Apport du suivi de flux d'information pour la sécurité des systèmes

Ce document reprend plusieurs années de recherche sur des travaux qui se sont intéressé à contrôler la dissémination de l'information dans un système d'exploitation

Contrôle d'accès versus Contrôle de flots

National audienceTraditionnellement, une politique de sécurité est mise en oeuvre par un mécanisme de contrôle des accès des sujets sur les objets du système: un sujet peut lire l'information contenue dans un objet si la politique autorise ce sujet à accéder à cet objet. Une politique induit des flots d'information: si un sujet s a le droit de lire un objet o, alors toute l'information que peut un jour contenir o est accessible à s. De même, si un sujet s a le droit de modifier un objet o, alors toute l'information qui peut être portée à la connaissance de s peut se propager dans le système par le biais de o. Alors qu'une politique spécifie des autorisations sur les contenus, sa mise en oeuvre contrôle les accès aux objets sans connaître leur contenu courant. Nous nous proposons dans ce travail d'étudier formellement les politiques de sécurité sous l'angle des flots d'information qu'elles induisent. Pour les politiques dont on ne peut pas montrer que tous les flots induits sont autorisés, nous définissons un mécanisme permettant de détecter les flux illégaux. Nous présentons aussi l'implémentation de ce mécanisme de détection

Sharing and replaying attack scenarios with Moirai

National audienceDatasets are necessary for evaluating and comparing security solutions. Today, the most well-known public dataset is still the oft-decried IDEVAL dataset. Even if we don't take into account all the inherent shortcomings of this dataset, the fact that it dates back to 1999 means its relevance is all but lost. Without a public dataset, new security solutions cannot be compared to existing ones. In this article, we argue for the need of a public and modern dataset for the evaluation of security solutions. Moreover, we argue that traditional datasets are too restrictive in the approaches they allow. Thus, we present Moirai. Instead of sharing datasets, Moirai shares the scenarios used to create datasets. This allows for the creation of complex scenarios which could, for example, represent an Advanced Persistent Threat (APT). By sharing the scenarios, Moirai allows solutions based on disparate ideas to be compared

FingerKey, un cryptosystème biométrique pour l'authentification

9 pagesNational audienceNous nous intéressons dans cet article à l'authentification des utilisateurs par le biais de leurs données biométriques (empreinte digitale, forme de la main, . . . ). Traditionnellement, l'authentification biométrique d'un utilisateur consiste à vérifier que sa donnée biométrique courante est suffisamment proche d'une donnée de référence. Malheureusement, la sécurité de ce schéma souffre du fait que les données biométriques sont des données personnelles non révocables. Lorsqu'une donnée biométrique est compromise, contrairement à un mot de passe, elle ne peut pas ˆetre changée. Nous pensons que le point faible des approches traditionnelles réside dans le stockage des données biométriques de référence. Si les données biométriques n'étaient pas stockées, elles seraient plus difficiles à voler. Il serait aussi plus difficile d'en compromettre un grand nombre simultanément. Pour pallier ce probl`eme, nous proposons un schéma d'authentification biométrique ne nécessitant pas la comparaison à une valeur biométriqu de référence. Notre méthode améliore la sécurité de l'authentification biométrique puisqu'elle ne nécessite pas de stockage

A Privacy Preserving Distributed Reputation Mechanism

International audienceReputation systems allow to estimate the trustworthiness of entities based on their past behavior. Electronic commerce, peer-to-peer routing and collaborative environments, just to cite a few, highly benefit from using reputation systems. To guarantee an accurate estimation, reputation systems typically rely on a central authority, on the identification and authentication of all the participants, or both. In this paper, we go a step further by presenting a distributed reputation mechanism which is robust against malicious behaviors and that preserves the privacy of its clients. Guaranteed error bounds on the estimation are provided

Preventing Serialization Vulnerabilities through Transient Field Detection

International audienceVerifying Android applications' source code is essential to ensure users' security. Due to its complex architecture, Android has specific attack surfaces which the community has to investigate in order to discover new vulnerabilities and prevent as much as possible malicious exploitations. Communication mechanisms are one of the Android components that should be carefully checked and analyzed to avoid data leakage or code injections. Android software components can communicate together using serialization processes. Developers need thereby to indicate manually the transient keyword whenever an object field should not be part of the serialization. In particular, field values encoding memory addresses can leave severe vulnerabilities inside applications if they are not explicitly declared transient. In this study, we propose a novel methodology for automatically detecting, at compilation time, all missing transient keywords directly from Android applications' source code. Our method is based on taint analysis and its implementation provides developers with a useful tool which they might use to improve their code bases. Furthermore, we evaluate our method on a cryptography library as well as on the Telegram application for real world validation. Our approach is able to retrieve previously found vulnerabilities, and, in addition, we find non-exploitable flows hidden within Telegram's code base

DroneJack: Kiss your drones goodbye!

National audienceThe commercial drone market has significantly taken off for a few years. In 2016, sales of drones used for commercial and enterprise purposes was worth 3.4 billion dollars [3]. This fast-growing field raises many questions regarding security since damages caused by such drones could be disastrous. Knowing that in some cases, transmission range is so wide (7 kilometers for a DJI Phantom 4 Pro) and that some drones can lift off more than 30 kg worth of equipment, we cannot deny that there will be (and already are) unexpected and unwanted uses of such a technology. In this article, we introduce DroneJack, an automatic anti-drone solution that can protect an area from being flown over. Using DroneJack, you can conduct a predefined defense over foreign drones as shutting them down, pilot them instead of the true user, direct them towards some GPS coordinates. You can also exploit data owned by the drone to recover photos, videos or flight logs. Even better, you can configure your own attacks on foreign drones and deploy them on DroneJack. Let's play

DaViz: Visualization for Android Malware Datasets

National audienceWith millions of Android malware samples available, researchers have a large amount of data to perform malware detection and classification, specially with the help of machine learning. Thus far, visualization tools focus on single samples or one-to-many comparison, but not a many-to-many approach. In order to exploit the quantity of data from various datasets to obtain meaningful information, we propose DaViz, a visualization tool for Android malware datasets. With the aid of multiple chart types and interactive sample filtering, users can explore different application datasets and compare them. This new tool allows to get a better understanding of the datasets at hand, and help to continue research by narrowing the samples to those of interest based on selected characteristics

A Privacy Preserving Distributed Reputation Mechanism

International audienceReputation systems allow to estimate the trustworthiness of entities based on their past behavior. Electronic commerce, peer-to-peer routing and collaborative environments, just to cite a few, highly benefit from using reputation systems. To guarantee an accurate estimation, reputation systems typically rely on a central authority, on the identification and authentication of all the participants, or both. In this paper, we go a step further by presenting a distributed reputation mechanism which is robust against malicious behaviors and that preserves the privacy of its clients. Guaranteed error bounds on the estimation are provided

Liability in Software Engineering: Overview of the LISE Approach and Illustration on a Case Study

© ACM – 2010. This is the authors' pre-version of the work. It is posted here by permission of ACM for your personal use. Not for redistribution. The definitive version was published in the Proceedings of the 32nd ACM/IEEE international Conference on Software Engineering (ICSE'10) - Volume 1 – 978-1-60558-719-6/10/05 – (May 2-8 – 2010) http://doi.acm.org/10.1145/1806799.1806823LISE is a multidisciplinary project involving lawyers and computer scientists with the aim to put forward a set of methods and tools to (1) define software liability in a precise and unambiguous way and (2) establish such liability in case of incident. This report provides an overview of the overall approach taken in the project based on a case study. The case study illustrates a situation where, in order to reduce legal uncertainties, the parties to a contract wish to include in the agreement specific clauses to define as precisely as possible the share of liabilities between them for the main types of failures of the system