Security Seminar at LORIA

Security Seminar at LORIA

If you want to receive annoucements for future seminars, feel free to subscribe to the seminaire-securite@loria.fr mailing-list.
A link to an ical file is available, for your digital calendars.

Talks 2017 – 2018

Friday September 15 2017

David Basin (ETH Zurich)
Verified Secure Routing: The Verified Scion Project
Amphi C, 13:30
This talk is part of LORIA's colloquium series.

October 23-25 2017

Véronique Cortier — Krishna Gummadi — Florian Kerschbaum
FPS 2017 Keynote Talks
Amphi C, 09:00
The 10th International Symposium on Foundations & Practice of Security (FPS 2017) will be held at LORIA. The keynote talks are:
  • Monday October 23, 9:30am: Véronique Cortier (CNRS, Loria)
    Electronic voting: how logic can help.
  • Tuesday October 24, 9:30am: Krishna Gummadi (MPI Saarbrücken)
    Privacy and Fairness Concerns with PII-based Targeted Advertising on Social Media.
  • Wednesday October 25, 9:30am: Florian Kerschbaum (University of Waterloo, Canada)
    Building Secure Applications Using Intel’s SGX.
The abstracts are available at the FPS 2017 website.

Tuesday November 21 2017

Jean-Louis Lanet (Inria Rennes)
How Secure Containers in a Secure Element are Secure?
A008, 13:30
Retrieving assets inside a secure element is a challenging task. The most attractive assets are the cryptographic keys stored into the Non Volatile Memory (NVM) area but also the algorithms executed. Thus, the condentiality of binary code embedded in that device in the Read Only Memory (ROM) must be protected. In some of the secure elements, a part of the instruction set is unknown and dynamically translated during the loading phase. We present a new approach for reversing a binary program when the Instruction Set Architecture (ISA) is partially unknown. Then, we discover many of the native functions that bypass several security checks accessing directly the resources leading to retrieve in plain text the assets. We demonstrate the ability to use them at the Java level to retrieve sensitive assets whatever the protections are like the firewall. Then, we suggest several possibilities to mitigate these attacks.

Tuesday December 5 2017

Deepak Garg (MPI Saarbrücken)
Qapla: Policy compliance for database-backed systems
A008, 13:30
Many database-backed systems store confidential data that is accessed on behalf of users with different privileges. Policies governing access are often fine-grained, being specific to users, time, accessed columns and rows, values in the database (e.g., user roles), and operators used in queries (e.g., aggregators, group by, and join). Today, applications are often relied upon to issue policy compliant queries or filter the results of non-compliant queries, which is vulnerable to application errors. Qapla provides an alternate approach to policy enforcement that neither depends on application correctness, nor on specialized database support. In Qapla, policies are specific to rows and columns and may additionally refer to the querier's identity and time. They are specified in SQL, and stored in the database itself. The talk will cover the design of Qapla, a prototype implementation and its application to the HotCRP conference management system.

Tuesday February 20 2018

Peter Schwabe (Radboud University, Nijmegen)
TBA
A008, 13:30
TBA
© 2013 - 2017 Pierrick Gaudry, Marion Videau and Emmanuel Thomé ; XHTML 1.0 valide, CSS valide