Sang-Yoon Chang


Assistant Professor, Computer Science Department

Assistant Professor, Computer Science Department

Daniels Fund Ethics Initiative at UCCS, Sang-Yoon ChangI work in computer security and teach the following security courses at UCCS: CS 4910 Introduction to Computer Security, CS 4920/5920 Applied Cryptography, and CS 5960 Wireless and Embedded Systems Security. Establishing strong ethical principles in such courses is very important because

  1.  it is often the first time that the students are exposed of security and the attackers's perspectives (which understanding is the pre-requisite to build defense in many cases), and
  2. the techniques and knowledge that they learn can not only be used for defense but also for threat/offense.

To provide concrete examples, just in this past year in 2016-2017 in CS 4910 and CS 5960, I had student course projects on key-logger (stealth software that monitors and logs your keyboard typing), network reconnaissance (networking devices discovery and mapping), mobile malware defense (which also involved the students downloading/developing the malware), etc.. The topics that the students chose for their projects (and the potential security impact that they can have outside of their projects and the course) led me to meet with the student teams individually to discuss about the projects' ethical implications and have them incorporate ethical considerations into their project planning, practice restraint and isolation when building/deploying their prototypes, and take active measures so that their work do not accidentally affect other people's security or privacy. For a more publicly known example, the first-known computer virus (Morris Virus) began as a research project in an academic institution, which product accidentally and aggressively spread beyond the computer network operated by the academic institution; due to the incident, the researcher who lost control of the auto-spreading software went to jail but, because of his technical contribution, began his academic career as a MIT professor after serving his jail time. I would like my students to better understand ethics in cyber and computer technologies than Doctor Robert Morris did; I would also like them to establish and practice ethical principles without experiencing jail.  

I plan to incorporate ethics throughout the three computer security courses I teach at UCCS, spanned across the fall and the spring semester in 2017-2018. In addition to incorporating ethics throughout the classes at opportune lecture parts, for each course, I plan to incorporate 1-2 classes (lectures and student group discussions) to identify real-world situations with ethical implications and discuss about the history/incidents that drove computer security development. I would also share and present my experience integrating DFEI ethics in student learning with other people in DFEI.