Moniteur hybride de flux d'information pour un langage supportant des pointeurs

National audienceLes nouvelles approches combinant contrôle dynamique et statique de flux d'information sont prometteuses puisqu'elles permettent une approche permissive tout en garantissant la correction de l'analyse réalisée vis-à-vis de la non-interférence. Dans ce papier, nous présentons une approche hybride de suivi de flux d'information pour un langage gérant des pointeurs. Nous formalisons la sémantique d'un moniteur sensible aux flux de données qui combine analyse statique et dynamique. Nous prouvons ensuite la correction de notre moniteur vis-à-vis de la non-interférence

The Cardinal Abstraction for Quantitative Information Flow

International audienceQualitative information flow aims at detecting information leaks, whereas the emerging quantitative techniques target the estimation of information leaks. Quantifying information flow in the presence of low inputs is challenging, since the traditional techniques of approximating and counting the reachable states of a program no longer suffice. This paper proposes an automated quantitative information flow analysis for imperative deterministic programs with low inputs. The approach relies on a novel abstract domain, the cardinal abstraction, in order to compute a precise upper-bound over the maximum leakage of batch-job programs. We prove the soundness of the cardinal abstract domain by relying on the framework of abstract interpretation. We also prove its precision with respect to a flow-sensitive type system for the two-point security lattice

Modélisation et Évaluation des Attaques Ciblées dans un Overlay Structuré

Session Sécurité RéseauInternational audienceDans cet article, nous nous intéressons aux attaques ciblées dans le cadre des systèmes pair-à-pair large échelle. Ces attaques ont pour but d'affaiblir les nœuds ciblés de manière à diminuer leur capacité à fournir ou à utiliser des services de l'overlay. Pour se prémunir de telles attaques, nous tirons parti du clustering de l'overlay sous-jacent. Cela permet de mettre en place un système de churn induit préservant la répartition aléatoire des identifiants des nœuds dans l'overlay et ainsi rendre impossible toute prédiction de l'adversaire quant à celle-ci. Nous montrons qu'en randomisant légèrement les opérations élémentaires de l'overlay, ainsi qu'en introduisant des temps de séjour adaptés, l'effet de ces attaques ciblées est sensiblement amoindri, et la propagation des effets de l'attaque à l'ensemble du système est évitée

Toward a distributed storage system leveraging the DSL infrastructure of an ISP

International audienceInternet Service Providers~(ISP) furnishing cloud storage services usually rely on big data centers. These centralized architectures induce many drawbacks in terms of scalability, reliability, and high access latency as data centers are single points of failure and are not necessarily located close to the users. This paper introduces Mistore, a distributed storage system aiming at guaranteeing data availability, durability, low access latency by leveraging the Digital Subscriber Line~(DSL) infrastructure of an ISP. Mistore uses the available storage resources of a large number of home gateways and points of presence respectively for content storage and caching facilities reducing the role of the data center to a load balancer. Mistore also targets data consistency by providing multiple types of consistency criteria on content and a versioning system allowing users to get access to any prior versions of their contents

Dependability Evaluation of Cluster-based Distributed Systems

19International audienceAwerbuch and Scheideler have shown that peer-to-peer overlay networks can survive Byzantine attacks only if malicious nodes are not able to predict what will be the topology of the network for a given sequence of join and leave operations. In this paper we inves- tigate adversarial strategies by following speci c protocols. Our analysis demonstrates rst that an adversary can very quickly subvert overlays based on distributed hash tables by simply never triggering leave operations. We then show that when all nodes (honest and malicious ones) are imposed on a limited lifetime, the system eventually reaches a stationary regime where the ratio of polluted clusters is bounded, independently from the initial amount of corruption in the system

Brief Announcement: Induced Churn to Face Adversarial Behavior in Peer-to-Peer Systems

International audienceAwerbuch and Scheideler have shown that peer-to-peer overlays networks can only survive Byzantine attacks if malicious nodes are not able to predict what will be the topology of the network for a given sequence of join and leave operations. A prerequisite for this condition to hold is to guarantee that nodes identifiers randomness is continuously preserved. However targeted join/leave attacks may quickly endanger the relevance of such an assumption. Inducing churn has been shown to be the other fundamental ingredient to preserve randomness. Several strategies based on these principles have been proposed. Most of them are based on locally induced churn. However either they have been proven incorrect or they involve a too high level of complexity to be practically acceptable. The other ones, based on globally induced churn, enforce limited lifetime for each node in the system. However, these solutions keep the system in an unnecessary hyper-activity, and thus need to impose strict restrictions on nodes joining rate which clearly limit their applicability to open systems. In this paper we propose to leverage the power of clustering to design a provably correct and practically usable solution that preserves randomness under a bounded adversary

Computing Global Functions in Asynchronous Distributed Systems with Process Crashes

Disponible dans les fichiers attachés à ce documen

Ground deformation monitoring of the eruption offshore Mayotte

In May 2018, the Mayotte island, located in the Indian Ocean, was affected by an unprecedented seismic crisis, followed by anomalous on-land surface displacements in July 2018. Cumulatively from July 1, 2018 to December 31, 2021, the horizontal displacements were approximately 21 to 25 cm eastward, and subsidence was approximately 10 to 19 cm. The study of data recorded by the on-land GNSS network, and their modeling coupled with data from ocean bottom pressure gauges, allowed us to propose a magmatic origin of the seismic crisis with the deflation of a deep source east of Mayotte, that was confirmed in May 2019 by the discovery of a submarine eruption, 50 km offshore of Mayotte ([Feuillet et al., 2021]). Despite a non-optimal network geometry and receivers located far from the source, the GNSS data allowed following the deep dynamics of magma transfer, via the volume flow monitoring, throughout the eruption

Detecting illegal system calls using a data-oriented detection model

Part 9: Intrusion DetectionInternational audienceThe most common anomaly detection mechanisms at application level consist in detecting a deviation of the control-flow of a program. A popular method to detect such anomaly is the use of application sequences of system calls. However, such methods do not detect mimicry attacks or attacks against the integrity of the system call parameters. To enhance such detection mechanisms, we propose an approach to detect in the application the corruption of data items that have an influence on the system calls. This approach consists in building automatically a data-oriented behaviour model of an application by static analysis of its source code. The proposed approach is illustrated on various examples, and an injection method is experimented to obtain an approximation of the detection coverage of the generated mechanisms