Overview
The focus of CSET is on the science of cyber security evaluation, as well as experimentation, measurement, metrics, data, and simulations as those subjects relate to computer and network security. The science of cyber security is challenging for a number of reasons:

*Data: There is an absence of data usable by the community. Moreover, there is no clear understanding of what good data would look like if it was obtained, and how the value of data changes over time.

*Realism: Experiments must faithfully recreate the relevant features of the phenomena they investigate in order to obtain correct results, yet data about threats and the Internet landscape is sparse, modeling humans is hard, and issues of scaling (up or down) are not well understood. Hence careful reasoning about "realism" is required.

*Rigor: Repeatability and correctness must be ensured in any scientific experimentation. These can be extremely hard to achieve.

*Risk: Cyber security experiments naturally carry significant risk if not properly contained and controlled. At the same time, these experiments may well require some degree of interaction with the larger world to be useful.

Meeting these challenges requires transformational advance in understanding of the relationship between scientific method and cyber security evaluation, as well as transformational advance in capability of the underlying resources and infrastructure and usability of the data. The 4th Workshop on Cyber Security Experimentation and Test (CSET '11) invites submissions on the science, design, architecture, construction, operation, and use of cyber security data and experiments.

Topics
Topics of interest include but are not limited to:
Science of cyber security, e.g., experiences with and discussions of experimental methodologies
Measurement and metrics, e.g., what are useful or valid metrics? how do we know? how does measurement interact with (or interfere with) evaluation?
Data sets, e.g., what makes good data sets? how do we know? how do we compare data sets? how do we generate new ones? how do they hold up over time? how well do teaming or capture-the-flag exercises generate data sets?
Simulations and emulations, e.g., what makes good ones? how do they scale (up or down)?
Testbeds and experimental infrastructure, e.g., usage techniques, support for experimentation in emerging security topics (cyber-physical systems and wireless)
Experiences with cyber security education, e.g., capture-the-flag exercises, novel experimentation techniques used in education, novel ways to teach hands-on cyber security

Workshop Format
Because of the complex and open nature of the subject matter, CSET '11 is designed to be a workshop in the traditional sense. Presentations are expected to be interactive, 45 minutes long, with the expectation that a substantial amount of this time may be given to questions and audience discussion. Similarly themed papers and extended abstracts may be grouped together for discussion. Papers and presentations should be conducive to discussion, and the audience is encouraged to participate. To ensure a productive workshop environment, attendance will be limited to 80 participants.