bei Google ScholarTitelangaben
Hantke, Florian ; Roth, Sebastian ; Mrowczynski, Rafael ; Utz, Christine ; Stock, Ben:
Where Are the Red Lines? Towards Ethical Server-Side Scans in Security and Privacy Research.
2024
Veranstaltung: 45th IEEE Symposium on Security and Privacy (S&P)
, 20.-22.05.2024
, San Francisco, CA.
(Veranstaltungsbeitrag: Kongress/Konferenz/Symposium/Tagung
,
Paper
)
DOI: https://doi.org/10.1109/SP54263.2024.00104
Abstract
Comprehensive and representative measurements are crucial to understand security and privacy risks on the Web. However, researchers have long been reluctant to investigate server-side vulnerabilities at scale, as this could harm servers, disrupt service, and cause financial damage. This can lead to operator backlash and problems in peer review, as the boundaries posed by the law, ethics, and operators’ stance towards security research are largely unclear. In this paper, we address this research gap and investigate the boundaries of server-side scanning (3S) on the Web. To that end, we devise five typical scenarios for 3S on the Web to obtain concrete practical guidance. We analyze qualitative data from 23 interviews with legal experts, members of Research Ethics Committees, and website and server operators to learn what types of 3S are considered acceptable and which behavior would cross a red line. To verify our findings, we further conduct an online survey with 119 operators. Our analysis of these different perspectives shows that the absence of judicial decisions and clear ethical guidelines poses challenges in overcoming the risks associated with 3S, despite operators’ general positive stance towards such research. As a first step to mitigate these challenges, we suggest best practices for future 3S research and a pre-registration process to provide a reliable and transparent environment for 3S-based research that reduces uncertainty for researchers and operators alike.
Weitere Angaben
| Publikationsform: | Veranstaltungsbeitrag (Paper) |
|---|---|
| Begutachteter Beitrag: | Ja |
| Institutionen der Universität: | Fakultäten > Fakultät für Mathematik, Physik und Informatik Fakultäten > Fakultät für Mathematik, Physik und Informatik > Institut für Informatik |
| Titel an der UBT entstanden: | Nein |
| Themengebiete aus DDC: | 000 Informatik,Informationswissenschaft, allgemeine Werke 000 Informatik,Informationswissenschaft, allgemeine Werke > 004 Informatik |
| Eingestellt am: | 20 Jan 2025 08:01 |
| Letzte Änderung: | 20 Jan 2025 08:50 |
| URI: | https://eref.uni-bayreuth.de/id/eprint/91461 |