Section: Application Domains
The theoretical track.
It is rightful to wonder why there are only a few fundamental studies on computer viruses while it is one of the important ﬂaws in software engineering. The lack of theoretical studies explains maybe the weakness in the anticipation of computer diseases and the difﬁculty to improve defenses. For these reasons, we do think that it is worth exploring fundamental aspects, and in particular self-reproducing behaviors.
The virus detection track
The crucial question is how to detect viruses or self-replicating malwares. Cohen demonstrated that this question is undecidable. The anti-virus heuristics are based on two methods. The ﬁrst one consists in searching for virus signatures. A signature is a regular expression, which identiﬁes a family of viruses. There are obvious defects. For example, an unknown virus will not be detected, like ones related to a 0-day exploit. We strongly suggest to have a look at the independent audit  in order to understand the limits of this method. The second one consists in analysing the behavior of a program by monitoring it. Following  , this kind of methods is not yet really implemented. Moreover, the large number of false-positive implies this is barely usable. To end this short survey, intrusion detection encompasses virus detection. However, unlike computer virology, which has a solid scientiﬁc foundation as we have seen, the IDS notion of “malwares” with respect to some security policy is not well deﬁned. The interested reader may consult  .
The virus protection track
The aim is to deﬁne security policies in order to prevent malware propagation. For this, we need (i) to deﬁne what is a computer in different programming languages and setting, (ii) to take into consideration resources like time and space. We think that formal methods like rewriting, type theory, logic, or formal languages, should help to deﬁne the notion of a formal immune system, which deﬁnes a certiﬁed protection.
The experimentation track
This study on computer virology leads us to propose and construct a “high security lab” in which experiments can be done in respect with the French law.