Filter by content type
Select one or more filters. This choice will reload the page to display the filtered results.
721 results
-
-
Seminar
-
SoSysec
A Compositional and Complete approach to Verifying Privacy Properties using the Applied Pi-calculus
Speaker : Ross Horne (University of Luxembourg)
The pi-calculus was introduced for verifying cryptographic protocols by Abadi and Fournet in 2001. They proposed an equivalence technique, called bisimilarity, useful for verify privacy properties. It is widely acknowledged (cf. Paige and Tarjan 1987), that bisimilarity is more efficient to check than trace equivalence; however, surprisingly, tools based on the applied pi-calculus typically still[…] -
-
-
Seminar
-
SoSysec
How to decrypt without keys with GlobalPlatform SCP02 protocol
Speaker : par Loic Ferreira (Orange Labs, IRISA)
The GlobalPlatform SCP02 protocol is a security protocol implemented in smart cards, and used by transport companies, in the banking world and by mobile network operators (UICC/SIM cards). We describe how to perform a padding oracle attack against SCP02. The attack allows an adversary to efficiently retrieve plaintext bytes from an encrypted data field. We provide results of our experiments done[…] -
-
-
Seminar
-
SoSysec
Not so AdHoc testing: formal methods in the standardization of the EDHOC protocol
Speaker : Charlie Jacomme (Inria Paris)
We believe that formal methods in security should be leveraged in all the standardisation’s of security protocols in order to strengthen their guarantees. To be effective, such analyses should be:* maintainable: the security analysis should be performed on every step of the way, i.e. each iteration of the draft;* pessimistic: all possible threat models, notably all sort of compromise should be[…] -
-
-
Seminar
-
SoSysec
Ransomware Detection Using Markov Chain Models Over File Headers
Speaker : David Lubicz (DGA-MI)
In this paper, a new approach for the detection of ransomware based on the runtime analysis of their behaviour is presented. The main idea is to get samples by using a mini-filter to intercept write requests, then decide if a sample corresponds to a benign or a malicious write request. To do so, in a learning phase, statistical models of structured file headers are built using Markov chains. Then[…] -
-
-
Seminar
-
SoSysec
Reasoning over leaks of information for Access Control of Databases
Speaker : Pierre Bourhis (CNRS, CRISTAL)
Controlling the access of data in Database management systems is a classical problem and it has been solved through different mechanisms. One of the most common mechanism implemented in most Database management systems is the mechanism of views, i.e defining the accessible data of a user as the result of a query. This mechanism is also used in principle in other systems such as in social networks.[…] -
-
-
Seminar
-
SoSysec
Les cyberopérations: entre technique et droit international. Attribution, preuve et responsabilité.
Speaker : Anne-Thida Norodom (Professeur de droit public, Université de Paris)
L’objet de cette intervention est de montrer à quel point le juridique est dépendant du technique lorsqu’il s’agit de réguler les cyberopérations. L’approche choisie sera celle du droit international public, c’est-à-dire du droit applicable entre Etats. Alors qu’il existe un consensus au niveau international sur l’applicabilité du droit international dans le domaine numérique, les négociations en[…] -