The ethics of coexistence: Can I learn to stop worrying and love the logic bomb?

Computer security attacks are frequent fodder for ethical analyses, but the ethics of computer security defenses are not often examined. We address this by considering a topical problem in computer security. In an age of so-called “advanced persistent threats” that lurk undetected on computer systems for long periods of time, it is increasingly unrealistic to expect a computer system to be permanently free of malicious software. Recognizing this, we posit the idea of a “cosecure system” - a cosecure system, by design, would allow legitimate software and malicious software to coexist safely on the same machine. We take an unusual tack to software design and use ethical concerns to guide the design of a cosecure system, rather than building a cosecure system and then performing an ex post facto ethical analysis. The principal tenets of security that must be upheld are confidentiality, integrity, and availability, and any system purporting to be secure has an ethical duty to the system user to uphold these. This is the starting point for our design process, and we proceed to look at how a cosecure system may be implemented. What we arrive at by going through this ethics-based software design becomes a proof by contradiction: we are forced to conclude that it is not possible, in fact, for malicious and legitimate software to coexist; a cosecure system as we have described it cannot be built. This allows us to see traditional computer security defenses in a new light. If we cannot uphold key security properties in the best case, where a system is expressly designed to allow coexistence of malicious and legitimate software, what does that imply about the defenses of the actual computer systems we use? We propose that a community defense is an alternative that eludes previous ethical issues, as well as being defensible from an information ethics point of view.

[1]  Deborah G. Johnson,et al.  Computer ethics (2nd ed.) , 1994 .

[2]  Michael Steil,et al.  Mistakes Microsoft Made in the Xbox Security System , 2022 .

[3]  James H. Moor,et al.  What Is Computer Ethics?* , 1985, The Ethics of Information Technologies.

[4]  William E. Weihl,et al.  Lottery scheduling: flexible proportional-share resource management , 1994, OSDI '94.

[5]  John Aycock,et al.  Ethical Proactive Threat Research , 2010, Financial Cryptography Workshops.

[6]  Matthew M. Williamson,et al.  Implementing and Testing a Virus Throttle , 2003, USENIX Security Symposium.

[7]  John Aycock,et al.  "Good" worms and human rights , 2008, CSOC.

[8]  MORAL IMPERATIVES,et al.  ACM code of ethics and professional conduct , 1991, CSOC.

[9]  John Aycock Computer Viruses and Malware (Advances in Information Security) , 2006 .

[10]  Herman T. Tavani Ethics and technology - ethical issues in an age of information and communication technology (2. ed.) , 2007 .

[11]  Helmut Schneider,et al.  The domino effect of password reuse , 2004, CACM.

[12]  Matt Bishop,et al.  Computer Security: Art and Science , 2002 .

[13]  Stephen B Jones A Gift of Fire , 2014 .

[14]  John Aycock,et al.  FUTURE THREATS , 2007 .

[15]  Sergey Bratus,et al.  Bickering In-Depth: Rethinking the Composition of Competing Security Systems , 2009, IEEE Security & Privacy.

[16]  Helen J. Wang,et al.  SubVirt: implementing malware with virtual machines , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).

[17]  Deborah G. Johnson Computer Ethics , 1985 .

[18]  Charles P. Pfleeger,et al.  Security in computing , 1988 .

[19]  Sara Baase A gift of fire , 2003 .

[20]  Peter Szor,et al.  The Art of Computer Virus Research and Defense , 2005 .

[21]  John Aycock,et al.  Computer Viruses and Malware , 2006, Advances in Information Security.

[22]  John F. Shoch,et al.  The “worm” programs—early experience with a distributed computation , 1982, CACM.

[23]  M. Angela Sasse,et al.  Users are not the enemy , 1999, CACM.

[24]  Farnam Jahanian,et al.  CloudAV: N-Version Antivirus in the Network Cloud , 2008, USENIX Security Symposium.

[25]  Stefan Katzenbeisser,et al.  Computing under occupation , 2008, NSPW '07.

[26]  Jessica R. Johnston Technological Turf Wars: A Case Study of the Computer Antivirus Industry , 2008 .

[27]  Ronald E. Anderson ACM code of ethics and professional conduct , 1992, CACM.

[28]  Paul C. van Oorschot,et al.  Self-Signed Executables: Restricting Replacement of Program Binaries by Malware , 2007, HotSec.

[29]  Fred Cohen,et al.  Computer viruses—theory and experiments , 1990 .

[30]  IEEE Code of Ethics , 2004, IEEE Potentials.

[31]  Butler W. Lampson,et al.  A note on the confinement problem , 1973, CACM.

[32]  Herman T. Tavani,et al.  Ethics and Technology: Ethical Issues in an Age of Information and Communication Technology , 2006 .