Information Security Education Journal (ISEJ)

Home

New Journals

Browse Journals

Journal Prices

For Authors

Print ISSN: 2349-8161
Online ISSN: 2349-817X

About ISEJ
	Home Aims & Scope Editorial Board Current Issue Next Issue Previous Issue Self-archiving policy Alert Services Be a Reviewer Publisher Paper Submission Contact us

For Authors
	Guidelines for Contributors Online Submission Statement of Ethics and Responsibilities Review Policies Transfer of Copyright Archiving Policy Call for Papers

RELATED JOURNALS

Journal of Digital Information Management (JDIM)

Journal of Multimedia Processing and Technologies (JMPT)

International Journal of Web Application (IJWA)

Information Security Education Journal (ISEJ)

Mind, Unity and Software Security - Analysis of Functional Unity in Cases of Data-only Attack

Ziyuan Meng
Drew University 36 Madison Ave, Madison, NJ

Abstract: The computer security research community today still lacks a theoretical understanding of the essence of security vulnerabilities. The article argues that the prevailing reductionism in computer science theory leads to insecure coding practice, and Immanuel Kantâ€™s philosophy of mind sheds light on what makes software secure. In particular, Kantâ€™s constructivist conceptualization of the mind and his theory on the unity of the mental faculties inspire us to develop a new, non-reductionist approach to software vulnerability problems. We argue that a computer program can possess some structural similarities to the human mind. Similar to the unity of human mind, there is also a functional unity or â€˜integrationâ€™ in any given program. In the light of this similarity, a cyber-attack can be viewed as operations to compromise a computer programâ€™s original function by violating its internal integration. To illustrate the point, we provide a detailed analysis of two examples of data-only attacks, a new emerging threat to software security. In each case study, we examine the internal, functional integration of the case program and how data-only attacks affect the integration. The result shows a direct correlation between functional integration and the security of software. In the end, we propose a new technical normativity of cultivating to supplement that of coding.

Keywords: Philosophy of Mind, Philosophy of Technology, Software Security, Kant, Integration, Reductionism Mind, Unity and Software Security - Analysis of Functional Unity in Cases of Data-only Attack

DOI:https://doi.org/10.6025/isej/2021/8/2/65-74

Full_Text PDF 5.11 MB Download: 226 times

References:

[1] Kushner, D. (2013). The real story of stuxnet, IEEE Spectrum, 50 (3) 48–53.
[2] Burmeister, J., Ziyuan Meng. (2021). Kant, Cybernetics, and Cybersecurity: Integration and Secure Computation.” SYSTEMICS, CYBERNETICS AND INFORMATICS VOLUME 19 - NUMBER 4.
[3] Smith, R. (2019). Aristotle’s Logic”, The Stanford Encyclopedia of Philosophy (Summer 2019 Edition), Edward N. Zalta (ed.). Retrieved from https://plato.stanford.edu/archives/sum2019/entries/aristotle-logic.
[4] Wirth, N. (2008). Algorithms + data structures = programs. New Delhi, India: Prentice-Hall of India.
[5] Craig Kernighan, B. W. (2021). Wrapup on Software. In Understanding the digital world: What you need to know about computers, the internet, privacy, and security (pp. 117–118). essay, Princeton University Press.
[6] Tip, F. (1995). A survey of program slicing techniques. J. Program. Lang., 3.
[7] Ferrante, J., Ottenstein, K. J., Warren, J. D. (1987). The program dependence graph and its use in optimization. ACM Tra nsactions on Programming Languages and Systems, 9(3), 319–349. https://doi.org/10.1145/24039.24041
[8] Kant, I. (1965). Critique of Pure Reason (unabridged edition). St. Martin’s Press.
[9] Kant, I. (1987). Critique of Judgment (1st ed.). Hackett Publishing.
[10] Hu, H., Shinde, S., Adrian, S., Chua, Z. L., Saxena, P., Liang, Z. (2016). Data-oriented programming: On the expressiveness of non-control data attacks. 2016 IEEE Symposium on Security and Privacy (SP). https://doi.org/10.1109/sp.2016.62
[11] Seacord, R. C. (2005). Secure Coding in C And C++ (1st ed.). Addison-Wesley Professional.
[12] Simondon, G. (2017). On the mode of existence of technical objects (C. Malaspina & J. Rogove, Trans.). Minneapolis, MN, United States: Univocal Publishing.
[13] Hunsaker, E., Hunsaker, Ottenbreit-Leftwich, A., Kimmons, R., & Enoch HunsakerEnoch Hunsaker is a Master’s student at Brigham Young University. (1970, January 1). Computational thinking. The K-12 Educational Technology Handbook. Retrieved January 18, 2022, from https://edtechbooks.org/k12handbook/computational_thinking
[14] Seacord, R. C., Pethia, R. D. (2015). String. In Secure coding in C and C++ (pp. 29–110). essay, Addison-Wesley.
[15] Sullivan, B. (2008, September). Security briefs: SDL embraces the web. Developer tools, technical documentation and coding examples. Retrieved April 23, 2022, from https://docs.microsoft.com/en-us/archive/msdn-magazine/2008/september/security-briefssdl- embraces-the-web

Copyright 2013 socio.org.uk