cyber security
play

Cyber security Current challenges Ludovic M, septembre 2019 Cyber - PowerPoint PPT Presentation

Dec 24, 2023 •222 likes •876 views

Cyber security Current challenges Ludovic M, septembre 2019 Cyber security ? Three triptychs ! 3 properties ... Confidentiality (including personal data) Integrity Availability 2 -Sminaire LIRIMA: Cyber security: current

  1. Cyber security Current challenges Ludovic Mé, septembre 2019

  2. Cyber security ? Three triptychs ! 3 properties ... • Confidentiality (including personal data) • Integrity • Availability 2 -Séminaire LIRIMA: “Cyber security: current challenges”- L.Mé, sept. 19

  3. Cyber security ? Three triptychs ! ... to be enforced by 3 properties ... • Prevention • Confidentiality > Formal methods > Cryptography • Integrity > Authentication • Availability > Access control > etc. 2 -Séminaire LIRIMA: “Cyber security: current challenges”- L.Mé, sept. 19

  4. Cyber security ? Three triptychs ! ... to be enforced by 3 properties ... • Prevention • Confidentiality • Detection • Integrity > Intrusion detection • Availability > Anomalie detection > Alert correlation 2 -Séminaire LIRIMA: “Cyber security: current challenges”- L.Mé, sept. 19

  5. Cyber security ? Three triptychs ! ... to be enforced by • Prevention 3 properties ... • Confidentiality • Detection • Reaction • Integrity > Blocking attacks • Availability > Recovering the system > Counter-attacking ? 2 -Séminaire LIRIMA: “Cyber security: current challenges”- L.Mé, sept. 19

  6. Cyber security ? Three triptychs ! 3 properties ... ... to be enforced by • Confidentiality • Prevention • Integrity • Detection • Availability • Reaction Physical, logical, organizational 2 -Séminaire LIRIMA: “Cyber security: current challenges”- L.Mé, sept. 19

  7. Cyber security ? Three triptychs ! 3 properties ... ... to be enforced by • Confidentiality • Prevention • Integrity • Detection • Availability • Reaction Physical, logical , organizational 2 -Séminaire LIRIMA: “Cyber security: current challenges”- L.Mé, sept. 19

  8. Inria’s white book • Published Jan. 2019 • Kremer, Mé, Rémy, Roca • Around 20 contributors • Overview of the field • Challenges • Inria’s contributions 3 -Séminaire LIRIMA: “Cyber security: current challenges”- L.Mé, sept. 19

  9. Access to Inria’s white book html https ://files.inria.fr/dircom/extranet/livre blanc cybersecuritelivre blanc cybersecurite.html pdf https ://files.inria.fr/dircom/extranet/LB cybersecurity WEB.pdf epub https ://files.inria.fr/dircom/extranet/livre blanc cybersecurite/livre blanc cybersecurite.epub 4 -Séminaire LIRIMA: “Cyber security: current challenges”- L.Mé, sept. 19

  10. Cyber security ? Many challenges ! Threats Analysis Prevention Detection and reaction Privacy Special cases of some application domains 5 -Séminaire LIRIMA: “Cyber security: current challenges”- L.Mé, sept. 19

  11. Cyber security ? Many challenges ! Threats Analysis 1. A more systematic study of vulnerabilities (by the academic world) 2. Hardware-targeted software attacks (à la Spectre or Meldown) Prevention Detection and reaction Privacy Special cases of some application domains 5 -Séminaire LIRIMA: “Cyber security: current challenges”- L.Mé, sept. 19

  12. Cyber security ? Many challenges ! Threats Analysis Prevention 3. Scrutiny of cryptography 4. Computing on encrypted data 5. Quantum and postquantum Cryptography 6. Formal methods and cryptography 7. Formals methods for network and system security Detection and reaction Privacy Special cases of some application domains 5 -Séminaire LIRIMA: “Cyber security: current challenges”- L.Mé, sept. 19

  13. Cyber security ? Many challenges ! Threats Analysis Prevention Detection and reaction 8. Effectively detecting intrusion/anomaly (machine learning ?) 9. Accurately diagnosing causes of security violations (the 4 W) 10. Automatically deploying counter-measures Privacy Special cases of some application domains 5 -Séminaire LIRIMA: “Cyber security: current challenges”- L.Mé, sept. 19

  14. Cyber security ? Many challenges ! Threats Analysis Prevention Detection and reaction Privacy 11. Specific properties (e.g., unlinkability), concepts (e.g., differential privacy) and difficulties (e.g., anonymization) : understanding privacy and deriving practical tools – especially in the context of the EU General Data Protection Regulation (GDPR) 12. Machine Learning and Privacy Special cases of some application domains 5 -Séminaire LIRIMA: “Cyber security: current challenges”- L.Mé, sept. 19

  15. Cyber security ? Many challenges ! Threats Analysis Prevention Detection and reaction Privacy Special cases of some application domains 13. IoT : towards a secure and privacy preserving smart connected world 14. Cyber-physical / industrial systems 15. AI systems 5 -Séminaire LIRIMA: “Cyber security: current challenges”- L.Mé, sept. 19

  16. You want some more challenges ? Humanities 16. Usability of security and privacy tools 17. Social and economical aspects of security and privacy 18. Education 6 -Séminaire LIRIMA: “Cyber security: current challenges”- L.Mé, sept. 19

  17. A more systematic study of vulnerabilities The cybersecurity threat is real and serious • Attacks always more and more sophisticated • We (probably) only see the tip of the iceberg • The “Knowing your enemy” principle applies 7 -Séminaire LIRIMA: “Cyber security: current challenges”- L.Mé, sept. 19

  18. A more systematic study of vulnerabilities The cybersecurity threat is real and serious Challenge • A deeper involvement of the academic world • A scientific approach (experimental science) 7 -Séminaire LIRIMA: “Cyber security: current challenges”- L.Mé, sept. 19

  19. Hardware-targeted software attacks A new trend of attacks... • Software attacks targeting hardware “vulnerabilities” > A physical property of matter > Optimization mechanisms implemented in modern OS’s and processors, such as caches, branch prediction, or speculative execution > Especially dangerous : makes hardware attacks possible at a distance • Examples • A common root cause : abstraction ! • Mitigation 8 -Séminaire LIRIMA: “Cyber security: current challenges”- L.Mé, sept. 19

  20. Hardware-targeted software attacks A new trend of attacks... • Software attacks targeting hardware “vulnerabilities” • Examples > Rowhammer : exploits electrical interaction between neighbor cells → flips memory bits while reading and writing another cell > Spectre : exploits branch prediction and speculative execution → exfiltrates information through a covert channel based on cache access • A common root cause : abstraction ! • Mitigation 8 -Séminaire LIRIMA: “Cyber security: current challenges”- L.Mé, sept. 19

  21. Hardware-targeted software attacks A new trend of attacks... • Software attacks targeting hardware “vulnerabilities” • Examples • A common root cause : abstraction ! > When proposing a security mechanism at a given level of abstraction, tendance to consider that the lower layers are correct and safe > Attackers have had a tendency these last years to target less and less abstract layers : applications, OSes, kernels, firmware, and hardware • Mitigation 8 -Séminaire LIRIMA: “Cyber security: current challenges”- L.Mé, sept. 19

  22. Hardware-targeted software attacks A new trend of attacks... • Software attacks targeting hardware “vulnerabilities” • Examples • A common root cause : abstraction ! • Mitigation > Prevention is costly − limiting the reduction of the component’s surface − refresh the cells (read / re-write) periodically > Detection is Difficult : no trace at the operating system or application levels 8 -Séminaire LIRIMA: “Cyber security: current challenges”- L.Mé, sept. 19

  23. Hardware-targeted software attacks A new trend of attacks... Challenge • Clear typology, better understanding about deployment, hard and soft countermeasures • Requires expertise at the hardware, firmware, and operating system levels 8 -Séminaire LIRIMA: “Cyber security: current challenges”- L.Mé, sept. 19

  24. Scrutiny of cryptography The foundation of confidence we have in crypto primitives • The more we analyze crypto primitives, the more we can trust them • A never-ending work, searching for possible weaknesses > Threats may evolve over time with the progress of algorithms, mathematics, or computers > The attacker’s capabilities evolve as well − Expl : physical access to an implementation in the IoT context 9 -Séminaire LIRIMA: “Cyber security: current challenges”- L.Mé, sept. 19

  25. Scrutiny of cryptography The foundation of confidence we have in crypto primitives Challenge Always searching for new attacks against : • Crypto algorithms : by classical or quantum means • Implementations : generally by physical attacks (physical measures correlated to the secret key manipulated) 9 -Séminaire LIRIMA: “Cyber security: current challenges”- L.Mé, sept. 19

  26. Computing on encrypted data Cloud environment : classical encryption is not enough... • When encrypted, the confidentiality of the data is guaranteed, but no processing can be performed on the data • Homomorphic operations • Functional encryption 10 -Séminaire LIRIMA: “Cyber security: current challenges”- L.Mé, sept. 19

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Cyber Security Risk Using the Cyber Security Measurement Framework Cyber Security Framework

Cyber Security Risk Using the Cyber Security Measurement Framework Cyber Security Framework

Cyber Security Risk Using the Cyber Security Measurement Framework Cyber Security Framework Reporting Objectives Executive Summary Information Assess Current Cyber Security Posture Measure Progress Toward Improvement Assess

634 views • 5 slides
Cyber Security in Mining Automation Ragnar Schierholz, Head of Cyber Security, Industrial

Cyber Security in Mining Automation Ragnar Schierholz, Head of Cyber Security, Industrial

ABB MINING USER CONFERENCE, MAY 02-05, 2017 Cyber Security in Mining Automation Ragnar Schierholz, Head of Cyber Security, Industrial Automation Division Agenda Why worry about cyber security? ABBs approach to cyber security Cyber security

1.07k views • 39 slides
Web Security Cyber Security Lab Spring '10 04/15/10 Cyber Security Lab 1 Outline Web

Web Security Cyber Security Lab Spring '10 04/15/10 Cyber Security Lab 1 Outline Web

Web Security Cyber Security Lab Spring '10 04/15/10 Cyber Security Lab 1 Outline Web application weaknesses XSS AJAX weaknesses SQL Injection Attacks (Slides from Lars Olson)

588 views • 41 slides
Cyber Security Maintaining Your Identity on the Net Why Cyber Security? There are three

Cyber Security Maintaining Your Identity on the Net Why Cyber Security? There are three

Cyber Security Maintaining Your Identity on the Net Why Cyber Security? There are three points of failure in any secure network: Technology (hardware and software) Technology Support (ITS) End Users (USD students and employees)

359 views • 23 slides
CYBER SECURITY PROTECTING AGAINST CYBER FRAUD IN SCALEUP COMPANIES AND WHAT TO DO SHOULD THEY

CYBER SECURITY PROTECTING AGAINST CYBER FRAUD IN SCALEUP COMPANIES AND WHAT TO DO SHOULD THEY

CYBER SECURITY PROTECTING AGAINST CYBER FRAUD IN SCALEUP COMPANIES AND WHAT TO DO SHOULD THEY HAPPEN London June 2019 INTRODUCTION Cyber Security The activity or process, ability or capability, or state whereby information and

735 views • 24 slides
ICSS2015: International Cyber Security Strategy Congress: Cyber Security and Forensic Readiness* *

ICSS2015: International Cyber Security Strategy Congress: Cyber Security and Forensic Readiness* *

ICSS2015: International Cyber Security Strategy Congress: Cyber Security and Forensic Readiness* * Preliminary programme, subject to revision/update status 16 December 2014 4 February 2015 Day 1: Cyber Security Readiness Registration KU

306 views • 4 slides
Homeland Security Perspectives: Cyber Security Partnerships and Measurement Activities Bradford

Homeland Security Perspectives: Cyber Security Partnerships and Measurement Activities Bradford

16 Oct 2012 Homeland Security Perspectives: Cyber Security Partnerships and Measurement Activities Bradford Willke Cyber Security Advisor, MidAtlantic Region National Cyber Security Division (NCSD) Office of Cybersecurity and Communications

443 views • 20 slides
2018 Legislative Ag Chairs Summit Cyber Security Geoff Jenista, CISSP Cyber Security Advisor,

2018 Legislative Ag Chairs Summit Cyber Security Geoff Jenista, CISSP Cyber Security Advisor,

2018 Legislative Ag Chairs Summit Cyber Security Geoff Jenista, CISSP Cyber Security Advisor, Region VII Office of Cybersecurity and Communications (CS&C) National Protection and Programs Directorate (NPPD) FOUO / UNCLASS Cyber Security

333 views • 12 slides
CIP 101 Training CIP-007-3a Cyber Security System Security Management Overview September

CIP 101 Training CIP-007-3a Cyber Security System Security Management Overview September

Eric Weston Wally Magda, CISSP, PSP, CISA Compliance Auditor, Cyber Compliance Auditor, Cyber Security Security CIP 101 Training CIP-007-3a Cyber Security System Security Management Overview September 24-25, 2013 Salt Lake City, UT No

2.02k views • 198 slides
CYBER SECURITY Nick Kervin Partner, IT Advisory August 2017 Page 1 CYBER SECURITY Overview

CYBER SECURITY Nick Kervin Partner, IT Advisory August 2017 Page 1 CYBER SECURITY Overview

CYBER SECURITY Nick Kervin Partner, IT Advisory August 2017 Page 1 CYBER SECURITY Overview 1. What is at risk? 2. Global industry trends 3. BDO/AusCERT survey 4. Recent cyber case studies 5. Cyber risk mitigation strategies Page

481 views • 35 slides
Healthy Approach to Cyber Security : For data-intensive healthcare, cyber security is integral to

Healthy Approach to Cyber Security : For data-intensive healthcare, cyber security is integral to

1 Healthy Approach to Cyber Security : For data-intensive healthcare, cyber security is integral to innovation Sallie Sweeney KPMG The healthcare industrys evolution toward a true value based system, assuming responsibility for complex

797 views • 10 slides
Centre for Cyber Security Thomas Kristmar Centre for Cyber Security Danish Defence Intelligence

Centre for Cyber Security Thomas Kristmar Centre for Cyber Security Danish Defence Intelligence

Centre for Cyber Security Thomas Kristmar Centre for Cyber Security Danish Defence Intelligence Service 05-10-2015 05-10-2015 Who are we? Centre for Cyber Security In respect of the Rule of Law and Privacy Cyber is a priority (Gov.

455 views • 18 slides
Security Testing Checking for what shouldnt happen Azqa Nadeem PhD Student @ Cyber Security

Security Testing Checking for what shouldnt happen Azqa Nadeem PhD Student @ Cyber Security

Security Testing Checking for what shouldnt happen Azqa Nadeem PhD Student @ Cyber Security Group The Cyber Security lecture series 1 Agenda for today Part I Latest security news Security vulnerabilities in Java

2.02k views • 185 slides
Cyber Security Information Sharing Oscar Serrano NCI Agency Cyber Security Service Line

Cyber Security Information Sharing Oscar Serrano NCI Agency Cyber Security Service Line

Cyber Security Information Sharing Oscar Serrano NCI Agency Cyber Security Service Line DeepSec 2014, Vienna, 21 November 2014 NATO UNCLASSIFIED Cyber Security In NATO NATO in a nutshell: Collective defence Interoperable

666 views • 42 slides
Cyber security Tiered approach to cyber security preparedness in water National Sector

Cyber security Tiered approach to cyber security preparedness in water National Sector

Cyber security Tiered approach to cyber security preparedness in water National Sector What I am Company utilities in the UK going to Water UK good practice cover NIS Directive Dr Jim Marshall, Senior Policy Advisor,

231 views • 4 slides
Cyber Security February - 2016 Agenda Overview of Cyber Crime The top cyber threats to UK

Cyber Security February - 2016 Agenda Overview of Cyber Crime The top cyber threats to UK

Cyber Security February - 2016 Agenda Overview of Cyber Crime The top cyber threats to UK businesses and how to remain safe What help is available Further reading Setting the scene 21.2bn The cost of fraud to the

304 views • 19 slides
Welcome!! All AGM Meeting documents are at UNEPFI 2018 AGM by-Webinar www.unepfi.org/

Welcome!! All AGM Meeting documents are at UNEPFI 2018 AGM by-Webinar www.unepfi.org/

Welcome!! All AGM Meeting documents are at UNEPFI 2018 AGM by-Webinar www.unepfi.org/ extranet/ password: unepfi Please use the chat box to pose your questions/ comments. Alternativel, email yuki.yasui@un.org during and after the

775 views • 60 slides
MVPN Extranet First, a little background: MVPN Effort that began in 2004 culminated in the

MVPN Extranet First, a little background: MVPN Effort that began in 2004 culminated in the

MVPN Extranet First, a little background: MVPN Effort that began in 2004 culminated in the set of RFCs 6511-6517 in 2012! (Well, really finished in 2010, mostly) Left a few loose ends, including wild cards and extranet

621 views • 17 slides
Protocolos em Redes de Dados Vizinhan cas An uncios Aula 06 Interliga c ao com o

Protocolos em Redes de Dados Vizinhan cas An uncios Aula 06 Interliga c ao com o

Protocolos em Redes de Dados Lu s Rodrigues Sum ario Introdu c ao Protocolos em Redes de Dados Vizinhan cas An uncios Aula 06 Interliga c ao com o BGP: Introdu c ao IGP Filtragem de rotas Instabilidade

765 views • 48 slides
Network Control As usual, thanks to Vern Paxson and David Wagner 1 Focus of This Lecture

Network Control As usual, thanks to Vern Paxson and David Wagner 1 Focus of This Lecture

Network Control As usual, thanks to Vern Paxson and David Wagner 1 Focus of This Lecture Begin discussion of approaches for controlling network traffic: Firewalls: restricting allowed communication NATs: Network Address

1.03k views • 44 slides
Preparing for your First Joint Commission Survey Stacy Olea, MBA, MT(ASCP), FACHE Executive

Preparing for your First Joint Commission Survey Stacy Olea, MBA, MT(ASCP), FACHE Executive

Preparing for your First Joint Commission Survey Stacy Olea, MBA, MT(ASCP), FACHE Executive Director Laboratory Accreditation April 23, 2015 Objectives Describe The Joint Commission Laboratory survey process Explain Tracer Methodology

840 views • 60 slides
Framework for an SOA in Bandwidth-Limited Environments J.D. Boggs Nova Southeastern University

Framework for an SOA in Bandwidth-Limited Environments J.D. Boggs Nova Southeastern University

Framework for an SOA in Bandwidth-Limited Environments J.D. Boggs Nova Southeastern University jboggs@nsu.nova.edu 1 SOA Infrastructures Today Known set of risks Wireline on intranet Wireline on restricted extranet

244 views • 6 slides
Abstrac(ons for Middleboxes Vyas Sekar

Abstrac(ons for Middleboxes Vyas Sekar

Abstrac(ons for Middleboxes Vyas Sekar Sylvia Ratnasamy

613 views • 40 slides
SHAREPOINT AND OFFICE 365 HYBRID BETTER TOGETHER TODD KLINDT, SHAREPOINT MVP @TODDKLINDT

SHAREPOINT AND OFFICE 365 HYBRID BETTER TOGETHER TODD KLINDT, SHAREPOINT MVP @TODDKLINDT

SHAREPOINT AND OFFICE 365 HYBRID BETTER TOGETHER TODD KLINDT, SHAREPOINT MVP @TODDKLINDT HTTP://WWW.TODDKLINDT.COM WHO IS THIS TODD KLINDT GUY? www.toddklindt.com/blog todd@toddklindt.com

678 views • 39 slides

More recommend