Séminaire CoaP du 21 mars

Dans le cadre de notre séminaire « La Cybersécurité sur un plateau » (Cybersecurity on a Plate), nous aurons deux interventions le jeudi 21 mars prochain. Le séminaire CoaP aura lieu à 14h dans le bâtiment IMT/TP/TSP, en salle 3.A213.

Si vous venez participer pour la première fois, n'hésitez pas à contacter les organisateurs pour ne pas être bloqué à l'entrée.

Lorena González-Manzano - Vulnerability detection under poisoning attacks

The complexity of current systems encourages the emergence of vulnerabilities. Detectors are developed in this regard, most of them using Artificial Intelligence (AI) techniques. However, AI is not without its problems, especially those attacks affecting the training set. In this talk a novel vulnerability detector, called VulCoT, is presented, together with their analysis under three different poisoning attacks.

Yanis Sellami - Fault Injection Vulnerability Characterization by Inference of Robust Reachability Constraints

While automated code analysis techniques have succeeded in finding and reporting potential vulnerabilities in binary programs, they tend to report many false positives, which cannot be reliably exploited. This is typical in evaluations of fault injection attacks vulnerabilities as faults can create unexpected program behaviors dependent on complex initial states. As the precise setup of the initial states is hard to achieve, such faults lead code analysis techniques to report vulnerabilities that exist in theory but are infeasible in practice. Vulnerability characterization techniques are thus needed to distinguish such reports from those that come from serious vulnerabilities. Recently, Girol et al. have introduced the concept of robust reachability, a property of program inputs applied to code analysis frameworks to report only vulnerabilities that can be reproduced reliably. This is done by distinguishing inputs that are under the control of the attacker from those that are not, and by reporting only vulnerabilities that do not depend on the value of the uncontrolled inputs. Yet, this remains insufficient for distinguishing severe vulnerabilities from benign ones as robust reachability will be unable to report cases that, e.g., are easy to trigger but may not succeed in a few corner cases. To address this issue, we propose a method that leverages an abduction procedure to generate a robust reachability constraint, that is, a logical constraint on the uncontrolled inputs under which we have the guarantee that the vulnerability will be triggered. We demonstrate the vulnerability characterization capabilities of an implementation of this procedure on a fault injection attack case-study taken from FISSC. We show that our method refines robust reachability and leads to a much better characterization of the reported vulnerabilities. The methods additionally leads to the generation of high-level feedback that is easier to understand and reuse for further analysis.