Aligot: cryptographic function identification in obfuscated binary programs

International audienceAnalyzing cryptographic implementations has important ap- plications, especially for malware analysis where they are an integral part both of the malware payload and the unpacking code that decrypts this payload. These implementations are often based on well-known cryptographic functions, whose description is publicly available. While potentially very use- ful for malware analysis, the identification of such crypto- graphic primitives is made difficult by the fact that they are usually obfuscated. Current state-of-the-art identification tools are ineffective due to the absence of easily identifiable static features in obfuscated code. However, these imple- mentations still maintain the input-output (I/O) relation- ship of the original function. In this paper, we present a tool that leverages this fact to identify cryptographic functions in obfuscated programs, by retrieving their I/O parameters in an implementation-independent fashion, and comparing them with those of known cryptographic functions. In ex- perimental evaluation, we successfully identified the crypto- graphic functions TEA, RC4, AES and MD5 in obfuscated programs. In addition, our tool was able to recognize basic operations done in asymmetric ciphers such as RSA

Le jeu de rôle en EDD pour dépasser une pensée binaire : une étude de cas à l’école primaire

Le jeu de rôle est une forme de débat dans lequel les arguments sont fournis aux participants. Cet article repose sur l’analyse des échanges langagiers lors d’un jeu de rôle autour d’une problématique relative au territoire local dans une classe d’élèves français âgés de 8 à 10 ans. Nous identifions les accords et désaccords avec les diverses propositions afin d’établir leur degré de cohérence avec leur personnage. Les résultats témoignent d’un niveau d’argumentation élevé, d’une cohérence dans les arguments avancés ainsi que de l’émergence de nouvelles propositions. Le jeu de rôle semble remplir sa fonction d’appropriation d’arguments. Il rend compte également d’une possible construction de compétences écocitoyennes.Debating is a school practice mobilized in various contexts with varied stakes and renewed modalities in primary school French curriculum. We present the analysis of linguistic exchanges during a role-play with 8 to 10 years old pupils from the point of view of argumentation. We try to identify if pupils are capable of mobilizing arguments and if exchanged arguments are coherent with the character they represent. Results testify of a high argumentation level, of coherence in advanced arguments as well as an emergence of new proposals. If role-play fulfills its arguments appropriation function, it also conveys a possible thought emancipation

Rapport préliminaire sur les activités de la mission syro-française de Ras Shamra-Ougarit en 2005 et 2006 (65e et 66e campagnes)

Ce rapport présente les résultats préliminaires des travaux de la mission syro-française de Ras Shamra-Ougarit pour les campagnes de 2005 et 2006  : recherches dans les musées, exposition Ougarit Blues, étude des temples de Baal et de Dagan, fouille du chantier «  du rempart  », fouille du chantier «  Grand‑rue  ». L’étude des temples est achevée et va donner lieu à une publication prochaine. Les chantiers de fouille sont en cours et le présent rapport livre les premiers résultats obtenus sur les vestiges du Bronze récent exhumés ces deux dernières années.This article introduces the preliminary results of the Syro-French archaeological team of Ras Shamra-Ugarit during the 2005 and 2006 seasons: researches in the museums, Ougarit Blues exhibition, Baal and Dagan Temples, excavations of the “rampart” area, and excavations of the “Grand‑rue” area. The study of the temples is now completed and a comprehensive description will be published soon. Excavations of the “rempart” and “Grand‑rue” areas are ongoing. This article presents the first results from the study of the Late Bronze Age archaeological remains.خلاصة – يقدم هذا التقرير النتائج الأولية لأعمال البعثة السورية ـ الفرنسية في رأس شمرا ـ أوغاريت خلال موسمي 2005 و 2006: الأبحاث في المتاحف، معرض « أوغاريت باللون الأزرق »، دراسة لمعبدي بعل ودجن، تنقيب حقل « السور »، تنقيب حقل « الشارع الكبير ». وقد انتهت دراسة المعبدين وسوف يتم نشرها قريباً. ولا يزال التنقيب جارياً ويكشف التقرير الحالي عن أولى النتائج التي تم الوصول إليها حول آثار البرونز الحديث التي تم نبشها خلال هاتين السنتين الأخيرتين

Isolated virtualised clusters: testbeds for high-risk security experimentation and training

International audienceAdequate testbeds for conducting security experiments and test under controlled, safe, repeatable and asrealistic- as-possible conditions, are a key element for the research and development of adequate security solutions and the training of security personnel and researchers. In this paper, we report on the construction and operations of isolated virtualised testbeds used in two separate security research labs in Canada and France, as part of a joint collaborative effort. The main idea was to use mid- to large-scale isolated computing clusters to obtain high levels of scale, manageability and safety by heavily leveraging virtualisation technology, open-source cluster management tools and a network architecture separating experiment and control traffic. Both facilities have been used for conducting different types of security research experiments, including in-lab reconstructions of botnets, denial-of-service attacks, and virus detection experimentation. They have also been used for teaching and training students in experimental security methods. We describe these facilities and the criteria that we used to design them, the research and training activities that were conducted, and close by discussing the lessons learned and the pros and cons of this approach

The case for in-the-lab botnet experimentation: creating and taking down a 3000-node botnet

International audienceBotnets constitute a serious security problem. A lot of effort has been invested towards understanding them better, while developing and learning how to deploy effective counter-measures against them. Their study via various analysis, modelling and experimental methods are integral parts of the development cycle of any such botnet mitigation schemes. It also constitutes a vital part of the process of understanding present threats and predicting future ones. Currently, the most popular of these techniques are “in-the-wild” botnet studies, where researchers interact directly with real-world botnets. This approach is less than ideal, for many reasons that we discuss in this paper, including scientific validity, ethical and legal issues. Consequently, we present an alternative approach employing “in the lab” experiments involving at-scale emulated botnets. We discuss the advantages of such an approach over reverse engineering, analytical modelling, simulation and in-the-wild studies. Moreover, we discuss the requirements that facilities supporting them must have. We then describe an experiment in which we emulated a close to 3000-node, fully-featured version of the Waledac botnet, complete with a reproduced command and control (C&C) infrastructure. By observing the load characteristics and yield (rate of spamming) of such a botnet, we can draw interesting conclusions about its real-world operations and design decisions made by its creators. Furthermore, we conducted experiments where we launched sybil attacks against the botnet. We were able to verify that such an attack is, in the case of Waledac, viable. However, we were able to determine that mounting such an attack is not so simple: high resource consumption can cause havoc and partially neutralise the attack. Finally, we were able to repeat the attack with varying parameters, in an attempt to optimise it. The merits of this experimental approach is underlined by the fact that it is very difficult to obtain these results by employing other methods

Rapport préliminaire sur les activités de la mission syro-française de Ras Shamra-Ougarit en 2007 et 2008 (67e et 68e campagnes)

Ce rapport présente les résultats préliminaires des travaux de terrain de la mission archéologique syro-française de Ras Shamra – Ougarit pour les campagnes de 2007 et 2008 qui se sont déroulées à Ras Shamra et sur plusieurs sites côtiers. Sur le tell de Ras Shamra, quatre opérations de fouilles ont été menées  : la poursuite du chantier du «  Rempart » et de celui de la «  Grand-rue », la reprise du dégagement du «  pont-barrage » sur le Nahr ed-Delbé et un nouveau chantier conjoint dans le secteur du «  Temple de Dagan ». Deux autres opérations ont commencé en 2008  : la prospection géomagnétique du tell et l’étude des techniques de taille de la pierre à Ougarit. Les travaux de la mission se sont portés également sur les sites côtiers du royaume d’Ougarit dans le cadre d’un nouveau programme conjoint visant à reconstituer l’évolution des paléo-environnements portuaires et la mobilité des paysages littoraux. La présentation des activités de terrain est complétée par une réflexion sur le plan de l’antique cité d’Ougarit et les premiers résultats de l’étude d’un atelier de travail du silex (Bronze récent final) mis au jour dans le chantier «  Grand-rue ».This report presents preliminary results from the Syrian-French archaeological excavations at Ras Shamra-Ugarit for the field seasons of 2007 and 2008, which took place at Ras Shamra and a number of coastal sites. At Ras Shamra tell, four excavations were undertaken : work continued at the sites of “Rempart” and “Grand-rue”, with further investigations of the “pont-barrage” on the Nahr ed-Delbe, in addition to a new joint site in the area of the “Temple de Dagan”. Two other projects began in 2008 : the geomagnetic survey of the tell and a study of the techniques of stone quarrying at Ugarit. The expedition’s work also extended to the coastal sites of the Kingdom of Ugarit within the framework of a new program looking to reconstruct the evolution of its harbours and mobility of the coastal landscapes. The presentation of the fieldwork activities is complemented by a piece looking at the plan of the ancient city of Ugarit and the first results of a study investigating a flint workshop (Late Bronze Age) unearthed at the “Grand-rue” site.خلاصة – يقدم هذا التقرير النتائج الأولية للبعثة الأثرية السورية-الفرنسية العاملة في موقع رأس شمرا- أوغاريت عن الأعمال تاميدانية في رأس شمرا خلال عامي 2007 و2008 وعدد من المواقع الساحلية. في موقع تل رأس شمرا، تمّ تنفيذ أربع عمليات حفر : إستكمال الحفريات في حقل « الأسوار» وحقل « الشارع الكبير»، ومتابعة أعمال الكشف على « الجسر-السد» على نهر الدلبة، بالإضافة الى المباشرة في تنفيذ تنقيب مشترك في حقل معبد « داغان». بالمقابل ثم المباشرة بتنفيذ عمليتين في أوغاريت خلال عام 2008 : عمليات مسح جيومغناطيسية للتل، ودراسة تقنية تتعلّق بطرق تقصيب وتشذيب أحجار البناء. تضمّنت أعمال البعثة أيضاً، العمل على المواقع الساحلية لمملكة أوغاريت وذلك ضمن إطار برنامج جديد مشترك يهدف إلى وضع تصوّر لتطوّر الظروف البيئية للمرافئ بالأضافة إلى تصوّر عام لكينونة الشريط الساحلي. إستكمال عرض الأعمال الميدانية بوضع تصوّر لمخطط المدينة القديمة لأوغاريت والنتائج الأولية لمشغل للأدوات الصوانية إكتشف في حقل « الشارع الكبير» يعود إلى عصر البرونز الحديث النهائي

Ground-Based Optical Measurements at European Flux Sites: A Review of Methods, Instruments and Current Controversies

This paper reviews the currently available optical sensors, their limitations and opportunities for deployment at Eddy Covariance (EC) sites in Europe. This review is based on the results obtained from an online survey designed and disseminated by the Co-cooperation in Science and Technology (COST) Action ESO903—“Spectral Sampling Tools for Vegetation Biophysical Parameters and Flux Measurements in Europe” that provided a complete view on spectral sampling activities carried out within the different research teams in European countries. The results have highlighted that a wide variety of optical sensors are in use at flux sites across Europe, and responses further demonstrated that users were not always fully aware of the key issues underpinning repeatability and the reproducibility of their spectral measurements. The key findings of this survey point towards the need for greater awareness of the need for standardisation and development of a common protocol of optical sampling at the European EC sites

Common variation in PHACTR1 is associated with susceptibility to cervical artery dissection

Cervical artery dissection (CeAD), a mural hematoma in a carotid or vertebral artery, is a major cause of ischemic stroke in young adults although relatively uncommon in the general population (incidence of 2.6/100,000 per year). Minor cervical traumas, infection, migraine and hypertension are putative risk factors, and inverse associations with obesity and hypercholesterolemia are described. No confirmed genetic susceptibility factors have been identified using candidate gene approaches. We performed genome-wide association studies (GWAS) in 1,393 CeAD cases and 14,416 controls. The rs9349379[G] allele (PHACTR1) was associated with lower CeAD risk (odds ratio (OR) = 0.75, 95% confidence interval (CI) = 0.69-0.82; P = 4.46 × 10(-10)), with confirmation in independent follow-up samples (659 CeAD cases and 2,648 controls; P = 3.91 × 10(-3); combined P = 1.00 × 10(-11)). The rs9349379[G] allele was previously shown to be associated with lower risk of migraine and increased risk of myocardial infarction. Deciphering the mechanisms underlying this pleiotropy might provide important information on the biological underpinnings of these disabling conditions

Search for dark matter produced in association with bottom or top quarks in √s = 13 TeV pp collisions with the ATLAS detector

A search for weakly interacting massive particle dark matter produced in association with bottom or top quarks is presented. Final states containing third-generation quarks and miss- ing transverse momentum are considered. The analysis uses 36.1 fb−1 of proton–proton collision data recorded by the ATLAS experiment at √s = 13 TeV in 2015 and 2016. No significant excess of events above the estimated backgrounds is observed. The results are in- terpreted in the framework of simplified models of spin-0 dark-matter mediators. For colour- neutral spin-0 mediators produced in association with top quarks and decaying into a pair of dark-matter particles, mediator masses below 50 GeV are excluded assuming a dark-matter candidate mass of 1 GeV and unitary couplings. For scalar and pseudoscalar mediators produced in association with bottom quarks, the search sets limits on the production cross- section of 300 times the predicted rate for mediators with masses between 10 and 50 GeV and assuming a dark-matter mass of 1 GeV and unitary coupling. Constraints on colour- charged scalar simplified models are also presented. Assuming a dark-matter particle mass of 35 GeV, mediator particles with mass below 1.1 TeV are excluded for couplings yielding a dark-matter relic density consistent with measurements