Computer Security and Human Values

Peter G. Neumann

• 1. Introduction
• 2. Computer-Related Misbehavior
• 3. User-View System Requirements
• 4. System Security Requirements
• 5. Expectations on Human Behavior
• 6. Design/Implementation Concerns
• 7. Operational Concerns
• 8. Antisocial Behaviors
• 8.1 ‘Hacking,’ Good and Bad
• 8.2 Summary of Modes of Misuse
• 8.3 Deleterious Computer-System-Oriented Effects
• 8.4 Social Consequences
• 9. System Considerations
• 9.1 Identification, Authentication, and Authorization
• 9.2 Access Controls
• 9.3 Uses of Encryption Technology
• 9.4 Accountability and Monitoring
• 10. Future Needs
• 11. Conclusions
• 12. Some Topics for Discussions
• 13. Further Background
• 14. References
• Appendix: Updated Illustrative Risks to the Public…

2. Computer-Related Misbehavior

Approaches to managing the general problem of attaining more meaningful security in a computer-related enterprise have both technological and nontechnological components. The former are generally complex, but are becoming better understood and better supported by newer computer systems. The latter are exceedingly broad, including social, economic, political, religious, and other aspects.

By computer-related misbehavior, we mean behavior that is different from what is desired or expected. Such misbehavior may be attributable to a combination of human, computer, and environmental problems. That is, not just system misuse by people, but also people misuse by systems! As noted in Neumann [88], there are three basic gaps that may permit computer and/or human misbehavior:

• Gap 1: The technological gap between what a computer system is actually capable of enforcing and what it is expected to enforce (e.g., its policies for data confidentiality, data integrity, system integrity, availability, reliability, and correctness). This gap includes deficiencies in both hardware and software (for systems and communications) and deficiencies in administration, configuration, and operation. For example, passwords are expected to provide authentication of would-be system users; in practice, passwords are highly compromisible. Instances of this gap may be triggered by people (accidentally or intentionally), or by system malfunction, or by external events (for example).
• Gap 2: The sociotechnical gap between the computer-related policies on one hand and social policies on the other hand, such as computer-related crime laws, privacy laws, codes of ethics, malpractice codes and standards of good practice, insurance regulations, and other established codifications. For example, the social policy that a system user must not exceed authorization does not translate easily into a system policy that requires no authorization or in which authorization is easily bypassed.
• Gap 3: The social gap between social policies (e.g., expected human behavior) and actual human behavior, including cracker activity, misuse by legitimate users, dishonest enforcers, etc. For example, someone accessing a computer system from another country who is bent on misuse of that system may not be very concerned about local expectations of proper human behavior. Similarly, employees who misuse a system because they have been bribed to do so may consider the precedence of a “higher ethic” (money).

The technical gap (Gap 1) can be narrowed by proper development, administration, and use of computer systems and networks that are meaningfully dependable with respect to their given requirements. The sociotechnical gap (Gap 2) can be narrowed by creating well defined and socially enforceable social policies, although computer-based enforcement depends upon the narrowing of Gap 1. The social gap (Gap 3) can be narrowed to some extent by narrowing Gaps 1 and 2, with some additional help from better education. However, the burden must ultimately rest on better computer systems and computer networks as well as better management and self-imposed discipline on the part of information managers and workers. Detection of misuse then serves to further narrow the gaps – particularly when access controls are inadequately fine-grained so that it is easy for authorized users to misuse their allocated privileges.

A classification of many types of system vulnerabilities and unintentionally introduced flaws that are subject to malicious or accidental exploitation is given in Neumann and Parker [89]. That article provides useful background, although a detailed technical understanding of the different types of attack methods is not essential here.

Given a computer-related misbehavior, there is often a tendency to attempt to place the blame elsewhere, i.e., not on the real causes, in order to protect the guilty. For example, it is common to “blame the computer” for mistakes that are ultimately attributable to people. Even disastrous computer-related effects resulting from “acts of God” and hardware malfunctions can in many cases be attributed to a deficiency in the system conception or design. Similarly, it is common to blame computer users for problems that more properly should be attributed to the system designers, and in some cases, to the designers of the human-machine interfaces. In many instances, the blame deserves to be shared widely. A recurring theme in the discussion below involves the relative roles of the three gaps noted above. A suitably holistic view suggests that all three might be involved.

Back to the top

Go to: 3. User-View System Requirements

Home > Research Resources > Computer Security > Computer Security and Human Values

HOME | IN THE NEWS | RESEARCH RESOURCES
TEACHING RESOURCES | STUDENT RESOURCES
LINKS | THE GALLERY | STAFF

The Research Center on Computing & Society
at Southern Connecticut State University
501 Crescent Street • New Haven, CT 06515
Director: (203) 392-6790 • e-mail: webmaster@computerethics.org

© 2000 – 2007 – Research Center on Computing & Society