The 2nd Cyber-security Research Ethics Dialog & Strategy (CREDS II)
May 17, 2014,  San Francisco, CA,
Co-located with the 35th IEEE Symposium on Security and Privacy (IEEE S&P)


The future of online trust, innovation & self-regulation is threatened
by a widening gap between users' expectations, formed by laws and norms,
and the capacity for great benefits and harms generated by technological
advances. As this gap widens, so too does ambiguity between asserted
rights and threats. How do we close this gap and thereby lower risks,
while also instilling trust in online activities? The solution embraces
fundamental principles of ethics to guide our decisions in the midst of
information uncertainty.

One context where this solution is germinating is cybersecurity
research. Commercial and public researchers and policymakers are
tackling novel ethical challenges that exert a strong influence for
online trust dynamics. These challenges are not exceptional, but
increasingly the norm: (i) to understand and develop effective defenses
to significant Internet threats, researchers infiltrate malicious
botnets; (ii) to understand Internet fraud (phishing) studies require
that users are unaware they are being observed in order to ascertain
typical behaviors; and (iii) to perform experiments measuring Internet
usage and network characteristics that require access to sensitive
network traffic.

This workshop anchors off of discussions, themes, and momentum generated
from the inaugural CREDS 2013 workshop. Specifically, it targets the
shifting roles, responsibilities, and relationships between Researchers,
Ethical Review Boards, Government Agencies, Professional Societies, and
Program Committees in incentivizing and overseeing ethical research. Its
objective is to spawn dialogue and practicable solutions around the
following proposition: Building a more effective research ethics culture
is a prerequisite for balancing research innovation (i.e., academic
freedom, reduced burdens and ambiguities) with public trust (i.e.,
respect for privacy and confidentiality, accountability, data quality),
so we explore the pillars of such a culture as well as the strategies
that might be adopted to incorporate them into research operations.

CREDS II invites case studies, research experience and position papers
that explore the following questions:

What can we learn from other domains that struggle with ethical issues?
What leadership should be engaged (i.e., institutional, government, peer
groups), and what should their respective roles and responsibilities be?
What education and awareness is needed?
What information sharing/coordination needs to be improved: among
researchers, among oversight entities, and between researchers and
oversight entities?
What knowledge and technology-transfer mechanisms can meet stated needs?

Our goal is to create a set of targeted discussions among relevant
stakeholders whose actions impact cyber security research ethics policy
and practice, rather than a peer reviewed mini-conference. As such, will
be reviewed by the Chairs for content quality and relevance, vetted by
the PC for topic suitability an interest, but will not be peer reviewed
as a mini-conference might.

How to Participate:
Authors are invited to submit abstracts, case studies, or position
papers (maximum 5 pages, including the references and appendices) via
EasyChair (CREDS 2014). Papers accepted by the workshop will be
published in the Conference Proceedings published by IEEE Computer
Society Press.

While there are NO formatting requirements for your submissions, any
accepted text will need will need to comply with IEEE guidelines for
publication (i.e., Papers must be formatted for US letter (not A4) size
paper. The text must be formatted in a two-column layout, with columns
no more than 9.5 in. tall and 3.5 in. wide. The text must be in Times
font, 10-point or larger, with 11-point or larger line spacing. Authors
are encouraged to use the IEEE conference proceedings templates. LaTeX
submissions should use IEEEtran.cls version 1.8, dated 2012/12/27).

Costs/Fees: There are workshop registration fees required to attend, as
this workshop is co-located with the 34th IEEE Symposium on Security and
Privacy (IEEE S&P 2014), an event of The IEEE Computer Society's
Security and Privacy Workshops (SPW 2014).

Submission deadline    March 1, 2014
Workshop acceptance notification date    March 14, 2014
Final paper submission deadline    April 1, 2014
Workshop date    May 17, 2014 (Saturday)

Chairs and Organizers:
Co-Chair Michael Bailey, University of Michigan
Co-Chair Erin Kenneally, Cooperative Association of Internet Data
Analysis (CAIDA), University of California San Diego
Program Committee
Mark Allman, International Computer Science Institute
Michael Bailey, University of Michigan
Elizabeth Buchanan, UW-Stout
kc Claffy, CAIDA, University of California San Diego
David Dittrich, University of Washington
Charles Ess, University of Oslo
John Heidemann, University of Southern California
Erin Kenneally, CAIDA, University of California San Diego
Douglas Maughan, U.S. Department of Homeland Security
Stefan Savage, University of California San Diego
Stuart Schechter, Microsoft Research

Erin Kenneally, erin@caida.org
Michael Bailey, mbailey@umich.edu