بررسی اخلاقی آموزشِ نوشتن بدافزارها و مهارتِ هک و نفوذ به سیستمها | ||
| پژوهشهای فلسفی -کلامی | ||
| مقاله 4، دوره 20، شماره 2 - شماره پیاپی 76، تیر 1397، صفحه 71-94 اصل مقاله (1.68 M) | ||
| نوع مقاله: مقاله علمی پژوهشی | ||
| شناسه دیجیتال (DOI): 10.22091/pfk.2017.1803.1575 | ||
| نویسندگان | ||
| زینب آل بویه1؛ علی رضا آل بویه* 2 | ||
| 1کارشناسی ارشد مهندسی کامپیوتر (نرمافزار)، پژوهشگر جامعه الزهرا | ||
| 2استادیار پژوهشگاه علوم و فرهنگ اسلامی | ||
| چکیده | ||
| امروزه برگزاری دورههای آموزشیِ مهارتِ هک کردن رو به افزایش بوده و با استقبال زیادی مواجه شده است. در برخی کشورها آموزش هک و نوشتن بدافزارها جزء واحدهای درسی دانشجویان رشتههای کامپیوتر و فناوری اطلاعات در نظر گرفته شده است. به اعتقاد برخی، از آنجا که آموزشِ مهارت هک و بدافزارنویسی ممکن است افراد را به سمت فعالیتهای مجرمانه سوق دهد و افراد از این مهارت سوءاستفاده کنند، به ضرر جامعه است و بر همین اساس، غیراخلاقی است، اما برخی دیگر با این آموزشها موافقاند و بر این باوراند که برای اینکه بتوانیم با مجرمان سایبری مقابله کنیم، باید بتوانیم مانند آنها فکر کنیم. به اعتقاد این افراد، کارشناسان امنیتی برای فهم بهترِ نقاط ضعف امنیتی سیستمها و مقابله با بدافزارها نیازمند یادگیری مهارت هک کردن و نوشتن بدافزارها هستند و از همین رو، آن را اخلاقی میدانند. بنابراین، با توجه به افزایش برگزاری دورههای آموزشی بدافزارنویسی و مهارت هک کردن و همچنین اهمیت امنیت رایانهها، در این مقاله به تبیین، تحلیل و نقد و بررسی استدلالهای موافق و مخالف اخلاقی بودن آموزش نوشتن بدافزارها و مهارت هک کردن پرداخته میشود و راهکارهایی برای استفاده اخلاقی از آموزش این مهارتها ارائه میشود. | ||
| کلیدواژهها | ||
| آموزش هک؛ اخلاق حرفهای؛ اخلاق فناوری اطلاعات؛ بدافزار؛ هکر؛ تست نفوذ | ||
| موضوعات | ||
| فلسفه اخلاق | ||
| عنوان مقاله [English] | ||
| An Ethical Study of Teaching Malware Writing, Hacking Skills and System Infiltration | ||
| نویسندگان [English] | ||
| Zaynab Ᾱlebūyeh1؛ Alī Rezā Ᾱlebūyeh Ᾱlebūyeh2 | ||
| 1* Master's student of Computer Engineering (software), researcher at Jāmi‘at al-Zahrāʼ | ||
| 2Assistant professor, Islamic Culture and Science Research Center | | ||
| چکیده [English] | ||
| Nowadays, the number of courses teaching hacking skills is increasing and has encountered a very warm reception. In some countries, teaching hacking and writing malware has been considered as part of course credits for students of the fields of computer and information technology. According to some, since teaching hacking and malware writing may lead people to criminal activities and people may misuse this expertise, it is in detriment to the society and based on this, it is unethical; but some others agree with this instruction and believe that in order to confront cyber criminals, we must be able to think like them. According to this group, security experts need to learn hacking skills and malware writing in order to better understand the weakness in the security of systems and to deal with malware and therefore, they consider it ethical. Thus, considering the increase in the number of malware and hacking courses being held, and also the importance of the security of computers, this article delves into the explanation, analysis, critique and study of the ethical arguments for and against malware writing and hacking skills education and some measures for the ethical use of these skills will also be presented. | ||
| کلیدواژهها [English] | ||
| hacking instruction, career ethics, information technology ethics, malware, hacker, infiltration test | ||
| مراجع | ||
|
- آلبویه، علیرضا؛ آلبویه، زینب. (1394). هک کردن و نفوذ به سیستمهای رایانهای از منظر اخلاقی، فصلنامه علمی- پژوهشی نقد و نظر. 2(20)، 128-104. - Applegate, S. D. (2013). The Dawn of Kinetic Cyber. 5th International Conference on Cyber Conflict. - Aycock, J. ;Barker, K. (2005). Viruses 101. In Proceedings of the 36th SIGCSE Technical Symposium on Computer Science Education, 152–156. - Aycock, J. (2006). Teaching spam and spyware at the University of Ca1gery. Third Conference on Email and Anti- Spam (CEAS), 137-141. - Clarke, zuley; clawson, james; cordell, maria. (2003). A brief history of hacking. http://steel. lcc. gatech. edu/~mcordell/lcc6316/Hacker%20Group%20Project%20FINAL. pdf. 2016/10/5. - Cook, T.; Conti, G. & Raymond, D. (2012), When Good Ninjas Turn Bad: Preventing Your Students from Becoming the Threat. Proceedings of the 16th Colloquium for Information Systems Security Education Orlando, 11-13. - Curbelo, A. M. ; Cruz, A. (2013). Faculty Attitudes Toward Teaching Ethical Hacking to Computer and Information Systems Undergraduates Students. Eleventh LACCEI Latin American and Caribbean Conference for Engineering and Technology. - Denning, D. E. . (2012). Stuxnet: What Has Changed?. future internet , 4, 672-687. - Faily, S. (2014). Ethical Hacking Assessment as a Vehicle for Undergraduate Cyber-Security Education. Processing of the BCS 19th Annual INSPIRE Conference. - Farwell, J. P. & Rohozinski, R. (2011). Stuxnet and the Future of Cyber War. Survival, 53(1), 23-40. - Grobert, F.; Kornau, T. & Pimenidis, L. (2008). Is Teaching Hacking in Academia Ethical?. https://events. ccc. de/sigint/2009/Fahrplan/attachments/1275_main. pdf. 2016/9/20. - Kaspersky Security Bulletin (2015), https://securelist. com/files/2015/. . . /Kaspersky-Security-Bulletin-2015_FINAL_EN. pdf. 2016/7/2. - Ledin, G. . (2005). Not teaching viruses and worms is harmful. Communications of the ACM, 48 (1), 144. - Ledin, G. . (2011). The growing harm of not teaching malware. Communications of the ACM, 54 (2), 32-34. - Livermore. (2007). What are Faculty Attitudes Toward Teaching Ethical Hacking and Penetration Testing?. Procedings of the 11th Colloquim for Information System Security Education, Boston, MA. - Logan, P. & Clarkson, A. . (2005). Teaching students to hack: Curriculum issues in information security. Proceedings of the 36th SIGSE Technical Symposium on Computer Science Education. 157-161. - Mariotti, J. (2014). An introduction to malware. https://www. ncsc. gov. uk/content/files/protected_files/guidance_files/An-introduction-to-malware. pdf. 2016/7/14. - Milošević, N. (2013). History of malware. Digital forensics magazine, 16(1), 58-66. - Pashel, B. A. . (2006). Teaching Students to Hack: Ethical Implications in Teaching Students to Hack at the University Level. InfoSecCD '06 Proceedings of the 3rd annual conference on Information security curriculum development, 197-200. - Pike, R. E. . (2013). The “ethics” of teaching ethical hacking. Journal of International Technology and Information Management, 22, 67-76. - Sullins, J. P. . (2014). A Case Study in Malware Research Ethics Education, When teaching bad is good. 2014 IEEE Security and Privacy Workshops,www. ieee-security. org/TC/SPW2014/papers/5103a001. PDF. 2016/8/6. - Trabelsi, Z. & Ibrahim, W. (2013). Teaching ethical hacking in information security curriculum: A case study. 2013 IEEE Global Engineering Education Conference. ieeexplore. ieee. org/iel7/6522574/6530074/06530097. pdf. 2016/7/23. - Zeltser, L. (2014). What is malware. https://securingthehuman. sans. org/newsletters/ouch/issues/OUCH-201402_en. pdf. 2016/5/1. - Lachow, I. (2011). The Stuxnet Enigma Implications for the Future of Cybersecurity. Georgetown Journal of International Affairs. 118-126.
- http://panmore. com/ethical-hacking-code-of-ethics-security-risk-issues. - http://www. mashreghnews. ir/fa/news/36007, 1395/6/15 - https://cert. eccouncil. org/images/doc/Ethics-Violation-Report-Form-v1. 1-03012012. pdf, 2016/9/14. - https://www. eccouncil. org/code-of-ethics/,2016/9/14. - https://www. helpnetsecurity. com/2002/04/08/the-history-of-hacking,2016/7/2. - www. isna. ir/news/92102514875, 1395/6/19. - www. tabnak. ir/fa/news/594370, 1395/6/19. - www. yjc. ir/fa/news/5621944, 1395/6/19. - Resources written in Arabic / Persian | ||
|
آمار تعداد مشاهده مقاله: 2,652 تعداد دریافت فایل اصل مقاله: 1,004 |
||