General > General Technical Chat
University of Minnesota Linux code security issues; banned and to be removed
(1/23) > >>
Tomorokoshi:
Linux kernel security and open-source issues:

https://cse.umn.edu/cs/statement-cse-linux-kernel-research-april-21-2021

https://www.theregister.com/2021/04/21/minnesota_linux_kernel_flaws_update/

https://www.theverge.com/2021/4/22/22398156/university-minnesota-linux-kernal-ban-research

https://hothardware.com/news/linux-kernel-developer-bans-updates-from-university-of-minnesota

Working through what all this means.
ataradov:
It means that their research ethics committee is pretty loose on the "ethics" part.

I also don't get this "research". There are bugs in the kernel that were non-maliciously contributed. So obviously it is possible to do that maliciously. What did they want to prove with that research?

The ban is fully justified, IMO. No need to take the code from people that acted maliciously in the past.
JohnnyMalaria:
This is a classic example of the scourge rampant in modern academia.

A thorough search of the scientific literature reveals that the paper isn't a peer-reviewed article. It's just a PDF that looks like a research paper stored on Github.

Of the two authors, Wu is a PhD student and Lu is an assistant professor who has 37 peer-reviewed (edit: see below) articles published since 2013. He got his PhD in 2017.

Looking at the titles of some of the articles, it appears Prof Lu is just a dressed-up version of a teen hacker getting kicks from academic masturbation.

https://scholar.google.com/citations?user=1F9N6icAAAAJ&hl=en&oi=sra

EDIT: after closer inspection, many of Lu's papers aren't peer-reviewed at all. There are just conference proceedings. i.e., he presented a paper at a conference. Generally, there's no peer-review - you could make up anything and, as long as it seems plausible, get accepted to speak.
ataradov:
Yep. That's pretty much it.

When I was working with wireless networks, we've got so many academic security researches telling us that the network does not work in the presence of strong interference. Well, no shit. What do you want us to do about it? Change how physics works?
DrG:

--- Quote from: JohnnyMalaria on April 23, 2021, 05:31:46 pm ---/-//
A thorough search of the scientific literature reveals that the paper isn't a peer-reviewed article. It's just a PDF that looks like a research paper stored on Github.
/--/

--- End quote ---

I agree, but am not sure that it is accidental that it looks like a research paper...that is, it may have been intended to be a research paper for submission.

According to this (published a few days ago https://www.theregister.com/2021/04/21/minnesota_linux_kernel_flaws_update/) "....Vulnerabilities in Open-Source Software via Hypocrite Commits" [PDF], which is slated to be presented at the Proceedings of the 42nd IEEE Symposium on Security and Privacy next month..."

https://www.ieee-security.org/TC/SP2021/

I also agree with your point about the difference between a presentation and a peer-reviewed publication (having considerable experience with both, but never IEEE 'stuff').

This issue seems to me to be more provocative than anything else. While I have not and likely will not spend a lot of time on it, I think that it will garner a lot of attention and a lot of scrutiny as well.

Also, from the cite above "It further states that the experiment was vetted by the university's Institutional Review Board (IRB), which determined that the project did not constitute human research and thus granted an ethical review waiver." - my guess is that the IRB board is going to modify some SOP as a result of this - not sure, but that is where I would put my money because, while not within a strict IRB mandate, the University is going to be fielding a lot of questions about why they got a waiver.
Navigation
Message Index
Next page
There was an error while thanking
Thanking...

Go to full version
Powered by SMFPacks Advanced Attachments Uploader Mod