Inspired by DARPA’s Explainable Artificial Intelligence (XAI) program, Daniele Magazzeni and I proposed a new paradigm in security research:
Explainable Security (XSec). In this talk, I will discuss the “Six Ws” of XSec (Who? What? Where? When? Why? and How?) and argue that XSec has unique and complex characteristics: XSec involves several different stakeholders (i.e., the system’s developers, analysts, users and attackers) and is multi-faceted by nature (as it requires reasoning about system model, threat model and properties of security, privacy and trust as well as about concrete attacks, vulnerabilities and countermeasures). I will define a roadmap for XSec that identifies several possible research directions. As concrete examples, I will first discuss a new, declarative way to define and reason about privacy and then briefly show how some basic cybersecurity notions (and even some advanced ones) can be explained with the help of some famous and some perhaps less obvious films and other artworks.