Call for Papers

2014 LASER Workshop - Learning from Authoritative Security Experiment Results

Arlington, Virginia - October 15-16, 2014

Paper submissions due June 30, 2014

The LASER workshop invites papers that strive to exemplify the
practice of science in cyber security. The goal of this series of
workshops, now in its third year, is to address the practice of good
science. We encourage participants who want to help others improve
their practice and participants who want to improve their own
practice. LASER welcomes papers that are:

- Exemplars of the practice of science in cyber security.
- Promising works-in-progress that would benefit from expert feedback.

LASER seeks to foster a dramatic change in the paradigm of cyber
security research and experimentation. Participants will find LASER to
be a constructive and highly interactive venue featuring informal
paper presentations and extended discussions. To promote a high level
of interaction, attendance is anticipated to be limited to about 40
people. However, to support a high level of student participation,
this limit may be increased.

Please send all questions to

(Hitchens' razor) What can be asserted without evidence can 
be dismissed without evidence.  -- Christopher Hitchens.

Workshop Goals

While everyone has a notion of what science is -- *sound* science is
neither widely nor well-practiced. The goal of this forum is to help
the community change that.

To effect such change, we need to be specific about what constitutes
*sound* science, and about what it means to practice it.  "Science" is
the process of linking facts and fact-based theory, across
disciplines, to create a common framework of understanding. Such
frameworks can be informed by both positive and negative
results. While the scientific process clearly includes both theory and
practice (where practice is usually in the form of experimentation),
LASER's primary focus is on experimentation. There are three essential
issues, each of which will play a critical role in determining the
suitability of papers submitted:

(1) Is it science?  How persuasive is the author's (possibly implicit)
claim that the work is scientific, i.e., that it links theory and
practice (via experimentation)?  What is the theory and how does the
experiment inform it, or vice versa, what is the experiment, and how
is it informed by theory?

(2) Is it well executed?  A paper or project can have a decidedly
scientific bent, as previously defined, and yet be poorly
executed. Good (experimental) scientific execution includes: a clear
statement of a research question with an explicit claim or hypothesis
or problem being solved; an experimental study type or design suited
to addressing that research question (e.g., observational, random
controlled trial, etc.); adequate sample size; proper statistical
analysis; freedom from confounds; sound methodology; rigorous
collection of data (where appropriate); a reproducible experiment; and
sensible, justifiable conclusions that are well supported by
experimental evidence.

(3) Is it well reported?  Any scientifically sound experiment is of
little use if it is not properly and thoroughly reported.  A good
report/paper includes at least a structured abstract (details below);
introduction and background; related work; problem being solved and/or
hypothesis being tested; experimental methods (where appropriate,
methods include apparatus and instrumentation, materials,
subjects/objects of study, instructions to subjects, design,
procedure); data; analysis; results; discussion; and conclusion.

Referees will be asked to judge the merits of papers regarding the following:

- Is the title appropriate for the work described?
- Is there a structured abstract?
- Does the paper contain all of the sections you would expect
  (Introduction, Related work, Theory, Methods, Analysis, etc.)?
- Is there a clear statement of the problem being solved or the
  hypothesis being tested or the research question being asked?
- Does the author do a good job of synthesizing the literature?
- Is the experimental work reproducible?
- Is the methodology clearly explained (including details noted
  above)?  A complete methodology bears on reproducibility.
- Is the paper well-organized?
- Are the sections well-developed?
- Does the author answer the questions s/he sets out to answer?
- Does this science represent a meaningful contribution to the literature?
- Does the theory connect to the data?
- Is the paper well-written and easy to understand?
- Are you convinced by the author's results? Why or why not?

Referees are instructed to base their judgments on the scientific
merits of the papers, consistent with the goals of the workshop.

The best papers meeting the above criteria will be accepted for
presentation and publication. Papers falling modestly short of these
criteria will be accepted for a works-in-progress embedded workshop
and tutorial on executing and reporting good science. Please note that
all guidelines in this Call for Papers apply equally to papers in
plenary and works-in-progress sessions.

	Quod gratis asseritur, gratis negatur.
	"What is asserted without reason may be denied without reason."

Embedded Works-in-Progress Workshop

To help authors improve the scientific soundness of their research in
the interest of their submitting papers in the future, to LASER or to
other venues, there will be experienced senior researchers that will
interact with the presenter as well as the audience to contribute
constructive feedback on how to make the work more rigorous and more
scientifically sound.

Travel Scholarships
Travel support is available in modest amounts for students in need.

The LASER workshop is funded in part by NSF Grant #1143766 and by the
Applied Computer Security Associates (ACSA).

Important Dates

June 30             Papers due
August 25           Authors notified of accepted/rejected full papers
September 22        Pre-conference versions of full papers due
October 15-16       2014 LASER Workshop
November 17         Post-conference versions of full papers due

Submission and Review Process

Papers including structured abstract are solicited (see guidelines
below). Papers follow a typical pattern of submission, review,
notification, pre-conference version, conference presentation, and
final post-conference version.

All papers must be submitted via OpenConf:

At least one author from every accepted paper must attend the workshop
and present the paper.

See for full and up-to-date details on
the workshop. Please direct all questions to

Paper Guidelines

- Submissions should be 6-10 pages, inclusive of tables, figures, and
- All pages must be numbered.
- Papers must be submitted in PDF format. Do NOT submit files in Word,
  WordPerfect, LaTeX or other word processing format.
- Pages should fit on USA-style 8.5x11 inch paper. All text and
  figures must fit a text block 6.5" wide x 9" deep.
- All text must be 10 point type on 12 point (single-spaced) leading,
  two-column format, and Times Roman or a similar font for the body of
  the paper.
- Figures and tables should be legible when printed, without requiring
- If using Microsoft Word or LaTeX, use the appropriate USENIX
  template and sample first pages (two-column format) from the USENIX
  templates page:

Structured-Abstract Guidelines

Every paper should start with a structured abstract of roughly 150-350
words. The abstract should contain concise statements that tell the
whole story of the study, presented in a consistent structure that
facilitates quick assessment as to whether or not the paper may meet
the reader's needs and warrant reading the full paper. Essential
elements of structured abstracts are background, aim, method, results,
and conclusions:

- Background. State the background and context of the work described
  in the paper.
- Aim. State the research question, objective, or purpose of the work
  in the paper.
- Method. Briefly summarize the method used to conduct the research,
  including the subjects, procedure, data, and analytical method.
- Results. State the outcome of the research using measures
  appropriate for the study conducted. Results are essentially the
- Conclusions. State the lessons learned as a result of the study and
  recommendations for future work. The conclusions are the "so what"
  of the study.

By using this format for an abstract, the author has a good structure
not only for his or her paper but also for creating slides to present
the work.

Here is an example abstract from the citation below (140 words) of a
LASER 2012 paper:

Kevin S. Killourhy and Roy A. Maxion. 2012. Free vs. transcribed text
for keystroke-dynamics evaluations. In Proc. of the 2012 Workshop on
Learning from Authoritative Security Experiment Results (LASER
'12). ACM, New York, NY, USA, 1-8.

- Background. One revolutionary application of keystroke dynamics is
  continuous re-authentication: confirming a typist's identity during
  normal computer usage without interrupting the user.

- Aim. In laboratory evaluations, subjects are typically given
  transcription tasks rather than free composition (e.g., copying
  rather than composing text), because transcription is easier for
  subjects. This work establishes whether free and transcribed text
  produce equivalent evaluation results.

- Method. Twenty subjects completed comparable transcription and
  free-composition tasks; two keystroke-dynamics classifiers were
  implemented; each classifier was evaluated using both the
  free-composition and transcription samples.

- Results. Transcription hold and keydown-keydown times are 2-3
  milliseconds slower than free-text features; tests showed these
  effects to be significant. However, these effects did not
  significantly change evaluation results.

- Conclusions. The additional difficulty of collecting freely composed
  text from subjects seems unnecessary; researchers are encouraged to
  continue using transcription tasks.

Organizing Committee:

Laura Tinnel (SRI International), General Chair
Tiffany Frazier (Apogee Research), Program Co-Chair
Roy Maxion (CMU), Program Co-Chair
David Balenson (SRI International), Treasurer/Local Arrangements
Sean Peisert (UC Davis, Lawrence Berkeley National Lab), Publicity
Kevin Butler (University of Oregon), Publications
Nathanial Husted (Indiana University), Broadcasting/Video
Carrie Gates (Dell), Advisor
Greg Shannon (CMU/CERT), Advisor

Preliminary Program Committee:

Tiffany Frazier (Apogee Research), Co-Chair
Roy Maxion (CMU), Co-Chair
David Balenson (SRI International)
Matt Bishop (UC Davis)
Sadie Creese (Oxford University)
Richard Ford (Florida Institute of Technology)
Evan Fortunato (Apogee Research)
Greg Frazier (Apogee Research)
Frank Greitzer (PsyberAnalytix)
Shing-hon Lau (CMU)
Tom Longstaff (NSA)
John McHugh (UNC)
Aad van Moorsel (Newcastle University)
Sean Peisert (UC Davis, Lawrence Berkeley National Lab)
Angela Sasse (University College London)
Kymie Tan (JPL)
Laura Tinnel (SRI International)