XSS Vulnerability Detection Using Model Inference Assisted Evolutionary Fuzzing

Workshop website: http://www.spacios.eu/sectest2012/International audienceWe present an approach to detect web injection vulnerabilities by generating test inputs using a combination of model inference and evolutionary fuzzing. Model inference is used to obtain a knowledge about the application behavior. Based on this understanding, inputs are generated using genetic algorithm (GA). GA uses the learned formal model to automatically generate inputs with better fitness values towards triggering an instance of the given vulnerability

Security Architecture for Point-to-Point Splitting Protocols

International audienceThe security of industrial supervisory control and data acquisition systems (SCADA) has become a major concern since the Stuxnet worm in 2010. As these systems are connected to the physical world, this makes them possibly hazardous if a malicious attacker is able to take over their control. SCADA can live up to 40 years, are particularly hard to patch, and quite often have no security feature at all. Thus, rather than securing them, network segregation is often used to prevent attackers from entering the industrial system. In this paper, we propose a generic solution: embed a point-to-point splitting protocol within a physical device, thus able to physically isolate networks, perform deep packet inspection and also provide encryption if necessary. We obtain a kind of next generation firewall, encompassing at least both diode and firewall features, for which conformity to security policies can be ensured. Then we define a set of associated security properties for such devices and the requirements for such a device's security architecture and filtering rules. Finally, we propose a secure hardware implementation

COVID-19 symptoms at hospital admission vary with age and sex: results from the ISARIC prospective multinational observational study

Background: The ISARIC prospective multinational observational study is the largest cohort of hospitalized patients with COVID-19. We present relationships of age, sex, and nationality to presenting symptoms. Methods: International, prospective observational study of 60 109 hospitalized symptomatic patients with laboratory-confirmed COVID-19 recruited from 43 countries between 30 January and 3 August 2020. Logistic regression was performed to evaluate relationships of age and sex to published COVID-19 case definitions and the most commonly reported symptoms. Results: ‘Typical’ symptoms of fever (69%), cough (68%) and shortness of breath (66%) were the most commonly reported. 92% of patients experienced at least one of these. Prevalence of typical symptoms was greatest in 30- to 60-year-olds (respectively 80, 79, 69%; at least one 95%). They were reported less frequently in children (≤ 18 years: 69, 48, 23; 85%), older adults (≥ 70 years: 61, 62, 65; 90%), and women (66, 66, 64; 90%; vs. men 71, 70, 67; 93%, each P < 0.001). The most common atypical presentations under 60 years of age were nausea and vomiting and abdominal pain, and over 60 years was confusion. Regression models showed significant differences in symptoms with sex, age and country. Interpretation: This international collaboration has allowed us to report reliable symptom data from the largest cohort of patients admitted to hospital with COVID-19. Adults over 60 and children admitted to hospital with COVID-19 are less likely to present with typical symptoms. Nausea and vomiting are common atypical presentations under 30 years. Confusion is a frequent atypical presentation of COVID-19 in adults over 60 years. Women are less likely to experience typical symptoms than men

Proceedings of GreHack 2012, the First International Symposium in Grey-Hat Hacking

International audienceno abstrac

Validation of a security policy by the test of its formal B specification - a case study

International audienc

Transports nouvelle génération dans les réseaux à très haut débit

Cette thèse a été motivée par le développement des réseaux à très haut débit (au-delà de 1 Gb/s). Nous avons étudié comment ce type de réseaux peut changer les concepts et les protocoles utilisés actuellement. Nous avons considéré deux problèmes : le premier est le multihoming : la possibilité pour un hôte de bénéficier de plusieurs connexions simultanées aux fournisseurs d'accès, et le deuxième la distribution de contenu. Nous avons étudié le nouveau protocole de niveau transport SCTP et proposé des extensions qui permettent d'augmenter les performances et la fiabilité de communication grâce au multi-accès. Le protocole SCTP et les extensions proposées ont été testés et validés sur le réseau à très haut débit VTHD++. Pour le deuxième problème, nous avons conçu et prototypé un protocole de diffusion de contenu basé sur la notion d'inondation. Grâce au routage par contenu proposé pour le protocole, le contenu peut être livré aux consommateurs sans connaître leur localisation.GRENOBLE1-BU Sciences (384212103) / SudocGRENOBLE-MI2S (384212302) / SudocSudocFranceF

Security Vulnerabilities Detection Using Model Inference for Applications and Security Protocols

International audience"Internet of Services" (IoS) is a vision of the Internet of the Future where applications are built by combining services provided by a variety of service providers over the network. They are deployed as needed and consumed at run-time in a demand-driven and flexible way. Model-based testing is one method for testing security of applications but it needs formal models and most of the time service providers are not able to provide them. For that, model inference methods adapted to security testing can be used. This document tries to give some directions in order to combine enhanced model inference and model testing to ensure security of services automatically