The Learning from Authoritative Security Experiment Results (LASER)
2017 Workshop will be held October 18-19, 2017 at SRI International's
offices in Arlington, VA.

Call for Papers

The LASER Workshop invites papers that seek to improve experimental
methods in the field of cybersecurity. The goal of this workshop is to
improve the rigor and quality of security experimentation by providing
a venue where cybersecurity researchers can discuss experimental
methods and present research that exemplifies sound scientific

This year we particularly encourage papers in three areas:

    Well-designed security experiments, with positive or negative results.
    Experimental techniques that help address common sources of error.
    Replications (successful or failed) of previously published experiments.

Well-done security experiments, aside from the immediate value
provided by the result of the experiment, can serve as methodological
examples for future work. We therefore invite submissions reporting on
the results of carefully designed and executed studies. Reviewers will
be advised to judge the work of the quality of the design and how well
that design was carried out rather than whether the result validates
the original hypothesis. In other words, both positive and negative
results will be accepted, provided the methodology is sound.

LASER also solicits papers that give new insights into common sources
of error in security experiments. Awareness of common pitfalls allows
researchers to avoid them, and to notice them in others' work during
peer review. In machine learning, for example, it is well known that
testing an algorithm on the same data that was used for training will
result in overfitting and give an inflated view of the algorithm's
performance. What sorts of mistakes in cybersecurity experimentation
can lead us astray?

Finally, replications of prior work are an essential part of the
scientific process: all experimentation has some natural level of
error, and replication helps validate the soundness of existing work
and provide a deeper understanding of the conditions under which
published results hold. Replications of important security results are
therefore a natural fit for LASER. In order to ensure fairness, we ask
that submissions that fail to replicate prior work include a
discussion of the authors' efforts to contact the authors of the
original study and reconcile the differences.

Papers that include an analysis of a data set are encouraged to make
said data available, as well as any analysis code. This helps ensure
that work presented at LASER will can be meaningfully checked and
reproduced by other researchers.

Well-written papers on these topics, as well as any others consistent
with the workshop's goals of advancing the state of the art in
cybersecurity experimentation, will be presented at the workshop and
included in the proceedings.

Paper Format

Submissions may be 6-10 pages long including tables, figures, and
references. Short papers of up 3-6 pages long are also welcome. Papers
should be submitted via HotCRP. Submissions must be in PDF format
using USENIX conference paper formatting guidelines. Reviewing will be
double-blind, so authors should anonymize their papers and remove
obvious self-references.

Authors are encouraged to use the “structured abstract” format
(described below). Structured abstracts help make different
submissions comparable, and allow readers to quickly understand the
overall structure, methods, and conclusions of a study. A structured
abstract should contain concise statements, presented in a consistent
structure to help quickly facilitate an understanding of the
study. Essential elements of structured abstracts are: background,
aim, method, results, and conclusions:

Background. State the background and context of the work described in the paper.

Aim. State the research question, objective, or purpose of the work in
the paper.

Method. Briefly summarize the method used to conduct the research,
including subjects, procedures, data, and analytical methods.

Results. State the outcome of the research using measures appropriate
for the study conducted.

Conclusions. State the surprises, lessons learned as a result of the
study, and recommendations for future work.

Submission site:

Workshop Format

Because of the complex and open nature of the experimental methods,
LASER is designed to be a workshop in the traditional
sense. Presentations are expected to be interactive with the
expectation that a substantial amount of this time may be given to
questions and audience discussion, rather than pure
presentation. Papers and presentations should be conducive to
discussion, and the audience is encouraged to participate. To promote
a high level of interaction, attendance is limited. First preference
is given to participating authors. Additional seats are available on a
first-come first-served basis.

Additionally, a pre-workshop version of the paper will be distributed
to attendees. However, authors are encouraged to incorporate comments
from the discussions at the workshop into final, camera-ready versions
of their paper, to be published publicly by USENIX. Camera-ready paper
versions are not due until approximately one month after the workshop.

Student Scholarships

LASER also seeks to foster learning in experimental methods for the
next generation of computer security researchers. As such, LASER
offers a limited number of student scholarships for participation.

Important Dates

Paper Submissions Due: July 15, 2017 (Firm date: there will be NO Extensions)

Paper Decisions to Authors: September 1, 2017

Pre-Workshop Papers Due: September 29, 2017

Final Papers Due: November 22, 2017

If you have questions or comments about LASER, or if you would like
additional information about the workshop, contact us at: