619 résultats

  • Calibration Done Right: Noiseless Flush+Flush Attacks

    • 19 mars 2021

    • DGA-IRISA - Web-Conférence

    Orateur : Guillaume Didier

    Caches leak information through timing measurements and so-called side-channel attacks. Several primitives exist with different requirements and trade-offs. Flush+Flush is a stealthy and fast cache attack primitive that uses the timing of the clflush instruction depending on the presence of a line in the cache. However, the CPU interconnect plays a bigger role than thought in these timings, and[…]

  • SideLine and the advent of software-induced hardware attacks

    • 19 mars 2021

    • Mines Saint-Etienne – Thales - Web-Conférence

    Orateur : Joseph Gravellier

    In this talk, we will discuss software-induced hardware attacks and their impact for IoT, cloud and mobile security. More specifically, I will introduce SideLine, a new power side-channel attack vector that can be triggered remotely to infer cryptographic secrets. SideLine is based on the intentional misuse of delay-lines components embedded in SoCs that use external memory. I will explain how we[…]

  • Does Facebook use sensitive data for advertising?

    • 12 mars 2021

    • Inria Center of the University of Rennes - - Petri/Turing room

    Orateur : José González Cabañas (Universidad Carlos III de Madrid, Spain)

    Large online platforms use personal data, for example, your interests, to allow advertisers to reach you based on the things you like. But did you know some of these interests they use are associated with sensitive information directly linked to your social profile? In this talk, I will talk about the definition of sensitive data in terms of the General Data Protection Regulation in Europe (GDPR).[…]

  • A formal study of injection-based attacks and some tools it will enable

    • 19 février 2021

    • Inria Center of the University of Rennes - - Petri/Turing room

    Orateur : Pierre-François Gimenez (Inria Rennes, CentraleSupélec)

    Many systems work by receiving instructions and processing them: e.g., a browser receives and then displays an HTML page and executes Javascript scripts, a database receives a query and then applies it to its data, an embedded system controlled through a protocol receives and then processes a message. When such instructions depend on user input, one generally constructs them with concatenation or[…]

  • Canadian and Québec approaches to contact tracing

    • 11 décembre 2020

    • Inria Center of the University of Rennes - - Petri/Turing room

    Orateur : Sébastien Gambs (Université du Québec à Montréal, Canada)

    Contact tracing applications have been deployed in many countries as a complementary measure to fight Covid-19 by enabling to automatically notify individuals who have been in contact with infected persons. However, the choice of the design of a particular application is not innocent as it has a direct impact on its security as well as on the privacy of its user. In this talk, I will review the[…]

  • The PINED-RQ Family: Differentially Private Indexes for Range Query Processing in Clouds

    • 13 novembre 2020

    • Inria Center of the University of Rennes - - Petri/Turing room

    Orateur : Tristan Allard (IRISA, Université de Rennes 1)

    Performing non- aggregate range queries on cloud stored data, while achieving both privacy and efficiency is a challenging problem. With the PINED-RQ family of techniques, we propose constructing a differentially private index to an outsourced encrypted dataset. Efficiency is enabled by using a cleartext index structure to perform range queries. Security relies on both differential privacy (of the[…]
Haut de page