Overview of Ethical Issues: Security, Confidentiality, and Hacking in software Engineering

Book a Appointment for Free consultation

OVERVIEW OF ETHICAL ISSUES

such as Security, Confidentiality and Hacking in Software Engineering

Research work by Sana & Nayab

Abstract

Ethics are basically the moral principles that applies to the practices of engineering .Ethics are part of engineering because an engineer is socially responsible when manufacturing products and processes for society. Ethical issues emerge when some specific action or decision make contention with the ethical standards of the society. Engineering directly impacts on people’s quality of life. The services provided by an engineer must be secure, confidential and should be protected from any unethical use like illegal hacking. The objective of the paper is to find out why ethical issues such as security, confidentiality and hacking occurs/happens and we will analyze tools and techniques that can be used to overcome the ethical Issues. Finally this paper focuses on how effective proposed tools and techniques are in term of ethical issues with the evolution in technology.

Keywords: Ethical issues, Security, Confidentiality, Hacking.

1.Introduction

In the world of cooperation, ethics take part an essential role for the employee and the employer. Ethics is a set of rules or concept that is regarded as standards, which are generally forced by a community or a profession. They can be expressed in the self-observation of the individual and his constant attempt to become a better human being on private level. In professional life, it is considered as standards to which all members of a profession are bound.
Engineering is the process of developing a well- organized mechanism using technology.
In engineering, ethics are basically the moral principles that apply to engineering practices. A software engineer with ethics can assist and provide his services in a better way by applying them to most of the conditions which make an appearance at work.
Engineering became a recognizable profession in the 19th century. However, at that time, ethics was seen as a personal concern rather than a professional one. In the beginning of 20th century, there had been a sequence of notable failures, these failures had intense repercussion on engineers which enforced the profession to face gaps in the technical practices and ethical standards. So, the first codes of engineering ethics were officially adopted by American engineering companies in 1912-1914.

As of today, engineering ethics is a well-developed area of professional ethics in the modern West like medical, legal, and business ethics and professional engineers are expected to both know and abide by ethical standards as a condition of belonging to the profession.

Why we need ethics in software engineering? We need ethics in this particular field because a software engineer shares a fundamental human preference to prosper and be successful in life and work with everybody. What does this have to do with ethics? Picture a future where you are faced with a moral dilemma resulting from a project you are working on and which shows serious danger for end users.

In this kind of scenario, are you going to act in a way that you would be comfortable with if it later on exposed to public? .So a software engineer is responsible for providing services to society so his decision must not make contention with the standard of the society.

Why Software engineers face ethical issues?

The process of software development and deployment in the Internet age has certain eccentricity which make ethical issues for software engineers even more critical in some situations than for other types of engineers. First, the shortened life cycle has weakened and in some cases eliminating the review of software by management and legal teams.

It’s normal for engineers to code and deploy functionality directly for instance for web applications like Facebook. Even where more conventional development practices are carried, partially some deployments such as fixing bugs are provided with technical (not ethical) supervision. In any case, engineers retain at least the capability to deploy code directly to users, a capacity that can easily be misused. There are considerable other ethical concerns that engineers may confront. Some of them have to do with technical practice, however numerous others have to do with broader business conduct considerations.

Some of them incorporate security, confidentiality and hacking ethical issues. Security refers to the entire activities required to secure data or information and systems which assists it in order to facilitate its legitimate or proper use. Hacking and confidentiality comes under security. Confidentiality is the practice to keep the information as a secret only provided to desirable mean .The maintenance of secrecy refers to the unrevealing of any data concerning the company’s business processes that are not in public knowledge.

Every company can identify the individuals and groups that might have access to a particular set of information. There are many ways of breaking confidentiality, and techniques to protect them from confidentiality breach. So when confidential data or information is leaked then it becomes an ethical issue for a software engineer. According to the Code of Ethics and Professional Practice when a professional who is questioned about the technical details of the employer’s forthcoming product must choose between answering the question completely and keeping the information secret.

Hacking is the illegal and unauthorized access to someone’s private data or system. Hacking can be broadly divided into ethical and unethical hacking. Unethical Hacking significantly affects the development of systems and networks. This is especially the case of systems and networks of organizations where sensitive or confidential information is used on regular basis. Organizations or data holders must find solutions and measures to protect information technology assets. In this endeavor, organizations can use ethical hacking which is used to find loopholes in a software .

To achieve better results through ethical hacking include the total authorization of hired hacker for the testing of software. Due to some security reasons all the information is not provided which may result as a loophole in system. Our study focuses on why we need to consider these ethical issues in software engineering and how we can overcome these ethical issues.

Background

Ethics are defined as standard for differentiating well from bad and the elaboration of ethics solely cannot give perceptions of conduct for software engineering student according to researchers. Systematic methods are required to facilitate the explanation of ethics. This kind of methods are very appropriate for software engineers in modeling the ethical decisions. Diagramming techniques includes such as flowcharts and UML diagrams which seems to be familiar approach for software engineers. [1] .Poorly quality developed software increases the chances of systems hacking.

System security is a relevant topic for a software engineers practice. It is the responsibility of the software engineer to make the system secure which shouldn’t be exploited. The software can only be hacked if it has loop holes in the system that lead to unauthorized access to data, applications, networks or computer devices. [2] .Ethical hackers are waged professionals who discover loopholes in software to overcome the risk of being hacked by black hat hackers. These are the people who try to protect data while on the internet with various attacks from hackers and keep it safe with the owner.

Ethical hackers use the same methods as black hat hackers but their intention is to use their knowledge in a productive way. Information obtained from ethical hacking is used to maintain the security of the system and to prevent system from further potential attacks. [3]. As technology advances, security threats and risks are increasing and due to that fact Cybercriminals are becoming increasingly more sophisticated with the ways in which they exploit technology, making it difficult to eliminate risks. Cyber-attacks can be on technological infrastructure, in the form of malware and viruses or on individuals according to a study. Security ethical issue can be mitigated by training programs and raising awareness among the members of the organization and end users of the software according to scholars [4].

Ethical issues arises in many areas of privacy, including surveillance, medical privacy, Internet privacy and workplace privacy. Making ethics effective in society plays an important role in information security. The ability to give people a set of ethical rules to follow and provide an ethical conscience will definitely establish a better layer of security in organizations. Nowadays, information systems

are becoming large that it becomes more difficult to manage with only technological control mechanisms. Control mechanisms must therefore be built on individual control mechanisms which can be achieved by ethical frameworks. While, the laws dictate what behaviors we should follow while ethics recommend what we should follow and it also notable that for any good law, the law is based on ethics. [5][8][9].

we categories hacking into two ways, first is permissioned or ethical hacking and second is illegal which is known as reverse hacking. Security issue needs to be considered during the development of the software to find weakness in the system. Basic principle of information security is strengthen your Firewall. The firewall blocks the access to the malicious and unsupported approach. It creates a barrier between a trusted internal networking and an unreliable external networks just like internet. An intrusion detection system is a hardware or software application .It is used to monitor or control malicious activity on the network. When a malicious activity occurs, an administrator or safety information and event management is reported. [6] The patch is a backup of a computer program designed to update, fix and improve it.

This includes removing vulnerabilities and other defects and these types of fixes are known to fix bugs. [6]. Ethics plays an important role in securing the information systems. Social responsibility means that every person is bound to behave in a way that is not detrimental for the society. While The illegal copying and distribution of programs, music, videos and other form of digital media is a major problem especially among “Millennial” students, some of whom may not have acquired digital media through legitimate media these matters would consider come under intellectual property and media rights which point to the unethical behavior. However universities need to introduce ethics awareness and teach courses regarding ethical standard and provide training to the future leaders of the development so they can apply ethics in their profession while developing the software [7].

InfoSec is a framework for implementing socio ethical awareness which will help organizations in spreading awareness between all the staff and end users. This InfoSec framework will contribute in establishing awareness .Mainly in this era of advanced technology, this framework’s has become necessary to form standards of behavior for client and companies. Individuals and organizations that trade on the Internet should be assured of their rights to privacy, the ownership of their information and the responsibility to ethically and properly control this information.[9]

Methodology and Techniques Available

We are using back study approach in our paper. Firstly we will quickly look at the need of ethics in engineering then will describe the ethical issues including security, confidentiality and hacking and how they become ethical issues for software engineers. Finally we will discuss ways and techniques to mitigate these ethical issues.

Need of ethics in software Engineering

Software engineer has the power to do good and bad to the society and that power must be used to bring positivity and improvement in the lives of the people. Taking decision according to some standard is basically related to ethics. Assuming that a recently graduated software engineer has been hired to develop a software. Without either assessing or testing the framework appropriately, the recently hired developer's boss pressurizes him/her to complete the task rapidly. The board, as well, is very much content with its quick turn of events and offers the developed software to a few maternity wards at emergency clinics nationwide.
The abnormalities supported in the product, be that as it may, lead to the passing of a few babies. The inquiry that emerges is that who is to be considered responsible for these deaths? The clinic heads being referred to have absolutely procured the frameworks in accordance with some honesty, particularly in the light of the fact that they are no IT specialists in this field. The developer in this situation is obviously help responsible [8] .
This example demonstrates the need of ethical awareness and responsibility. So, firstly we are going to describe what security, confidentiality and hacking is and how these factors fall under ethical issues.

Security

Security is a condition of protection against danger or loss. In general, Security is a concept similar to safety. In the case of networks, security is also called information security and it points to the protection of data assets in case of breach of confidentiality. Information security means protecting information and information systems from unauthorized access, usage of data, discloser, interruption, alteration or destruction.
The Internet has increased the digitalization of various processes, such as online banking, online transaction, and transferring money over the internet, sending and receiving various forms of data over the internet which is increasing the security risks of data. Poorly quality developed software increases the chances of systems hacking. System security is a relevant topic for software engineer’s practice. It is the responsibility of the software engineer to make the system secure which is not easily exploitable. It becomes a moral problem for a software engineer when he cannot protect the security of the system. The software can only be hacked if it has loopholes in the system that lead to unauthorized access to data, applications, networks, or computer devices. In addition, information is accessed without permission.

Sometimes technical and technological measures are not sufficient to protect the origins of information. Additional measures should be used because there are many parameters when it comes to information security. One of these parameters is people. These people can be responsible for the system such as security professionals, employees, and users. These are the people who interact with the information system. To ensure that people are educated in the information system, a procedure that uses moral judgment must be entered. Computer and information ethics is studied by many researchers, academics, and professionals [1].

Including an ethical layer in information, security is very important because it can fill the gap which was created by those people. According to Kowalski, there are four significant explanations behind moral issues that appear in system or software security. To start with, there is a growing control gap in business data frameworks. The control gap can be additionally partitioned into three classes: Technological gap, socio-specialized gap, and social gap. What the truth and desires for the abilities of security implementing capacities is basically the technological gap. The socio-technical gap is the irregularity between socially-expected standards and security strategies while social gap points to people not acting as indicated by anticipated accepted practices Second, morals might be the regular language for the pros of various fields, and can be seen likewise by bunches outside the registering network. Third, current information systems are huge to the point that there are no verifiable mechanical control structures to oversee them. Rather, most frameworks are overseen by people’s understood control structures that are based on the system of ethical standards. Fourth, there is the requirement for top-down methodology, as to ISSI (Information

Systems Secure Interconnection) – model. As indicated by ISSI, five nontechnical layers are included as head of OSI conventions. The highest of these is the ethical layer that is a decent beginning stage to agree among clients and frameworks. Confidentiality refers to protecting information so that unauthorized people cannot access it. In other words, confidentiality data is only accessible to authorized persons. Failure to maintain confidentiality means that the person who should not be provided access has obtained it, through intentional behavior or by accident. In general, this breach of confidentiality, generally known as a breach that cannot be addressed. When the system is given access to an unauthorized parts, there is no way to detect it. Almost all of the major security accidents reported in the media today involve significant confidentiality losses. Because of the unauthorized access of confidential data to third party, it is ethical problem for the software engineer because he was responsible for maintaining the confidentiality of the data or information.

Hacking

Today all information is available online, accessed by a large number of users, some of them use this information to gain knowledge and others use it to know how to use this information to destroy or breach data and databases of websites without the owner’s knowledge. As computer technology advances, it also has its dark side which is hacking. Today, a large number of companies, institutions, banks and websites are subject to different types of hacker attacks by hackers.
Hacking is a method of finding loopholes or vulnerabilities in computer system or networks and using them to gain unauthorized access to data or to change the characteristics of targeted computer system or networks. Modifying computer, programs or networks to achieve specific goal are terms of hacking that are inconsistent with user goal. Hacker’s expertise include software cracking as well as hardware. A hacker is a computer enthusiast and highly skilled in programming, security and networking.

Hacking have two paths. The first one is legal and authorized work while the other path is illegal and unauthorized work. The authorized advance is also known as certified engineering .Illegal hacking is also called reverse engineering .White hat hacking is legal job assigned with the permission of organization while Black and Grey hat hacking is not approved.

According to the ways of working or according to their intension, Hackers can be classified into three groups.

White Hat Hackers
Black Hat Hackers
Grey Hat Hackers

White Hat Hackers /Ethical Hacking

Ethical hacking is an information security branch and also called as “Penetration testing” or “White Hat hacking”. They are waged professionals. To overcome the risk of being hacked by hackers, we have ethical hacker in this field, who are specialized in computer security that violates and find loop holes in protected networks or computer systems of some organizations or companies and corrects them to improve security working under set of rules and regulations by various organizations. These are the people who try to protect data while on the internet with various attacks from hackers and keep it safe with the owner. Ethical hackers use the same approaches as black hat hackers but their intention is to use their knowledge productively. Information obtained from ethical hacking is used to maintain the security of the system and to prevent system from further potential attacks.
Ethical hacking is a useful tool for the industry. Their expertise extends through penetration studies, site security assessment, and secure code reviews and security policy reviews. Mark Abene, known worldwide for his pseudonym Phiber Optik, information security expert and entrepreneur. High level hacker were in the 1980s and 1990s. He was one of the first hackers to publicly discuss and defend the positive benefits.

Need Of Ethical Hackers In software engineering:
Since each organization has its own confidential information that can be compromised or harmed by malicious hackers, therefore to protect this information, organizations employ ethical hackers and allow them to penetrate their systems ethically, find flaws or gaps in your systems and fix them before they hack your system. Ethical hacking is effective approach to overcome ethical problems in hacking

Black Hat Hackers

Cracker is the other name of Black hat Hackers. Crackers are highly skilled programmer’s breaks into someone system has malicious intent to steal or destroy their important or confidential information or compromise the security of some institution, close or change the functions of sites and networks. Crack system security for personal gain is the main goal of cracker. These people generally demonstrate their extensive knowledge of computers and commit various cybercrimes, such as identity theft, credit card fraud etc.

Student used his hacking skills to hijack webcams to catch young women pictures in various stages of undress (Humphries 2008). [2] .So this act is considered as illegal hacking which is highly unethical and affecting the lives of the common people.

Grey Hat Hackers

A Gray Hat Hacker is a security expert who frequently breach the law but has no malicious intent such as the black hat hackers. The word Gray Hat is obtained from Black Hat and White Hat because white hat hackers or ethical hacker discover weaknesses and loopholes in the networks and computer system or and do not tell anyone until it is fixed, while others hackers apart from the black hat illegally hack the computer system or the network to discover loopholes and leak the information to the third parties and the gray hat hacker does not illegally hacks and does not tell anyone how to do it. Gray Hat Hackers are amid white hat hackers who manipulate to maintain the security of the system and black hat hackers who hacks maliciously to hacks computer systems.

Despite of their positive objectives, the gray hat hacking can have upsetting social outcomes. According to Reports of CNN reported in the spring of 2015, Chris Roberts who is a consultant for cybersecurity was detained after supposedly illegally accessing the control system of exceeding twenty united Commercial airlines flights(Perez 2015).Although he profess that his act was meant purely to aware people of crucial security problems in the software of the aircraft. It is not hard to perceive the negative outcome that could rise if a malicious black hat hacker attempted the similar action.

Ways to mitigate Ethical issues

We can overcome ethical issues using different tools and techniques. At first understanding of ethical is important which can be explained by systematic methods in an effective way. Moral standards needs to be carried out without classification which come up as a foundation for morality. Systematic methods are required to facilitate the explanation of ethics. This kind of methods are very appropriate for software engineers in modeling the ethical decisions. Diagramming techniques includes such as flowcharts and UML diagrams which seems to be familiar approach for software engineers.

Nowadays, information systems are becoming large that it becomes more difficult to manage with only technological control mechanisms. Control mechanisms must therefore be built on individual control mechanisms which can be achieved by ethical frameworks. We can achieve high and potent security by incorporating ethics in control mechanisms.

Microsoft endured a break of security as for its corporate system in October 2000 in which important source code for a future item had been obtained. The inquiry, accordingly, remains: what are the full ramifications of that security penetration for the association? Could Microsoft be guaranteed that no endeavor had been made to adjust the said item or to inspect it for some type of trapdoor through which to dispatch future security penetrates? Despite the fact that they remain to a great extent unanswered, the inquiries that emerge from the over two cases, speculative and genuine, highlighting the need of ethical information security awareness inside the organization.
Societies of computer such as ACM have recommended some professional practices and code of ethics which an engineer must follow. Ethics are tightly linked to legal procedures or law if breached can leave an organization in crisis. Community plays an important role in information security by making ethical standards productive. If ethical rules and standard are given to individuals to follow and educating them on ethics will definitely improve the security layer in companies. Code of ethics provide guidelines to individuals for interacting

with the system. They can be applicable to all the people working in an organization including developers, management, end users and security experts. Organization can also specifically develop code of ethics and apply them within organization. This can be more useful and efficient due to target and additionally it can fill distinct security gaps related to information. Kluge [9] has developed a code of conduct for health information professionals. He discussed various problems in the field of health informatics and proposed a code of conduct for various information security problems, he suggested that in addition to the technical safety layer in the health information system, there should be an ethical layer that protect patient private data. By creating this layer in health information professionals.
One of these controls, Let us consider, can be applied to intrusion detection systems, and is as follows: Use of Surveillance System - Unauthorized access attempts such as alerts from proprietary intrusion detection systems, access policy violations, network gateway notifications and firewalls.
Consequently, ethics can need be applied within groups which agree upon basic ethical standards and acceptable conditions of use of information systems. This responsibility can start from a variety of factors. Agreement on common standards for the functioning of systems at the company level could be common business interests. Individually, conditions of employment or codes of ethics between the peer groups can be the determining factor. At the point when we talk about the ethics in security, it must be taken into account when developing software. Safety quality engineering (SQUARE) is a process model gives a mean to obtain, categorize and prioritize security requirements for software system. The objective of this methodology is to integrate security concepts during the early phases of the software development life cycle (SDLC). The model can also be used to document and analyze the security side of systems put into service and make improvement to software systems.
Awareness of security is an important factor in securing the information of organization. Numerous studies conducted confirms that lot of computer users have insufficient knowledge of information security. Government need to make effort to provide awareness related to security so that the people or users understand the threats and risks in security. People working in an organization are capable to make essential security decisions at the need of hour, that’s why employees should be provided proper training and awareness to cope with this problem. Awareness should be including that what are the security threats and how we can cope with these threats. All users must be educated about information security threats and understand their responsibility in the process of security.
Security problem occurs when there are weakness in the software which can be controlled by reviewing the code. Code review is an activity where the developers, coders and testing team review the code in a group. The weaknesses or loopholes in the software are observed by the code review team which is important before deployment of the software. The software engineer is a professionally responsible for the protection and confidentiality of information / data. He should not disclose his customers' personal data to unauthorized third parties. He can only release the information if that person has allowed it or it very necessary to share the information.

Bases on moral theories, one techniques that can be practically used to mitigate the issues of hacking would be to focus on piloting the moral and ethical concerns of gray hat hacking scenarios through educational programs. Ethical or white hat hackers still have the profound Skills and capabilities as black hat hackers. Basically, the laws dictate what behaviors we should follow while ethics recommend what we should follow and it also notable that for any good law, the law is based on ethics. Laws are enacted to protect the people who are innocent from the harm to boost rights. There are some laws related to hacking, if the laws are applied properly, hacking ethical issues can be mitigated to some extent. The law punishes hacking under the computer crime statutes.

Internationally, countries have started legalizing diverse laws and rules against hackers to protect people and organizations from reverse engineering attacks and other related crimes to hacking. Unfortunately, obedience to the law is the main exceptionally criminal component in IT security that prompted its initiation in any case. Individuals' have to recognize what their privileges are and the discipline to be imposed if they somehow happened to violate law. Along these lines, the UK Computer Misuse Act of 1990 ensures against all PC abuse offenses by securing against unapproved access to PC material; unapproved access with aim to submit or encourage commission of further offenses and unapproved alteration of data/information. The computer fraud and Abuses act is the main /important law against hacking that prohibits illegitimate access to third party or some other system.

Though the law was primarily intended to protect the computer systems of U.S. government entities and financial institutions, the extent of the law has extended with changes to include virtually all computers in the country (containing devices such as servers, laptops, smartphones desktops and tablets).
Civil Violations under the CFAA is the law to penalize the criminals who violates the law. But the modification made in 1994 expanded the act to take in the causes of action for to take in the causes of action for civil suits as well as to criminal prosecution. Violation in this act included the following clauses: attaining data from a computer through illegitimate means, Trafficking in a computer password that can be used to get access to a computer; spreading spam and harming the data or information stored on computer.

Professional software engineers are aware of the fact that security considerations must be taken into account in the design and during the complete software development life cycle. Their security skills can be further strengthened by developing additional skills in hacking approaches while inspecting ethical reasoning to completely understand the dividing line between white hat and gray hat hacking circumstances.

IV. Proposed Methodology:

1. Research Design

This is a quantitative research which used a quantitative method and it uses different measurements scales. The aim was to get opinions of software engineering students and professional about Overview of Ethical Issues such as security, confidentiality and Hacking in Software Engineering .We have used google forms for conducting a survey.

2. Data Collection Technique

The primary data was collected using a questionnaire. Questionnaire method has been followed to collect the data from the respondents. Questionnaire contains eleven question created on google form which was filled by software engineering students and IT professionals. The information is kept confidential. This study uses a 3 Liker scale. Questionnaire was filled by thirty respondents out of which 63.3 are female and 36.7% male respondents. If we talk about the occupational status of the respondents, 56.7% are undergraduate students of software engineering and 43.3 % are IT professionals.