Dynamic deployment of context-aware access control policies for constrained security devices

Securing the access to a server, guaranteeing a certain level of protection over an encrypted communication channel, executing particular counter measures when attacks are detected are examples of security requirements. Such requirements are identi ed based on organizational purposes and expectations in terms of resource access and availability and also on system vulnerabilities and threats. All these requirements belong to the so-called security policy. Deploying the policy means enforcing, i.e., con guring, those security components and mechanisms so that the system behavior be nally the one speci ed by the policy. The deployment issue becomes more di cult as the growing organizational requirements and expectations generally leave behind the integration of new security functionalities in the information system: the information system will not always embed the necessary security functionalities for the proper deployment of contextual security requirements. To overcome this issue, our solution is based on a central entity approach which takes in charge unmanaged contextual requirements and dynamically redeploys the policy when context changes are detected by this central entity. We also present an improvement over the OrBAC (Organization-Based Access Control) model. Up to now, a controller based on a contextual OrBAC policy is passive, in the sense that it assumes policy evaluation triggered by access requests. Therefore, it does not allow reasoning about policy state evolution when actions occur. The modi cations introduced by our work overcome this limitation and provide a proactive version of the model by integrating concepts from action speci cation languages

RESource: A Framework for Online Matching of Assembly with Open Source Code

Software reverse engineering is a fastidious task demanding a strong expertise in assembly coding. Various existing tools may help analyze the functionality of a binary file without executing it and an interesting step would naturally be the search for the original source files. Our tool called RESource considers the extraction of some features in the assembly code so that queries can be triggered to a source repository in a reliable way: either (1) the result is a set of references to the original project files provided they are hosted on the repository or (2) at least some functionalities of the binary file are unleashed. Such an approach is very promising given its proved performances in real assembly code applications

OBA2: An Onion approach to Binary Code Authorship Attribution

A critical aspect of malware forensics is authorship analysis. The successful outcome of such analysis is usually determined by the reverse engineer’s skills and by the volume and complexity of the code under analysis. To assist reverse engineers in such a tedious and error-prone task, it is desirable to develop reliable and automated tools for supporting the practice of malware authorship attribution. In a recent work, machine learning was used to rank and select syntax-based features such as n-grams and flow graphs. The experimental results showed that the top ranked features were unique for each author, which was regarded as an evidence that those features capture the author’s programming styles. In this paper, however, we show that the uniqueness of features does not necessarily correspond to authorship. Specifically, our analysis demonstrates that many “unique” features selected using this method are clearly unrelated to the authors’ programming styles, for example, unique IDs or random but unique function names generated by the compiler; furthermore, the overall accuracy is generally unsatisfactory. Motivated by this discovery, we propose a layered Onion Approach for Binary Authorship Attribution called OBA2. The novelty of our approach lies in the three complementary layers: preprocessing, syntax-based attribution, and semantic-based attribution. Experiments show that our method produces results that not only are more accurate but have a meaningful connection to the authors’ styles

Forensic Data Analytics for Anomaly Detection in Evolving Networks

In the prevailing convergence of traditional infrastructure-based deployment (i.e., Telco and industry operational networks) towards evolving deployments enabled by 5G and virtualization, there is a keen interest in elaborating effective security controls to protect these deployments in-depth. By considering key enabling technologies like 5G and virtualization, evolving networks are democratized, facilitating the establishment of point presences integrating different business models ranging from media, dynamic web content, gaming, and a plethora of IoT use cases. Despite the increasing services provided by evolving networks, many cybercrimes and attacks have been launched in evolving networks to perform malicious activities. Due to the limitations of traditional security artifacts (e.g., firewalls and intrusion detection systems), the research on digital forensic data analytics has attracted more attention. Digital forensic analytics enables people to derive detailed information and comprehensive conclusions from different perspectives of cybercrimes to assist in convicting criminals and preventing future crimes. This chapter presents a digital analytics framework for network anomaly detection, including multi-perspective feature engineering, unsupervised anomaly detection, and comprehensive result correction procedures. Experiments on real-world evolving network data show the effectiveness of the proposed forensic data analytics solution.Comment: Electronic version of an article published as [Book Series: World Scientific Series in Digital Forensics and Cybersecurity, Volume 2, Innovations in Digital Forensics, 2023, Pages 99-137] [DOI:10.1142/9789811273209_0004] \c{opyright} copyright World Scientific Publishing Company [https://doi.org/10.1142/9789811273209_0004

Déploiement fiable des politiques de sécurité contextuelles - applications aux environnements IPv6

Les réseaux sont aujourd'hui en continue évolution dû aux nouvelles exigences et activités organisationnelles. En parallèle, la protection des ressources doit changer et toute cette gestion devient une tâche difficile pour l'administrateur sécurité. Dans cette thèse, nous adressons plusieurs aspects clés dans le domaine de la sécurité réseaux et proposons des solutions conséquentes : 1.Déploiement des politiques basé sur des modèles de contrôle d'accès. Les diverses données inutiles dans la spécification de la politique seront ainsi éliminées avant le déploiement automatique de la politique abstraite. Les tâches de l'administrateur sont considérablement simplifiées. 2.Développement formel des algorithmes de déploiement. Ces algorithmes doivent être formellement prouvés pour que l'administrateur ait confiance dans le processus de déploiement. 3.La gestion des exigences contextuelles et des fonctionnalités de sécurité insuffisantes. Le modèle de contrôle d'accès doit être assez robuste afin de couvrir les exigences contextuelles. Le problème reste au niveau des composants de sécurité qui ne sont pas toujours capables d'interpréter ces contextes. 4.Nouveaux mécanismes de sécurité IPv6. Nous avons adressé la conception d'un nouveau mécanisme de sécurité IPv6 qui devrait interpréter certains contextes spécifique aux réseaux IPv6. Nos travaux de recherche constituent une approche cohérente et apportent des contributions claires pour garantir une gestion fiable des politiques de sécurité réseaux.Organization networks are continuously growing so as to sustain the newly created organizational requirements and activities. In parallel, concerns for assets protection are also increasing and security management becomes an ever-changing task for the security officer. In this dissertation we address several key aspects of network security management providing solutions for each aspect:1. Policy deployment based on access control models. Invalid or unusable data of the security policy will have been removed before deploying the abstract policy through a set of algorithms; in this manner, the security officer s tasks are greatly simplified. 2. Formal algorithm development. The correctness of the algorithms involved in the policy deployment process is of undeniable importance. These algorithms should be proved so that the security officers trust the automatic policy deployment process. 3. Management of contextual requirements and of limited security functionalities. The access control model should be robust enough to cover contextual requirements. The issue is that the security devices are not always able to interpret the contexts. And sometimes, there are security requirements which cannot be deployed given the existing limited security functionalities in the IS. 4. New IPv6 security mechanisms. We have naturally come to consider the design of new IPv6 security mechanisms when dealing with the lack of functionalities in an information system. Our research outlines a comprehensive approach to deploy access control security policies. Actually, it constitutes a step further towards an automatic and reliable management of network security.RENNES1-BU Sciences Philo (352382102) / SudocCESSON SEVIGNE-Télécom Breta (350512301) / SudocBREST-Télécom Bretagne (290192306) / SudocSudocFranceF

Architecture-aware adaptive deployment of contextual security policies

International audience