627 results

  • Squirrel: a new approach to computer-assisted proofs of protocols in the computational model.

    • April 16, 2021

    • Inria Center of the University of Rennes - - Petri/Turing room

    Speaker : David Baelde (ENS Cachan)

    Formal methods have brought several approaches for proving that security protocols ensure the expected security and privacy properties. Most of the resulting tools analyze protocols in symbolic models, aka. Dolev-Yao-style models. Security in the symbolic model does not imply security in the cryptographer’s standard model, the computational model, where attackers are arbitrary (PPTIME) Turing[…]

  • Les cyberopérations: entre technique et droit international. Attribution, preuve et responsabilité.

    • April 02, 2021

    • Inria Center of the University of Rennes - - Petri/Turing room

    Speaker : Anne-Thida Norodom (Professeur de droit public, Université de Paris)

    L’objet de cette intervention est de montrer à quel point le juridique est dépendant du technique lorsqu’il s’agit de réguler les cyberopérations. L’approche choisie sera celle du droit international public, c’est-à-dire du droit applicable entre Etats. Alors qu’il existe un consensus au niveau international sur l’applicabilité du droit international dans le domaine numérique, les négociations en[…]

  • Calibration Done Right: Noiseless Flush+Flush Attacks

    • March 19, 2021

    • DGA-IRISA - Web-Conférence

    Speaker : Guillaume Didier

    Caches leak information through timing measurements and so-called side-channel attacks. Several primitives exist with different requirements and trade-offs. Flush+Flush is a stealthy and fast cache attack primitive that uses the timing of the clflush instruction depending on the presence of a line in the cache. However, the CPU interconnect plays a bigger role than thought in these timings, and[…]

  • SideLine and the advent of software-induced hardware attacks

    • March 19, 2021

    • Mines Saint-Etienne – Thales - Web-Conférence

    Speaker : Joseph Gravellier

    In this talk, we will discuss software-induced hardware attacks and their impact for IoT, cloud and mobile security. More specifically, I will introduce SideLine, a new power side-channel attack vector that can be triggered remotely to infer cryptographic secrets. SideLine is based on the intentional misuse of delay-lines components embedded in SoCs that use external memory. I will explain how we[…]

  • Does Facebook use sensitive data for advertising?

    • March 12, 2021

    • Inria Center of the University of Rennes - - Petri/Turing room

    Speaker : José González Cabañas (Universidad Carlos III de Madrid, Spain)

    Large online platforms use personal data, for example, your interests, to allow advertisers to reach you based on the things you like. But did you know some of these interests they use are associated with sensitive information directly linked to your social profile? In this talk, I will talk about the definition of sensitive data in terms of the General Data Protection Regulation in Europe (GDPR).[…]

  • A formal study of injection-based attacks and some tools it will enable

    • February 19, 2021

    • Inria Center of the University of Rennes - - Petri/Turing room

    Speaker : Pierre-François Gimenez (Inria Rennes, CentraleSupélec)

    Many systems work by receiving instructions and processing them: e.g., a browser receives and then displays an HTML page and executes Javascript scripts, a database receives a query and then applies it to its data, an embedded system controlled through a protocol receives and then processes a message. When such instructions depend on user input, one generally constructs them with concatenation or[…]
Page top