Opening Speech: Malware of the future - When mathematics work for the dark side. presented at HackLu 2008

by Eric Filiol,

Summary : Computer security deals with the essential problem of the sword against shield issue. Attackers aim at defeating security enforced systems while defenders try to prevent and resist to attacks. But most of the users are mistaken since they are convinced that computer security defense aim at preventing and forbidding attacks. That is completely wrong. Computer security just must be able to detect that an attack is under way or worse has already been realized and must organize to recover from the attack, learn one's lessons for the future, waiting for the next innovation of the attackers. Unfortunately, nowadays, marketing messages claim with such a high self-assurance about the 100 % possibility to pro-activily detect any attack and to protect 100 % any system. The case of computer virology -- which will be considered throughout the talk as an illustrative case -- is probably the most symptomatic one. How many vendors claim that their product 100 % detect any malware, including the unknown ones. The consequence is that users, in the broadest sense, ar ecompletly fooled and misbehave in terms of computer security policy.
In this talk we will show that 100 % protection is a lie and that it is always possible to design attacks that are impossible to not only proactively detect and prevent but also to detect once they are under way. The use of sophisticated mathematics enable to design malware (and more generally attacks when considering computer security) that cannot be managed in due time to prevent any damage. By suitably using complexity theory and computability theory results, any detection can be defeated, especially in the context of targeted attacks, whose number is bound to increase. We will give numerous example drawn from experiments in laboratory or real cases.
The last part of the talk will stress on the critical necessity to develop an extensive research activity -- both theoretical and applied -- very quickly and especially why the proactive research in malware, including design of unknown attacks -- under a strict control -- is of the highest importance.