Nora Cuppens-Boulahia

Data and Applications Security and Privacy XXVI

The 17 revised full and 15 short papers presented together with 1 invited paper were carefully reviewed and selected from 49 submissions. The papers are organized in topical sections on access control, confidentiality and privacy, smart cards security, privacy-preserving technologies, data management, intrusion and malware, probabilistic attacks and protection, and cloud computing.

FORM: a federated rights expression model for open DRM frameworks

Digital Rights Management frameworks (DRM) aim at protecting and controlling information contents widely distributed on client devices. Using a license, the content provider can decide which rights can be rendered and who are the authorized end-users (as identity holders) allowed to exercise those rights. Most of the time, it is hard to add new feature to the client application, it is even impossible when the new feature is not considered trustworthy by the corporation distributing the rendering application. In a same way, the rendering application identifies the end-user with a dedicated identity and it is impossible to take into account an identity provided by an external corporation. In this paper, we aim at providing a federated approach called FORM where a content provider can decide to trust external rendering rights and external identities. We even go further introducing identity providers, actions providers as we consider content providers. Thus, all kind of providers can define license specifying what can be done with the object they provide. FORM defines a new license model and a new license interpretation mechanism taking into account all licenses issued by a federation of object providers.

Probabilistic Event Graph to Model Safety and Security for Diagnosis Purposes

Diagnosing accidental and malicious events in an industrial control system requires an event model with specific capacities. Most models are dedicated to either safety or security but rarely both. And the latter are developed for objectives other than diagnosis and therefore unfit for this task. In this paper, we propose an event model considering both safety and security events, usable in real-time, with a probabilistic measure of on-going and future events. This model is able to replace alerts in the context of more global scenarios, including with reinforcements or conflicts between safety and security. The model is then used to provide an analysis of some of the security and safety events in the Taum Sauk Hydroelectric Power Station.

USB Packets Filtering Policies and an Associated Low-Cost Simulation Framework

In recent years, USB has become the most popular standard for connecting hosts and peripherals due to its plug-and-play and fast speed features. However, with the emergence of attacks such as badUSB, USB security issues become increasingly prominent. In reaction, different USB protection mechanisms have been proposed, including USB communication filtering. Nevertheless, it is worth noting that currently there is no formalised universal USB filtering strategy, and the vast majority of those filters are implemented at the OS level, leaving a part of the OS and the firmware of USB host controllers unprotected. This paper proposes flexible, formalised, universal USB filtering policies and explores the differences between filtering USB communications at the OS level and directly at the USB packet transmission level. Moreover, we address a simulation framework that can be used in the early stages of research and development to conceive and evaluate USB packet filtering policies.

Linking Differential Identifiability with Differential Privacy

The problem of preserving privacy while mining data has been studied extensively in recent years because of its importance for enabling sharing data sets. Differential Identifiability, parameterized by the probability of individual identification \(\rho \), was proposed to provide a solution to this problem. Our study of the proposed Differential Identifiability model shows that: First, its usability is based on a very strong requirement. That is, the prior probability of an individual being present in a database is the same for all individuals. Second, there is no formal link between the proposed model and well known privacy models such as Differential Privacy. This paper presents a new differential identifiability model for preventing the disclosure of the presence of an individual in a database while considering an adversary with arbitrary prior knowledge about each individual. We show that the general Laplace noise addition mechanism can be used to satisfy our new differential identifiability definition and that there is a direct link between differential privacy and our proposed model. The evaluation of our model shows that it provides a good privacy/utility trade-off for most aggregate queries.

wirelessOrBAC: Towards an access-control-based IDS for Wireless Sensor Networks

Nowadays, Wireless Sensor Network (WSN) is a well-established paradigm. It has a large variety of applications ranging from home to industrial applications (such as health care and military applications). However, as this kind of networks is becoming wider, more heterogeneous and interconnected, ensuring the security of these decentralized systems is also becoming more challenging. In this paper, we propose wirelessOrBAC a formal Intrusion Detection System specially tailored to enforce the security of Wireless Sensor Networks. It allows defining in a comprehensive and easy way, security rules that model accurately wireless nodes behavior. Based on the build model, Intrusion Detection tasks are performed in order to detect malicious actions.