[PET] Fwd: [ias-opportunities] CFP: Workshop on Learning from Authoritative Security Experiment Results (LASER 2012) [typo corrected]

Wright, Matthew mwright at cse.uta.edu
Fri Jan 6 19:11:44 GMT 2012


I believe this is of interest to some of us, based on prior discussions on this list.

-Matt

Begin forwarded message:

From: Matt Bishop <bishop at cs.ucdavis.edu<mailto:bishop at cs.ucdavis.edu>>
Date: January 5, 2012 6:04:45 PM CST
To: "ias-opportunities at googlegroups.com<mailto:ias-opportunities at googlegroups.com>" <ias-opportunities at googlegroups.com<mailto:ias-opportunities at googlegroups.com>>
Subject: [ias-opportunities] CFP: Workshop on Learning from Authoritative Security Experiment Results (LASER 2012) [typo corrected]
Reply-To: "ias-opportunities+owners at googlegroups.com<mailto:ias-opportunities+owners at googlegroups.com>" <ias-opportunities+owners at googlegroups.com<mailto:ias-opportunities+owners at googlegroups.com>>

[Folks, the one I just sent around had an embarrassing typographical error in it. A failed experiment? In any case, please discard it and use this one. -- Matt Bishop]

LASER 2012 -- Learning from Authoritative Security Experiment Results

The goal of this workshop is to provide an outlet for publication of unexpected research results in security -- to encourage people to share not only what works, but also what doesn't.  This doesn't mean bad research -- it means research that had a valid hypothesis and methods, but the result was negative. Given the increased importance of computer security, the security community needs to quickly identify and learn from both success and failure.

Journal papers and conferences typically contain papers that report successful experiments that extend our knowledge of the science of security, or assess whether an engineering project has performed as anticipated. Some of these results have high impact; others do not. Unfortunately, papers reporting on experiments with unanticipated results that the experimenters cannot explain, or experiments that are not statistically significant, or engineering efforts that fail to produce the expected results, are frequently not considered publishable, because they do not appear to extend our knowledge.  Yet, some of these "failures" may actually provide clues to even more significant results than the original experimenter had intended. The research is useful, even though the results are unexpected.

Useful research includes a well-reasoned hypothesis, a well-defined method for testing that hypothesis, and results that either disprove or fail to prove the hypothesis.  It also includes a methodology documented sufficiently so that others can follow the same path. When framed in this way, "unsuccessful" research furthers our knowledge of a hypothesis and testing method. Others can reproduce the experiment itself, vary the methods, and change the hypothesis; the original result provides a place to begin.

As an example, consider an experiment assessing a protocol utilizing biometric authentication as part of the process to provide access to a computer system. The null hypothesis might be that the biometric technology does not distinguish between two different people; in other words, that the biometric element of the protocol makes the approach vulnerable to a masquerade attack. Suppose the null hypothesis is not rejected. It would still be worth publishing this result. First, it might prevent others from trying the same biometric method. Second, it might lead them to further develop the technology - to determine whether a different style of biometrics would improve matters, or if the environment in which authentication is being attempted makes a difference.  For example, a retinal scan may be a failure in recognizing people in a crowd, but successful where the users present themselves one at a time to an admission device with controlled lighting, or when multiple "tries" are included. Third, it might lead to modifying the encompassing protocol so as to make masquerading more difficult for some other reason.

Equally important is research designed to reproduce the results of earlier work. Reproducibility is key to science, to validate or uncover errors or problems in earlier work. Failure to reproduce the results leads to a deeper understanding of the phenomena that the earlier work uncovers.

The workshop focuses on research that has a valid hypothesis and reproducible experimental methodology, but where the results were unexpected or did not validate the hypotheses, where the methodology addressed difficult and/or unexpected issues, or that identified previously unsuspected confounding issues.

We solicit research and position papers addressing these issues, especially (but not exclusively) on the following topics:

* Unexpected research results in experimental security
* Methods, statistical analyses, and designs for security experiments
* Experimental confounds, mistakes, mitigations
* Successes and failures in reproducing the experimental techniques and/or results of earlier work

Extended abstracts, full position papers, and research submissions should be 6–10 pages long including tables, figures, and references. Please use the ACM Proceedings Format at http://www.acm.org/sigs/publications/proceedings-templates (Option 1, if using LaTeX).

At least one author from every accepted paper must plan to attend the workshop and present.

Schedule: Location:
March 26, 2012 submissions deadline SRI International
May 7, 2012 decisions to authors 1100 Wilson Boulevard, Suite 2800
June 15, 2012 final papers Arlington, VA 22209
July 18 & 19, 2012 workshop

For further information:    http://www.laser-workshop.org

Funded in part by a grant from NSF

Program Committee:                      Organizing Committee:
Matt Bishop (UC Davis), PC Co-Chair     Carrie Gates (CA Labs), General Chair
Greg Shannon (CMU/CERT), PC Co-Chair    Matt Bishop (UC Davis), PC Co-Chair
Alessandro Acquisti (CMU)               Greg Shannon (CMU/CERT), PC Co-Chair
Ross Anderson (Cambridge)               Deb Frincke (NSA)
Terry Benzel (USC/ISI)                  Christoph Schuba (Oracle), Publications Chair
George Cybenko (Dartmouth)              Ed Talbot (Consultant)
Jeremy Epstein (SRI)
Carrie Gates (CA Labs)
Dan Geer (In-Q-Tel)
Kevin Killourhy (CMU)
John Knight (University of Virginia)
Tom Longstaff (JHU/APL)
Roy Maxion (CMU)
John McHugh (University of North Carolina)
Vern Paxson (ICSI & UC Berkeley)
Shari Pfleeger (Dartmouth/I3P)
Angela Sasse (University College London)
Christoph Schuba (Oracle)
Gene Spafford (Purdue)
Ed Talbot (Consultant)
Steve Taylor (Dartmouth)
Charles Wright (MIT/LL)

--
You received this message because you are subscribed to the Google
Groups "ias-opportunities" group.
To post to this group, send email to ias-opportunities at googlegroups.com<mailto:ias-opportunities at googlegroups.com>
To unsubscribe from this group, send email to
ias-opportunities+unsubscribe at googlegroups.com<mailto:ias-opportunities+unsubscribe at googlegroups.com>
For more options, visit this group at
http://groups.google.com/group/ias-opportunities

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.links.org/pipermail/pet/attachments/20120106/457e4879/attachment.html>


More information about the PET mailing list