La journée est co organisée par les Groupes de Travail SSL et SRI et aura lieu le 21 Novembre 2018 à EURECOM, Sophia Antipolis, de 9h a 17h. Informations pratiques (PDF)
Inscriptions gratuites mais obligatoires avant le 14/11/2018 par email à firstname.lastname@example.org (sujet: SSL/SRI – GDR Meeting) incluant les informations suivantes:
– Végétarien ou allergies:
|9:30 10:30||Leyla Bilge, Symantec Research Labs||An honest look at the state of enterprise security||Video||Slides|
|10:30 11:00||Pause Cafe|
|11:00 11:30||Ingrid Verbauwhede, KU Leuven||The need for Hardware roots of trust||Video||Slides|
|11:30 12:00||Emanuele Cozzi, EURECOM||Understanding Linux Malware||Video||Slides|
|13:30 14:30||Roberto Di Pietro, Hamad Bin Khalifa University, Quatar||Security and privacy issues in avionics communications||Slides|
|14:30 15:00||Sébasten Bardin, CEA||Formal methods: from source-level safety to binary-level security||Video||Slides|
|15:00 15:30||Pause Cafe|
|15:30 16:00||Sarah Zennou, Airbus||BinCAT: purrfecting binary static analysis|
|16:00 16:30||Sam L. Thomas, IRISA||Experiences with the Carnegie Mellon University Binary Analysis Platform (CMU BAP)||Video||Slides|
Résumés des présentations
Leyla Bilge, Symantec Research Labs
An honest look at the state of enterprise security
Résumé: Enterprises own a significant fraction of the hosts connected to the Internet and possess valuable assets, such as financial data and intellectual property, which may be targeted by attackers. They suffer attacks that exploit unpatched hosts and install malware, resulting in breaches that may cost millions in damages. Despite the scale of this phenomenon, the threat and vulnerability landscape of enterprises remains under-studied. The security posture of enterprises remains unclear, and it’s unknown whether enterprises are indeed more secure than consumer hosts. To address these questions, we perform the largest and longest enterprise security study up to date. Our data covers nearly 3 years and is collected from 28K enterprises, belonging to 67 industries, which own 82M hosts and 73M public-facing servers. Our measurements comprise of two parts: an analysis of the threat landscape and an analysis of the enterprise vulnerability patching behavior. The threat landscape analysis first classifies low reputation files observed in enterprise hosts into families. Then, it measures, among others, that 91%–97% of the enterprises, 13%–41% of the enterprise hosts, encountered at least one malware or Potentially Unwanted Program (PUP) file over the length of our study; that enterprises encounter malware much more often than PUP; and that some industries like banks and consumer finances are doing notoriously better, achieving significantly lower malware and PUP encounter rates than the most-affected industries. The vulnerability analysis examines the patching of 12 client-side and 112 server-side applications in enterprise hosts and servers. It measures, among others, that it takes over 6 months on average to patch 90% of the population across all vulnerabilities in the 12 client-side applications; that enterprise computers are faster to patch vulnerabilities compared to consumer hosts; and that the patching of server applications is much worse than the patching of client-side applications.
Ingrid Verbauwhede, KU Leuven
The need for Hardware roots of trust
Software security and cryptographic security protocols rely on hardware roots of trust. Software designers assume that cryptographic keys, random initial values, nonces, freshness, hardware isolation, or secure storage is simply available to them.
At the same time, electronics shrink: sensor nodes, IOT devics, smart devices are becoming more and more available. Adding security and cryptography to these often very resource constraint devices is a challenge. This presentation will focus design methods for hardware roots of trustor and more specifically on Physically Unclonable Functions (PUFs) and True Random Number Generators (TRNG), two essential roots of trust.
Emanuele Cozzi, EURECOM
Understanding Linux Malware
For the past two decades, the security community has been fighting malicious programs for Windows-based operating systems. However, the recent surge in adoption of embedded devices and the IoT revolution are rapidly changing the malware landscape. Embedded devices are profoundly different than traditional personal computers. In fact, while personal computers run predominantly on x86-flavored architectures, embedded systems rely on a variety of different architectures. In turn, this aspect causes a large number of these systems to run some variants of the Linux operating system, pushing malicious actors to give birth to « Linux malware ». To the best of our knowledge, there is currently no comprehensive study attempting to characterize, analyze, and understand Linux malware. The majority of resources on the topic are available as sparse reports often published as blog posts, while the few systematic studies focused on the analysis of specific families of malware (e.g., the Mirai botnet) mainly by looking at their network-level behavior, thus leaving the main challenges of analyzing Linux malware unaddressed. This work constitutes the first step towards filling this gap. After a systematic exploration of the challenges involved in the process, we present the first malware analysis pipeline specifically tailored for Linux malware. We then present the results of the first large scale measurement study conducted on 10,548 malware samples (collected over a time frame of one year) documenting detailed statistics and insights that can help directing future work in the area.
Roberto Di Pietro, Hamad Bin Khalifa University, Quatar
Security and privacy issues in avionics communications
Résumé: Avionics is a strategic industrial field, where both security and safety issues do merge. The field is fragile form many points of view; in this talk, we will review some of the threats that do affect the domain from the point of view of communications. In particular, related to a novel (in terms of adoption) communication technology: ADS-B. We will move from this starting point to analyse also privacy issues in Open-Sky Net, a crowdsourcing sensory network that captures and distribute info related to commercial flights. At the end of the talk, a short description of research collaboration possibilities with the cri-lab @ HBKU, in Doha, Qatar, will be reviewed.
Sébastien Bardin, CEA
Formal methods: from source-level safety to binary-level security
Résumé: Several major classes of security analysis have to be performed on raw executable files, such as vulnerability analysis of mobile code or commercial off-the-shelf, deobfuscation or malware inspection. These analysis are highly challenging, due to the very low-level and intricate nature of binary code, and there is a clear need for more sophisticated and automated tools than currently available syntactic and dynamic approaches. On the other hand, source-level program analysis and formal methods have made tremendous progress in the past decade, and they are now an industrial reality for safety-critical applications.
Our long term goal is precisely to fulfill part of this gap, by developing state-of-the-art binary-level semantic analyses. In this talk, we first present the benefits of binary-level security analysis and the new challenges brought to formal methods, then we describe our first results and achievements, including the open-source BINSEC platform and its underlying key technologies as well as case-studies on deobfuscation and vulnerability analysis.
Sarah Zennou, Airbus
BinCAT: purrfecting binary static analysis
Résumé: In this talk we will present BinCAT, an open-source static analyzer of binary code for x86, armv7, armv8A and PPC. Using abstract interpretation as its core, it currently implements control flow graph reconstruction, value analysis, taint analysis at the bit level, type reconstruction and use-after-free detection. Analyses can be led either in forward or backward mode. It is fully integrated into IDA. BinCAT is available as free software: https://github.com/airbus-seclab/bincat/.
This talk will be concluded by a free discussion on possible collaborations with Airbus.
Sam L. Thomas, IRISA
Experiences with the Carnegie Mellon University Binary Analysis Platform (CMU BAP)