eicar e.V. - European Expert Group for IT-Security
Obergasse 28A
86943 Thaining, Germany

Phone: +49-(0)8194 - 99 84 99
Fax: +49-(0)8194 - 99 85 01
eicar ® is a registrated Trademark.

19th EICAR Annual Conference 2010

"ICT Security: Quo Vadis?"

ESIEA LogoThe 19th Annual EICAR Conference to be held on May 10th and May 11th 2010, with a pre-conference program on May 8th and 9th at the ESIEA Engineer School/Institute of Computer Science in Paris, France.

The conference brings together experts from industry, government, military, law enforcement, academia, research and end-users to examine and discuss new research and development in anti-virus, malware, e-security, e-forensics, Information and Communications Technology (ICT) Management and legal aspects of the information technology.

While the EICAR conference traditionally covers all aspects of malicious code and the development of "anti" measures, the conference 2010 intends to go deeper also concentrate into the usability and issues related to independent testing of Anti-Virus (Malware) products and initiate reflexions on the worrying trends and evolution of ICT security and especially with respect to anti-malware world.

The AV world -- and more widely the computer security world-- is facing since a few years big challenges. BUT contrary to partially wrong feelings those challenges are not only coming from the bad guys: usually all those ugly actors who think to be intelligent or having some sort of power by distributing malware everywhere. While all the instances (the defenders, e.g. AV vendors, governments, researchers, IT experts...) involved in fighting those stupid and malevolent guys (the attackers), the motivations has begun to diverge substantially since a few months, in such a way that it not only becomes more difficult to make the difference between defenders and attackers but also finally the result is that finally the activity of the attackers is made easier: here precisely lie the new challenges that theEICAR 2010 conference has decided to address. Hence the main theme of the event: “ICT Security – Quo Vadis?” I would be tempting to use an equivalent formula: is the AV world and the ICT world going mad? Two illustrative but worrying recent issues are militating in favour of considering this general conference theme. 

The first one refers to AV evaluation – which will be addressed at EICAR 2010 as a one of the major topics. The situation is somehow worsening making that evaluation, from an independent, technical perspective more and more difficult not only from a technical point of view but also from a legal point of view. To realise how things are evolving, anyone can read AV software licence document (the one which nobody reads in fact): you will discover very strange and worrying things. Aside the classical academic and industry papers which will be presented, the two-day preconference program will propose tutorials, student/industry sessions around the topic of AV software and AV policy evaluation. Especially, we intend to offer and promote new tools and tutorials with respect to them that everyone could use to evaluate his own AV security and policy himself. It will be the occasion to recall that the only independent way to test an AV without using any malware – a critical issue in itself – was, and still is, the EICAR test file. We will propose, especially for the industry, a tutorial on that file and on new open forthcoming tools that will be disclosed and presented during EICAR 2010. Those tools are directly inspired by the EICAR test file but go far ahead to address the new challenges and needs. So it should be a good reason to attend the conference. 

The second case is the very worrying evolution of the use of malware for so-called “investigation” and “copyright protection” purposes. A number of western countries have officially announced that malware-like technologies (e.g. Trojan horses for the most part) are now authorized to enforce the law. More worrying is the use for commercial purposes (e.g. to fight piracy). The question is: is the remedy not worse that the disease? Such issues should be addressed at the EICAR 2010 conference. BUT the main consequence of that evolution lies in the way the AV community will react and what it will decide: if AV vendors accept not to detect those malware-like technologies they are going to lose their credibility and legitimacy very quickly, making precisely the game of the bad guys. Why? Because they implicitly would accept the fact that there are such things as good and bad Trojan Horses. What is quite impossible to manage from a technical point of view, would be a nightmare from a legal/society/privacy point of view. In fact, they are just about to open the Pandora box? That is the reason why we have decided at EICAR 2010to also address these kinds of topics. The ICT world has now invaded our society and personal lives and we cannot remain blind to its evolution. 

To summarize, the rapid evolution of technologies requires the adaptation of human behaviour and in consequence leads to new needs for laws and regulations of direct relevance to the users. The EICAR conference 2010 will therefore concentrate on legal aspects and user liability.

This call for scientific/technical/ industry papers invites therefore the submission of full papers and abstracts on one or more topics devoted to malware and anti-malware technologies, which may include but are not restricted to: 

  • Malicious code and its side effects
  • Viruses and worms
  • Spyware and phishing
  • Vulnerabilities
  • Vulnerability reporting
  • e-Crime and e-Forensics
  • Cyber Terrorism
  • Legal aspects of ICT and in particular :
    • Legal liability for security flaws in Europe.
    • Enforcement of IT-Security.
    • Differences of legal regimes and their impact on IT-security.
    • Technical versus legal governance of IT-security.
    • The human factor in IT-security and its control by law.
    • International security threats and national legal regimes.
    • Legal, Privacy and Social Issues of ICT Security.
    • National-, European- and international law.
    • Ethical, moral and political issues on writing/developing and using malicious code.
    • Ethical, moral and political issues on malware detection limitations
    • Legal aspects of security product evaluation and testing
  • Identity Management
  • ICT Security and Policy Management
  • Intrusion Detection and Prevention
  • Emerging technologies (WiFi, RFID, biometrics.) with respect to malware.
  • User awareness and education
  • Malicious cryptography and steganography
  • User awareness and education
  • AV evaluation and testing
    • New methods/new tools
    • Secure evaluation/testing methodologies (e.g. not requiring to use malware)
    • Theoretical foundations of antivirus and evaluation.

Conference Program Committee

The following, provisional list of distinguished researchers and/or practitioners (listed alphabetically) have confirmed their membership of the conference program committee to date:

Fred Arbogast CSRRT - LU - Luxembourg
Dr. John Aycock University of Calgary, Canada
David Bénichou Investigation judge, Department of Justice, France
Dr. Vlasti Broucek University of Tasmania, Australia
Andreas Clementi AV-Comparatives e.V., Germany
Professor Hervé Debar Telecom Sud Paris, France
Dr. . Werner Degenhardt LMU Universität München, Germany
Professor Eric Filiol (Program Chair) ESAT/ESIEA, France
Professor Richard Ford Florida Institute of Technology, USA
Professor Nikolaus Forgo Leibniz University Hannover, Germany
Professor Steven Furnell University of Plymouth, UK
Dr Sarah Gordon
Professor William (Bill) Hafner Nova Southeastern University, USA
Dr Marko Helenius Tampere University, Finland
Dr Andy Jones Britisch Telecom, UK
Dr. Sylvia Kierkegaard President of International Association of IT Lawyers, Denmark
Dr. Cédric Lauradoux Inria Grenoble, France
Dr. Ferenc Leitold Veszprog Ltd, Hungary
Professor Grant Malcolm University of Liverpool, UK
Professor Yves Poullet University Notre-Dame, Namur, Belgium
Professor Gerald Quirchmayr University of Vienna, Austria
Dr. Frédéric Raynal Sogeti/Security Labs, France
Sebastian Rohr Accessec gmbh, Germany
Professor Paul Turner University of Tasmania, Australia
Professor Andrew Walenstein University of Louisiana, USA
Dr. Stefano Zanero Politecnico di Milano, Italy
realized by trivent media & design
© 1998-2017 · EICAR - European Institute for Computer Anti-Virus Research e.V.