CSET 2013 - Workshop on Cybersecurity Experimentation and Test

CSET invites submissions on the science of cyber security evaluation, as well as experimentation, measurement, metrics, data, and simulations as those subjects relate to computer and network security and privacy.
The science of cyber security is challenging for a number of reasons. For example, very little data is available for research use, and little is understood about what good data would look like if it were obtained. Experiments must recreate relevant, realistic features?including human behavior?in order to be meaningful, yet identifying those features and modeling them is hard. Repeatability and measurement accuracy are essential in any scientific experiment yet hard to achieve in practice. Cyber security experiments carry significant legal and ethical risks if not properly contained and controlled, yet often require some degree of interaction with the larger world in order to be useful.
Meeting these challenges requires transformational advances, including understanding the relationship between scientific method and cyber security evaluation, advancing capabilities of underlying experimental infrastructure, and improving data usability.
Topics
Topics of interest include but are not limited to:
Science of cyber security, e.g., experiences with and discussions of experimental methodologies
Measurement and metrics, e.g., what are useful or valid metrics, particularly when human behavior and perception (such as privacy) are considered? how do we know? how does measurement interact with (or interfere with) evaluation?
Ethics of cyber security research, e.g., experiences balancing stakeholder considerations, frameworks for evaluating the ethics of cyber security experiments
Alternative approaches to cyber security research, e.g., the application of methodologies from the social sciences (where observational experiments involving human behaviors are often used) to advance our understanding of cyber security phenomena
Data sets, e.g., what makes good data sets? how do we know? how do we compare data sets? how do we collect new ones or generate derived ones? how do they hold up over time? how well do red teaming or capture-the-flag exercises generate data sets?
Simulations and emulations, e.g., what makes good ones? how do they scale (up or down)?
Testbeds and experimental infrastructure, e.g., tools, usage techniques, support for experimentation in emerging security topics (cyber-physical systems, wireless, etc.)
Experiences with cyber security education, e.g., capture-the-flag exercises, novel experimentation techniques used in education, novel ways to teach hands-on cyber security
Workshop Format
Because of the complex and open nature of the subject matter, CSET '13 is designed to be a workshop in the traditional sense. Presentations are expected to be interactive with the expectation that a substantial amount of this time may be given to questions and audience discussion. Some papers will be given their own time slot of about 45 minutes, while similarly themed papers may be grouped together for discussion. Papers and presentations should be conducive to discussion, and the audience is encouraged to participate. To ensure a productive workshop environment, attendance will be limited to 80 participants.