EN FR
EN FR


Section: Highlights of the Year

Highlights of the Year

This year, beside the continuation of the work we realized on intrusion detection, privacy, or trust management (see below), we started to investigate new areas, namely malware analysis and hardware security.

A classical problem in dynamic analysis of malware is to be able automatically execute functions / methods of applications under monitoring. Dynamic analysis is helpful only if a malicious action has been observed, unfortunately some malicious functionality might be hidden or was trimmed for not executing when being called under certain circumstances / in certain environments. We have developed a new approach in the automatic triggering of suspicious code [25] . In few words, our approach consists in identify suspicious code and modifying the bytecode of the infected application in order to force the execution of the suspicious code. We have implemented GroddDroid a tool dedicated to the automatic triggering of Android malware. This work has received the Best Paper award at the 10th International Conference on Malicious and Unwanted Software.

We have initiated this year different research activities in the domain of hardware security. Our goal is not to protect devices against hardware attacks such as side-channels but to use hardware mechanisms to strengthen the software stack against traditional software attacks. In this context, we are particularly interested in software/hardware co-design approaches. More precisely, we want to focus on two challenges :

  • We want to use formal methods to evaluate the security guarantees provided by hardware platforms, which combine different CPUs, chipsets and memories;

  • We want to investigate how dedicated hardware could be used to monitor the whole software stack (from the firmware to the user-mode applications).

The first challenge is the main objective of a bilateral research project with the French national agency for computer security (ANSSI) started in January 2015. We supervise the PhD of Thomas Lethan in the context of this project. The second challenge is studied in a bilateral research project with HP Inc Research Labs. This project started in 2012 but has been extended this year. The main objective of this extension is to propose an approach combining software instrumentation and external monitoring by a dedicated hardware to detect intrusions in UEFI firmware. The second challenge is also studied in the HardBlare collaborative project started in October 2015. The goal of this project is to use a dedicated co-processor to enforce Dynamic Information Flow Control on the main CPU.

This year, we also contributed in the organization and program committee of two major events of our communities:

  • the 19-th edition of OPODIS, the International Conference on Principles of Distributed Systems (https://opodis2015.irisa.fr ) was organized in Rennes, December 14-17th, with Emmanuelle Anceaume as the general chair of the conference ;

  • Nicolas Prigent was the program chair of the 12th IEEE International Symposium on Visualization for Cyber Security (VizSec) that took place in Chicago, Illinois, USA on the 26th of October, 2015.

Awards

Our work on GroddDroid has received the best paper award at 10th International Conference on Malicious and Unwanted Software .

Best Paper Award:
[25]
A. Abraham, R. Andriatsimandefitra Ratsisahanana, A. Brunelat, J.-F. Lalande, V. Viet Triem Tong.

GroddDroid: a Gorilla for Triggering Malicious Behaviors, in: 10th International Conference on Malicious and Unwanted Software, Fajardo, Puerto Rico, IEEE Computer Society, October 2015.

https://hal.inria.fr/hal-01201743