La sécurité hydrique dans les pays arabes

S’approvisionner en eau, élément fondamental de la perpétuation de l'espèce humaine et de son développement, a constitué une des principales préoccupations de l'homme tout au long de l'histoire, comme en témoigne la présence de vestiges de regroupements humains en bordure des fleuves et à proximité des sources d'eau douce : la survie et le développement des sociétés étaient liés pour une large part à la capacité et à la permanence de ces sources. Avec la croissance, démographique et l'augment..

A service dependency modeling framework for policy-based response enforcement

International audienceThe use of dynamic access control policies for threat response adapts local response decisions to high level system constraints. However, security policies are often carefully tightened during system design-time, and the large number of service dependencies in a system architecture makes their dynamic adaptation di±cult. The enforcement of a single re- sponse rule requires performing multiple con¯guration changes on multi- ple services. This paper formally describes a Service Dependency Frame- work (SDF) in order to assist the response process in selecting the pol- icy enforcement points (PEPs) capable of applying a dynamic response rule. It automatically derives elementary access rules from the generic access control, either allowed or denied by the dynamic response pol- icy, so they can be locally managed by local PEPs. SDF introduces a requires/provides model of service dependencies. It models the service architecture in a modular way, and thus provides both extensibility and reusability of model components. SDF is de¯ned using the Architecture Analysis and Design Language, which provides formal concepts for mod- eling system architectures. This paper presents a systematic treatment of the dependency model which aims to apply policy rules while minimizing con¯guration changes and reducing resource consumption

Politiques de réaction et contrmesures : Gestion des dépendances de services et les impacts d'intrusions et des réactions

Nowadays, intrusion response is challenged by both attack sophistication and the complexity of target systems. In fact, Internet currently provides an exceptional facility to share resources and exploits between novice and skilled attackers. As a matter of fact, simply detecting or locally responding against attacks has proven to be insufficient. On the other hand, in order to keep pace with the growing need for more interactive and dynamic services, information systems are getting increasingly dependent upon modular and interdependent service architectures. In consequence, intrusions and responses often have drastic effects as their impacts spread through service dependencies. We argue in this thesis that service dependencies have multiple security implications. In the context of intrusion response, service dependencies can be used to find the proper enforcement points which are capable to support a specific response strategy. They can be also used in order to compute the impact of such responses in order to select the least costly response. In a first attempt to realize the thesis objectives, we explore graph-based service dependency models. We implement intrusion and response impacts as security flows that propagate within a directed graph. We introduce countermeasures as transformations to the dependency graph, and which have direct implications on the impact flows triggered by an intrusion. In a second step, we replace the analytic graph-based approach with a simulation-based approach using colored Petri nets. We develop for this purpose a new service dependency model that outperforms the initial graph-based models. It represents access permissions that apply to service dependencies. Attacker permissions are also implemented in this model by interfacing with attack graphs. We develop a simulation platform that tracks the propagation of intrusion impacts, response impacts, and the combined impacts for intrusion and response. We define a new response index, the return on response investment (RORI), that we evaluate for each response candidate with the aim to select the one that provides a maximal positive RORI index.RENNES1-BU Sciences Philo (352382102) / SudocCESSON SEVIGNE-Télécom Breta (350512301) / SudocSudocFranceF

Cooperative and smart attacks detection systems in 6G-enabled Internet of Things

International audienceThe Sixth Generation (6G) of mobile networks offers the promise of a global interconnected system, serving a large set of applications across multiple fields such as satellite, air, ground, and underwater networks. It will evolve towards a unified network compute fabric that facilitates convergence across ecosystems, fostering design and innovation of new Internet of Things (IoT) applications and services, further leading to an exponential growth of IoT use cases in the post-6G era. This profound evolution will also contribute to further evolving the threat landscape, adding new threat actors, and leading to a new set of cyber security challenges. This paper reviews 6G applications and analyzes their evolved security challenges and existing solutions, covering both the network, application and data layers. It introduces a new concept to security monitoring and attack detection in 6G-enabled IoT systems, leveraging on hierarchical and collaborative approaches, while also satisfying the main 6G's Key Performance Indicators (KPIs) such as trustworthiness, latency, connectivity, data rate and energy consumption. The proposed solution implements a multi-level Federated Learning (FL) approach between IoT devices and edge computing applications. As compared to current centralized security monitoring and detection solutions, it better conciliates between the attack detection accuracy and the network overhead for implementing this model. We demonstrate the use of the proposed solution through an example scenario involving an Internet of Vehicles that communicate over a 6G network

A service dependency model for cost-sensitive intrusion response

International audienceRecent advances in intrusion detection and prevention have brought promising solutions to enhance IT security. Despite these efforts, the battle with cyber attackers has reached a deadlock. While attackers always try to unveil new vulnerabilities, security experts are bounded to keep their softwares compliant with the latest updates. Intrusion response systems are thus relegated to a second rank because no one trusts them to modify system configuration during runtime. Current response cost evaluation techniques do not cover all impact aspects, favoring availability over confidentiality and integrity. They do not profit from the findings in intrusion prevention which led to powerful models including vulnerability graphs, exploit graphs, etc. This paper bridges the gap between these models and service dependency models that are used for response evaluation. It proposes a new service dependency representation that enables intrusion and response impact evaluation. The outcome is a service dependency model and a complete methodology to use this model in order to evaluate intrusion and response costs. The latter covers response collateral damages and positive response effects as they reduce intrusion costs

Automated classification of C&C connections through malware URL clustering

International audienceWe present WebVisor, an automated tool to derive patterns from malware Command and Control (C&C) server connections. From collective network communications stored on a large-scale malware dataset, WebVisor establishes the underlying patterns among samples of the same malware families (e.g., families in terms of development tools). WebVisor focuses on C&C channels based on the Hypertext Transfer Protocol (HTTP). First, it builds clusters based on the statistical features of the HTTP-based Uniform Resource Locators (URLs) stored in the malware dataset. Then, it conducts a fine-grained, noise-agnostic clustering process, based on the structure and semantic features of the URLs. We present experimental results using a software prototype of WebVisor and real-world malware dataset

Mobile Edge Slice Broker: Mobile Edge Slices Deployment in Multi-Cloud Environments

International audienceHarnessing the network slicing feature of the 5G architecture and the mobile cloud computing capabilities offered by Mobile Edge Computing (MEC), mobile edge communication systems are emerging that contribute to the convergence of telecom and cloud services. In this scenario, mobile edge slices can be created and deployed by leveraging multi-cloud infrastructure. However, it becomes difficult for potential users, such as mobile edge slice tenants, to evaluate and select the Cloud Infrastructure Provider (CIP) which best meets their heterogeneous requirements. Therefore, mobile edge systems require slice brokering to mediate with resource and infrastructure providers, so that mobile edge slice tenants can specify a single set of network and cloud service Key Performance Indicator (KPI) requirements. In this paper we present a new type of broker, the Mobile Edge Slice Broker, that allows designing, provisioning, and orchestrating the deployment and operation of end-to-end mobile edge slices over edge and multi-cloud environments, while maintaining dynamic monitoring, reconfiguration and optimization capabilities

Strategies for Network Resilience: Capitalising on Policies

Networked systems are subject to a wide range of challenges whose nature changes over time, including malicious attacks and operational overload. Numerous mechanisms can be used to ensure the resilience of networked systems, but it can be difficult to define how these mechanisms should be configured in networks that support many services that have differing and shifting requirements. In this paper, we explore the potential benefits of using policies for defining the configuration of mechanisms for resilience. We discuss some of the difficulties of defining configurations, such as identifying conflicts, and highlight how existing policy frameworks could be used or extended to manage this complexity

Partage de l’eau dans le monde arabe

Le présent numéro d’Égypte/Monde arabe se propose, à travers un ensemble d’études (partie « décrypter ») et un dossier de presse (partie « traduire ») d’apporter quelques éléments de réponse au problème du partage de l’eau dans le monde arabe (Proche-Orient, Maghreb) que l’on peut formuler de la façon suivante : l’eau est-elle devenue, pour les États et les peuples de la région, plus importante (ou aussi importante) que la terre ou le pétrole ? Est-elle devenue, à ce titre, un des facteurs susceptibles de déclencher un affrontement armé ? […