Ethical Proactive Threat Research

  • John Aycock
  • John Sullins
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6054)

Abstract

Through a provocative examination of the positive effects of computer security research on regular users, we argue that traditional security research is insufficient. Instead, we turn to a largely untapped alternative, proactive threat research, a fruitful research area but an ethical minefield. We discuss practices for ethical research and dissemination of proactive research.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Higgins, K.J.: Study: Antivirus software catches about half of malware, misses 15 percent altogether. Dark Reading (March 2, 2009)Google Scholar
  2. 2.
    Oberheide, J., Cooke, E., Jahanian, F.: CloudAV: N-version antivirus in the network cloud. In: 17th USENIX Security Symposium, pp. 91–106 (2008)Google Scholar
  3. 3.
    Nachenberg, C., Ramzan, Z., Seshadri, V.: Reputation: A new chapter in malware protection. In: 19th Virus Bulletin International Conference, pp. 185–191 (2009)Google Scholar
  4. 4.
    Yan, W., Arrott, A., McArdle, R., Roesler, M.: Volume of threat: The AV update deployment bottleneck. In: 19th Virus Bulletin International Conference, pp. 232–234 (2009)Google Scholar
  5. 5.
    Cohen, F.: Computer viruses: Theory and experiments. Computers & Security 6(1), 22–35 (1987)CrossRefGoogle Scholar
  6. 6.
    Franklin, J., Paxson, V., Perrig, A., Savage, S.: An inquiry into the nature and causes of the wealth of Internet miscreants. In: 14th ACM Conference on Computer and Communications Security, pp. 375–388 (2007)Google Scholar
  7. 7.
    Aycock, J.: Computer Viruses and Malware. Springer, Heidelberg (2006)Google Scholar
  8. 8.
    Szor, P.: The Art of Computer Virus Research and Defense. Addison-Wesley, Reading (2005)Google Scholar
  9. 9.
    Edgar, S.L.: Morality and Machines. Jones and Bartlett, USA (2003)Google Scholar
  10. 10.
    Himma, K.E.: Internet Security. Jones and Bartlett, USA (2007)Google Scholar
  11. 11.
    Neumann, P.G.: Computer security and human values. In: Computer Ethics and Professional Responsibility. Blackwell, Malden (2004)Google Scholar
  12. 12.
    Spafford, E.H.: Are computer hacker break-ins ethical? In: Computer Ethics and Professional Responsibility. Blackwell, Malden (2004)Google Scholar
  13. 13.
    Spinello, R.: Cyberethics. Jones and Bartlett, USA (2006)Google Scholar
  14. 14.
    Aycock, J., Maurushat, A.: Future threats. In: 17th Virus Bulletin International Conference, pp. 275–281 (2007)Google Scholar
  15. 15.
    Sullins, J.P.: Artificial moral agency in technoethics. In: Luppicini, R., Adell, R. (eds.) Handbook of Research on Technoethics, pp. 205–221. Idea Group, USA (2008)Google Scholar
  16. 16.
    Association for Computing Machinery: ACM code of ethics and professional conduct (1992), http://www.acm.org/about/code-of-ethics
  17. 17.
    Floridi, L.: Understanding information ethics. The American Philosophical Association Newsletter on Computers and Society 7(1) (2007)Google Scholar
  18. 18.
    Staniford, S., Moore, D., Paxson, V., Weaver, N.: The top speed of flash worms. In: Proceedings of the 2004 ACM Workshop on Rapid Malcode, pp. 33–42 (2004)Google Scholar
  19. 19.
    Vogt, R.A.: The threat of biologically-inspired self-stopping worms. Master’s thesis, University of Calgary (2008)Google Scholar
  20. 20.
    Szabo, J., Aycock, J., Acton, R., Denzinger, J.: The tale of the weather worm. In: ACM Symposium on Applied Computing, pp. 2097–2102 (2008)Google Scholar
  21. 21.
    Aycock, J., Gutiérrez Cárdenas, J.M., de Castro, D.M.N.: Code obfuscation using pseudo-random number generators. In: 1st International Workshop on Software Security Process., pp. 418–423 (2009)Google Scholar
  22. 22.
    Swimmer, M., Leiba, B., Whalley, I., Borenstein, N.: Breaking anti-spam systems with parasitic spam. In: Third Conference on Email and Anti-Spam (2006)Google Scholar
  23. 23.
    Borello, J.M., Filiol, É., Mé, L.: Are current antivirus programs able to detect complex metamorphic malware? An empirical evaluation. In: 18th Annual EICAR Conference, pp. 45–63 (2009)Google Scholar
  24. 24.
    Aycock, J., Barker, K.: Creating a secure computer virus laboratory. In: 13th Annual EICAR Conference, 13 pp. (2004)Google Scholar
  25. 25.
    Davis, J.: Secret geek A-team hacks back, defends worldwide web. Wired 16.12 (November 24, 2008)Google Scholar
  26. 26.
    Sullins, J.P.: Ethics and artificial life: From modeling to moral agents. Ethics and Information Technology 7, 139–148 (2005)CrossRefGoogle Scholar
  27. 27.
    Sullins, J.P.: When is a robot a moral agent? International Review of Information Ethics 6 (December 2006)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • John Aycock
    • 1
  • John Sullins
    • 2
  1. 1.Department of Computer ScienceUniversity of CalgaryCalgaryCanada
  2. 2.Department of PhilosophySonoma State UniversityRohnert Park

Personalised recommendations