One Article Review
| Source |  Errata Security |
|---|---|
| Identifiant | 2675984 |
| Date de publication | 2021-04-21 17:27:21 (vue: 2021-04-21 22:05:34) |
| Titre | Ethics: University of Minnesota\'s hostile patches |
| Texte | The University of Minnesota (UMN) got into trouble this week for doing a study where they have submitted deliberately vulnerable patches into open-source projects, in order to test whether hostile actors can do this to hack things. After a UMN researcher submitted a crappy patch to the Linux Kernel, kernel maintainers decided to rip out all recent UMN patches.Both things can be true:Their study was an important contribution to the field of cybersecurity.Their study was unethical.It's like Nazi medical research on victims in concentration camps, or U.S. military research on unwitting soldiers. The research can simultaneously be wildly unethical but at the same time produce useful knowledge.I'd agree that their paper is useful. I would not be able to immediately recognize their patches as adding a vulnerability -- and I'm an expert at such things.In addition, the sorts of bugs it exploits shows a way forward in the evolution of programming languages. It's not clear that a "safe" language like Rust would be the answer. Linux kernel programming requires tracking resources in ways that Rust would consider inherently "unsafe". Instead, the C language needs to evolve with better safety features and better static analysis. Specifically, we need to be able to annotate the parameters and return statements from functions. For example, if a pointer can't be NULL, then it needs to be documented as a non-nullable pointer. (Imagine if pointers could be signed and unsigned, meaning, can sometimes be NULL or never be NULL).So I'm glad this paper exists. As a researcher, I'll likely cite it in the future. As a programmer, I'll be more vigilant in the future. In my own open-source projects, I should probably review some previous pull requests that I've accepted, since many of them have been the same crappy quality of simply adding a (probably) unnecessary NULL-pointer check.The next question is whether this is ethical. Well, the paper claims to have sign-off from their university's IRB -- their Institutional Review Board that reviews the ethics of experiments. Universities created IRBs to deal with the fact that many medical experiments were done on either unwilling or unwitting subjects, such as the Tuskegee Syphilis Study. All medical research must have IRB sign-off these days.However, I think IRB sign-off for computer security research is stupid. Things like masscanning of the entire Internet are undecidable with traditional ethics. I regularly scan every device on the IPv4 Internet, including your own home router. If you paid attention to the packets your firewall drops, some of them would be from me. Some consider this a gross violation of basic ethics and get very upset that I'm scanning their computer. Others consider this to be the expected consequence of the end-to-end nature of the public Internet, that there's an inherent social contract that you must be prepared to receive any packet from anywhere. Kerckhoff's Principle from the 1800s suggests that core ethic of cybersecurity is exposure to such things rather than trying to cover them up.The point isn't to argue whether masscanning is ethical. The point is to argue that it's undecided, and that your IRB isn't going to be able to answer the question better than anybody else.But here's the thing about masscanning: I'm honest and transparent about it. My very first scan of the entire Internet came with a tweet "BTW, this is me scanning the entire Internet".A lot of ethical questions in other fields comes down to honesty. If you have to lie about it or cover it up, then th |
| Envoyé | Oui |
| Condensat | /people/ /project/ 1800s 2021 @random able about above accepted achieves actor actors actually add adding addition admit after again agree all also analysis analyzer analyzers annotate answer any anybody anywhere approval april are argue asking attention authorized automated avoided back bad banning based basic because been being believe better biomedical board boss both btw bugs but came camps can capable case chance check china cite claims clear code come comes community competence competent computer concentration concern conclusion conclusioni conducted consequence consequences consider contract contribution core could cover covers crap crappy create created cyberattacks cybersecurity days deal debate decided decreasing deliberately detection developing device did difficult disagree disapproval disavowed discovered dishonest dishonest:by dishonesty documented doing done down drops earth easily easy eddie either else employees end entire ethic ethical ethically ethics ethics: evade every evolution evolve exactly example existing exists expected experiments expert exploits exposure fact faith fallout features field fields file find fine firewall first focus focused forward found fresh from functions future get given glad going good got gross guy hack hacking hard has have hear here home honest honesty hostile how however hysterical idea imagine immediately important include including incompetence incompetent increasing indeed inherent inherently insert instead institutional internet ipv4 irb irbs isn issue just kerckhoff kernel know knowledge knows language languages learn legitimate lie like likely limiting linux little lone lose lost lot lots low lying main maintainer maintainers making malicious many masscanning masscanning: may meaning medical might military minnesota mistakes more must natural nature nazi need needs never new next noise non none not novichoked now null nullable obviously off okay old one one submitted open order other others out output own packet packets paid paper paper is parameters part partly past patch patches penetration people person point pointer pointers policy posed practiced preconceptions prepared previous principle probably problem problems produce produced programmer programming project projects proposes proud public pull pursuing putin quality question questions random rather reality receive recent recognizable recognize regardless regularly reject requests requires research researcher researchers resources response return reverse: reverting review reviewed reviews rip router russia rust safe safety same say scan scanning search security should shows sign signed and simply simultaneously since situation social soldiers some sometimes sort sorts source specifically sponsors starting statements static study stupid subjects submissions submit submitted submitting subversive such suffers suggests sure syphilis tainted taking scorched team terms test than that them then there therefore these they thing things think time today tool top tracking traditional transparent trouble true:their trust trusted trying tuskegee tweet two ultra umn undecidable undecided understand unethical universities university unnecessary unsafe unsigned unwilling unwitting update: this upset useful valid very victims vigilant violation volunteers vuln vulnerability vulnerable vulns want way ways week well west when where whether which who wildly win without wolf words work would year you your |
| Tags | Hack Vulnerability |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.