for computer scientists and for philosophers of science. Computer scientists can think more clearly about their experimental choices. The role of experimentation elucidated by computer science merits further study from philosophers of science generally, as it highlights a role for experimentation hitherto unrecognized by philosophers: demonstration that activities exist.

Chimera of the Cosmos Ph.D. Dissertation, University of Pittsburgh

Multiverse cosmology exhibits unique epistemic problems because it posits the existence of universes inaccessible from our own. Since empirical investigation is not possible, philosophical investigation takes a prominent role. The inaccessibility of the other universes causes argumentation for the multiverse hypothesis to be wholly dependent upon typicality assumptions that relate our observed universe to the unobserved universes. The necessary reliance on typicality assumptions results in the Multiverse Circularity Problem: the multiverse hypothesis is justified only through invoking typicality assumptions, but typicality assumptions are justified only through invoking the multiverse hypothesis. The unavoidability of the circularity is established through argumentation for each of the two conjuncts that comprise it.

Historical investigation proves the first conjunct of the Multiverse Circularity Problem. Detailed study of the now-neglected tradition of multiverse thought shows that philosophers and scientists have postulated the multiverse hypothesis with regularity, under different names, since antiquity. The corpus of argumentation for the existence of the multiverse breaks cleanly into three distinct argument schemas: implication from physics, induction, and explanation. Each of the three argument schemas is shown to be fully reliant upon unsupported typicality assumptions. This demonstrates that the multiverse hypothesis is justified only through invoking typicality assumptions.

Philosophical assessment of cosmological induction establishes the second conjunct of the Multiverse Circularity Problem. Independent justification for typicality assumptions is not forthcoming. The obvious candidate, enumerative induction, fails: Hume’s attack against inference through time is extended to inference through space. This move undercuts external justification for typicality assumptions, such as the Cosmological Principle, which cosmologists implement to justify induction. Removing the legitimacy of enumerative induction shows that typicality assumptions are justified only through invoking the multiverse hypothesis, thereby establishing the Multiverse Circularity Problem.