Description
While digital security concerns increase, we face both a urging demand for more and more code-level security analysis and a shortage of security experts. Hence the need for techniques and tools able to automate part of these code-level security analyses. As source-level program analysis and formal methods for safety-critical applications have made tremendous progress in the past decades, it is extremely tempting to adapt them from safety to security. Yet, security is not safety and, while still useful, a direct adaptation of safety-oriented program analysis to security scenarios remains limited in its scope. In this talk, we will argue for the need of security-oriented program analysis. Especially, we will first present some of the challenges faced by formal methods and program analysis in the context of code-level security scenarios. For example, security-oriented code analysis is better performed at the binary level, the attacker must be taken into account and practical security properties deviate from standard reachability / invariance properties. Second, we will discuss some early results and achievements carried out within the BINSEC group at CEA LIST. Especially, we will show how techniques such as symbolic execution and SMT constraint solving can be tailored to a number of practical code-level security scenarios.
Infos pratiques
Prochains exposés
-
Towards privacy-preserving and fairness-aware federated learning framework
Orateur : Nesrine Kaaniche - Télécom SudParis
Federated Learning (FL) enables the distributed training of a model across multiple data owners under the orchestration of a central server responsible for aggregating the models generated by the different clients. However, the original approach of FL has significant shortcomings related to privacy and fairness requirements. Specifically, the observation of the model updates may lead to privacy[…]-
Cryptography
-
SoSysec
-
Privacy
-
Machine learning
-
-
NEAT: A Nile-English Aligned Translation Corpus based on a Robust Methodology for Intent Based Networking and Security
Orateur : Pierre Alain - IUT de Lannion
The rise of Intent Based Networking (IBN) has paved the way for more efficient network and security management, reduced errors, and accelerated deployment times by leveraging AI processes capable of translating natural language intents into policies or configurations. Specialized neural networks could offer a promising solution at the core of translation operations. Still, they require dedicated,[…]-
SoSysec
-
Network
-
Security policies
-
-
Black-Box Collision Attacks on Widely Deployed Perceptual Hash Functions and Their Consequences
Orateur : Diane Leblanc-Albarel - KU Leuven
Perceptual hash functions identify multimedia content by mapping similar inputs to similar outputs. They are widely used for detecting copyright violations and illegal content but lack transparency, as their design details are typically kept secret. Governments are considering extending the application of these functions to Client-Side Scanning (CSS) for end-to-end encrypted services: multimedia[…]-
Cryptography
-
SoSysec
-
-
Malware Detection with AI Systems: bridging the gap between industry and academia
Orateur : Luca Demetrio - University of Genova
With the abundance of programs developed everyday, it is possible to develop next-generation antivirus programs that leverage this vast accumulated knowledge. In practice, these technologies are developed with a mixture of established techniques like pattern matching, and machine learning algorithms, both tailored to achieve high detection rate and low false alarms. While companies state the[…]-
SoSysec
-
Intrusion detection
-
Machine learning
-