Proceedings of the 2012 Workshop on Learning from Authoritative Security Experiment Results

Welcome to the 2012 Workshop on Learning from Authoritative Security Experiment Results. Conferences and journals usually contain papers that report successful experiments extending our knowledge of science, or assessing whether an engineering project has performed as anticipated. Equally important to science, though, are those experiments that do not produce the expected results. These experiments may provide clues to results that are even more significant than the original experimenter intended. Although unanticipated, this research is useful. Experiments with a well-reasoned hypothesis, a rigorous experimental methodology for testing that hypothesis, and results that disprove or fail to prove the hypothesis, are useful whether the hypothesis is disproved or not. Others must be able to follow the methodology and reproduce the results. They can then vary the methods and change the hypothesis, using the original experiment as a starting point. The ability to reproduce the results of earlier work is central to placing security on a scientific footing. Reproducibility enables the scientific community to validate work, or to uncover errors or problems with it. Indeed, failure to reproduce the results leads to a deeper understanding of the phenomena that the earlier work uncovers. This workshop provides a venue to make these unanticipated results visible to the community by publishing results of properly conducted experimental cybersecurity research. This will encourage people to share not only what works, but also what doesn't work. Given the increased importance of computer security, the security community needs to quickly identify and learn from both success and failure. This is the primary goal of LASER 2012.