Vincent Nicomette

Implementing fault tolerant applications using reflective object-oriented programming

Shows how reflection and object-oriented programming can be used to ease the implementation of classical fault tolerance mechanisms in distributed applications. When the underlying runtime system does not provide fault tolerance transparently, classical approaches to implementing fault tolerance mechanisms often imply mixing functional programming with non-functional programming (e.g. error processing mechanisms). The use of reflection improves the transparency of fault tolerance mechanisms to the programmer and more generally provides a clearer separation between functional and non-functional programming. The implementations of some classical replication techniques using a reflective approach are presented in detail and illustrated by several examples, which have been prototyped on a network of Unix workstations. Lessons learnt from our experiments are drawn and future work is discussed.<<ETX>>

The Design of a Generic Intrusion-Tolerant Architecture for Web Servers

Nowadays, more and more information systems are connected to the Internet and offer Web interfaces to the general public or to a restricted set of users. Such openness makes them likely targets for intruders, and conventional protection techniques have been shown insufficient to prevent all intrusions in such open systems. This paper proposes a generic architecture to implement intrusion-tolerant Web servers. This architecture is based on redundancy and diversification principles in order to increase the system resilience to attacks: usually, an attack targets a particular software, running on a particular platform, and fails on others. The architecture is composed of redundant proxies that mediate client requests to a redundant bank of diversified application servers. The redundancy is deployed here to increase system availability and integrity. To improve performance, adaptive redundancy is applied: the redundancy level is selected according to the current alert level. The architecture can be used for static servers, that is, for Web distribution of stable information (updated offline) and for fully dynamic systems where information updates are executed immediately on an online database. The feasibility of this architecture has been demonstrated by implementing an example of a travel agency Web server, and the first performance tests are satisfactory, both for request execution times and recovery after incidents.

Exploiting an I/OMMU vulnerability

It is difficult to protect an operating system kernel in an efficient way. Attackers can corrupt or subvert it by two different means: (1) the CPU; (2) the Direct Memory Access (DMA) capability of I/O controllers. DMA-based attacks can be blocked using an I/OMMU. This component, embedded in most of current chipsets, enables the operating system to virtualize the main memory for I/O controllers and to restrict their access to only some memory regions. In this paper, we present different vulnerabilities we identified on Intel VT-d, which implements an I/OMMU. An example of exploitation of one of them is then detailed. Finally, we give some recommendations to prevent these vulnerabilities from being used for malicious purposes.

An authorization scheme for distributed object systems

Addresses the problem of distributed object system protection. A new authorization scheme is presented and described, based on the collaboration between a central authorization server and security kernels located on each site of the system. A novel approach to access rights management for such an architecture is detailed, based on a new kind of access rights and a new scheme of privilege delegation. This authorization scheme can be adapted to various security policies, including multilevel policies such as that of Bell & LaPadula (1975). An extension of the Bell-LaPadula model to distributed object systems is presented and its implementation using the authorization scheme is described.

A Clustering Approach for Web Vulnerabilities Detection

This paper presents a new algorithm aimed at the vulnerability assessment of web applications following a black-box approach. The objective is to improve the detection efficiency of existing vulnerability scanners and to move a step forward toward the automation of this process. Our approach covers various types of vulnerabilities but this paper mainly focuses on SQL injections. The proposed algorithm is based on the automatic classification of the responses returned by the web servers using data clustering techniques and provides especially crafted inputs that lead to successful attacks when vulnerabilities are present. Experimental results on several vulnerable applications and comparative analysis with some existing tools confirm the effectiveness of our approach.

I/O Attacks in Intel PC-based Architectures and Countermeasures

For a few years now, attacks involving I/O controllers have been subject to a growing interest. Unlocking smart phones and game consoles through USB connections, or bypassing authentication through Fire Wire are examples of such attacks. Our study focuses on I/O-based attacks targeting Intel PC-based information systems such as laptop or desktop computers. This paper provides a survey of such attacks and proposes a characterization and a classification of these attacks. Then, an overview of various techniques which mitigate the risks related to I/O attacks are described and their respective limitations are discussed. Finally, several I/O attacks we are currently investigating are presented.

Collection and analysis of attack data based on honeypots deployed on the Internet

The CADHo project (Collection and Analysis of Data from Honeypots) is an ongoing research action funded by the French ACI “Securitee & Informatique” [1]. It aims at building an environment to better understand threats on the Internet and also at providing models to analyze the observed phenomena. Our approach consists in deploying and sharing with the scientific community a distributed platform based on honeypots that gathers data suitable to analyze the attack processes targeting machines connected to the Internet. This distributed platform, called Leurree.com and administrated by Institut Eurecom, offers each partner collaborating to this initiative access to all collected data in order to carry out statistical analyzes and modeling activities. So far, about thirty honeypots have been operational for several months in twenty countries of the five continents. This paper presents a brief overview of this distributed platform and examples of results derived from the data. It also outlines the approach investigated to model observed attack processes and to describe the intruders behaviors once they manage to get access to a target machine.

Smart-TV Security Analysis: Practical Experiments

Modern home networks are becoming more and more complex with the integration of various types of interconnected smart devices, using heterogeneous networking technologies. Many of these devices are also connected to the Internet, generally through an integrated access device. Those smart devices are potentially vulnerable to several types of attacks. In this practical experience report we investigate the specific case of smart TVs. The main objective is to experimentally explore possible attack vectors and identify practically exploitable vulnerabilities and attack scenarios. In particular, the study covers local and remote attacks using different entry points, including the Digital Video Broadcasting (DVB) transmission channel and the copper-pair local loop. Several methods, allowing to observe and simulate service provider networks, are used to support several experiments considering four types of commercially available smart TVs for a comparative analysis. We also discuss several methods allowing to extract and analyze the embedded firmware, and obtain relevant information concerning target devices.

An intrusion tolerant architecture for dynamic content internet servers

This paper describes a generic architecture for intrusion tolerant Internet servers. It aims to build systems that are able to survive attacks in the context of an open network such as the Internet. To do so, the design is based on fault tolerance techniques, in particular redundancy and diversification. These techniques give a system the additional resources to continue delivering the correct service to its legitimate clients even when active attacks are corrupting parts of the system components.

An Internet Authorization Scheme Using Smart-Card-Based Security Kernels

This paper presents an authorization scheme for applications distributed on the Internet with two levels of access control: a global level, implemented through a fault- and intrusion-tolerant authorization server, and a local level implemented as a security kernel located on both the local host Java Virtual Machine (JVM) and on a Java Card connected to this host.