Публикации

In the domain of web security, websites strive to prevent themselves from data gathering performed by automatic programs called bots. In that way, crawler traps are an efficient brake against this kind of programs. By creating similar pages or random content dynamically, crawler traps give fake information to the bot and resulting by wasting time and resources. Nowadays, there is no available bots able to detect the presence of a crawler trap. Our aim was to find a generic solution to escape any type of crawler trap. Since the random generation is potentially endless, the only way to perform crawler trap detection is on the fly. Using machine learning, it is possible to compute the comparison between datasets of webpages extracted from regular websites from those generated by crawler traps. Since machine learning requires to use distances, we designed our system using information theory. We considered widely used distances compared to a new one designed to take into account heterogeneous data. Indeed, two pages does not have necessary the same words and it is operationally impossible to know all possible words by advance. To solve our problematic, our new distance compares two webpages and the results showed that our distance is more accurate than other tested distances. By extension, we can say that our distance has a much larger potential range than just crawler traps detection. This opens many new possibilities in the scope of data classification and data mining.

This talk deals with new, innovative, data exfiltration techniques using laser printers. The aim is to understand the possibilities offered by laser printing to insert data subliminally on paper during printing when using office printers. These techniques are similar to those used in auxiliary channel attacks or sidechannel/covert channel attacks), which mainly target confidential environments requiring a high level of security (military, state, industrial sectors). By using the print function, not only it is possible to hide a message (invisible to the public eye) but also to decipher it easily once printed on a paper sheet. The objective is to make people aware of the need of strong security management of printers against unauthorized access to avoid data breach. The main reason lies in the fact that a simple malware hooking the print queue may enable confidential information to be added to legitimate documents and organize the leakage of sensitive information. Demos of our techniques will be made during the talk and source codes will be released.

Most modern democracies and states have adopted a large number of standards and norms to promote and harmonize international trade. The precautionary principle has come to complete this regulatory arsenal especially in the field of security of states and citizens, their health, their private life ... The aim is also to protect government agencies against wrong decisions, especially when uncertain, immature technologies are concerned. Social, political, institutional security and stability and now cybersecurity has become heavily dependent on these new forms of regulation. In this article we will show how this regulation arsenal could be exploited by cybercriminals. It is indeed possible through a broader vision of the notion of cyber attack to turn these norms and standards and this precautionary principle precisely against those they are supposed to protect. Among many possible scenarios, we consider a specific one for illustration with respect to the attack of voting machines. The m ain conclusion is that any (cyber)security risk analysis should now extend the mostly favoured technical view to a more operational vision in which non technical aspects also be included.

In the domain of web security, websites want to prevent themselves from data gathering performed by automatic programs called bots. In that way, crawler traps are an efficient brake against this kind of programs. By creating similar pages or random content dynamically, crawler traps give fake information to the bot and resulting by wasting time and resources. Nowadays, there is no available bots able to detect the presence of a crawler trap. Our aim was to find a generic solution to escape any type of crawler trap. Since the random generation is potentially endless, the only way to perform crawler trap detection is on the fly. Using machine learning, it is possible to compute the comparison between datasets of webpages extracted from regular websites from those generated by crawler traps. Since machine learning requires to use distances, we designed our system using information theory. We used wild used distances compared to a new one designed to take into account heterogeneous data. Indeed, two pages does not have necessary the same words and it is operationally impossible to know all possible words by advance. To solve our problematic, our new distance compares two webpages and the results showed that our distance is more accurate than other tested distances. By extension, we can say that our distance has a much larger potential range than just crawler traps detection. This opens many new possibilities in the scope of data classification and data mining. 

Distributed ledgers stimulate innovative services and enabled new applications in several domains, creating new concepts for trust and regulation. However, this backbone that is enabling novelties and abridging businesses comes with drawbacks and security flaws. In this paper, we evaluate several Distributed Ledger Technologies (DLTs) features depicting the Bitcoin, Ripple, Ethereum, Hyperledger, Algorand and IOTA networks. We focus on their security challenges and expose numerous threats and vulnerabilities. For instance, we have simulated a few of their possible attacks proving them non-immune. In the other hand, we show a few of their malicious use cases. Meticulously presenting DLTs menaces and flaws, we are not involved in preferring any specific DLT network.

In this paper, we present the results of a deep TOR routing protocol analysis from a statistical and combinatorial point of view. We have modelled all possible routes of this famous anonymity network exhaustively while taking different parameters into account with the data provided by the TOR foundation only. We have then confronted our theoretical model with the reality on the ground. To do this, we have generated thousands of roads on the actual TOR network and compared the results obtained with those predicted by the theory. A last step of combinatorial analysis has enabled us to identify critical subsets of Onion routers (ORs) which 33%, 50%, 66% and 75% of the TOR traffic respectively depends on. We have also managed to extract most of the TOR relay bridges which are non public nodes managed by the TOR foundation. The same results as for the ORs have been observed.

This paper delves into the state of the art of computer virology formalisation then tackles the development of a new malware algorithm. It details how the work leveraged Blockchain to create an undetectable malware depicting two versions of the new malware, starting from a first naive version to achieve an advanced armoured undetectable k-ary malware that leverages decentralized storage namely IPFS. The detection of the new malware algorithm has been proven NP-complete.

Проектирование механизма управления доступом в операционной системе (ОС), требующей высокого уровня доверия, является сложной задачей. Еще более сложной она стан овится, если требуется интеграция нескольких разнородных механизмов, таких как ролевое управление доступом (role-based access control, RBAC) и мандатное управление доступом (mandatory access control, MAC). Данная статья представляет результаты разработки иерархической интегрированной модели управления доступом и информационных потоков (hierarchical integrated model of access control and information flows, HIMACF), интегрирующей механизмы RBAC, MAC и мандатного контроля целостности (mandatory integrity control, MIC) с сохранением их ключевых свойств безопасности. Эта модель является дальнейшим развитием МРОСЛ-ДП-модели, она формализована на языке Event-B и ее корректность доказана формально. В иерархическом представлении модели каждый ее уровень (или модуль) представляет отдельный механизм управления доступом, благодаря чему модель может быть верифицирована помодульно, что снижает общую трудоемкость ее верификации за счет переиспользования при доказательстве корректности очередного уровня результатов верификации нижележащих уровней. Данная модель реализована в ОС Astra Linux Special Edition на основе инфраструктуры Linux Security Modules (LSM).

При описании поведения многомодульных систем, в которых обработка входного воздействия производится в течении одного такта времени одновременно всеми компонентами, используется операция синхронной композиции. Наиболее простыми композициями (для решения автоматных уравнений) являются композиции без обратных связей и ветвлений и так называемые "топологии контроллера", поэтому мы предлагаем такие "окна" и рассматривать при оптимизации компонентов.

The volume consists of scientifi c and research papers of the Sixth International Conference “Actual Problems of System and Software Engineering” (APSSE-2019). The Conference was held at the National Research University “Higher School of Economics” from November 12 to November 14, 2019 in Moscow, Russia. The conference was devoted to the analysis of the status, contemporary trends, research issues and practical results obtained by national and foreign scientists and experts in the system and software engineering area, as well as information and analytical systems development area using Big Data technologies. The target audience of the conference came to be the experts, students and postgraduates working in the area of ordering, designing, development, implementation, operation, and maintenance of information and analytical systems for various applications and their software, also working on custom software development. Plenary papers were delivered by the leading domestic and foreign specialists and were aimed at developing the views on the most important and fundamental aspects of the information technology development. Submitted articles were selected for publication. All the submitted articles were reviewed by the members of the Program Committee as well as by the independent reviewers.