Search

Your search keyword '"Edgardo Montes de Oca"' showing total 26 results
Start Over Author "Edgardo Montes de Oca" Language undetermined
26 results on '"Edgardo Montes de Oca"'

5. Digital Twin for IoT Environments: A Testing and Simulation Tool

Author

Luong Nguyen, Mariana Segovia, Wissam Mallouli, Edgardo Montes de Oca, Ana R. Cavalli, Montimage (EURL) [Paris], Institut Polytechnique de Paris (IP Paris), Département Réseaux et Services de Télécommunications (TSP - RST), Institut Mines-Télécom [Paris] (IMT)-Télécom SudParis (TSP), Sécurité et Confiance Numérique (SCN-SAMOVAR), Services répartis, Architectures, MOdélisation, Validation, Administration des Réseaux (SAMOVAR), Institut Mines-Télécom [Paris] (IMT)-Télécom SudParis (TSP)-Institut Mines-Télécom [Paris] (IMT)-Télécom SudParis (TSP), Département Réseaux et Services Multimédia Mobiles (TSP - RS2M), Méthodes et modèles pour les réseaux (METHODES-SAMOVAR), European Project: 780351,Enact, and European Project: 101021668,Precinct

Subjects
IoT, Sensors, Testing, [INFO]Computer Science [cs], Digital Twins IoT Sensors Actuators Gateway Simulation Testing, Digital Twins, Actuators, Simulation, Gateway
Abstract

International audience; Digital Twin (DT) is one of the pillars of modern information technologies that plays an important role on industry's digitalization. A DT is composed of a real physical object, a virtual abstraction of the object and a bidirectional data flow between the physical and virtual components. This paper presents a DT-based tool, called TaS, to easily test and simulate IoT environments. The objective is to improve the testing methodologies in IoT systems to evaluate the possible impact of it on the physical world. We provide the conditions to test, predict errors and stress application depending on hardware, software and real world physical process. The tool is based on the DT concept in order to detect and predict failures in evolving IoT environments. In particular, the way to prepare the DT to support fault injection and cybersecurity threats is analyzed. The TaS tool is tested through an industrial case study, the Intelligent Transport System (ITS) provided by the INDRA company. Results of experiments are presented that show that our DT is closely linked to the real world.

Published
2022
Full Text
View/download PDF

8. A security monitoring system for internet of things

Author

Valentina Casola, Wissam Mallouli, Edgardo Montes de Oca, Antonio Riccio, Diego Rivera, Alessandra De Benedictis, Casola, Valentina, De Benedictis, Alessandra, Riccio, Antonio, Rivera, Diego, Mallouli, Wissam, and de Oca, Edgardo Montes

Subjects
Security monitoring, business.industry, Computer science, 020206 networking & telecommunications, 02 engineering and technology, Network monitoring, Computer security, computer.software_genre, Computer Science Applications, Countermeasure, Artificial Intelligence, Hardware and Architecture, Management of Technology and Innovation, 0202 electrical engineering, electronic engineering, information engineering, Computer Science (miscellaneous), 020201 artificial intelligence & image processing, Internet of Things, business, Enforcement, Engineering (miscellaneous), computer, Software, Information Systems
Abstract

The wide adoption of the Internet of Things (IoT) paradigm in several application domains has raised new security issues, which should be carefully taken into account to achieve a real benefit from the indisputable innovation potential of IoT. In fact, the heterogeneity of involved technologies, including the integration of different resource-constrained devices and networks, has led to the introduction of new threats affecting all architectural layers and urging for the design and enforcement of adequate security countermeasures , including effective monitoring capabilities. In this paper, we present a monitoring tool for IoT systems based on the extension of the Montimage network monitoring tools . The proposed solution, validated within the H2020 ANASTACIA project, proved to be well suited to monitor IoT-level networks thanks to the exploitation of protocol-specific plugins.

Published
2019

9. Towards a 5G Security Architecture

Author

Edgardo Montes de Oca, Pascal Bisson, Vincent Lefebvre, Nizar Kheir, Gregory Blanc, Dhouha Ayed, Département Réseaux et Services de Télécommunications (RST), Institut Mines-Télécom [Paris] (IMT)-Télécom SudParis (TSP), Réseaux, Systèmes, Services, Sécurité (R3S-SAMOVAR), Services répartis, Architectures, MOdélisation, Validation, Administration des Réseaux (SAMOVAR), Institut Mines-Télécom [Paris] (IMT)-Télécom SudParis (TSP)-Institut Mines-Télécom [Paris] (IMT)-Télécom SudParis (TSP), Centre National de la Recherche Scientifique (CNRS), Thales Group [France], Tages SAS (.), and Montimage (EURL) [Paris]

Subjects
business.industry, Computer science, Security as a service, 020206 networking & telecommunications, 02 engineering and technology, Enterprise information security architecture, Virtualization, computer.software_genre, Computer security, [INFO.INFO-CR]Computer Science [cs]/Cryptography and Security [cs.CR], [INFO.INFO-NI]Computer Science [cs]/Networking and Internet Architecture [cs.NI], Software, Scalability, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Orchestration (computing), Architecture, business, computer, 5G
Abstract

International audience; 5G is envisioned as a transformation of the communications architecture towards multi-tenant, scalable and flexible infrastructure, which heavily relies on virtualised network functions and programmable networks. In particular, orchestration will advance one step further in blending both compute and data resources, usually dedicated to virtualisation technologies, and network resources into so-called slices. Although 5G security is being developed in current working groups, slice security is seldom addressed. In this work, we propose to integrate security in the slice life cycle, impacting its management and orchestration that relies on the virtualization/softwarisation infrastructure. The proposed security architecture connects the demands specified by the tenants through as-a-service mechanisms with built-in security functions relying on the ability to combine enforcement and monitoring functions within the software-defined network infrastructure. The architecture exhibits desirable properties such as isolating slices down to the hardware resources or monitoring service-level performance

Published
2018
Full Text
View/download PDF

10. Software Defined Security Monitoring in 5G Networks

Author

Edgardo Montes de Oca, Oscar Lopez Perez, Madhusanka Liyanage, Mikel Uriarte Itzazelaia, Jude Okwuibe, Ijaz Ahmad, and Hoang Long Mai

Subjects
Software, Security monitoring, Network Functions Virtualization, business.industry, Network security, Computer science, Monitoring system, Network monitoring, business, Software-defined networking, 5G, Computer network
Abstract

This chapter introduces a Software Defined Security Monitoring for 5G Networks. The use of novel Software Defined Networking (SDN) and Network Function Virtualization (NFV) concepts in 5G monitoring systems can address the classical weaknesses in legacy monitoring systems. The chapter highlights new opportunities that will help achieve efficient SDN‐ and‐NFV based 5G network monitoring. Moreover, it presents the challenges introduced by SDN and NFV in 5G monitoring systems and how the 5G operators need to tackle them by using efficient network monitoring solutions

Published
2018
Full Text
View/download PDF

11. Software Defined Monitoring (SDM) for 5G mobile backhaul networks

Author

Oscar Lopez Perez, Ijaz Ahmed, Edgardo Montes de Oca, Jude Okwuibe, Madhusanka Liyanage, Mika Ylianttila, and Mikel Uriarte Itzazelaia

Subjects
Network architecture, Dynamic network analysis, Monitoring, Software Defined Networking, Network security, business.industry, Computer science, Distributed computing, Testbed, Mobile computing, 020206 networking & telecommunications, 02 engineering and technology, Network monitoring, Network Security, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Reference architecture, business, Software-defined networking, 5G, Network Function Virtualization, Computer network
Abstract

Software Defined Network (SDN) is an advanced approach to designing dynamic, manageable, cost-effective, and adaptable network architectures. SDN will play a key role as an enabler for 5G and future networks. Transferring network monitoring functions to a software entity working in conjunction with configurable hardware accelerators through a scheme called Software Defined Monitoring (SDM) is one promising way to attain the dynamism necessary for the monitoring of the next generation-networks. In this paper, we propose a novel SDM architecture for future mobile backhual networks. As an SDN solution, the proposed architecture provides more granular and dynamic network management functions through its programmable interface, centralized control, and virtualized abstractions. At the same time, the SDM framework intuitively seem prone to various challenges that come with the separation of the control and data planes of middleboxes. This paper collects specific opportunities, vulnerabilities as well as challenges related to SDM. It also highlights how SDM can be used to solve the current limitations in legacy monitoring systems. The feasibility of the proposed SDM architecture is verified by using a testbed implementation.

Published
2017
Full Text
View/download PDF

12. An SDN and NFV Use Case: NDN Implementation and Security Monitoring

Author

Edgardo Montes de Oca, Thibault Cholez, Bertrand Mathieu, Guillaume Doyen, Wissam Mallouli, and Théo Combe

Subjects
0301 basic medicine, Security monitoring, Network Functions Virtualization, Network security, business.industry, Computer science, Control (management), Computer security, computer.software_genre, 03 medical and health sciences, 030104 developmental biology, 0302 clinical medicine, Software deployment, 030220 oncology & carcinogenesis, Agency (sociology), Architecture, business, Virtual network, computer, Computer network
Abstract

Combining NFV fast-service deployment and SDN fine-grained control of data flows allows comprehensive network security monitoring. The DOCTOR architecture (The DOCTOR project (http://doctor-project.org) is a collaborative research project partially financed by the French National Research Agency (ANR) under grant ) allows detecting, assessing, and remediating attacks. DOCTOR is an ANR-funded project designing an NFV platform enabling to securely deploy virtual network functions. The project relies on open-source technologies providing a platform on top of which a Named Data Networking architecture (NDN. Available: https://named-data.net/) is implemented. NDN is an example of an application made possible by SDN and NFV coexistence, since hardware implementation would be too expansive. We show how NDN routers can be implemented and managed as VNFs.

Published
2017
Full Text
View/download PDF

13. Security for Future Software Defined Mobile Networks

Author

Jesus Llorente Santos, Ijaz Ahmed, Raimo Kantola, Asier Valtierra, Edgardo Montes de Oca, Oscar Lopez Perez, Mika Ylianttila, Mikel Uriarte Itzazelaia, Carlos Jimenez, and Madhusanka Liyanage

Subjects
ta113, Radio access network, Cloud computing security, ta213, Monitoring, Computer science, Network security, business.industry, ta111, Mobile computing, Computer security, computer.software_genre, Software-defined mobile network, SDN, Public land mobile network, NFV, Security service, Network Access Control, Security, Mobile Networks, business, ta512, computer, Computer network
Abstract

5G constitutes the next revolution in mobile communications. It is expected to deliver ultra-fast, ultra-reliable network access supporting a massive increase of data traffic and connected nodes. Different technologies are emerging to address the requirements of future mobile networks, such as Software Defined Networking (SDN), Network Function Virtualization (NFV) and cloud computing concepts. In this paper, we introduce the security challenges these new technologies are facing, inherent to the new telecommunication paradigm. We also present a multitier approach to secure Software Defined Mobile Network (SDMN) by tackling security at different levels to protect the network itself and its users. First, we secure the communication channels between network elements by leveraging Host Identity Protocol (HIP) and IPSec tunnelling. Then, we restrict the unwanted access to the mobile backhaul network with policy based communications. It also protects the backhaul devices from source address spoofing and Denial of Service (DoS) attacks. Finally, we leverage Software Defined Monitoring (SDM) and data collection to detect, prevent and react to security threats.

Published
2015
Full Text
View/download PDF

14. Security Aspects of SDMN

Author

Edgardo Montes de Oca and Wissam Mallouli

Subjects
Engineering, business.industry, Intrusion detection system, Asset (computer security), Computer security, computer.software_genre, Security testing, Security information and event management, Security service, Software security assurance, Network Access Control, business, computer, Countermeasure (computer)
Published
2015
Full Text
View/download PDF

15. Dynamic Deployment and Monitoring of Security Policies

Author

Edgardo Montes de Oca, Mónica Pinto, Lidia Fuentes, Wissam Mallouli, José Miguel Horcas, Universidad de Sevilla. Departamento de Lenguajes y Sistemas Informáticos, European Union (UE), Ministerio de Economía y Competitividad (MINECO). España, and Junta de Andalucía

Subjects
Aspect-oriented programming, Cloud computing security, Monitoring, Computer science, Interoperability, Context (language use), Dynamic deployment, Security policy, Computer security, computer.software_genre, Software deployment, Application security, Adaptation (computer science), Security policies, computer
Abstract

INTER-TRUST is a framework for the specification, negotiation, deployment and dynamic adaptation of interoperable security policies, in the context of pervasive systems where devices are constantly exchanging critical information through the network. The dynamic adaptation of the security policies at runtime is addressed using Aspect- Oriented Programming (AOP) that allows enforcing security requirements by dynamically weaving security aspects into the applications. However, a mechanism to guarantee the correct adaptation of the functionality that enforces the changing security policies is needed. In this paper, we present an approach with monitoring and detection techniques in order to maintain the correlation between the security policies and the associated functionality deployed using AOP, allowing the INTERTRUST framework automatically reacts when needed. European Union INTER-TRUST FP7-317731 Ministerio de Economía y Competitividad TIN2012-34840 Junta de Andalucía FamiWare P09-TIC-5231 Junta de Andalucía MAGIC P12-TIC1814

Published
2015
Full Text
View/download PDF

16. Self-protecting multi-cloud applications

Author

Erkuden Rios, Edgardo Montes de Oca, Eider Iturbe, Antonio M. Ortiz, and Wissam Mallouli

Subjects
Cloud computing security, Security service, Computer science, Software security assurance, Data security, Information security, Computer security model, Computer security, computer.software_genre, Security information and event management, computer, Threat
Abstract

The rise and variety of cloud services and their growing availability has enabled the creation of multi-cloud applications that take advantage of cloud service combinations. These applications need to avoid security breaches and preserve data integrity and user privacy in the whole service composition. The MUSA framework arises as a global solution to support the security of the whole multi-cloud application lifecycle by providing advanced monitoring and security assurance mechanisms in multi-cloud environments. The MUSA security assurance platform will be offered as Software as a Service and will include monitoring, enforcement, and notification services to make the multi-cloud applications more secure than ever, ensuring the satisfaction of all the involved actors.

Published
2015
Full Text
View/download PDF

17. How to Evaluate Trust Using MMT

Author

Edgardo Montes de Oca, Ana Cavalli, César Andrés, Wissam Mallouli, Khalifa Toumi, Département Logiciels et Réseaux (LOR), Institut Mines-Télécom [Paris] (IMT)-Télécom SudParis (TSP), Services répartis, Architectures, MOdélisation, Validation, Administration des Réseaux (SAMOVAR), Centre National de la Recherche Scientifique (CNRS), and Montimage (EURL) [Paris]

Subjects
User experience, business.industry, Computer science, Critical area, Monitoring and events correlation, [INFO.INFO-SE]Computer Science [cs]/Software Engineering [cs.SE], Trust, Task (project management), Interoperation, Multi-Organization Environment, [INFO.INFO-NI]Computer Science [cs]/Networking and Internet Architecture [cs.NI], User experience design, Human–computer interaction, business
Abstract

International audience; Trust evaluation is becoming a more and more active and critical area mainly for guaranteeing secure interoperation between communicating systems. One of the basic parameters used to evaluate the trust in a remote entity (user or system) is the previous experience, i.e. the interactions already performed between the truster and the trustee. However the monitoring of the trustee behavior and the analysis of the collected data and events are not an easy task. First of all, we need to define relevant patterns that describe the desired behaviors to be monitored and check them using a dedicated tool. Within this paper, we extended an open source tool (MMT ) to monitor users' behavior and define behavior patterns using temporal properties. We also design some evaluation strategies and illustrate the whole approach by the application to a real case study related to a collaborative programming project

Published
2014
Full Text
View/download PDF

18. Testing Software and Systems

Author

Edgardo Montes de Oca and Mercedes G. Merayo

Subjects
business.industry, Computer science, Non-regression testing, Regression testing, Software construction, Manual testing, Software performance testing, Software reliability testing, Software verification and validation, Software engineering, business, System integration testing
Published
2014
Full Text
View/download PDF

19. An Effective Attack Detection Approach in Wireless Mesh Networks

Author

Ana Cavalli, Edgardo Montes de Oca, Anderson Morais, F. B. Abreu, Bachar Wehbi, Département Logiciels et Réseaux (LOR), Institut Mines-Télécom [Paris] (IMT)-Télécom SudParis (TSP), Services répartis, Architectures, MOdélisation, Validation, Administration des Réseaux (SAMOVAR), Centre National de la Recherche Scientifique (CNRS), and Montimage EURL

Subjects
Routing protocol, Dynamic Source Routing, business.product_category, Wireless ad hoc network, Network security, Computer science, Distributed computing, Attack detection, Enhanced Interior Gateway Routing Protocol, Mesh networking, Wireless Routing Protocol, Geographic routing, Routing attack, [INFO.INFO-NI]Computer Science [cs]/Networking and Internet Architecture [cs.NI], Internet access, Destination-Sequenced Distance Vector routing, Wireless mesh network, Hierarchical routing, Zone Routing Protocol, Static routing, Adaptive quality of service multi-hop routing, Wireless network, business.industry, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, Order One Network Protocol, Mobile ad hoc network, Ad hoc wireless distribution service, Routing domain, Link-state routing protocol, Optimized Link State Routing Protocol, Multipath routing, Hazy Sighted Link State Routing Protocol, business, Trace, Computer network
Abstract

International audience; Wireless Mesh Network (WMN) is a recent technology that is gaining significant importance among traditional wireless networks. WMN is considered a suitable solution for providing Internet access in an inexpensive, convenient, and rapid manner. Nonetheless, WMNs are exposed to various types of security threats due to their intrinsic characteristics such as open broadcast medium and decentralized architecture. For instance, a compromised node can generate malicious traffic in order to disrupt the network routing service, putting the entire mesh network at risk. In this paper, we provide an efficient method for detecting active attacks against the routing functionality of network. The approach is based on the analysis of the protocol routing behavior by processing the traces produced by each node using Mont image Monitoring Tool (MMT), which outputs routing events that are correlated between nodes to detect potential intrusions. We demonstrate the approach feasibility by using a virtualized mesh network platform that consists of virtual nodes executing Better Approach To Mobile Ad hoc Network (BATMAN) routing protocol. The experimental results show that the proposed method accurately identifies malicious routing traffic diffused by an attacker through the network.

Published
2013
Full Text
View/download PDF

20. Events-Based Security Monitoring Using MMT Tool

Author

Bachar Wehbi, Edgardo Montes de Oca, and Michel Bourdelles

Subjects
Security analysis, Security monitoring, Traffic analysis, Database, business.industry, Computer science, Quality of service, Automatic identification and data capture, Context (language use), computer.software_genre, Set (abstract data type), business, Communications protocol, computer, Computer network
Abstract

MMT (Mont image Monitoring Tool) is a monitoring solution that combines: data capture, filtering and storage, events extraction, statistics collection, traffic analysis and reporting. In the context of the PIMI and DIAMONDS projects, Mont image is developing MMT-Security: a security analysis solution (part of MMT) that inspects network traffic against a set of security properties denoting both security rules and attacks. This tool has been applied to an industrial case study provided by Thales Group that consists of a QoS-aware ad-hoc radio communication protocol.

Published
2012
Full Text
View/download PDF

21. Timed Extended Invariants for the Passive Testing of Web Services

Author

Wissam Mallouli, Bachar Wehbi, Edgardo Montes de Oca, Ana Cavalli, Stephane Maag, Gerardo Morales, Département Logiciels et Réseaux (LOR), Institut Mines-Télécom [Paris] (IMT)-Télécom SudParis (TSP), Services répartis, Architectures, MOdélisation, Validation, Administration des Réseaux (SAMOVAR), Centre National de la Recherche Scientifique (CNRS), Méthodes et modèles pour les réseaux (METHODES-SAMOVAR), Institut Mines-Télécom [Paris] (IMT)-Télécom SudParis (TSP)-Institut Mines-Télécom [Paris] (IMT)-Télécom SudParis (TSP), and Montimage Research labs (Montimage )

Subjects
Web standards, medicine.medical_specialty, Computer science, computer.internet_protocol, 02 engineering and technology, computer.software_genre, 0202 electrical engineering, electronic engineering, information engineering, medicine, Data Web, Conformance testing, WS-Addressing, Database, business.industry, [INFO.INFO-WB]Computer Science [cs]/Web, 020206 networking & telecommunications, Service-oriented architecture, Passive testing, Web application, 020201 artificial intelligence & image processing, Web service, WS-Policy, Software engineering, business, Web modeling, computer
Abstract

International audience; The service-oriented approach is becoming more and more popular to integrate highly heterogeneous systems. Web services are the natural evolution of conventional middleware technologies to support Web-based and enterprise level integration. Formal testing of such Web-based technology is a key point to guarantee its reliability. In this paper, we choose a non-intrusive approach based on monitoring to propose a conformance passive testing methodology to check that a composed Web service respects its functional requirements. This methodology is based on a set of formal invariants representing properties to be tested including data and time constraints. Passive testing of an industrial system (that uses a composition of Web services) is briefly presented to demonstrate the effectiveness of the proposed approach

Published
2010
Full Text
View/download PDF

22. TestNet: Let’s Test Together!

Author

Edgardo Montes de Oca, Manuel Núñez, and Ana Cavalli

Subjects
Process management, Scope (project management), European community, Computer science, business.industry, Process (engineering), Software development, Joint (building), System lifecycle, business, Simulation, Test (assessment)
Abstract

In this paper we briefly describe the main goals and organization of TestNet, a proposal for the creation of a Network of Excellence in the scope of the 6th Framework Programme of the European Community. TestNet: Integration of Testing Methodologies represents the joint effort of the different European testing communities to create a common framework to improve all the aspects of the testing process.

Published
2003
Full Text
View/download PDF

23. An effective attack detection approach in wireless mesh networks

Author

Felipe Barbosa Abreu, Anderson Morais, Ana Cavalli, Bachar Wehbi, Edgardo Montes de Oca, Wissam Mallouli, Département Réseaux et Services Multimédia Mobiles (RS2M), Institut Mines-Télécom [Paris] (IMT)-Télécom SudParis (TSP), Services répartis, Architectures, MOdélisation, Validation, Administration des Réseaux (SAMOVAR), Centre National de la Recherche Scientifique (CNRS), and Montimage Research labs (Montimage )

Subjects
Network Security, [INFO.INFO-NI]Computer Science [cs]/Networking and Internet Architecture [cs.NI], Routing attacks, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, Wireless mesh networks, Attack detection, WMNs, Network trace
Abstract

International audience; Wireless mesh network (WMN) is a recent technology that is gaining significant importance among traditional wireless networks. It is considered a suitable solution for providing internet access in an inexpensive, convenient, and rapid manner. Nonetheless, WMNs are exposed to various types of security threats due to their intrinsic characteristics such as open broadcast medium and decentralised architecture. For instance, a compromised node can generate malicious traffic in order to disrupt the network routing service, putting the entire mesh network at risk. In this paper, we provide an efficient method for detecting active attacks against the routing functionality of a mesh network. The approach relies on the analysis of the protocol routing behaviour by processing the traces produced by each node using the Montimage Monitoring Tool (MMT), which outputs routing events that are correlated between nodes to detect potential intrusions. We demonstrate the approach feasibility by using a virtualised mesh network platform that consists of virtual nodes executing 'better approach to mobile ad hoc network' (BATMAN) routing protocol. The experimental results show that the proposed method accurately identifies malicious routing traffic diffused by an attacker through the network

Published
2015
Full Text
View/download PDF

24. Modélisation et détection formelles de vulnérabilités logicielles par le test passif

Author

Amel Mammar, Ana Rosa Cavalli, Edgardo Montes de Oca, Shanai Ardi, David Byers, Nahid Shahmehri, Méthodes et modèles pour les réseaux (METHODES-SAMOVAR), Services répartis, Architectures, MOdélisation, Validation, Administration des Réseaux (SAMOVAR), Institut Mines-Télécom [Paris] (IMT)-Télécom SudParis (TSP)-Institut Mines-Télécom [Paris] (IMT)-Télécom SudParis (TSP), Département Logiciels et Réseaux (LOR), Institut Mines-Télécom [Paris] (IMT)-Télécom SudParis (TSP), Centre National de la Recherche Scientifique (CNRS), Montimage Research labs (Montimage ), Department of computer and information science (Linköpings Universitet) (IDA), and Télécom SudParis & Institut Mines-Télécom Business School, Médiathèque

Subjects
[INFO.INFO-SE] Computer Science [cs]/Software Engineering [cs.SE], [INFO.INFO-SE]Computer Science [cs]/Software Engineering [cs.SE]
Abstract

National audience; L'utilisation de modélisations formelles est devenue une partie intégrante du processus de développement de logiciels sûrs. En effet, une bonne modélisation du système à développer permet d'améliorer la qualité des logiciels en détectant, par exemple, certaines vulnérabilités avant même leurs déploiements. Dans cette optique, ce papier propose une nouvelle méthode de modélisation de vulnérabilités ainsi qu'un langage formel pour l'expression précise sans ambiguïté des causes et événements pouvant les produire. La définition d'un tel langage formel permet également la détection automatique des vulnérabilités par des outils de test. Plus précisément, nous illustrons l'utilisation de l'outil de test passif TestInv, développé au sein de notre équipe, pour la détection automatique de vulnérabilités exprimées dans le langage formel ainsi défini. Notre approche a l'avantage de produire un nombre beaucoup plus réduit de faux positifs tout en maintenant à jour la base de connaissances de l'outil TestInv. L'approche proposée est illustrée à travers l'exemple de vulnérabilité CVE-2005-3192 représentant un ``buffer overflow" dans un programme C

25. Metrics-driven devsecops

Author

Alessandra Bagnato, Wissam Mallouli, Ana Cavalli, Edgardo Montes de Oca, Cavalli, Ana Rosa, Montimage (EURL) [Paris], and Softeam [Guyancourt]

Subjects
Computer science, business.industry, 020204 information systems, 0202 electrical engineering, electronic engineering, information engineering, 020207 software engineering, [INFO]Computer Science [cs], 02 engineering and technology, ACM: D.: Software, [INFO] Computer Science [cs], Software engineering, business, ComputingMilieux_MISCELLANEOUS
Abstract

International audience

26. A SPIN-based approach for detecting vulnerabilities in C programs

Author

Natalia Kushik, Amel Mammar, Ana Rosa Cavalli, Nina Yevtushenko, Edgardo Montes de Oca, Tomsk State University [Tomsk], Méthodes et modèles pour les réseaux (METHODES-SAMOVAR), Services répartis, Architectures, MOdélisation, Validation, Administration des Réseaux (SAMOVAR), Institut Mines-Télécom [Paris] (IMT)-Télécom SudParis (TSP)-Institut Mines-Télécom [Paris] (IMT)-Télécom SudParis (TSP), Département Logiciels et Réseaux (LOR), Institut Mines-Télécom [Paris] (IMT)-Télécom SudParis (TSP), Centre National de la Recherche Scientifique (CNRS), Montimage EURL (Montimage EURL), and Télécom SudParis & Institut Mines-Télécom Business School, Médiathèque

Subjects
Model checking, [INFO.INFO-NI]Computer Science [cs]/Networking and Internet Architecture [cs.NI], [INFO.INFO-NI] Computer Science [cs]/Networking and Internet Architecture [cs.NI], SPIN, C Program, Vulnerability, C language
Abstract

International audience; The C language is widely used for developing tools in various application areas, and a number of C software tools are used for critical systems, such as medicine, transport, etc. Correspondingly, the security of such programs should be thoroughly tested, i.e., it is important to develop techniques for detecting vulnerabilities in C programs. In this paper we present an approach for dynamic detection of software vulnerabilities using the SPIN model checker. We discuss how this approach can be implemented in order to detect automatically C code vulnerabilities and illustrate a proposed technique for a number of C programs which are widely used in a number of applications

Catalog

Books, media, physical & digital resources
See catalog results