Section: Bilateral Contracts and Grants with Industry

Bilateral Contracts with Industry

• HP (2013-2019): Embedded Systems Security One of the main activities of HP Inc. is to develop and manufacture computing platforms (such as laptops, printers, etc). These platforms consist of hardware and embedded software (usually referred to as firmware). Such embedded software is typically required for the proper functioning of the hardware and relied upon by high level operating system, application or solution software. One of the research tracks of this collaboration consists in enhancing the security level of low-level software components (firmware and OS) in future computing platforms. The final objective is to provide a more resilient and trustworthy platform to the end-user. This work is carried out in the context of the PhD of Ronny Chevalier.

• DGA (2018-2020) Traditionally, IDSes are evaluated based on their detection ability against a labeled dataset that contains normal and abnormal network traffic. Upon inspection, it is clear that datasets publicly available are usually obsolete in the span of a couple years in both anomaly types and background, benign Internet traffic. They also suffer from a lack of volume and diversity in traffic, and ultimately, lack of representativeness and realism. In this context, the goal of this project is to come up with an evolutive platform for IDS evaluation that solves many of the issues that exist in the state of the art methods. In order to create such an evolutive platform, there is a need for dynamic infrastructure that allows continuous and automatic change. Here are a number of design principles that we followed for our platform: reproducibility (it is possible to rebuild the infrastructure of the platform or any element of it); repeatability (any action carried out on the infrastructure tested in the platform is repeatable); live evaluation (while traditional IDS evaluation is carried out using a static benchmark dataset, we propose an environment that resembles what IDS does in real life); realism (in terms of traffic generation, real world attack representativeness, and system setup. This will surely be a continuous and evolutive effort to try to approach real world conditions as best as can be); automatization (scripts allow a complete description of the system in which an IDS is tested, and of normal/malicious activity generation inside this system).

  This work is carried out in the context of the postdoc of Mouad Lemoudden.

• DGA (2019-2021) DGA and its industrial partners have to regularly implement filters applied to standard or proprietary protocols on communication interfaces or directly in products. In order to allow administrators to easily adapt these filters to the specific context of the various devices, filtering languages specific to the different filtering policies applicable to the different devices should be developed. Even for simple static filters, the definition of such languages is a complex task. A methodological approach that would simplify this task for higher level abstraction filtering languages (and therefore simpler to use) would be to allow the definition of higher level abstraction filtering languages by relying on a single language of lower level of abstraction. This would make it possible to define high-level abstraction and easy-to-use languages in a recursive way by progressively increasing the levels of abstraction (and specificity). In addition, this approach would improve reusability. Indeed, it would be possible to rely on a filtering language, previously developed for another project, in order to more easily develop a more specific (and easy to use) language for another project.

  This work is carried out in the context of the postdoc of Ludovic Claudepierre