Search

632 results

• • Seminar

  • SoSysec

  Subject Access Request and Proof of Ownership

  • October 25, 2019

  • Inria Center of the University of Rennes - - Petri/Turing room

  Speaker : Cédric Lauradoux (INRIA Rhône-Alpes)

  The GDPR (General Data Protection Regulation) provides rights on our data: access, rectification, objection, etc. However, this regulation is not binding on how we can exercise these rights. Data controllers have therefore deployed various methods to authenticate subject requests. We have analyzed how this authentication process can fail and examined its consequences. Our study shows that a key[…]

• • Seminar

  • SoSysec

  A formal study of injection-based attacks and some tools it will enable

  • February 19, 2021

  • Inria Center of the University of Rennes - - Petri/Turing room

  Speaker : Pierre-François Gimenez (Inria Rennes, CentraleSupélec)

  Many systems work by receiving instructions and processing them: e.g., a browser receives and then displays an HTML page and executes Javascript scripts, a database receives a query and then applies it to its data, an embedded system controlled through a protocol receives and then processes a message. When such instructions depend on user input, one generally constructs them with concatenation or[…]

• • Seminar

  • SoSysec

  L’empoisonnement de données semble-t-il un risque réaliste ?

  • September 23, 2022

  • Inria Center of the University of Rennes - - Petri/Turing room

  Speaker : Adrien Chan-Hon-Tong (ONERA)

  Les attaques adversaires ont rencontré un fort écho dans la communauté de vision par ordinateur. Pour autant, via ce type d’attaque, un hacker ne peut modifier le comportement de l’algorithme ciblé que localement. Inversement, l’empoisonnement de données est en mesure de modifier globalement le comportement de l’algorithme visé, et, il n’est pas forcément détectable par un opérateur notamment si[…]

• • Seminar

  • SoSysec

  QUIC: que faut-il attendre de ce nouveau protocole de communication sécurisé ?

  • May 29, 2020

  • Inria Center of the University of Rennes - - Petri/Turing room

  Speaker : Olivier Levillain (Telecom Sudparis)

  Depuis plusieurs années, les grands acteurs du web travaillent à l’amélioration des communications entre leurs utilisateurs et leurs services. Ces améliorations peuvent porter sur la vitesse des connexions ou sur la sécurité des échanges. QUIC fait partie des efforts en cours. Il s’agit d’un protocole en cours de standardisation à l’IETF, qu’on peut résumer à un protocole sur UDP fournissant les[…]

• • Seminar

  • SoSysec

  Search-Based Local Black-Box Deobfuscation: Understand, Improve and Mitigate

  • February 25, 2022

  • Inria Center of the University of Rennes - - Petri/Turing room

  Speaker : Grégoire Menguy (CEA LIST)

  Code obfuscation aims at protecting Intellectual Property and other secrets embedded into software from being retrieved. Recent works leverage advances in artificial intelligence (AI) with the hope of getting blackbox deobfuscators completely immune to standard (whitebox) protection mechanisms. While promising, this new field of AI-based, and more specifically search-based blackbox deobfuscation,[…]

• • Seminar

  • SoSysec

  Formal security proofs in a post-quantum world

  • November 19, 2021

  • Inria Center of the University of Rennes - - Petri/Turing room

  Speaker : Charlie Jacomme (CISPA)

  In the recent years, formals methods for security and their associated tools have been used successfully both to find novel and complex attacks on many protocols [A] and to help in their standardization process. They however face a new challenge with the increasing probability of quantum computers coming into the real-world: we need to be able to provide guarantees against quantum attackers.In[…]