CONFIDENTIALITY, INTEGRITY, DISPONIBILITY AND REPARTITION – CIDRE, INRIA TEAM, IRISA UMR CNRS 6074
The long-term ambition is to contribute to build distributed systems that are trustworthy and respectful of privacy, even when some nodes in the system have been compromised.
With this objective in mind, the CIDRE group focuses on three different aspects of security, namely trust, intrusion detection, and privacy as well as on the bridges that exist between these aspects. Indeed, we believe that to study new security solutions one must take into account that it is now a necessity to interact with devices whose owners are unknown. To reduce the risk of relying on dishonest entities, a trust mechanism is an essential prevention tool that aims at measuring the capacity of a remote node to provide a service compliant with its specification. Such a mechanism should allow to overcome ill-founded suspicions and to be aware of established misbehaviors. To identify such misbehaviors, intrusion detection systems are necessary. Such systems aim at detecting, by analyzing data flows, whether violations of the security policies have occurred. Finally, Privacy, which is now recognized as a fundamental individual right, should be respected despite the presence of tools and systems that continuously observe or even control users actions or behaviors.
The CIDRE team considers three complementary levels of study:
- The Node Level: The term node either refers to a device that hosts a network client or service or to the process that runs this client or service. Node security management must be the focus of a particular attention, since from the user point of view, security of his own devices is crucial. Sensitive information and services must therefore be locally protected against various forms of attacks. This protection may take a dual form, namely prevention and detection.
- The Group Level: Distributed applications often rely on the identification of sets of interacting entities. These subsets are either called groups, clusters, collections, neighborhoods, spheres, or communities according to the criteria that define the membership.
Among others, the adopted criteria may reflect the fact that a unique person administrates its members, or that they share the same security policy. It can also be related to the localization of the physical entities, or the fact that they need to be strongly synchronized, or even that they share mutual interests.
Due to the vast number of possible contexts and terminologies, we refer to a single type of set of entities, that we call set of nodes. We assume that a node can locally and independently identify a set of nodes and modify the composition of this set at any time. The node that manages one set has to know the identity of each of its members and should be able to communicate directly with them without relying on a third party.
Despite these two restrictions, this definition remains general enough to include as particular cases most of the examples mentioned above. Of course, more restrictive behaviors can be specified by adding other constraints.
We are convinced that security can benefit from the existence and the identification of sets of nodes of limited size as they can help in improving the efficiency of the detection and prevention mechanisms.
- The Open Network Level: In the context of large-scale distributed and dynamic systems, interaction with unknown entities becomes an unavoidable habit despite the induced risk. For instance, consider a mobile user that connects his laptop to a public Wi-Fi access point to interact with his company.
At this point, data (regardless if it is valuable or not) is updated and managed through non-trusted undedicated entities (i.e., communication infrastructure and nodes) that provide multiple services to multiple parties during that user connection. In the same way, the same device (e.g., laptop, PDA, USB key) is often used for both professional and private activities, each activity accessing and manipulating decisive data.
Interview below of Ludovic Mé, former head of the lab:
The supervision of distributed system relies heavily on correlation mechanisms that are responsible for collecting alerts coming from sensors and detecting complex scenarios in the flow of alerts. The problem is that it requires writing complex correlation rules. The work we have performed proposes a technique to generate semi-automatically such correlation rules.
ESORICS 2014 Best Student Paper Award
One approach to protect the privacy of users in personalized recommendation systems is to publish a sanitized version of the profile of the user by relying a non-interactive mechanism compliant with the concept of differential privacy. In a joint work with the LinkMedia Inria team, we have considered two existing schemes offering a differentially private representation of profiles: BLIP (BLoom- and-flIP) and JLT (Johnson-Lindenstrauss Transform). Our contributions are a theoretical analysis and practical implementations of two attacks tested on datasets composed of real user profiles revealing that joint decoding is the most powerful attack.
KEY FIGURES 2014
- Faculty members: 12
- PhD Students: 16
- Post-Doc: 1
- rank A publications (Source: Web Of Science): 14
- Contracts: 394 K€
La Sapienza university, Technische Universitaet Hamburg-Harburg, Inria, CNRS, INSERM, LAAS, LIRIS, Rennes 1 university, Nantes university, Institut Mines-Telecom, ENS Rennes, ENSI Bourges, ENSI Caen.
RHEA Systems SA, Alcatel-Lucent Bell Labs France, EPIST, DGA-MI, Thales, NEC Corporation, Microsoft, Atos Wordline, CS, Technicolor, Hewlett Packard, Orange Labs, Oberthur Technologies, ACEA, Amossys, Mobigis, Tisséo, CryptoExperts, MoDyCo.
Leader: Christophe Bidan
Tél : (+33) 2 99.84.45.00
Fax : (+33) 2 22.214.171.124