Articles

La pression des contraintes réglementaires sur les systèmes d’informations est en
croissance ces dernières années. À l’échelle communautaire, plusieurs actes législatifs
introduisent des exigences ciblant spécifiquement les systèmes d’informations. Nous
pouvons penser notamment à la… En savoir plus

In the cloud computing era, cross-cloud deployments enable organizations to operate across multiple autonomous cloud platforms, offering advantages such as resilience, cost and performance optimization. However, lateral movement attacks, which are critical in the progression of Advanced… En savoir plus

… En savoir plus

A honeypot is an effective tool for luring attackers and collecting
information on their methods. However, honeypots are vulnerable
to exploitation and can become attack vectors, necessitating enhanced security.
One way to improve security is by analyzing input submitted to the honeypot… En savoir plus

Digital products have become ubiquitous across all domains for everyday activities of both citizens and companies. Providing secure products is required to ensure the organisations relying on them have a minimal attack surface. This article highlights specific needs and our ongoing work to… En savoir plus

QUIC is a new transport protocol combining the reliability and congestion control features of TCP with the security features of TLS. One of the main challenges with QUIC is to guarantee that any of its implementation follows the IETF specification. This challenge is particularly appealing as the… En savoir plus

  This paper introduces Network Attack-centric Compositional Testing (NACT), a novel methodology designed to discover new vulnerabilities in network protocols and create scenarios to reproduce these vulnerabilities through attacker models. NACT integrates composable attacker specifications… En savoir plus

Abstract
Anonymous Communication designs such as Tor build their security on distributed trust over many volunteers running relays in diverse global locations. In practice, this distribution leads to a heterogeneous network in which many versions of the Tor software co-exist… En savoir plus

In 2001, Hirt proposed a receipt-free voting scheme, which
prevents malicious voters from proving to anybody how they voted, under
the assumption of the availability of a helping server that is trusted for
receipt-freeness, and only for that property. This appealing design led to
a… En savoir plus

To proactively defend computer systems against cyber-attacks, a honeypot system—purposely designed to be prone to attacks—is commonly used to detect attacks, discover new vulnerabilities, exploits or malware before they actually do real damage to real systems. Its usefulness lies in being able… En savoir plus

Cybersecurity is of critical importance to any organisations on the Internet, with attackers exploiting any security loopholes to attack them. To combat cyber threats, a honeypot, a decoy system, has been an effective tool used since 1991 to deceive and lure attackers to reveal their attacks.… En savoir plus

This paper delves into the challenges associated with evaluating regulatory compliance within Information Systems (IS). Recognising the urgent need for innovation due to growing regulatory pressure and existing inefficiencies, we advocate for novel compliance assessment… En savoir plus

For many proprietary systems source code and documentation
are not available which makes them hard to test leaving only black-
box approaches. In this work, we present an experience of fuzzing a
protocol for drone control and the developed tool BinFuzz. BinFuzz is a
man-in-the-middle… En savoir plus

Packing is a widely used obfuscation technique for malware to bypass detection tools and hinder reverse engineering. Existing research has already covered methods to detect packing, both with static and dynamic analysis. These methods are based on various features: headers, entropy, API calls,… En savoir plus

LoRaWAN devices are secured using traditional cryptographic methods. However, the end devices are still vulnerable to security attacks such as impersonation. To counter these attacks, LoRa requires an additional layer of security at the physical level. Deep Learning-based LoRa device… En savoir plus

… En savoir plus

Alors que les États membres sont confrontés à des risques croissants en matière de cybersécurité, ils ne sont pas tous en mesure d’y faire face seuls. De plus, il existe un risque évident de propagation rapide… En savoir plus

The IoT technology allows many types of personal data to be measured by many kinds of devices and sensors, and to be sent over the Internet for various applications. However, this data transmission… En savoir plus

The Ethereum Global Network (EGN) hosts a complete ecosystem of decentralized services, including blockchains such as Ethereum mainnet but also exchange markets, content delivery networks, and many more. Service discovery is a fundamental mechanism in the EGN, allowing new nodes to look up and… En savoir plus

Despite their ubiquity, the security of Internet of Things devices is unsatisfactory, as demonstrated by several attacks.
The IETF's MUD standard aims to simplify and automate the secure deployment of network devices.
A MUD file specifies a device-specific description of allowed network… En savoir plus

The last few years in the software engineering field have seen a paradigm shift from monolithic applications towards architectures in which the application is split in various smaller entities (i.e., microservices) fueled by the improved availability and ease of use of containers technologies… En savoir plus