Table of contents

  • This session has been presented February 19, 2021.

Description

  • Speaker

    Pierre-François Gimenez (Inria Rennes, CentraleSupélec)

Many systems work by receiving instructions and processing them: e.g., a browser receives and then displays an HTML page and executes Javascript scripts, a database receives a query and then applies it to its data, an embedded system controlled through a protocol receives and then processes a message. When such instructions depend on user input, one generally constructs them with concatenation or insertion. It can lead to injection-based attacks: when the user input modifies the query’s intended semantics and leads to a security breach. Protections do exist but are not sufficient as they never tackle the origin of the problem: the language itself. We propose a new formal approach based on formal languages to assess risk, enhance static analysis, and enable new tools. This approach is general and can be applied to query, programming, and domain-specific languages as well as network protocols. We are setting up an ANR project to go into this subject in more depth.

Practical infos

Next sessions

  • [CANCELLED] Black-Box Collision Attacks on Widely Deployed Perceptual Hash Functions and Their Consequences

    • June 13, 2025 (11:00 - 12:00)

    • Inria Center of the University of Rennes - Aurigny room

    Speaker : Diane Leblanc-Albarel - KU Leuven

    [CANCELLED] Perceptual hash functions identify multimedia content by mapping similar inputs to similar outputs. They are widely used for detecting copyright violations and illegal content but lack transparency, as their design details are typically kept secret. Governments are considering extending the application of these functions to Client-Side Scanning (CSS) for end-to-end encrypted services:[…]

    • Cryptography

    • SoSysec

    • Protocols

  • A non-comparison oblivious sort and its application to private k-NN

    • June 20, 2025 (11:00 - 12:00)

    • Inria Center of the University of Rennes - - Petri/Turing room

    Speaker : Sofiane Azogagh - UQÀM

    Sorting is a fundamental subroutine of many algorithms and as such has been studied for decades. A well-known result is the Lower Bound Theorem, which states that no comparison-based sorting algorithm can do better than O(nlog(n)) in the worst case. However, in the fifties, new sorting algorithms that do not rely on comparisons were introduced such as counting sort, which can run in linear time[…]

    • Cryptography

    • SoSysec

    • Privacy

    • Databases

    • Secure storage

Show previous sessions
Page top