Table of contents

  • This session has been presented October 29, 2021.

Description

  • Speaker

    Sébastien Bardin (CEA LIST)

While digital security concerns increase, we face both a urging demand for more and more code-level security analysis and a shortage of security experts. Hence the need for techniques and tools able to automate part of these code-level security analyses. As source-level program analysis and formal methods for safety-critical applications have made tremendous progress in the past decades, it is extremely tempting to adapt them from safety to security. Yet, security is not safety and, while still useful, a direct adaptation of safety-oriented program analysis to security scenarios remains limited in its scope. In this talk, we will argue for the need of security-oriented program analysis. Especially, we will first present some of the challenges faced by formal methods and program analysis in the context of code-level security scenarios. For example, security-oriented code analysis is better performed at the binary level, the attacker must be taken into account and practical security properties deviate from standard reachability / invariance properties. Second, we will discuss some early results and achievements carried out within the BINSEC group at CEA LIST. Especially, we will show how techniques such as symbolic execution and SMT constraint solving can be tailored to a number of practical code-level security scenarios.

Practical infos

Next sessions

  • Un protocole SMPC de curation de données d'entrainement et sa fragilité aux hypothèses de sécurité...

    • December 06, 2024 (11:00 - 12:00)

    • Inria Center of the University of Rennes - Métiviers room

    Speaker : Marc-Olivier Killijian - Université du Québec à Montréal

    ... ou "Sécurité et insécurité - dans quel état j’erre, ai-je bien rangé mon modèle de sécurité ?" De nos jours, les sources de données, et leurs curateurs, sont répartis à travers le monde. Il arrive que les propriétaires de ces données souhaitent collaborer entre eux afin d’augmenter la qualité de ces données, particulièrement avant d’entrainer des modèles d’apprentissage machine.Dans cet exposé[…]

    • SoSysec

    • Privacy

    • Machine learning

    • Distributed systems

  • Safety-Security Convergence of Industrial Control Systems

    • December 13, 2024 (11:00 - 12:00)

    • Inria Center of the University of Rennes - Room Aurigny

    Speaker : Maxime Puys - Université Clermont Auvergne - IUT de Clermont-Ferrand

    Industrial Control Systems (ICS) are designed to provide a service, such as power generation or water treatment, while protecting people, assets, and the environment against hazards. However, ICS now integrate Information Technology (IT) and are interconnected with the outside world such as the Internet, thereby exposing their infrastructures to cyberattacks. Cyberattacks have thus become new[…]

    • SoSysec

    • Intrusion detection

Show previous sessions
Page top