59 results
-
Tackling obfuscated code through variant analysis and Graph Neural Networks
Speaker : Roxane Cohen and Robin David - Quarkslab
Existing deobfuscation techniques usually target specific obfuscation passes and assume a prior knowledge of obfuscated location within a program. Also, some approaches tend to be computationally costly. Conversely, few research consider bypassing obfuscation through correlation of various variants of the same obfuscated program or a clear program and a later obfuscated variant. Both scenarios are[…]-
Malware analysis
-
Binary analysis
-
Obfuscation
-
-
Cherifying Linux: A Practical View on using CHERI
Speaker : Kui Wang - Huawei
The CHERI ISA extension enables modern RISC CPU architectures such as RISC-V to enforce memory safety in C/C++ programs. Recent academic works use CHERI for point solutions like constructing enclaves, verifying C programs, or hardening bytecode interpreters, but since the original construction of the CHERI-BSD OS - a FreeBSD port leveraging CHERI capabilities, by Cambridge University - little has[…]-
SoSysec
-
Compartmentalization
-
Operating system and virtualization
-
-
A Universal Composability analysis of Android Protected Confirmation
Speaker : Maïwenn Racouchot - CISPA
As phones are used for more and more sensitive operations (such as bank transfers for example), there is a great necessity to design and deploy protocols that can ensure the security of such transactions, even in cases when the phone has been compromised. In order to accomplish that, Android in collaboration with Google have worked on a protocol called Android Protected Confirmation. The idea[…]-
SoSysec
-
Formal methods
-
Protocols
-
-
Approches humanitaires du risque numérique : accidents de sécurité et impératif de protection
Speaker : Laetitia Della Torre - Université de technologie de Compiègne
Les ONG clament qu’elles ne sont pas des cibles (« not a target »), et plaident pour un arrêt des enlèvements d’humanitaires et des bombardements d’hôpitaux. Ajoutons que ce slogan est maintenant décliné dans une version « modernisée » : les ONG ne sont pas des cibles numériques (« not a digital target »). Ce slogan constitue un appel à stopper les cyberopérations contre les ONG, qui sont[…]-
Risk management
-
SoSysec
-
-
Safety-Security Convergence of Industrial Control Systems
Speaker : Maxime Puys - Université Clermont Auvergne - IUT de Clermont-Ferrand
Industrial Control Systems (ICS) are designed to provide a service, such as power generation or water treatment, while protecting people, assets, and the environment against hazards. However, ICS now integrate Information Technology (IT) and are interconnected with the outside world such as the Internet, thereby exposing their infrastructures to cyberattacks. Cyberattacks have thus become new[…]-
Risk Assessment
-
SoSysec
-
Intrusion detection
-
-
Un protocole SMPC de curation de données d'entrainement et sa fragilité aux hypothèses de sécurité...
Speaker : Marc-Olivier Killijian - Université du Québec à Montréal
... ou "Sécurité et insécurité - dans quel état j’erre, ai-je bien rangé mon modèle de sécurité ?" De nos jours, les sources de données, et leurs curateurs, sont répartis à travers le monde. Il arrive que les propriétaires de ces données souhaitent collaborer entre eux afin d’augmenter la qualité de ces données, particulièrement avant d’entrainer des modèles d’apprentissage machine.Dans cet exposé[…]-
SoSysec
-
Privacy
-
Machine learning
-
Distributed systems
-