[Séminaire reporté] Séminaire CoaP du 19 janvier: NVIDIA DOCA hackathon and Adversarial Reachability for Program-level Security Analysis

En raison de l'appel à la grève le 19 janvier, le séminaire est reporté à une date qui doit encore être définie.

Dans le cadre de notre séminaire « La Cybersécurité sur un plateau » (Cybersecurity on a Plate), nous aurons deux interventions le 19 janvier. Le séminaire CoaP aura lieu à 14h dans le bâtiment IMT/TP/TSP, en salle 3.A213.

Romain Ferrari, Louis Cailliot, Julie Sauzedde, Pierre-Elisée Flory - NVIDIA DOCA hackathon

The NVIDIA DOCA hackathon took place on March 21, during NVIDIA 2022 GTC.

The Thales team chose to build a solution upon the DPI acceleration to enable Yara rules, which are used for inspection of files downloaded from the network to identify malware and potential threats. To implement this, Team Thales used a Yara Parser to transform public Yara rules into DPI rules in a Suricata community-based format supported by the DOCA DPI lib. This solution leveraged DOCA DPI functionality to scan the files on the fly as the packets flow through the device.

Soline Ducousso - Adversarial Reachability for Program-level Security Analysis

Many program analysis tools and techniques have been developed to assess program vulnerability. Yet, they are based on the standard concept of reachability and represent an attacker able to craft smart legitimate input, while in practice attackers can be much more powerful, using for instance micro-architectural exploits or fault injection methods. We introduce adversarial reachability , a framework allowing to reason about such advanced attackers and check whether a system is vulnerable or immune to a particular attacker. As equipping the attacker with new capacities significantly increases the state space of the program under analysis, we present a new symbolic exploration algorithm, namely adversarial symbolic execution, injecting faults in a forkless manner to prevent path explosion, together with optimizations dedicated to reduce the number of injections to consider while keeping the same attacker power. Experiments on representative benchmarks from fault injection show that our method significantly reduces the number of adversarial paths to explore, allowing to scale up to 10 faults where prior work timeout for 3 faults. In addition, we analyze the well-tested WooKey's bootloader, and demonstrate the ability of our analysis to find attacks and evaluate countermeasures in real-life security scenarios.

This is joint work with Sébastien Bardin and Marie-Laure Potet.