Search Icon
Register

Operationalizing Cybersecurity Research Ethics Review: From Principles and Guidelines to Practice

Dennis Reidsma, Jeroen van der Ham, and Andrea Continella (University of Twente)

Cybersecurity research involves ethics risks such as accidental privacy breaches, corruption of production services, and discovery of weaknesses in networked systems. Although literature describes these and other issues in some depth, reflection on these issues is not yet well embedded in typical Ethics Review Board procedures. In this paper, we operationalize existing guidance on cybersecurity research ethics into a proposal that can be directly implemented in an Ethics Review Board. We provide a set of self-assessment questions to effectively and efficiently probe the ethics of proposed cybersecurity research, a Coordinated Vulnerability Disclosure procedure for discoveries made in the course of research, and an outline of a university policy to institutionally embed this procedure, which could be adapted and adopted by research institutes. With this paper, we hope to contribute to more Ethics Review Boards taking up the challenge of addressing cybersecurity research ethics in an adequate and productive manner.

Paper
Slides

View More Papers

coucouArray ( [post_type] => ndss-paper [post_status] => publish [posts_per_page] => 4 [orderby] => rand [tax_query] => Array ( [0] => Array ( [taxonomy] => category [field] => id [terms] => Array ( [0] => 69 [1] => 66 ) ) ) [post__not_in] => Array ( [0] => 13647 ) )

Improving In-vehicle Networks Intrusion Detection Using On-Device Transfer Learning

Sampath Rajapaksha (Robert Gordon University), Harsha Kalutarage (Robert Gordon University), M.Omar Al-Kadri (Birmingham City University), Andrei Petrovski (Robert Gordon University), Garikayi Madzudzo (Horiba Mira Ltd)

Read More

Securing Federated Sensitive Topic Classification against Poisoning Attacks

Tianyue Chu (IMDEA Networks Institute), Alvaro Garcia-Recuero (IMDEA Networks Institute), Costas Iordanou (Cyprus University of Technology), Georgios Smaragdakis (TU Delft), Nikolaos Laoutaris (IMDEA Networks Institute)

Read More

Sometimes, You Aren’t What You Do: Mimicry Attacks against...

Akul Goyal (University of Illinois at Urbana-Champaign), Xueyuan Han (Wake Forest University), Gang Wang (University of Illinois at Urbana-Champaign), Adam Bates (University of Illinois at Urbana-Champaign)

Read More

DiffCSP: Finding Browser Bugs in Content Security Policy Enforcement...

Seongil Wi (KAIST), Trung Tin Nguyen (CISPA Helmholtz Center for Information Security, Saarland University), Jihwan Kim (KAIST), Ben Stock (CISPA Helmholtz Center for Information Security), Sooel Son (KAIST)

Read More

Privacy Starts with UI: Privacy Patterns and Designer Perspectives in UI/UX Practice

Anxhela Maloku (Technical University of Munich), Alexandra Klymenko (Technical University of Munich), Stephen Meisenbacher (Technical University of Munich), Florian Matthes (Technical University of Munich)

Vision: Profiling Human Attackers: Personality and Behavioral Patterns in Deceptive Multi-Stage CTF Challenges

Khalid Alasiri (School of Computing and Augmented Intelligence Arizona State University), Rakibul Hasan (School of Computing and Augmented Intelligence Arizona State University)

From Underground to Mainstream Marketplaces: Measuring AI-Enabled NSFW Deepfakes on Fiverr

Mohamed Moustafa Dawoud (University of California, Santa Cruz), Alejandro Cuevas (Princeton University), Ram Sundara Raman (University of California, Santa Cruz)