Kant, Cybernetics, and Cybersecurity: Integration and Secure Computation Jon K. Burmeister and Ziyuan Meng College of Mount Saint Vincent Drew University
[email protected],
[email protected] Abstract1 This paper argues that Kant’s philosophy of mind sheds light on Heinz Von Foerster’s cybernetic thinking, and that both thinkers help us identify dubious theoretical assumptions within computer science and cybersecurity. Specifically, these two thinkers discuss the importance of integration within systems, a position which contrasts with a reductionist form of thinking currently common in computer science. We argue that such a reductionist and narrowly technocentric approach leads to the design of insecure software systems. To develop an improved theory of security and vulnerability, we look for inspiration to Kant and von Foerster. Our approach focuses on two types of integration within Kant’s philosophy of mind – the “unity of apperception,” and the unity of the mental faculties – and then traces these same themes in the thought of von Foerster. Building on that, we argue two points: 1.) a secure software system never directly takes its structure or operations from the external environement, and 2.) the more integrated a software system is, the more secure it is. To illustrate these points, we analyze a case study of a code injection attack against a vulnerable web application, and show how such a system is vulnerable to cyberattack when it fails to maintain its integrated form in response to inputs from the environment. Keywords: Philosophy of Mind, Cybernetics, Cybersecurity, Information Systems, Kant, Heinz von Foerster, Integration, Reductionism. 1. Introduction The philosophical tradition of German Idealism and the field of cybernetics share a common impulse: both strive to think systematically and at a high level of generality, with the goal of discovering foundational principles that apply across a wide variety of domains.