at Google ScholarTitle data
Hantke, Florian ; Roth, Sebastian ; Mrowczynski, Rafael ; Utz, Christine ; Stock, Ben:
Where Are the Red Lines? Towards Ethical Server-Side Scans in Security and Privacy Research.
2024
Event: 45th IEEE Symposium on Security and Privacy (S&P)
, 20.-22.05.2024
, San Francisco, CA.
(Conference item: Conference
,
Paper
)
DOI: https://doi.org/10.1109/SP54263.2024.00104
Abstract in another language
Comprehensive and representative measurements are crucial to understand security and privacy risks on the Web. However, researchers have long been reluctant to investigate server-side vulnerabilities at scale, as this could harm servers, disrupt service, and cause financial damage. This can lead to operator backlash and problems in peer review, as the boundaries posed by the law, ethics, and operators’ stance towards security research are largely unclear. In this paper, we address this research gap and investigate the boundaries of server-side scanning (3S) on the Web. To that end, we devise five typical scenarios for 3S on the Web to obtain concrete practical guidance. We analyze qualitative data from 23 interviews with legal experts, members of Research Ethics Committees, and website and server operators to learn what types of 3S are considered acceptable and which behavior would cross a red line. To verify our findings, we further conduct an online survey with 119 operators. Our analysis of these different perspectives shows that the absence of judicial decisions and clear ethical guidelines poses challenges in overcoming the risks associated with 3S, despite operators’ general positive stance towards such research. As a first step to mitigate these challenges, we suggest best practices for future 3S research and a pre-registration process to provide a reliable and transparent environment for 3S-based research that reduces uncertainty for researchers and operators alike.
Further data
| Item Type: | Conference item (Paper) |
|---|---|
| Refereed: | Yes |
| Institutions of the University: | Faculties > Faculty of Mathematics, Physics und Computer Science Faculties > Faculty of Mathematics, Physics und Computer Science > Department of Computer Science |
| Result of work at the UBT: | No |
| DDC Subjects: | 000 Computer Science, information, general works 000 Computer Science, information, general works > 004 Computer science |
| Date Deposited: | 20 Jan 2025 08:01 |
| Last Modified: | 20 Jan 2025 08:50 |
| URI: | https://eref.uni-bayreuth.de/id/eprint/91461 |