CIDRE - 2015 - Annual activity report

CIDRE

CIDRE - 2015

Project-Team Cidre

Members

Overall Objectives

CIDRE in Brief

Research Program

Application Domains

Application Domains

Highlights of the Year

New Software and Platforms

New Results

Bilateral Contracts and Grants with Industry

Partnerships and Cooperations

Dissemination

Bibliography

Previous |

Home | Next next

Section: Bilateral Contracts and Grants with Industry

Bilateral Contracts with Industry

CS contract (2014-2016): “SecEF”

The SecEF contract consists in analyzing current used standards for information security events [39] . Such events following a standardized structure are needed to allow communications between the various security tools, in order to consolidate and correlate information, and for communications between different security response teams, to share information relative to incidents. Examples of such events are IDMEF (Intrusion Detection Message Exchange Format, RFC 4765) or IODEF (Incident Object Description Exchange Format, RFC 5070). Unfortunately, these two standards are insufficiently deployed on a market still dominated by proprietary formats. The objective of the SecEF (Security Exchange Format) project is thus to propose evolutions of these formats, based on the initial feedback from current users. During the first years of the project, we focused our work on alert formats. We conduced a comparative study of different alert formats and propose quantitative metrics to asses format expressiveness. We also proposed some evolutions for the IDMEF format and started the development of a generic library dedicated to IDMEF. This library could be used in different programming languages to generate and parse IDMEF messages. It will also support different encodings and transport protocols.
HP contract (2013-2016): “Embedded Systems Security”

We have initiated a research program in collaboration with HP Inc Labs in the domain of embedded systems security. We aim at researching and prototyping low-level intrusion detection mechanisms in embedded system software. This involves mechanisms in continuation of previous work realized by our team as well as investigating new techniques more directly tied to specific device architectures. In 2015, the project has been extended. We initiated a knew research work involving a Master student. The main objective of this extension is to monitor low-level software (firmware, OS kernels, hypervisors) thanks to a dedicated external co-processor. HP Inc Labs will fund a PhD on that subject. Details about this research program cannot be provided as they are covered by a non-disclosure agreement.

Previous |

Home | Next next