[ISN] "Learning from Authoritative Security Experiment Results" (LASER 2012) Workshop Call for Papers

From: InfoSec News <alerts_at_private>
Date: Mon, 9 Jan 2012 01:55:10 -0600 (CST)
Forwarded from: Edward Talbot <edward.talbot >

The Proceedings of the Workshop will be published in a major academic digital 
library.

The Workshop URL is: http://www.cert.org/laser-workshop/

-=-

LASER 2012 -- Learning from Authoritative Security Experiment Results

The goal of this workshop is to provide an outlet for publication of unexpected 
research results in security -- to encourage people to share not only what 
works, but also what doesn't.  This doesn't mean bad research -- it means 
research that had a valid hypothesis and methods, but the result was negative. 
Given the increased importance of computer security, the security community 
needs to quickly identify and learn from both success and failure.

Journal papers and conferences typically contain papers that report successful 
experiments that extend our knowledge of the science of security, or assess 
whether an engineering project has performed as anticipated. Some of these 
results have high impact; others do not. Unfortunately, papers reporting on 
experiments with unanticipated results that the experimenters cannot explain, 
or experiments that are not statistically significant, or engineering efforts 
that fail to produce the expected results, are frequently not considered 
publishable, because they do not appear to extend our knowledge. Yet, some of 
these "failures" may actually provide clues to even more significant results 
than the original experimenter had intended. The research is useful, even 
though the results are unexpected.

Useful research includes a well-reasoned hypothesis, a well-defined method for 
testing that hypothesis, and results that either disprove or fail to prove the 
hypothesis.  It also includes a methodology documented sufficiently so that 
others can follow the same path. When framed in this way, "unsuccessful" 
research furthers our knowledge of a hypothesis and testing method. Others can 
reproduce the experiment itself, vary the methods, and change the hypothesis; 
the original result provides a place to begin.

As an example, consider an experiment assessing a protocol utilizing biometric 
authentication as part of the process to provide access to a computer system. 
The null hypothesis might be that the biometric technology does not distinguish 
between two different people; in other words, that the biometric element of the 
protocol makes the approach vulnerable to a masquerade attack. Suppose the null 
hypothesis is not rejected. It would still be worth publishing this result. 
First, it might prevent others from trying the same biometric method. Second, 
it might lead them to further develop the technology - to determine whether a 
different style of biometrics would improve matters, or if the environment in 
which authentication is being attempted makes a difference.  For example, a 
retinal scan may be a failure in recognizing people in a crowd, but successful 
where the users present themselves one at a time to an admission device with 
controlled lighting, or when multiple "tries" are included. Third, it might 
lead to modifying the encompassing protocol so as to make masquerading more 
difficult for some other reason.

Equally important is research designed to reproduce the results of earlier 
work. Reproducibility is key to science, to validate or uncover errors or 
problems in earlier work. Failure to reproduce the results leads to a deeper 
understanding of the phenomena that the earlier work uncovers.

The workshop focuses on research that has a valid hypothesis and reproducible 
experimental methodology, but where the results were unexpected or did not 
validate the hypotheses, where the methodology addressed difficult and/or 
unexpected issues, or that identified previously unsuspected confounding 
issues.

We solicit research and position papers addressing these issues, especially 
(but not exclusively) on the following topics:

* Unexpected research results in experimental security
* Methods, statistical analyses, and designs for security experiments
* Experimental confounds, mistakes, mitigations
* Successes and failures in reproducing the experimental techniques
   and/or results of earlier work

Extended abstracts, full position papers, and research submissions should be 
6–10 pages long including tables, figures, and references. Please use the ACM 
Proceedings Format at 
http://www.acm.org/sigs/publications/proceedings-templates (Option 1, if using 
LaTeX).

At least one author from every accepted paper must plan to attend the workshop 
and present.

Schedule: Location:
March 26, 2012		submissions deadline		SRI International
May 7, 2012		decisions to authors		1100 Wilson Boulevard, 
Suite 2800
June 15, 2012		final papers			Arlington, VA 22209
July 18 & 19, 2012	workshop

For further information:    http://www.laser-workshop.org

Funded in part by a grant from NSF

Program Committee:                      Organizing Committee:
Matt Bishop (UC Davis), PC Co-Chair     Carrie Gates (CA Labs), General Chair
Greg Shannon (CMU/CERT), PC Co-Chair    Matt Bishop (UC Davis), PC Co-Chair
Alessandro Acquisti (CMU)               Greg Shannon (CMU/CERT), PC Co-Chair
Ross Anderson (Cambridge)               Deb Frincke (NSA)
Terry Benzel (USC/ISI)                  Christoph Schuba (Oracle), Publications 
Chair
George Cybenko (Dartmouth)              Ed Talbot (Consultant)
Jeremy Epstein (SRI)
Carrie Gates (CA Labs)
Dan Geer (In-Q-Tel)
Kevin Killourhy (CMU)
John Knight (University of Virginia)
Tom Longstaff (JHU/APL)
Roy Maxion (CMU)
John McHugh (University of North Carolina)
Vern Paxson (ICSI & UC Berkeley)
Shari Pfleeger (Dartmouth/I3P)
Angela Sasse (University College London)
Christoph Schuba (Oracle)
Gene Spafford (Purdue)
Ed Talbot (Consultant)
Steve Taylor (Dartmouth)
Charles Wright (MIT/LL)


_____________________________________________________
Did a friend send you this article? Make it your
New Year's Resolution to subscribe to InfoSec News!
http://www.infosecnews.org/mailman/listinfo/isn
Received on Sun Jan 08 2012 - 23:55:10 PST

This archive was generated by hypermail 2.2.0 : Mon Jan 09 2012 - 00:02:44 PST