Harvard University homepage
HARVARD.EDU

Embedded EthiCSTM @ Harvard Bringing ethical reasoning into the computer science curriculum

Operating Systems (CS 161) – Spring 2021

First time reviewing a module? Click here.

Click  to access marginalia information, such as reflections from the module designer, pedagogical decisions, and additional sources.

Click “Download full module write-up” to download a copy of this module and all marginalia information available.

Module Topic: Ethical Tradeoffs in Operating Systems Design: A Look at Cost-Benefit Analysis
Module Author: Elís Miller Larsen

Download full module write-up

Course Level: Upper Level Undergraduate
AY: 2020-2021

Course Description: “This is an in-depth course in operating systems design and implementation, focusing on multicore operating systems kernels. Operating systems are some of the most complex software artifacts that exist. Kernels abstract the features provided by computer hardware, making those features safer and more convenient to use. This means that OS designers have to understand how hardware works (at least at the level of specifications) and how software works. OS programmers also must become comfortable with navigating in, and contributing to, code bases too large to wholly understand. Most of us can pick up this important skill.

The course uses Chickadee, an operating system based on CS 61 WeensyOS. Chickadee takes advantage of newer hardware, language, and OS design features than many teaching operating systems.” (Course description)

Semesters Taught: Spring 2019Spring 2020, Spring 2021, Spring 2022

Tags

  • operating systems (CS)
  • system security (CS)
  • security vulnerabilities (CS)
  • patches (CS)
  • stakeholders (CS)
  • cost- benefit analysis (CBA) (phil)
  • normative statements (phil)
  • rights (phil)

Module Overview

System design often involves tradeoffs, e.g. increasing speed at the cost of at the cost of security or improving features at the cost of privacy. In this module we discuss the ethical considerations present in these tradeoffs. In order to assess what to do in situations where tradeoffs arise, students are introduced to the cost-benefit analysis framework.

Cost-benefit analysis (CBA) is a systematic approach for measuring the strengths and weaknesses of the available options. Options are compared in order to provide a “best approach” recommendation. In business and economics, CBA is viewed as a recommendation model only. In ethics, CBA is viewed as a normative model—a model that tells us what we should do. Students are asked to apply this model to specific scenarios in system design in order to assess what is the most responsible design choice

    Connection to Course Technical Material

During the course of the semester, students learn to recognize and address design tradeoffs of various kinds. This module surfaces the ethical implications of tradeoffs that compromise data security for the sake of other design features. It also provides students with the appropriate conceptual toolkit to incorporate ethical considerations into decision procedures used to navigate design tradeoffs.

One of the major focuses of the course is on system security, including identifying and shoring up system vulnerabilities. Decisions regarding whether or not to make a system more secure typically involves consideration of costs to the company such as time or money. However, this module introduces the idea that there are also ethical costs involved in system security that designers should be cognizant of.

Goals

Module Goals

By the end of the module, students will be able to:

  1. Introduce a case study that illustrates how there are ethical tradeoffs in system design
  2. Identify what those tradeoffs are
  3. Break down the 6 steps of CBA from the reading assignment so that students are clear about how to apply CBA as a model for what we should do
  4. Review limitations of CBA as a framework of ethical analysis
  5. Have students apply CBA to specific scenarios

    Key Philosophical Questions

The chosen questions are meant to cover a general understanding of cost-benefit analysis. This includes an understanding of its general definitions, its applications, and its limitations. The question about stakeholders is meant to highlight how cost- benefits might apply differently to different individuals.

Materials

    Key Philosophical Concepts

CBA is the main philosophical concept of the module. While it is primarily used to evaluate quantitative costs and benefits, this module incorporates qualitative costs and benefits in the form of ethical considerations. An important aspect of CBA involves understanding who is implicated (stakeholders) and what rights they have.

    Assigned Readings

Boardman (2006) is an introductory piece on CBA. It provides the students with the 6 steps of CBA and a concrete example to illustrate how to apply each step.
Heinzerling & Ackerman (2002) is an applied critique of CBA as assessed through an environmental protection perspective. It outlines the main limitations of CBA.

  • Boardman (2006), “Cost-Benefit Analysis: Concepts and Practice, excerpts.”
  • Heinzerling & Ackerman (2002), “Pricing the Priceless: Cost-Benefit Analysis of Environmental Protection”

Implementation

Class Agenda

  1. Introduce “Snooping Attack” case study in order to illustrate the ethical tradeoff when applying a patch.
  2. Review CBA steps from reading
  3. Class Activity: have students apply CBA to a specific (hypothetical) scenario
  4. Debrief. Review student responses and discuss the limitations of CBA students encountered.

    Sample Class Activity

The hypothetical scenario was designed with the input of the CS course head so that it incorporates specific concepts that were covered throughout the course. Instructors can modify this activity in order to connect with the key concepts of their course while maintaining the CBA application.

Hypothetical Scenario: Imagine that you work at a start-up company that makes an operating system called Sparrow. Sparrow targets desktop and laptop machines and uses virtualization technology to run applications made for both Windows and MacOS. As you test Sparrow in preparation for its initial release, you discover two bugs.

  1. The first bug is triggered when a user configures Sparrow to use a non-English keyboard setup (e.g., Japanese or Arabic). Such users have a 3% higher risk of their file data being corrupted by Sparrow’s file system (which has subtle errors in the way that it handles filenames that don’t use English characters).
  2. The second bug involves the way that Sparrow implements virtualization. When Sparrow simultaneously runs a VM for a MacOS app at the same time that a VM for a Windows app runs, there is a 3% chance that the Windows app will not be properly isolated; if this happens, then the Windows app (if malicious) can tamper with the state of the MacOS app.

If Sparrow is not released by its target date, the venture capitalists who fund your company may get upset and may refuse to provide subsequent funding.

What do you do? Use CBA to determine how your company should respond to the discovery of these two bugs.

Conduct a cost benefit analysis. Students are provided a table in order to fill out and assess the costs, benefits, and stakeholders involved.

    Module Assignment

For this assessment, students are presented with a description of a piece of software for which different stakeholders had different goals; for example, the salespeople for the software wanted new features to be added (so that the salespeople could tout the new features), whereas the lawyers wanted security to be improved (to avoid future lawsuits involving security breaches), etc. The students had to describe how the CEO of the company might prioritize these competing interests.

Students are assessed on CBA knowledge for the final exam.

Lessons Learned

Originally this module had the Class Activity at the end of the session. The TA learned that more time is required for the activity. In addition, having the activity in the middle of the session would allow the students to discover the limitations of CBA for themselves, rather than have the limitations and criticisms presented to them via lecture.

Through the activity students learn how to (1) apply CBA and (2) recognize limitations for ethical analysis. Some students found that even after applying CBA it wasn’t clear what to do. This discovery by the students is an excellent opportunity for the TA to encourage the use of CBA as a first step and stress the difficulty of ethical problems. This should not be a discouraging discovery, but instead a way for students to recognize the seriousness of the kinds of problems they might encounter as CS professionals.

Except where otherwise noted, content on this site is licensed under a Creative Commons Attribution 4.0 International License.

Embedded EthiCS is a trademark of President and Fellows of Harvard College | Contact us