Atelier International Alternatif sur l'Informatique Offensive et la Sécurité – iAWACS 2010

Second International Alternative Workshop on Aggressive Computing and Security

iAWACS 2010: the Revelation Edition

“Enhancing security with the attacker’s mind – Orthodoxy and self confidence are weaknesses”

"There is no such thing as forbidden knowledge, only forbidden use of knowledge"

iAWACS 2010

ESIEA - Paris - May 7th - 9th, 2010

Thinking security can not be done without adopting a preferential mode of thought of the attacker. A system cannot be defended if we do not know how to attack it. If the theory is still an interesting approach to formalize things, the operational approach must be the ultimate goal: to talk about security is meaningless if we do not actually do security. In recent years the major security conferences in the subjects preferred to select papers according to fashion topics, conforming to something like orthodoxy and organize selection as beauty contests. As a result excellent yet unorthodox scientific papers are often rejected and sink into oblivion. The second international Alternative Workshop in Aggressive Computing and Security (iAWACS'10) goes on to focus on this vision and to allow researchers and specialists to present relevant research works, with interesting results and operational (theoretical and/or applied) in the field of security. The different points of view, away from unconventional fashion and orthodoxy are particularly welcome. The aim is also to promote discussion of ideas around these topics.

Articles submitted will be selected according to the following criteria:

• Interest and scientific/technical correctness/accuracy,
• New results,
• Operational quality

Regarding this last point, the authors should give all information and conditions for reproducibility of results they intend to present. This may include, during the selection phase by the reviewers, assessments based on challenges to the authors by the reviewers. iAWACS is not just another hackers workshop where the last exploit is disclosed. The aim of the conference is to make security concepts evolves through both the attacker's view AND a thorough formalization backed by experimental results.

The main topics covered (list not exhaustive) are:

• Cryptanalysis techniques
• Steganalysis techniques
• Malicious cryptography
• Advanced computer virology techniques (malware, backdoor...)
• Active security product analysis and testing
• Active security auditing
• Mathematical concepts and applications with respect to the attacker’s view
• Cyberwarfare techniques
• Digital data counterfeiting
• Cryptographic and steganography techniques
• Invisible trap/bacdoor techniques in algorithms and applications
• Implementation attacks
• Interception/eavesdropping techniques
• Forensics and anti-forensics techniques
• Tempest and anti-tempest techniques
• InfoOps techniques
• Satellite hijacking

Technical challenges will be organized during the conference. Attendees who want to participate must register either now or on site. For this second edition, two challenges will be organized:

• Antivirus evaluation challenge (PWN2KILL).The aim will be to bypass (and therefore practically evaluate the reality of) antivirus software protection. More details will be published later (when the list of accepted papers will be published) but challenge settings will be: Windows 7 and user mode only. The organizers reserve the right to choose freely the antivirus to be tested. A jury composed of one bailiff and journalists (from the computer technical press) will be responsible for technical control of the challenge. The jury is chosen by the organizers. Challengers working for AV companies will be not allowed to take part to the challenge for fairness purposes.
• Cryptographic challenge (The Taliban AntiHackers...reloaded).This cryptanalysis challenge aims at recovering secret information in a real context of use. More to come but interested people can refer to the first edition of the challenge we organized at Hack.Lu 2009

Workshops will also be organized (lock picking, soldering and free hacking technical session and free tutorials...). We also intend to invite hacker spaces to come and present their work, initiatives...

Important dates :

• Submission deadline: February 20^th, 2010
• Notification deadline: March 15^th, 2010
• Final manuscript submission for inclusion into the pre-proceedings: April 15^th, 2010
• Conference dates: May 7^th- 9^th, 2010

The conference proceedings will be published with ISBN by the Presses Techniques ESIEA. They will be given to registered participants after the conference and can then be bought on the conference homepage.The conference will be held at Ecole Supérieure en Informatique, Electronique et Automatique, in Paris from Friday 7th to Sunday 9th, May 2010. Each author will have 45 minutes of speaking time; each presentation will be followed by a technical discussion between speakers and attendees.

Conference registration amount to 200 euros (includes proceedings, coffee breaks, lunches, cocktail reception, social events). Students fee are 100 Euros.

Program Chair: Éric Filiol (ESIEA)

Program Co-Chair: Anthony Desnos (ESIEA)

Program Co-Co-Chair: Robert Erra (ESIEA)

Nicolas Bodin (ESIEA)

Eddy Deligne (DCNS/ESIEA)

Christophe Grenier (DCNS/ESIEA)

Mickaël Salaün (ESIEA)