Jérémy Briffaut

A Collaborative Approach for Access Control, Intrusion Detection and Security Testing

Security Management is becoming a critical aspect for large scale distributed systems. In this paper, we propose a global architecture, based on an original meta-policy approach for access control and intrusion detection, allowing to guarantee global security properties. In contrast with classical meta-policy based systems, by applying verification techniques on the meta-policy, our solution guarantees global security properties while supporting local updates of the security policy. It is thus a powerful solution that provides strong fault tolerance since the control is carried out in a complete decentralized manner. By using a meta-policy, the system can verify the respect of global security properties after meta or local modifications of the policy. Thanks to test components, our system is also able to evaluate and configure in real-time each of its functionalities while tracking self corruption by malicious hackers. Our architecture is a cooperative multi agent-based system, making it possible to activate a functionality independently from some others. It is divided into several levels, each one contributing to the automation of the security management.

Security and Results of a Large-Scale High-Interaction Honeypot

This paper presents the design and discusses the results of a secured high-interaction honeypot. The challenge is to have a honeypot that welcomes attackers, allows userland malicious activities but prevents system corruption. The honeypot must authorize real malicious activities. It must ease the analysis of those activities. A clustered honeypot is proposed for two kinds of hosts. The first class prevents a system corruption and never has to be reinstalled. The second class assumes a system corruption but an easy reinstallation is available. Various off-the-shelf security tools are deployed to detect a corruption and to ease analysis. Moreover, host and network information enable a full analysis for complex scenario of attacks. The solution is totally based on open source software and has been validated over two years. A complete analysis is provided using the collected events and alarms. First, different types of malicious activities are easily reconstructed. Second, correlation of alarms enables us to compare the efficiency of various off-the-shelf security tools. Third, a correlation eases a complete analysis for the host and network activities. Finally, complete examples of attacks are explained. Ongoing works focus on recognition of complex malicious activities using a correlation grid and on distributed analysis.

PIGA-Virt: an advanced distributed MAC protection of virtual systems

Efficient Mandatory Access Control of Virtual Machines remains an open problem for protecting efficiently Cloud Systems. For example, the MAC protection must allow some information flows between two virtual machines while preventing other information flows between those two machines. For solving these problems, the virtual environment must guarantee an in-depth protection in order to control the information flows that starts in a Virtual Machine (vm) and finishes in another one. In contrast with existing MAC approaches, PIGA-Virt is a MAC protection controlling the different levels of a virtual system. It eases the management of the required security objectives. The PIGA-Virt approach guarantees the required security objectives while controlling efficiently the information flows. PIGA-Virt supports a large range of predefined protection canvas whose efficiency has been demonstrated during the ANR Sec&Si security challenge. The paper shows how the PIGA-Virt approach guarantees advanced confidentiality and integrity properties by controlling complex combinations of transitive information flows passing through intermediate resources. As far as we know, PIGA-Virt is the first operational solution providing in-depth MAC protection, addressing advanced security requirements and controlling efficiently information flows inside and between virtual machines. Moreover, the solution is independent of the underlying hypervisor. Performances and protection scenarios are given for protecting KVM virtual machines.

Mandatory Access Protection Within Cloud Systems

In order to guarantee security properties, such as confidentiality and integrity, cryptographic mechanisms provide encryption and signature of data, but protection is required to control the data accesses. The recent attacks on Facebook and Twitter show that the protection must not be limited to the infrastructure i.e. the hosts and the guest virtual machines.

Seeding the Cloud: An Innovative Approach to Grow Trust in Cloud Based Infrastructures

Complying with security and privacy requirements of appliances such as mobile handsets, personal computers, servers for customers, enterprises and governments is mandatory to prevent from theft of sensitive data and to preserve their integrity. Nowadays, with the rising of the Cloud Computing approach in business fields, security and privacy are even more critical. The aim of this article is then to propose a way to build a secure and trustable Cloud. The idea is to spread and embed Secure Elements (SE) on each level of the Cloud in order to make a wide trusted infrastructure which complies with access control and isolation policies. This article presents therefore this new approach of trusted Cloud infrastructure based on a Network of Secure Elements (NoSE), and it illustrates this approach through different use cases.

A new approach to enforce the security properties of a clustered high-interaction honeypot

This paper enlarges previous works of the authors related to the security of a high-interaction honeypot. The challenge is to have a Security Property Language (SPL) for defining the required properties for controlling the activities between processes and resources. That language must authorize the definition of security properties related to confidentiality, integrity and availability. Moreover, that SPL must be able to enforce the security of target Operating Systems. It is an open problem not only regarding the security of Operating Systems but also regarding the security of high-interaction honeypots. That paper shows that existing approaches really fail to manage a large range of security properties. The first reason is that a SPL is really missing to express and enforce a large set of security properties. The second reason is that protection and detection approaches fail to manage a large set of security properties. Our paper proposes PIGA-Protect a new approach to control the system calls in order to guarantee the requested security properties.

Enforcement of Security Properties for Dynamic MAC Policies

This paper focuses on the enforcement of security properties fitting with dynamic Mandatory Access Control policies. It adds complementary results to previous works of the authors in order to better address dynamic policies. Previous works of the authors provide several advances for enforcing the security of MAC system.An administration language for formalizing a large set of security properties is available to system administrators. That language uses several flow operators and ease the formalization of the required security properties. A solution is also available for computing the possible violations of any security property that can be formalized using our language. That solution computes several flow graphs in order to find all the allowed activities that can violate the requested properties. That paper addresses remaining problems related to the enforcement of the same kind of properties but with dynamic MAC policies. Enforcement is more much complex if we consider dynamic policies since the states of those policies are theoretically infinite. A new approach is proposed for dynamic MAC policies. The major idea is to use a meta-policy language for controlling the allowed evolutions of those dynamic policies. According to those meta-policy constraints, the computation problem becomes easier. The proposed solution adds meta-nodes within the considered flow graphs. A general algorithm is given for computing the required meta-nodes and the associated arcs. The proposed meta-graphs provide an overestimation of the possible flows between the different meta-nodes. The computation of the possible violations within the allowed dynamic policies is thus allowed. Several concrete security properties are considered using regular expressions for identifying the requested meta-contexts. The resulting violations, within the allowed meta-graphs, are computed and real violations are presented.

Collaboration between MAC Policies and IDS based on a Meta-Policy approach

This paper1 presents a new infrastructure based on a novel meta-policy approach. This solution allows to deploy a MAC kernel within a distributed system. It is a completely decentralized solution that has strong fault tolerance properties. Despite a local control of the updates, each local policy satisfies global security properties. Our IDS approach add new security properties. It prevents any accidental or malicious update of the local policies. Moreover, the collaboration between the meta-policy and our IDS system enables to detect illegal sequences of legal operations.

An autonomous Cloud management system for in-depth security

Security has been a major concern in computer sciences for a long time. However, the definition and the enforcement of a complete security policy are difficult tasks, requiring deep knowledge of the inner workings of the security mechanisms. The management of the security is even more complex in a system such as a Cloud, which is a heterogeneous environment, with multiple applications and tenants. Nowadays, systems, and especially Cloud environments, need a simple way to express the security requirements and to enforce them. This paper describes a new solution that eases the management of the security mechanisms. The solution supports high-level security requirements that are enforced through distributed security properties. Enforcement agents are located on the heterogeneous and distributed nodes. They manage the distributed security properties and configure the heterogeneous security mechanisms. Our solution guarantees global security properties by enforcing consistent distributed properties in an autonomous manner. The autonomous agents dynamically discover the capabilities of the available security mechanisms and compute their configuration. The solution is especially appropriate to secure Clouds, viewed as autonomous distributed environments.

A dynamic end-to-end security for coordinating multiple protections within a Linux desktop

Currently, application protection models are mostly static and independent. It means that the applications cannot handle multiple domains to manage accordingly the permissions for a given user request. Managing multiple domains is becoming a more and more common issue as desktop applications are growing in complexity to provide better-designed user interfaces. Today, protection systems are almost everywhere. Multiple systems of protection are available from the Linux kernel such as SELinux or PIGA-Protect to get a Mandatory Protection. Those systems provide a per-syscall validation process. Network protections are also available such as the IPtables firewalling mechanism. But, solutions are missing for coordinating the various mechanisms that protect different levels of the global information system. The purpose is to reuse and coordinate efficiently those different levels of protection in order to provide a end-to-end protection that manages dynamically multiple domains. Thus, the same host can support multiple domains for the user requests while providing a transparent end-to-end security that protects against complex scenarios of attack. This paper describes an attempt to deliver such a system for controlling efficiently the user requests.