FORWARD -- Second Workshop Report
Rapport, 2009

This deliverable summarizes the activity of the second FORWARDworkshop. This workshop constituted the end of the second phase of the project. The aim of this second phase was to establish a number of working groups; each working group had to identify a number of emerging threats in their respective areas (malware and fraud, smart environments, and critical systems). These threats were summarized in three threat reports (Deliverable D2.1.x), one per working group. The goal of the second workshop was to checkpoint and critically review the work that has been done in the working groups, in particular, the threat reports. More precisely, each working group should present their threats to a larger audience comprised of experts. In discussions and presentations, we wanted to make sure that the lists of threats are comprehensive – that is, each working group has identified all major threats in their respective areas. Moreover, we wanted to use the workshop to establish an initial ranking for the threats presented by each working group. Clearly, at one point, it is necessary to prioritize threats and focus the attention on those that present the largest threat potential to ICT infrastructures and the society at large. Of course, the assessment of the danger that each threat poses, as well as an analysis of inter-dependencies among threats, is a focus of the third project phase (which is to be completed by the end of the year). However, we attempted to leverage the presence of a large amount of domain experts to obtain an initial ranking that would combine and reflect the viewpoints of a large audience. For the second workshop, we decided to invite a number of selected speakers that would give presentations at the beginning of the workshop on the first day and later during the second day. The talks set a framework in which the detailed technical discussions about the individual threat reports could take place. For these discussions, the attendees would first break into working group sessions to perform the necessary review of the threats that each group had defined. Then, in a next step, the outcome of each discussion was presented to the audience at large. This twostep process served two purposes. First, in the actual discussion sessions, we had less people involved. Thismade the discussion process manageable and interactive. In the second step, we presented our findings in a succinct fashion to the whole audience. This allowed everybody who participated in the first discussion round to ensure that their opinions were correctly reflected. In addition, it allowed people that were present in other working group discussions to see what other groups did, and to provide feedback. According to Annex 1, a total of 60 attendees was considered to be the threshold for a successful workshop. This threshold was significantly exceeded, with a total of 103 attendees. This clearly demonstrates the significant interest and participation to the FORWARD working groups and workshops. Moreover, nonacademic participation remains to be strong. 39 attendees (37.8% of the participants) came from industry or policy-making institutions. In this document, we first summarize the three working group discussions that were held during the two-day workshop. In addition to the discussion sessions, a total of 11 talks were given in the form of plenary talks and keynotes. Moreover, we had 7 five-minute work-in-progress talks. These talks are summarized in the subsequent chapter. Finally, we discuss the conclusions that the consortium has drawn from the workshop, and we briefly outline the future actions that we plan to take in the subsequent, third phase of the project.


dependable and trusted Infrastructures


Christoffer Kruegel

Magnus Almgren

Chalmers, Data- och informationsteknik, Nätverk och system

Herbert Bos

Kiril Dimitrov

Edita Djambazova

Sotiris Ioannidis

Erland Jonsson

Chalmers, Data- och informationsteknik, Nätverk och system

Engin Kirda

Evangelos Markatos


Data- och informationsvetenskap