EN FR
EN FR


Section: Partnerships and Cooperations

National Initiatives

  • ANR SETIN Project: POLUX (2007-2011)

    POLUX aimed at configuring automatically the security mechanisms (prevention and detection) from the specification of the system in terms of its security policy. Indeed, current security tools are totally uncoordinated. They come from a large number of vendors. Even worse, they are sometimes developed by newcomers to the security field and they use different configuration logics and languages that bear little resemblance one to another or to the previously proposed formalisms. As a result, ensuring interoperability between these tools is a difficult endeavor. Researchers are facing the same issues, different communities looking at either access control, security protocols or intrusion detection, but with little coordination or fusion between these domains. A few standard formats have been defined over the years, but they only cover small areas, and they have been very long in the making. We first studied this interoperability problem and developed a framework allowing a unified expression of security policies for the entire range of security tools related to prevention of security issues, detection of threats, and countermeasures. The expression of these security policies obeyed precise constraints permitting the verification of their soundness and the validation of their application to a particular information system. It also allowed interoperability and negotiation of security policies and included the management of the security policy as a meta-policy. This formalism and framework applied to the complete range of security tools covering the three key properties of security, integrity, confidentiality and availability. This project is led by Télécom Bretagne and involves Supélec.

  • ANR SETIN Project: PLACID (2007-2011) PLACID is an interdisciplinary project that combines expertise in artificial intelligence and computer security. Alarm correlation is a subfield of intrusion detection whose goal is to make heterogeneous IDS sensors cooperate in order to improve the attack detection rate, enrich the semantics of alerts and reduce the overall number of alerts. Several solutions have been proposed in the literature, all of which require knowledge about the attacks and the context in which they occur. At the same time, complementary tools have appeared to support alarm correlation by providing knowledge databases about attacks, as well as local and global contextual observations. However, none of these correlation solutions received a wide acceptance. We believe that one of the reason for this is that the intrusion detection domain lacks a common logic that would allow security systems to reason about complementary evidences and security operators to interact with these systems efficiently. The objective of the PLACID project is twofolds. First we investigate a formal description logic for intrusion detection, called IDDL, which stands for Intrusion Detection Description Logic. IDDL will provide security components with a formal framework to characterize their observation, share their knowledge with third-party components and reason about complementary evidence information. Second, we investigate bayesian-based approaches for alert correlation. Our aim is to model uncertainty associated with alerts, to represent malicious actions, and to model correlation relations between alerts. The use of bayesian networks has several advantages such as evaluating the success of attacks, reducing the set of possible attacks scenarios, learning correlation relations, or finding the root cause of alerts.

    This project is led by the University of Nantes and involves the University of Artois and Supélec.

  • ANR Arpege Project: DALI (2009-2011)

    DALI aims at developing innovative design solutions to enhance the capabilities of current intrusion detection systems at the application level as well as new methodologies and tools for assessment and evaluation of the proposed solution with respect to their ability to detect potential intrusions. We expect to enhance the detection capability by inserting the mechanisms directly inside the software. Our work focuses on two complementary methods: First, the specification of software security contracts in terms of application level security policy, and second, an introspective method to learn the software specification at run-time. Both methods will lead to instrument the software to insert intrusion detection mechanisms. The challenges that will be addressed include the identification of the security attributes which must be captured by contracts, the ability to have enough introspection at run-time to learn program behavior, and finally the ability to instrument automatically the software. Our analysis of the state of the art reveals that there is still a lack of rigorous methodologies defining how the developers should proceed for testing security and a lack of tools supporting the implementation of such a methodology. Our project aims at fullling these two objectives. One of our objectives is to develop a uniform, repeatable, and cost-effective way to test and evaluate IDS, either as a stand-alone assessment or, more often, for comparative evaluation across systems and components. Particular attention is put on the generation of inputs combining normal and malicious activities and the definition of input selection criteria taking into account the security properties and the specification of the application. Moreover, in the context of the project, we will develop a platform that will permit to show the feasibility of the different approaches in the project, both in terms of intrusion detection design and assessment.

    This project is led by Kereval and involves Télécom Bretagne, Supélec and the LAAS/ CNRS.

  • ANR SeSur Project: LISE (2008-2011)

    The LISE project intends to study the relationship between law and technique in the realization of secure computing systems. In particular, solutions for assessing and proving the responsibility of parties should be defined. LISE follows a top-down approach, starting with the definition of liability and deriving sufficient and acceptable execution traces. The main phases of the project are as follows: (1) State of the art and recommendations for potential evolutions of current regulations in order to make them suitable to the new ICT society and to favor the emergence of a true “liability economy” of software. (2) Method for software liability specification and definition of a legally acceptable link with execution traces. (3) Method for the analysis of execution traces to determine liability based on the agreed specification.

    This project is led by INRIA Rhône-Alpes and involves the University of Versailles Saint-Quentin-en-Yvelines, the University of Caen Basse-Normandie, Supélec and VERIMAG.

  • ANR INS Project: AMORES (2011-2015)

    Situated in the mobiquitous context characterized by a high mobility of individuals, most of them wearing devices capable of geolocation (smartphones or GPS-equipped cars), the AMORES project is built around three use-cases related to mobility, namely (1) dynamic carpooling, (2) real-time computation of multi-modal transportation itineraries and (3) mobile social networking. For these three use cases, the main objective of the AMORES project is to define and develop geo-communication primitives at the middleware level that can offer the required geo-located services, while at the same time preserving the privacy of users, in particular with respect to their location (notion of geo-privacy). This project is joint between the Université de Rennes 1, Supélec, LAAS-CNRS, Mobigis and Tisséo.

  • ANR INS Project : LYRICS (2011-2014)

    With the fast emergence of the contactless technology such as NFC, mobile phones will soon be able to play the role of e-tickets, credit cards, transit pass, loyalty cards, access control badges, e-voting tokens, e-cash wallets, etc. In such a context, protecting the privacy of an individual becomes a particularly challenging task, especially when this individual is engaged during her daily life in contactless services that may be associated with his identity. If an unauthorized entity is technically able to follow all the digital traces left behind during these interactions then that third party could efficiently build a complete profile of this individual, thus causing a privacy breach. Most importantly, this entity can freely use this information for some undesired or fraudulent purposes ranging from targeted spam to identity theft. The objective of LYRICS (ANR INS 2011) is to enable end users to securely access and operate contactless services in a privacy-preserving manner that is, without having to disclose their identity or any other unnecessary information related to personal data. The project is joint between France Télécom, Atos Wordline, CryptoExperts, ENSI Bourges, ENSI Caen, MoDyCo, Oberthur Technologies, NEC Corporation, Microsoft and Université de Rennes 1.

  • LABEX Comin Labs

    CIDRE participates in the CominLabs initiative sponsored by the “Laboratoires d’Excellence” program and which federates the best teams from Bretagne and Nantes regions in the broad area of telecommunications, from electronic devices to distributed applications. We are in particular involved in the “security and privacy” focus that is co-chaired by a member of the team.