Cyber-security Research Ethics Dialog & Strategy Workshop (CREDS II - The Sequel)

CREDS logo: a (teal) horse head

The 2nd Cyber-security Research Ethics Dialog & Strategy (CREDS II) was held on May 17, 2014 in San Jose, CA, co-located with the 35th IEEE Symposium on Security and Privacy (IEEE S&P), an event of the IEEE CS Security and Privacy Workshops (SPW).


The future of online trust, innovation & self-regulation is threatened by a widening gap between users' expectations, formed by laws and norms, and the capacity for great benefits and harms generated by technological advances. As this gap widens, so too does ambiguity between asserted rights and threats. How do we close this gap and thereby lower risks, while also instilling trust in online activities? The solution embraces fundamental principles of ethics to guide our decisions in the midst of information uncertainty.

One context where this solution is germinating is cybersecurity research. Commercial and public researchers and policymakers are tackling novel ethical challenges that exert a strong influence for online trust dynamics. These challenges are not exceptional, but increasingly the norm: (i) to understand and develop effective defenses to significant Internet threats, researchers infiltrate malicious botnets; (ii) to understand Internet fraud (phishing) studies require that users are unaware they are being observed in order to ascertain typical behaviors; and (iii) to perform experiments measuring Internet usage and network characteristics that require access to sensitive network traffic.

This workshop anchors off of discussions, themes, and momentum generated from the inaugural CREDS 2013 workshop. Specifically, it targets the shifting roles, responsibilities, and relationships between Researchers, Ethical Review Boards, Government Agencies, Professional Societies, and Program Committees in incentivizing and overseeing ethical research. Its objective is to spawn dialogue and practicable solutions around the following proposition: Building a more effective research ethics culture is a prerequisite for balancing research innovation (i.e., academic freedom, reduced burdens and ambiguities) with public trust (i.e., respect for privacy and confidentiality, accountability, data quality), so we explore the pillars of such a culture as well as the strategies that might be adopted to incorporate them into research operations.

CREDS II invites case studies, research experience and position papers that explore the following questions:

  • What can we learn from other domains that struggle with ethical issues?
  • What leadership should be engaged (i.e., institutional, government, peer groups), and what should their respective roles and responsibilities be?
  • What education and awareness is needed?
  • What information sharing/coordination needs to be improved: among researchers, among oversight entities, and between researchers and oversight entities?
  • What knowledge and technology-transfer mechanisms can meet stated needs?

Our goal is to create a set of targeted discussions among relevant stakeholders whose actions impact cyber security research ethics policy and practice, rather than a peer reviewed mini-conference. As such, will be reviewed by the Chairs for content quality and relevance, vetted by the PC for topic suitability an interest, but will not be peer reviewed as a mini-conference might.

How to Participate

Authors are invited to submit abstracts, case studies, or position papers (maximum 5 pages, including the references and appendices) via EasyChair (CREDS 2014). Papers accepted by the workshop will be published in the Conference Proceedings published by IEEE Computer Society Press.

While there are NO formatting requirements for your submissions, any accepted text will need will need to comply with IEEE guidelines for publication (i.e., Papers must be formatted for US letter (not A4) size paper. The text must be formatted in a two-column layout, with columns no more than 9.5 in. tall and 3.5 in. wide. The text must be in Times font, 10-point or larger, with 11-point or larger line spacing. Authors are encouraged to use the IEEE conference proceedings templates. LaTeX submissions should use IEEEtran.cls version 1.8, dated 2012/12/27).

Costs/Fees: There are workshop registration fees required to attend, as this workshop is co-located with the 35th IEEE Symposium on Security and Privacy (IEEE S&P 2014), an event of The IEEE Computer Society's Security and Privacy Workshops (SPW 2014).


Submission deadlineMarch 15, 2014
Workshop acceptance notification dateMarch 22, 2014
Final paper submission deadlineApril 1, 2014
Workshop dateMay 17, 2014 (Saturday)


May 17 (Saturday)

Place: The Fairmont, San Jose, CA
  • 07:30 - 08:30 Breakfast
  • 09:00 - 09:15 Welcome, Introductions, Opening Remarks
    • Expectation setting for the day
    • Brief intros
  • 09:15 - 10:00 Exploring the Pillars of a More Effective Research Ethics Culture
    • What education and awareness is needed?
    • What information sharing/coordination, and knowledge and technology transfer mechanisms need to be developed or improved to meet ethical needs?
      • "Ethics in Data Sharing - Developing a Model for Best Practice," Sven Dietrich (Stevens Institute of Technology), et al.
  • 10:00 - 10:30 Morning coffee break
  • 10:30 - 12:00 Exploring the Pillars - Community and Leadership
    • Ethics and Big Data
    • What leadership should be engaged (i.e., institutional, government, peer groups), and what should their respective roles and responsibilities be?
      • What is the role of Program Committees in ensuring published papers meet standards of ethics?
      • What might the focus and structure of a community-informed "best practices" look like?
  • 12:00 - 13:00 Lunch
  • 13:00 - 14:30 Chairs Session: Exploring the Pillars in Practice
    • the growing market of practical controversies where both industry and researchers have a stake (and sometimes even a co-dependency) in the outcomes
      • Botnet takedown (e.g. proxying consent for vulnerable users, account suspension/blocking thresholds and criteria), Paul Vixie (Farsight)
      • Group Discussion
  • 14:30 - 14:45 Closing Remarks

Chairs and Organizers

  • Co-Chair Michael Bailey, University of Michigan
  • Co-Chair Erin Kenneally, Cooperative Association of Internet Data Analysis (CAIDA), University of California San Diego

Program Committee

  • Mark Allman, International Computer Science Institute
  • Michael Bailey, University of Michigan
  • Elizabeth Buchanan, UW-Stout
  • kc claffy, CAIDA, University of California San Diego
  • David Dittrich, University of Washington
  • Charles Ess, University of Oslo
  • John Heidemann, University of Southern California
  • Erin Kenneally, CAIDA, University of California San Diego
  • Douglas Maughan, U.S. Department of Homeland Security
  • Stefan Savage, University of California San Diego
  • Stuart Schechter, Microsoft Research


Erin Kenneally,
Michael Bailey,

Workshop Sponsors

Last Modified