627 résultats

  • Squirrel: a new approach to computer-assisted proofs of protocols in the computational model.

    • 16 avril 2021

    • Inria Center of the University of Rennes - - Petri/Turing room

    Orateur : David Baelde (ENS Cachan)

    Formal methods have brought several approaches for proving that security protocols ensure the expected security and privacy properties. Most of the resulting tools analyze protocols in symbolic models, aka. Dolev-Yao-style models. Security in the symbolic model does not imply security in the cryptographer’s standard model, the computational model, where attackers are arbitrary (PPTIME) Turing[…]

  • Les cyberopérations: entre technique et droit international. Attribution, preuve et responsabilité.

    • 02 avril 2021

    • Inria Center of the University of Rennes - - Petri/Turing room

    Orateur : Anne-Thida Norodom (Professeur de droit public, Université de Paris)

    L’objet de cette intervention est de montrer à quel point le juridique est dépendant du technique lorsqu’il s’agit de réguler les cyberopérations. L’approche choisie sera celle du droit international public, c’est-à-dire du droit applicable entre Etats. Alors qu’il existe un consensus au niveau international sur l’applicabilité du droit international dans le domaine numérique, les négociations en[…]

  • Calibration Done Right: Noiseless Flush+Flush Attacks

    • 19 mars 2021

    • DGA-IRISA - Web-Conférence

    Orateur : Guillaume Didier

    Caches leak information through timing measurements and so-called side-channel attacks. Several primitives exist with different requirements and trade-offs. Flush+Flush is a stealthy and fast cache attack primitive that uses the timing of the clflush instruction depending on the presence of a line in the cache. However, the CPU interconnect plays a bigger role than thought in these timings, and[…]

  • SideLine and the advent of software-induced hardware attacks

    • 19 mars 2021

    • Mines Saint-Etienne – Thales - Web-Conférence

    Orateur : Joseph Gravellier

    In this talk, we will discuss software-induced hardware attacks and their impact for IoT, cloud and mobile security. More specifically, I will introduce SideLine, a new power side-channel attack vector that can be triggered remotely to infer cryptographic secrets. SideLine is based on the intentional misuse of delay-lines components embedded in SoCs that use external memory. I will explain how we[…]

  • Does Facebook use sensitive data for advertising?

    • 12 mars 2021

    • Inria Center of the University of Rennes - - Petri/Turing room

    Orateur : José González Cabañas (Universidad Carlos III de Madrid, Spain)

    Large online platforms use personal data, for example, your interests, to allow advertisers to reach you based on the things you like. But did you know some of these interests they use are associated with sensitive information directly linked to your social profile? In this talk, I will talk about the definition of sensitive data in terms of the General Data Protection Regulation in Europe (GDPR).[…]

  • A formal study of injection-based attacks and some tools it will enable

    • 19 février 2021

    • Inria Center of the University of Rennes - - Petri/Turing room

    Orateur : Pierre-François Gimenez (Inria Rennes, CentraleSupélec)

    Many systems work by receiving instructions and processing them: e.g., a browser receives and then displays an HTML page and executes Javascript scripts, a database receives a query and then applies it to its data, an embedded system controlled through a protocol receives and then processes a message. When such instructions depend on user input, one generally constructs them with concatenation or[…]
Haut de page