Second International Alternative Workshop on Aggressive Computing and Security
The no-limit workshop
- * -
iAWACS 2010: the Revelation Edition
- * -
“Enhancing security with the attacker’s mind – Orthodoxy and self confidence are weaknesses”
"There is no such thing as forbidden knowledge, only forbidden use of knowledge"
iAWACS 2010
ESIEA - Paris - May 7th - 9th, 2010
Slides :
Eric Filiol (ESIEA - France) : Welcome to iAWACS 2010
Damien Aumaître (Sogeti - France) – Christophe Devine (Sogeti – France) : Real-world physical attacks and countermeasures
Alan Zaccardelle (Dimension Data – France) : sAVEX a new way to bypass Antivirus protection
Jean-Marc Manach (BlogBrother) : Counter-intelligence techniques to the use of honest people
Jean-Paul Fizaine (ESIEA – France) – Jonathan Dechaux (ESIEA – France) : Returning trust against user
David Baptiste (ESIEA Laval - France) : Do you still believe that nobody can make a Win 7 system become useless despite using a “powerful” antivirus ?
Zdenek Breitenbacher (AVG Technologies – Czech Republic) : Algorithm of computing entropy map as a new method of malware detection
Eric Filiol (ESIEA - France) - Geoffroy Gueguen (Universite de Rennes/ESIEA – France) : New Threat Grammars
Eddy Deligne (DCNS – Toulon/ESIEA – France) - Eric Filiol (ESIEA – France) : The Perseus lib: Open Source Library for TRANSEC and COMSEC Security
Xavier Carcelle (/tmp/lab) : Crashcourse: Securing a PLC Network
PWN2KILL DEBRIEF :
Eric Filiol (ESIEA - France) : Debriefing
David Baptiste (ESIEA - France) : Attack #1
Alan Zaccardelle (Dimension Data – France) : Attack #2
Frederic Bertrand Francois-Xavier Bru (MS SSI, Telecom Bretagne & Supelec) : Attack #3
Jonathan Dechaux, Jean-Paul Fizaine, Kanza Jaafar, Romain Griveaux (ESIEA - France) : Attack #4
Francois Dechelle : Attack #5 (Page 7)
Guillaume FAHRNER (LEXSI) : Attack #6
Samir Megueddem & Anthony Desnos (ESIEA - France) : Attack #7
- NEW CONFERENCE Counter-intelligence techniques to the use of honest people : Jean-Marc Manach (BugBrother).
- NEW AND VERY IMPORTANT FAX NUMBER : (+33 243 594 602) .
- NEW AND IMPORTANT For calendar reasons and following many whishes, the dates of iAWACS 2010 have changed and are right before EICAR 2010 (see the Eicar conference website). The program of iAWACS 2010 is now available here. The registration form can be found here. Registration fee have been reduced (150 euros for regular fee and 80 euros for students - 200 euros for registration on site). Be aware that the number of attendants is intentionally limited to 110 people. Registration are delivered on first come - first served basis.
- NEW: The list of accepted papers is now available here.
- You want to take part to the second antivirus attack challenge (PWN2KILL) which will be organized during the iAWACS 2010 conference? Fill in and send the form here.
- Rules of the second antivirus attack challenge (PWN2KILL) which will be organized during the iAWACS 2010 conference are here (pdf, txt).
Thinking security can not be done without adopting a preferential mode of thought of the attacker. A system cannot be defended if we do not know how to attack it. If the theory is still an interesting approach to formalize things, the operational approach must be the ultimate goal: to talk about security is meaningless if we do not actually do security. In recent years the major security conferences in the subjects preferred to select papers according to fashion topics, conforming to something like orthodoxy and organize selection as beauty contests. As a result excellent yet unorthodox scientific papers are often rejected and sink into oblivion. The second international Alternative Workshop in Aggressive Computing and Security (iAWACS'10) goes on to focus on this vision and to allow researchers and specialists to present relevant research works, with interesting results and operational (theoretical and/or applied) in the field of security. The different points of view, away from unconventional fashion and orthodoxy are particularly welcome. The aim is also to promote discussion of ideas around these topics.
Articles submitted will be selected according to the following criteria:
- Interest and scientific/technical correctness/accuracy,
- New results,
- Operational quality
Regarding this last point, the authors should give all information and conditions for reproducibility of results they intend to present. This may include, during the selection phase by the reviewers, assessments based on challenges to the authors by the reviewers. iAWACS is not just another hackers workshop where the last exploit is disclosed. The aim of the conference is to make security concepts evolves through both the attacker's view AND a thorough formalization backed by experimental results.
The main topics covered (list not exhaustive) are:
- Cryptanalysis techniques
- Steganalysis techniques
- Malicious cryptography
- Advanced computer virology techniques (malware, backdoor...)
- Active security product analysis and testing
- Active security auditing
- Mathematical concepts and applications with respect to the attacker’s view
- Cyberwarfare techniques
- Digital data counterfeiting
- Cryptographic and steganography techniques
- Invisible trap/bacdoor techniques in algorithms and applications
- Implementation attacks
- Interception/eavesdropping techniques
- Forensics and anti-forensics techniques
- Tempest and anti-tempest techniques
- InfoOps techniques
- Satellite hijacking
Articles should be submitted in electronic format, preferably in LaTeX format, in English. Submissions of Word/OOwriter documents are accepted. The address for submission is iawacs@esiea.fr Submissions under hidden identities or aliases are not allowed.
Technical challenges will be organized during the conference. Attendees who want to
participate must register either now or on site. For this second edition, two challenges
will be organized:
- Antivirus evaluation challenge (PWN2KILL). The aim will be to bypass (and therefore practically evaluate the reality of) antivirus software protection. More details will be published later (when the list of accepted papers will be published) but challenge settings will be: Windows 7 and user mode only. The organizers reserve the right to choose freely the antivirus to be tested. A jury composed of one bailiff and journalists (from the computer technical press) will be responsible for technical control of the challenge. The jury is chosen by the organizers. Challengers working for AV companies will be not allowed to take part to the challenge for fairness purposes.
- Cryptographic challenge (The Taliban AntiHackers...reloaded). This cryptanalysis challenge aims at recovering secret information in a real context of use. More to come but interested people can refer to the first edition of the challenge we organized at Hack.Lu 2009 http://2009.hack.lu/index.php/CryptoChallenge
Workshops will also be organized (lock picking, soldering and free hacking technical session and free tutorials...). We also intend to invite hacker spaces to come and present their work, initiatives...
Important dates :
- Submission deadline: February 20th, 2010
- Notification deadline: March 15th, 2010
- Final manuscript submission for inclusion into the pre-proceedings: April 15th, 2010
- Conference dates: May 7th - 9th, 2010
The conference proceedings will be published with ISBN by the Presses Techniques ESIEA. They will be given to registered participants after the conference and can then be bought on the conference homepage.The conference will be held at Ecole Supérieure en Informatique, Electronique et Automatique, in Paris from Friday 7th to Sunday 9th, May 2010. Each author will have 45 minutes of speaking time; each presentation will be followed by a technical discussion between speakers and attendees.
Conference registration amount to 200 euros (includes proceedings, coffee breaks, lunches, cocktail reception, social events). Students fee are 100 Euros.
Program Chair: Éric Filiol (ESIEA)Program Co-Chair: Anthony Desnos (ESIEA)
Program Co-Co-Chair: Robert Erra (ESIEA)
Nicolas Bodin (ESIEA)
Eddy Deligne (DCNS/ESIEA)
Christophe Grenier (DCNS/ESIEA)
Mickaël Salaün (ESIEA)
Contacts :