IRBs and Security Research: Myths, Facts and Mission Creep

Garfinkel, Simson L.

IRBs and Security Research: Myths, Facts and Mission Creep

Active / Technical Report | Accession Number: ADA486534 |

Open PDF

Abstract:

Having decided to focus attention on the weak link of human fallibility, a growing number of security researchers are discovering the US Governments regulations that govern human subject research. This paper discusses those regulations, their application to research on security and usability, and presents strategies for negotiating the Institutional Review Board IRB approval process. It argues that a strict interpretation of regulations has the potential to stymie security research.

Author(s):

Garfinkel, Simson L.

Author Organization(s):

NAVAL POSTGRADUATE SCHOOL MONTEREY CA DEPT OF COMPUTER SCIENCE

Descriptive Note:

Conference paper

Supplementary Note:

Presented at Usability, Psychology and Security 2008, UPSEC08, co-located with the 5th USENIX Symposium on Networked Systems Design & Implementation, NSDI '08, in San Francisco, CA on 14 Apr 2008. Published online in proceedings of the same. The original document contains color images.

Pagination:

0047

Security Markings

DOCUMENT & CONTEXTUAL SUMMARY

Distribution:

Approved For Public Release

Distribution Statement:

Approved For Public Release; Distribution Is Unlimited.

RECORD

Collection: TR

Identifying Numbers

Monitor Series:

NPS

Subject Terms

Joint Capability Areas:

JCA_6.1.2_Wireless Transmission; JCA_6_Net Centric; JCA_6.1_Information Transport; JCA_1_Force Support; JCA_6.4.1_Secure Information Exchange; JCA_5_Command and Control; JCA_8_Building Partnerships; JCA_1.2_Force Preparation; JCA_1.2.3_Educating; JCA_6.4_Information Assurance; JCA_1.2.7_Experimentation; JCA_5.3_Planning; JCA_8.2_Shape; JCA_2_Battlespace Awareness; JCA_1.3_Human Capital Management; JCA_2.2.4_Human Based Collection; JCA_2.2_Collection; JCA_8.1_Communicate; JCA_5.2.2_Develop Knowledge and Situational Awareness; JCA_5.2_Understand; JCA_3_Force Application

Modernization Areas:

Autonomy

Communities of Interest:

Biomedical

Descriptor(s):

*RESEARCH MANAGEMENT, *ELECTRONIC SECURITY, *REGULATIONS, BEHAVIORAL SCIENCES, ETHICS, HUMAN FACTORS ENGINEERING, HUMANS

Field(s)/Group(s):

Sociology and Law, Computer Programming and Software, Computer Systems Management and Standards

Keyword(s):

*HUMAN SUBJECT RESEARCH, *COMPUTER SECURITY RESEARCH, 45 CFR(CODE OF FEDERAL REGULATIONS) PART 46 SUBPART A, IRB(INSTITUTIONAL REVIEW BOARD), NATIONAL RESEARCH ACT, RESEARCH PROTOCOL, RESEARCH

Report Date:

2008 Apr 07

Creation Date:

2008 Sep 30