Ethics in Security Research: Visions, Reality, and Paths Forward

Ethics has become a prevalent and important criterion for academic research. However, achieving ethical compliance in practice is a highly complex and specialized task. In the field of computer security research, although top-tier conferences all have set out visions for ethical compliance, researchers may encounter practical dilemmas such as the lack of assistance from legal departments and the absence of specific domain guidelines, leading to various realistic obstacles to ethical treatment. This paper provides a comprehensive investigation of ethical considerations in computer security research. We first summarize the ethical requirements of top-tier security and network conferences. Then, based on a survey of 6,078 academic papers and an online investigation of 248 researchers mainly from a Chinese security community, we reveal the current status and practical issues of ethical considerations in security research. In particular, given the plight of the lack of authoritative ethical guidance, we offer a series of suggestions on how researchers at institutions without authoritative departments could best mitigate ethical risks. We also raise several open questions, and expect to help seek paths towards better ethical compliance for the security community.