Abstract
For most of its existence, the field of computer science has been lucky enough to avoid ethical dilemmas by virtue of its relatively benign nature. The subdisciplines of programming methodology research, microprocessor design, and so forth have little room for the greater questions of human harm. Other, more recently developed sub-disciplines, such as data mining, social network analysis, behavioral profiling, and general computer security, however, open the door to abuse of users by practitioners and researchers. It is therefore the duty of the men and women who chart the course of these fields to set rules for themselves regarding what sorts of actions on their part are to be considered acceptable and what should be avoided or handled with caution out of ethical concerns. This paper deals solely with the issues faced by computer security researchers, be they vulnerability analysts, privacy system designers, malware experts, or reverse engineers.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Campbell, M.: Ethics and Computer Security: Cause and Effect. In: CSC 1988: Proceedings of the 1988 ACM Sixteenth Annual Conference on Computer Science, pp. 384–390. ACM, New York (1988)
Carmack, J.: IU Student, Focus of FBI Probe, Speaks Out (2006)
Stanford Cyberlaw Clinic. CyberSecurity, Research and Disclosure (2003)
Hafner, K.: Researchers Yearn to Use AOL Logs, but They Hesitate. The New York Times (2006)
HexXer, H.: CodeGreen Beta Release (September 2001), http://archives.neohapsis.com/archives/vuln-dev/2001-q3/0575.html
Krebs, B.: Student Unleashes Uproar with Bogus Airline Boarding Passes. The Washington Post (2006)
Leibniz, G.W.: La Félicité. In: Textes Inédits D’après les Manuscrits de la Bibliothèque Provinciale de Hanovre. Presses Universitaires de France (1948)
Leibniz, G.W.: Elementa Juris Naturalis. In: Philosophische Schriften. Akademie Verlag GmbH (2006)
Moore, D., Shannon, C.: The Spread of the Code Red worm (2008), http://www.caida.org/research/security/code-red/coderedv2_analysis.xml
Narayanan, A., Shmatikov, V.: How To Break Anonymity of the Netflix Prize Dataset (2006)
Newitz, A.: Techsploitation: Subpoena Me, Too! San Francisco Bay Guardian (October 2003)
Poulsen, K.: Feds say Lamo Inspired Other Hackers. The Register (2004), http://www.theregister.co.uk/2004/09/16/feds_on_lamo/
Sassaman, L.: The Faithless Endpoint: How Tor puts certain users at greater risk. Technical Report ESAT-COSIC 2007-003, Katholieke Universiteit Leuven (2007)
Spafford, E.H.: The Internet Worm Program: an Analysis. SIGCOMM Computer Communication Review 19(1), 17–57 (1989)
Wolf, J.: Technical Details of Srizbi’s Domain Generation Algorithm (2008), http://blog.fireeye.com/research/2008/11/technical-details-of-srizbis-domain-generation-algorithm.html
Wolf, J., Sassaman, L.: Unpublished manuscript (December 2008)
Wu, D., Long, D., Wang, C., Guan, Z.: Modeling and Analysis of Worm and Killer-Worm Propagation Using the Divide-and-Conquer Strategy. In: Hobbs, M., Goscinski, A.M., Zhou, W. (eds.) ICA3PP 2005. LNCS, vol. 3719, pp. 370–375. Springer, Heidelberg (2005)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Sassaman, L. (2010). Ethical Guidelines for Computer Security Researchers: “Be Reasonable”. In: Sion, R., et al. Financial Cryptography and Data Security. FC 2010. Lecture Notes in Computer Science, vol 6054. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-14992-4_24
Download citation
DOI: https://doi.org/10.1007/978-3-642-14992-4_24
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-14991-7
Online ISBN: 978-3-642-14992-4
eBook Packages: Computer ScienceComputer Science (R0)