***LASER 2012 -- SUBMISSION DEADLINE EXTENDED TO APRIL 9, 2012*** Please make a note of this extension. Details are below. LASER 2012 -- Learning from Authoritative Security Experiment Results The goal of this workshop is to provide an outlet for publication of unexpected research results in security -- to encourage people to share not only what works, but also what doesn't. This doesn't mean bad research -- it means research that had a valid hypothesis and methods, but the result was negative. Given the increased importance of computer security, the security community needs to quickly identify and learn from both success and failure. Journal papers and conferences typically contain papers that report successful experiments that extend our knowledge of the science of security, or assess whether an engineering project has performed as anticipated. Some of these results have high impact; others do not. Unfortunately, papers reporting on experiments with unanticipated results that the experimenters cannot explain, or experiments that are not statistically significant, or engineering efforts that fail to produce the expected results, are frequently not considered publishable, because they do not appear to extend our knowledge. Yet, some of these "failures" may actually provide clues to even more significant results than the original experimenter had intended. The research is useful, even though the results are unexpected. Useful research includes a well-reasoned hypothesis, a well-defined method for testing that hypothesis, and results that either disprove or fail to prove the hypothesis. It also includes a methodology documented sufficiently so that others can follow the same path. When framed in this way, "unsuccessful" research furthers our knowledge of a hypothesis and testing method. Others can reproduce the experiment itself, vary the methods, and change the hypothesis; the original result provides a place to begin. As an example, consider an experiment assessing a protocol utilizing biometric authentication as part of the process to provide access to a computer system. The null hypothesis might be that the biometric technology does not distinguish between two different people; in other words, that the biometric element of the protocol makes the approach vulnerable to a masquerade attack. Suppose the null hypothesis is verified. It would still be worth publishing this result. First, it might prevent others from trying the same biometric method. Second, it might lead them to further develop the technology - to determine whether a different style of biometrics would improve matters, or if the environment in which authentication is being attempted makes a difference. For example, a retinal scan may be a failure in recognizing people in a crowd, but successful where the users present themselves one at a time to an admission device with controlled lighting, or when multiple "tries" are included. Third, it might lead to modifying the encompassing protocol so as to make masquerading more difficult for some other reason. Equally important is research designed to reproduce the results of earlier work. Reproducibility is key to science, to validate or uncover errors or problems in earlier work. Failure to reproduce the results leads to a deeper understanding of the phenomena that the earlier work uncovers. The workshop focuses on research that has a valid hypothesis and reproducible experimental methodology, but where the results were unexpected or did not validate the hypotheses, where the methodology addressed difficult and/or unexpected issues, or that identified previously unsuspected confounding issues. We solicit research and position papers addressing these issues, especially (but not exclusively) on the following topics: * Unexpected research results in experimental security * Methods, statistical analyses, and designs for security experiments * Experimental confounds, mistakes, mitigations * Successes and failures in reproducing the experimental techniques and/or results of earlier work Extended abstracts, full position papers, and research submissions should be 6–10 pages long including tables, figures, and references. Please use the ACM Proceedings Format at http://www.acm.org/sigs/publications/proceedings-templates (Option 1, if using LaTeX). At least one author from every accepted paper must plan to attend the workshop and present. Schedule: Location: March 26, 2012 submissions deadline SRI International May 7, 2012 decisions to authors 1100 Wilson Boulevard, Suite 2800 June 15, 2012 final papers Arlington, VA 22209 July 18 & 19, 2012 workshop For further information: http://www.laser-workshop.org Funded in part by a grant from NSF Program Committee: Organizing Committee: Matt Bishop (UC Davis), PC Co-Chair Carrie Gates (CA Labs), General Chair Greg Shannon (CMU/CERT), PC Co-Chair Matt Bishop (UC Davis), PC Co-Chair Alessandro Acquisti (CMU) Greg Shannon (CMU/CERT), PC Co-Chair Ross Anderson (Cambridge) Deb Frincke (NSA) Terry Benzel (USC/ISI) Christoph Schuba (Oracle), Publications Chair George Cybenko (Dartmouth) Ed Talbot (Consultant) Jeremy Epstein (SRI) Carrie Gates (CA Labs) Dan Geer (In-Q-Tel) Kevin Killourhy (CMU) John Knight (University of Virginia) Tom Longstaff (JHU/APL) Roy Maxion (CMU) John McHugh (University of North Carolina) Vern Paxson (ICSI & UC Berkeley) Shari Pfleeger (Dartmouth/I3P) Angela Sasse (University College London) Christoph Schuba (Oracle) Gene Spafford (Purdue) Ed Talbot (Consultant) Steve Taylor (Dartmouth) Charles Wright (MIT/LL) ______________________________________________________________________________ Certified Ethical Hacker and CISSP training with Expanding Security gives the best training and support. Get a free live class invite weekly. Best program, best price. www.ExpandingSecurity.com/PainPillReceived on Sun Mar 25 2012 - 22:52:35 PDT
This archive was generated by hypermail 2.2.0 : Sun Mar 25 2012 - 22:59:29 PDT