Search For:

Displaying 1-10 out of 10 total
An Automated Approach to Generate Web Applications Attack Scenarios
Found in: 2013 Sixth Latin-American Symposium on Dependable Computing (LADC)
By Eric Alata,Mohamed Kaaniche,Vincent Nicomette,Rim Akrout
Issue Date:April 2013
pp. 78-85
Web applications have become one of the most popular targets of attacks during the last years. Therefore it is important to identify the vulnerabilities of such applications and to remove them to prevent potential attacks. This paper presents an approach t...
Potential Attacks on Onboard Aerospace Systems
Found in: IEEE Security & Privacy Magazine
By Anthony Dessiatnikoff,Yves Deswarte,Éric Alata,Vincent Nicomette
Issue Date:July 2012
pp. 71-74
Because security is becoming a major concern for aircraft manufacturers and satellite makers, vulnerability discovery and countermeasures should be integrated into onboard computing systems early during their development. Attacks against aerospace computer...
A distributed platform of high interaction honeypots and experimental results
Found in: 2012 Tenth Annual International Conference on Privacy, Security and Trust (PST)
By Ivan Studnia,Vincent Nicomette,Mohamed Kaaniche,Eric Alata
Issue Date:July 2012
pp. 229-230
This paper describes a data collection distributed platform composed of various high interaction honeypots deployed in different locations, along with our first analyses of this data. This deployment follows a previous experiment conducted with the same ho...
I/O Attacks in Intel PC-based Architectures and Countermeasures
Found in: SysSec Workshop
By Fernand Lone Sang,Vincent Nicomette,Yves Deswarte
Issue Date:July 2011
pp. 19-26
For a few years now, attacks involving I/O controllers have been subject to a growing interest. Unlocking smart phones and game consoles through USB connections, or bypassing authentication through Fire Wire are examples of such attacks. Our study focuses ...
Luth: Composing and Parallelizing Midpoint Inspection Devices
Found in: Network and System Security, International Conference on
By Ion Alberdi, Vincent Nicomette, Philippe Owezarski
Issue Date:September 2010
pp. 9-16
The race for innovation is driving Internet evolution. Internet software developers have to create more complex systems while enduring the pressuring time to market. Therefore, end-host software have bugs, vulnerabilities and cannot be trusted. That's why,...
The Design of a Generic Intrusion-Tolerant Architecture for Web Servers
Found in: IEEE Transactions on Dependable and Secure Computing
By Ayda Saidane, Vincent Nicomette, Yves Deswarte
Issue Date:January 2009
pp. 45-58
Nowadays, more and more information systems are connected to the Internet and offer Web interfaces to the general public or to a restricted set of users. Such openness makes them likely targets for intruders, and conventional protection techniques have bee...
A Tool to Analyze Potential I/O Attacks Against PCs
Found in: IEEE Security & Privacy
By Fernand Lone Sang,Vincent Nicomette,Yves Deswarte
Issue Date:July 2013
pp. 1
Abstract. This paper presents a multi-purpose FPGA-based tool designed to analyze I/O attacks against PCs. Instead of making the CPU execute malicious software (or malware), I/O attacks use I/O controllers or peripheral devices to run attacks and, as such,...
Security-related vulnerability life cycle analysis
Found in: 2012 7th International Conference on Risks and Security of Internet and Systems (CRiSIS)
By Geraldine Vache Marconato,Vincent Nicomette,Mohamed Kaaniche
Issue Date:October 2012
pp. 1-8
This paper deals with the characterization of security-related vulnerabilities based on public data reported in the Open Source Vulnerability Database. We focus on the analysis of vulnerability life cycle events corresponding to the vulnerability discovery...
Detecting attacks against data in web applications
Found in: 2012 7th International Conference on Risks and Security of Internet and Systems (CRiSIS)
By Romaric Ludinard,Eric Totel,Frederic Tronel,Vincent Nicomette,Mohamed Kaaniche,Eric Alata,Rim Akrout,Yann Bachy
Issue Date:October 2012
pp. 1-8
RRABIDS (Ruby on Rails Anomaly Based Intrusion Detection System) is an application level intrusion detection system for applications implemented with the Ruby on Rails framework. It is aimed at detecting attacks against data in the context of web applicati...
An intrusion tolerant architecture for dynamic content internet servers
Found in: Proceedings of the 2003 ACM workshop on Survivable and self-regenerative systems: in association with 10th ACM Conference on Computer and Communications Security (SSRS '03)
By Ayda Saidane, Vincent Nicomette, Yves Deswarte
Issue Date:October 2003
pp. 110-114
This paper describes a generic architecture for intrusion tolerant Internet servers. It aims to build systems that are able to survive attacks in the context of an open network such as the Internet. To do so, the design is based on fault tolerance techniqu...