A Framework for Understanding and Applying Ethical Principles in Network and Security Research

  • Erin Kenneally
  • Michael Bailey
  • Douglas Maughan
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6054)


Current information and communications technology poses a variety of ethical challenges for researchers. In this paper, we present an intellectual framework for understanding and applying ethical principles in networking and security research rooted in the guidance suggested by an ongoing Department of Homeland Security working group on ethics. By providing this prototype ethical impact assessment, we seek to encourage community feedback on the working group’s nascent efforts and spur researchers to concretely evaluate the ethical impact of their work.


Ethical Principle Security Research Human Subject Protection Belmont Report Network Trace 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Protected repository for the defense of infrastructure against cyber threats (PREDICT),
  2. 2.
    ACM Council. Code of Ethics and Professional Conduct (October 1992),
  3. 3.
    Allman, M.: What ought a program committee to do? In: WOWCS 2008: Proceedings of the USENIX Workshop on Organizing Workshops, Conferences, and Symposia for Computer Systems, pp. 1–5 (2008)Google Scholar
  4. 4.
    Baase, S.: A Gift of Fire: Social, Legal, and Ethical Issues in Computing. Prentice Hall PTR, Upper Saddle River (2002)Google Scholar
  5. 5.
    Burstein, A.J.: Conducting cybersecurity research legally and ethically. In: LEET 2008: Proceedings of the 1st Usenix Workshop on Large-Scale Exploits and Emergent Threats, pp. 1–8 (2008)Google Scholar
  6. 6.
    Bynum, T.W., Rogerson, S.: Computer Ethics and Professional Responsibility: Introductory Text and Readings. Blackwell Publishers, Inc., Cambridge (2003)Google Scholar
  7. 7.
    Dittrich, D., Bailey, M.D., Dietrich, S.: Towards community standards for ethical behavior in computer security research. Technical Report 2009-01, Stevens Institute of Technology, Hoboken, NJ, USA (April 2009)Google Scholar
  8. 8.
    National Commission for the Protection of Human Subjects of Biomedical and Behavioral Research. The belmont report - ethical principles and guidelines for the protection of human subjects of research,
  9. 9.
    Garfinkel, S.L.: IRBs and security research: Myths, facts and mission creep. In: Proceedings of UPSEC 2008 (Usability, Psychology and Security) (April 2008)Google Scholar
  10. 10.
    IEEE Board of Directors. IEEE Code of Ethics (February 2006),
  11. 11.
    Johnson, D.G., Miller, K.W. (eds.): Computers Ethics. Prentice-Hall, Inc., Upper Saddle River (2009)Google Scholar
  12. 12.
  13. 13.
    Kenneally, E., Claffy, K.: An internet sharing framework for balancing privacy and utility. In: Engaging Data: First International Forum on the Application and Management of Personal Electronic Information. MIT, IEEE (October 2009)Google Scholar
  14. 14.
    DHS Privacy Office. DHS official privacy impact assessment guidance,

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Erin Kenneally
    • 1
  • Michael Bailey
    • 2
  • Douglas Maughan
    • 3
  1. 1.The Cooperative Association for Internet Data Analysis 
  2. 2.University of Michigan 
  3. 3.US Department of Homeland Security 

Personalised recommendations