Christian Toinard

A Collaborative Approach for Access Control, Intrusion Detection and Security Testing

Security Management is becoming a critical aspect for large scale distributed systems. In this paper, we propose a global architecture, based on an original meta-policy approach for access control and intrusion detection, allowing to guarantee global security properties. In contrast with classical meta-policy based systems, by applying verification techniques on the meta-policy, our solution guarantees global security properties while supporting local updates of the security policy. It is thus a powerful solution that provides strong fault tolerance since the control is carried out in a complete decentralized manner. By using a meta-policy, the system can verify the respect of global security properties after meta or local modifications of the policy. Thanks to test components, our system is also able to evaluate and configure in real-time each of its functionalities while tracking self corruption by malicious hackers. Our architecture is a cooperative multi agent-based system, making it possible to activate a functionality independently from some others. It is divided into several levels, each one contributing to the automation of the security management.

3D shape reconstruction of template models using genetic algorithms

We present in this communication a method, which enables to fit a 3D object defined by a functional representation (FRep) to a dataset of 3D points on its surface. A parametric FRep model sketching the point-set is fitted to the point-set. The best fined parameters of the model are obtained by using a genetic algorithm, well known for its interesting properties in non-linear optimization. The efficiency of the approach is illustrated for reverse engineering applications.

From a generic framework for expressing integrity properties to a dynamic MAC enforcement for operating systems

Protection deals with the enforcement of integrity and confidentiality. Integrity violations often lead to confidentiality vulnerabilities. This paper proposes a novel approach of Mandatory Access Control enforcement for guaranteeing a large range of integrity properties. In the literature, many integrity models are proposed such as the Biba model, data integrity, subject integrity, domain integrity and Trusted Path Execution. There can be numerous integrity models. In practice, an administrator needs to combine various integrity models. The major limitations of existing solutions deal first with the support of indirect activities aiming at violating integrity and second with the impossibility to extend existing models or even define new ones. n nThis paper proposes a novel framework for expressing integrity requirements associated with direct or indirect activities, mostly in terms of information flows. It presents a formalization for the major integrity properties of the literature. The formalization of the required security is efficient and a straightforward enforcement is proposed. In contrast with our previous work, an information flow graph provides a dynamic analysis of the requested properties. n nThe paper also provides a MAC implementation that enforces every integrity property supported by our formalization. Thus, a system call fails if it could violate the required security properties. n nA large scale experiment on high interaction honeypots shows the relevance, robustness and efficiency of our approach. This experimentation sets up two kinds of hosts. Hosts with our solution in IDS mode detect the violation of the requested properties. That IDS allows us to verify the completeness of our MAC protection. Hosts with our MAC protection guarantee all the required properties.

An autonomous Cloud management system for in-depth security

Security has been a major concern in computer sciences for a long time. However, the definition and the enforcement of a complete security policy are difficult tasks, requiring deep knowledge of the inner workings of the security mechanisms. The management of the security is even more complex in a system such as a Cloud, which is a heterogeneous environment, with multiple applications and tenants. Nowadays, systems, and especially Cloud environments, need a simple way to express the security requirements and to enforce them. This paper describes a new solution that eases the management of the security mechanisms. The solution supports high-level security requirements that are enforced through distributed security properties. Enforcement agents are located on the heterogeneous and distributed nodes. They manage the distributed security properties and configure the heterogeneous security mechanisms. Our solution guarantees global security properties by enforcing consistent distributed properties in an autonomous manner. The autonomous agents dynamically discover the capabilities of the available security mechanisms and compute their configuration. The solution is especially appropriate to secure Clouds, viewed as autonomous distributed environments.

Automation of the volumetric models construction

The automation of the function-based (FRep) volumetric modeling task is tackled by introducing template parameterized models and a procedure for recovery of constructive models from segmented point-sets. In order to reuse existing models, we propose to parameterize them and to fit the parameters to different point-sets for optimizing and adapting the shape to different objects of the same class of shapes. n nThe automation of the creation of a constructive FRep model is also considered by creating a recovery procedure for a given segmented pointset and a list of corresponding primitives. A genetic algorithm is used to find the best constructive expression for the object with the given set of primitives in the point cloud segmentation and the set of available operations. n nThe proposed approach is illustrated by fitting of different models to point clouds and by the automatic generation of constructive trees from segmented point-sets for real mechanical parts.

Evolutionary computation approaches for shape modelling and fitting

This paper proposes and analyzes different evolutionary computation techniques for conjointly determining a model and its associated parameters. The context of 3D reconstruction of objects by a functional representation illustrates the ability of the proposed approaches to perform this task using real data, a set of 3D points on or near the surface of the real object. The final recovered model can then be used efficiently in further modelling, animation or analysis applications. The first approach is based on multiple genetic algorithms that find the correct model and parameters by successive approximations. The second approach is based on a standard strongly-typed implementation of genetic programming. This study shows radical differences between the results produced by each technique on a simple problem, and points toward future improvements to join the best features of both approaches.

Microarchitecture-Aware Virtual Machine Placement under Information Leakage Constraints

One of the major concerns when moving to Clouds is data confidentiality. Nevertheless, more and more applications are outsourced to a public or private Cloud. In general, the usage of virtualization is acknowledged as an isolation mechanism between applications running on shared resources. But, as previously shown, virtualization does not ensure data security. Indeed, the isolation can be broken due to covert channels existing in both the software and the hardware (e.g., Improperly virtualized caches). Furthermore, even if a perfect control mechanism could be design, it would not protect against covert channels as they bypass control mechanism using legal means. In this paper, we first describe how these attacks are working. Next, after presenting the existing mitigation mechanisms, we show that a good solution is to take into account security while allocating resources (i.e., When placing the VMs). Furthermore, depending on which resources are shared, we demonstrate that the achievable bit rate of these attacks can change dramatically. We propose a new metric to quantify them and use it as an acceptable risk for isolation properties. Then, we show how to use them when allocating resources and the importance of a fine-grained resource allocation mechanism. Finally, we demonstrate that a security-oblivious placement algorithm breaks a fair amount of properties but taking into account the isolation impacts the acceptance rate (i.e., The percentage of successfully placed VMs).

Enforcing security and assurance properties in cloud environment

Before deploying their infrastructure (resources, data, communications, ) on a Cloud computing platform, companies want to be sure that it will be properly secured. At deployment time, the company provides a security policy describing its security requirements through a set of properties. Once its infrastructure deployed, the company want to be assured that this policy is applied and enforced. But describing and enforcing security properties and getting strong evidences of it is a complex task. To address this issue, in [1], we have proposed a language that can be used to express both security and assurance properties on distributed resources. Then, we have shown how these global properties can be cut into a set of properties to be enforced locally. In this paper, we show how these local properties can be used to automatically configure security mechanisms. Our language is context-based which allows it to be easily adapted to any resource naming systems e.g., Linux and Android (with SELinux) or PostgreSQL. Moreover, by abstracting low-level functionalities (e.g., deny write to a file) through capabilities, our language remains independent from the security mechanisms. These capabilities can then be combined into security and assurance properties in order to provide high-level functionalities, such as confidentiality or integrity. Furthermore, we propose a global architecture that receives these properties and automatically configures the security and assurance mechanisms accordingly. Finally, we express the security and assurance policies of an industrial environment for a commercialized product and show how its security is enforced.

Mandatory access control with a multi-level reference monitor: PIGA-cluster

The protection of High Performance Computing architectures is still an open research problem. Generally, current solutions only feature confinement using sandboxing but none address the problematic of information flow control. This is why a better integration of mandatory access control mechanisms is needed in the HPC environment. In this paper, we propose a global architecture to protect a whole cluster. This architecture uses the specific cluster technologies in order not to reduce the operating system performances. The protection of the cluster relies on three levels of protection and the use of two kinds of reference monitors. SELinux is installed on the computing nodes and deals with direct information flows. PIGA, only installed on a specific node, performs advanced flow control and detects advanced threats. We present the various components of our architecture called PIGA-Cluster, then the results of several benchmarks on a computing node that show a low impact on the operating system performances. We also apply various security properties in order to protect the computing nodes against simple and advanced attacks. This paper takes advantage of previous works dealing with workstations or virtualisation technologies and extends the concepts for the HPC environment.

The Promethee Method for Cloud Brokering with Trust and Assurance Criteria

In this paper we deal with the cloud brokering problem in the context of a multi-cloud infrastructure. The problem is by nature a multi-criterion optimization problem. The focus is put mainly (but not only) on the security/trust criterion which is rarely considered in the litterature. We use the well known Promethee method to solve the problem which is original in the context of cloud brokering. In other words, if we give a high priority to the secure deployment of a service, are we still able to satisfy all of the others required QoS constraints? Reciprocally, if we give a high priority to the RTT (Round-Trip Time) constraint to access the Cloud, are we still able to ensure a weak/medium/strong security level? We decided to stay at a high level of abstraction for the problem formulation and to conduct experiments using real data. We believe that the design of the solution and the simulation tool we introduce in the paper are practical, thanks to the Promethee approach that has been used for more than 25 years but never, to our knowledge, for solving Cloud optimization problems. We expect that this study will be a first step to better understand, in the future, potential constraints in terms of control over external cloud services in order to implement them in a simple manner. The contributions of the paper are the modeling of an optimization problem with security constraints, the problem solving with the Promethee method and an experimental study aiming to play with multiple constraints to measure the impact of each constraint on the solution. During this process, we also provide a sensitive analysis of the Consensus Assessments Initiative Questionnaire by the Cloud Security Alliance (CSA). The analysis deals with the variety, balance and disparity of the questionnaire answers.