Sommaire

  • Cet exposé a été présenté le 19 février 2021.

Description

  • Orateur

    Pierre-François Gimenez (Inria Rennes, CentraleSupélec)

Many systems work by receiving instructions and processing them: e.g., a browser receives and then displays an HTML page and executes Javascript scripts, a database receives a query and then applies it to its data, an embedded system controlled through a protocol receives and then processes a message. When such instructions depend on user input, one generally constructs them with concatenation or insertion. It can lead to injection-based attacks: when the user input modifies the query’s intended semantics and leads to a security breach. Protections do exist but are not sufficient as they never tackle the origin of the problem: the language itself. We propose a new formal approach based on formal languages to assess risk, enhance static analysis, and enable new tools. This approach is general and can be applied to query, programming, and domain-specific languages as well as network protocols. We are setting up an ANR project to go into this subject in more depth.

Infos pratiques

Prochains exposés

  • Towards privacy-preserving and fairness-aware federated learning framework

    • 19 septembre 2025 (11:00 - 12:00)

    • Inria Center of the University of Rennes - Petri/Turing room

    Orateur : Nesrine Kaaniche - Télécom SudParis

    Federated Learning (FL) enables the distributed training of a model across multiple data owners under the orchestration of a central server responsible for aggregating the models generated by the different clients. However, the original approach of FL has significant shortcomings related to privacy and fairness requirements. Specifically, the observation of the model updates may lead to privacy[…]

    • Cryptography

    • SoSysec

    • Privacy

    • Machine learning

  • NEAT: A Nile-English Aligned Translation Corpus based on a Robust Methodology for Intent Based Networking and Security

    • 26 septembre 2025 (11:00 - 12:00)

    • Inria Center of the University of Rennes - Room Métivier

    Orateur : Pierre Alain - IUT de Lannion

    The rise of Intent Based Networking (IBN) has paved the way for more efficient network and security management, reduced errors, and accelerated deployment times by leveraging AI processes capable of translating natural language intents into policies or configurations. Specialized neural networks could offer a promising solution at the core of translation operations. Still, they require dedicated,[…]

    • SoSysec

    • Network

    • Security policies

  • Black-Box Collision Attacks on Widely Deployed Perceptual Hash Functions and Their Consequences

    • 03 octobre 2025 (11:00 - 12:00)

    • Inria Center of the University of Rennes - Métivier room

    Orateur : Diane Leblanc-Albarel - KU Leuven

    Perceptual hash functions identify multimedia content by mapping similar inputs to similar outputs. They are widely used for detecting copyright violations and illegal content but lack transparency, as their design details are typically kept secret. Governments are considering extending the application of these functions to Client-Side Scanning (CSS) for end-to-end encrypted services: multimedia[…]

    • Cryptography

    • SoSysec

  • Malware Detection with AI Systems: bridging the gap between industry and academia

    • 09 octobre 2025 (11:00)

    • Inria Center of the University of Rennes - Room Aurigny

    Orateur : Luca Demetrio - University of Genova

    With the abundance of programs developed everyday, it is possible to develop next-generation antivirus programs that leverage this vast accumulated knowledge. In practice, these technologies are developed with a mixture of established techniques like pattern matching, and machine learning algorithms, both tailored to achieve high detection rate and low false alarms. While companies state the[…]

    • SoSysec

    • Intrusion detection

    • Machine learning

Voir les exposés passés
Haut de page