Search

689 results

• • Seminar

  • SoSysec

  Subject Access Request and Proof of Ownership

  • October 25, 2019

  • Inria Center of the University of Rennes - - Room TBD

  Speaker : Cédric Lauradoux (INRIA Rhône-Alpes)

  The GDPR (General Data Protection Regulation) provides rights on our data: access, rectification, objection, etc. However, this regulation is not binding on how we can exercise these rights. Data controllers have therefore deployed various methods to authenticate subject requests. We have analyzed how this authentication process can fail and examined its consequences. Our study shows that a key[…]

• • Seminar

  • SoSysec

  Les cyber opérations, entre opportunités stratégiques et contraintes opérationnelles

  • October 01, 2021

  • Inria Center of the University of Rennes - - Room TBD

  Speaker : Stéphane Taillat (Académie Militaire de Saint Cyr-Coëtquidan)

  Le recours aux opérations numériques et au cyberespace s’est généralisé dans la gestion des crises et des conflits internationaux. Pour autant, aucune des cyber opérations étatiques ou prêtées à des États n’ont débouché sur des conflits armés ou sur une escalade significative des tensions. A ce titre, cette conférence cherche à s’interroger sur l’utilité stratégique des opérations numériques et du[…]

• • Seminar

  • SoSysec

  An evaluation of Symbolic Execution Systems and the benefits of compilation with SymCC

  • September 25, 2020

  • Inria Center of the University of Rennes - - Room TBD

  Speaker : Aurélien Francillon (Eurecom)

  In this talk I will discuss our recent work, together with Sebastian Poeplau, on Symbolic execution. Symbolic execution has become a popular technique for software testing and vulnerability detection, in particular, because it allows to generate test cases for difficult to reach program paths. However, a major impediment to practical symbolic execution is speed, especially when compared to near[…]

• • Seminar

  • SoSysec

  A Fundamental Approach to Cyber Risk Analysis

  • September 16, 2022

  • Inria Center of the University of Rennes - - Room TBD

  Speaker : Rainer Böhme (Universität Innsbruck)

  This paper provides a framework actuaries can use to think about cyber risk. We propose a differentiated view of cyber versus conventional risk by separating the nature of risk arrival from the target exposed to risk. Our review synthesizes the liter- ature on cyber risk analysis from various disciplines, including computer and network engineering, economics, and actuarial sciences. As a result,[…]

• • Seminar

  • SoSysec

  Towards Security-Oriented Program analysis

  • October 29, 2021

  • Inria Center of the University of Rennes - - Room TBD

  Speaker : Sébastien Bardin (CEA LIST)

  While digital security concerns increase, we face both a urging demand for more and more code-level security analysis and a shortage of security experts. Hence the need for techniques and tools able to automate part of these code-level security analyses. As source-level program analysis and formal methods for safety-critical applications have made tremendous progress in the past decades, it is[…]

• • Seminar

  • SoSysec

  Not so AdHoc testing: formal methods in the standardization of the EDHOC protocol

  • December 16, 2022

  • Inria Center of the University of Rennes - - Room TBD

  Speaker : Charlie Jacomme (Inria Paris)

  We believe that formal methods in security should be leveraged in all the standardisation’s of security protocols in order to strengthen their guarantees. To be effective, such analyses should be:* maintainable: the security analysis should be performed on every step of the way, i.e. each iteration of the draft;* pessimistic: all possible threat models, notably all sort of compromise should be[…]