Apport du suivi de flux d'information pour la sécurité des systèmes

Ce document reprend plusieurs années de recherche sur des travaux qui se sont intéressé à contrôler la dissémination de l'information dans un système d'exploitation

Contrôle d'accès versus Contrôle de flots

National audienceTraditionnellement, une politique de sécurité est mise en oeuvre par un mécanisme de contrôle des accès des sujets sur les objets du système: un sujet peut lire l'information contenue dans un objet si la politique autorise ce sujet à accéder à cet objet. Une politique induit des flots d'information: si un sujet s a le droit de lire un objet o, alors toute l'information que peut un jour contenir o est accessible à s. De même, si un sujet s a le droit de modifier un objet o, alors toute l'information qui peut être portée à la connaissance de s peut se propager dans le système par le biais de o. Alors qu'une politique spécifie des autorisations sur les contenus, sa mise en oeuvre contrôle les accès aux objets sans connaître leur contenu courant. Nous nous proposons dans ce travail d'étudier formellement les politiques de sécurité sous l'angle des flots d'information qu'elles induisent. Pour les politiques dont on ne peut pas montrer que tous les flots induits sont autorisés, nous définissons un mécanisme permettant de détecter les flux illégaux. Nous présentons aussi l'implémentation de ce mécanisme de détection

Sharing and replaying attack scenarios with Moirai

National audienceDatasets are necessary for evaluating and comparing security solutions. Today, the most well-known public dataset is still the oft-decried IDEVAL dataset. Even if we don't take into account all the inherent shortcomings of this dataset, the fact that it dates back to 1999 means its relevance is all but lost. Without a public dataset, new security solutions cannot be compared to existing ones. In this article, we argue for the need of a public and modern dataset for the evaluation of security solutions. Moreover, we argue that traditional datasets are too restrictive in the approaches they allow. Thus, we present Moirai. Instead of sharing datasets, Moirai shares the scenarios used to create datasets. This allows for the creation of complex scenarios which could, for example, represent an Advanced Persistent Threat (APT). By sharing the scenarios, Moirai allows solutions based on disparate ideas to be compared

FingerKey, un cryptosystème biométrique pour l'authentification

9 pagesNational audienceNous nous intéressons dans cet article à l'authentification des utilisateurs par le biais de leurs données biométriques (empreinte digitale, forme de la main, . . . ). Traditionnellement, l'authentification biométrique d'un utilisateur consiste à vérifier que sa donnée biométrique courante est suffisamment proche d'une donnée de référence. Malheureusement, la sécurité de ce schéma souffre du fait que les données biométriques sont des données personnelles non révocables. Lorsqu'une donnée biométrique est compromise, contrairement à un mot de passe, elle ne peut pas ˆetre changée. Nous pensons que le point faible des approches traditionnelles réside dans le stockage des données biométriques de référence. Si les données biométriques n'étaient pas stockées, elles seraient plus difficiles à voler. Il serait aussi plus difficile d'en compromettre un grand nombre simultanément. Pour pallier ce probl`eme, nous proposons un schéma d'authentification biométrique ne nécessitant pas la comparaison à une valeur biométriqu de référence. Notre méthode améliore la sécurité de l'authentification biométrique puisqu'elle ne nécessite pas de stockage

CVE representation to build attack positions graphs

In cybersecurity, CVEs (Common Vulnerabilities and Exposures) are publicly disclosed hardware or software vulnerabilities. These vulnerabilities are documented and listed in the NVD database maintained by the NIST. Knowledge of the CVEs impacting an information system provides a measure of its level of security. This article points out that these vulnerabilities should be described in greater detail to understand how they could be chained together in a complete attack scenario. This article presents the first proposal for the CAPG format, which is a method for representing a CVE vulnerability, a corresponding exploit, and associated attack positions

A Privacy Preserving Distributed Reputation Mechanism

International audienceReputation systems allow to estimate the trustworthiness of entities based on their past behavior. Electronic commerce, peer-to-peer routing and collaborative environments, just to cite a few, highly benefit from using reputation systems. To guarantee an accurate estimation, reputation systems typically rely on a central authority, on the identification and authentication of all the participants, or both. In this paper, we go a step further by presenting a distributed reputation mechanism which is robust against malicious behaviors and that preserves the privacy of its clients. Guaranteed error bounds on the estimation are provided

Preventing Serialization Vulnerabilities through Transient Field Detection

International audienceVerifying Android applications' source code is essential to ensure users' security. Due to its complex architecture, Android has specific attack surfaces which the community has to investigate in order to discover new vulnerabilities and prevent as much as possible malicious exploitations. Communication mechanisms are one of the Android components that should be carefully checked and analyzed to avoid data leakage or code injections. Android software components can communicate together using serialization processes. Developers need thereby to indicate manually the transient keyword whenever an object field should not be part of the serialization. In particular, field values encoding memory addresses can leave severe vulnerabilities inside applications if they are not explicitly declared transient. In this study, we propose a novel methodology for automatically detecting, at compilation time, all missing transient keywords directly from Android applications' source code. Our method is based on taint analysis and its implementation provides developers with a useful tool which they might use to improve their code bases. Furthermore, we evaluate our method on a cryptography library as well as on the Telegram application for real world validation. Our approach is able to retrieve previously found vulnerabilities, and, in addition, we find non-exploitable flows hidden within Telegram's code base

DroneJack: Kiss your drones goodbye!

National audienceThe commercial drone market has significantly taken off for a few years. In 2016, sales of drones used for commercial and enterprise purposes was worth 3.4 billion dollars [3]. This fast-growing field raises many questions regarding security since damages caused by such drones could be disastrous. Knowing that in some cases, transmission range is so wide (7 kilometers for a DJI Phantom 4 Pro) and that some drones can lift off more than 30 kg worth of equipment, we cannot deny that there will be (and already are) unexpected and unwanted uses of such a technology. In this article, we introduce DroneJack, an automatic anti-drone solution that can protect an area from being flown over. Using DroneJack, you can conduct a predefined defense over foreign drones as shutting them down, pilot them instead of the true user, direct them towards some GPS coordinates. You can also exploit data owned by the drone to recover photos, videos or flight logs. Even better, you can configure your own attacks on foreign drones and deploy them on DroneJack. Let's play

DaViz: Visualization for Android Malware Datasets

National audienceWith millions of Android malware samples available, researchers have a large amount of data to perform malware detection and classification, specially with the help of machine learning. Thus far, visualization tools focus on single samples or one-to-many comparison, but not a many-to-many approach. In order to exploit the quantity of data from various datasets to obtain meaningful information, we propose DaViz, a visualization tool for Android malware datasets. With the aid of multiple chart types and interactive sample filtering, users can explore different application datasets and compare them. This new tool allows to get a better understanding of the datasets at hand, and help to continue research by narrowing the samples to those of interest based on selected characteristics

A Privacy Preserving Distributed Reputation Mechanism

International audienceReputation systems allow to estimate the trustworthiness of entities based on their past behavior. Electronic commerce, peer-to-peer routing and collaborative environments, just to cite a few, highly benefit from using reputation systems. To guarantee an accurate estimation, reputation systems typically rely on a central authority, on the identification and authentication of all the participants, or both. In this paper, we go a step further by presenting a distributed reputation mechanism which is robust against malicious behaviors and that preserves the privacy of its clients. Guaranteed error bounds on the estimation are provided