Accepted Papers

In some IoT ecosystems, entities (humans, organizations, devices) need to participate collaboratively to develop smart applications. In general, this collaboration requires authentication of the entities. In ecosystems where IoT devices may be compromised, each entity must ensure that the information received from IoT devices and exchanged with other entities are trustworthy. In this context, Identity Management Systems (IdMSs) are crutial to represent entities and face an increased demand for security and privacy of sensitive data. The most widely used models of IdMSs to date still rely on a centralized architecture, which has some drawbacks arising from its centralized operations and its lack of transparency. To avoid the traditional models limitations, we explore a decentralized approach using a self-sovereign identity system that relies on Blockchain consensus algorithms, decentralized identifiers (DID) and zero-knowledge proof (ZKP) to build a trust relationship between entities.

The H2020 PALANTIR project aims at delivering a Security-as-a-Service solution to SMEs and microenterprises via the exploitation of containerised Network Functions. However, these functions are conceived by third-party developers and can also be deployed in untrustworthy virtualisation layers, depending on the subscribed delivery model. Therefore, they cannot be trusted and require a stringent monitoring to ensure their harmlessness, as well as adequate measures to remediate any nefarious activities. This paper justifies, details and evaluates a Zero-Trust architecture supporting PALANTIR’s solution. Specifically, PALANTIR periodically attests the service and infrastructure’s components for signs of compromise by implementing the Trusted Computing paradigm. Verification addresses the firmware, OS and software using UEFI measured boot and Linux Integrity Measurement Architecture, extended to support containerised application attestation. Mitigation actions are supervised by the Recovery Service and the Security Orchestrator based on OSM to, respectively, determine the adequate remediation actions from a recovery policy and enforce them down to the lower layers of the infrastructure through local authenticated enablers. We detail an implementation prototype serving a baseline for quantitative evaluation of our work.

In this article, we consider systems in which the collaborating systems and their interactions cannot be anticipated at design nor deployment time. Indeed, the systems have to respond to operational environments that are in fact dynamic. An access control must grant communications between systems even if all the systems were not prealably identified, while, at the same time, it must deny any aimless or suspect access. Namely, access control must take into account the operational context when decisions are made. In this paper, we aim at outlining how the current state of the art addresses this challenge, as well as emphasizing some of the research questions that remain open.

For decades, Trusted Computing has tried to anchor trust in the hardware, and the existence of Trusted Platform Modules (TPM) in most modern design is an evidence that this approach is now well understood. The default behavior of recent Operating Systems like Windows 11 is even to deny booting if this piece of hardware is absent. But this approach is not sufficient in a modern world where one needs to trust remote platforms. To preserve confidence in security, one needs to limit the trusted computing base (TCB) of a system at a level where an assessment can make sense. We will present how we made Tea with Sequana! Trusted Execution Architecture (TEA) is the result of a partnership with ProvenRun to implement a TCB in Atos servers in a consistent way, from Edge to High Performance Computing. This allows to envision security features based on some common Root-of-Trust known to different platforms, at different scales and levels of interaction.

The supply chain’s attacks as the one suffered Solwarinds are full of consequences. Today’s companies can no longer ignore the risks linked to such practices. However, how to successfully prevent it ? We already use security protocoles for our systems of software versions management such as git, but it does not seem to be sufficient. The DevSecOps automating software security analysis in a continuous integration and deployment chain constitutes a solution to answer these issues. It is within this context that we developed the solution why Characterise the Authors of code PorTIONs? (C4PTION). It completes the arsenal of source code analysis tools with a detection of injected code by unauthorized authors (humans or bots). The C4PTION tool is based on innovating AI techniques that help learn syntactic, lexical and behavioral habits of developers. Integrated in a CI/CD such as Gitlab, C4PTION transmits qualified alerts to project responsibles/CISO (Chief Information Security Officer): level of developer’s usurpation risk, level of confidence in the decision and an explicable report. In this article we show that combined source code and git metadata analysis by trained AI models as well as the adaptable aspect of C4PTION present a tremendous number of assets (especially the one increasing the elements of the confusion matrix by 15%) to prevent any cyber attack in a software development’s supply chain.

Distributed control is a reality of today’s industrial automation and systems. Parts of a system are on-site, and other elements are on the edge of the cloud. The overall system-functioning relies on the reliable operation of local and remote components. However, all system parts can be attacked. Typically, local entities of a cyber-physical system, such as robot arms or conveyor belts, get affected by cyber attacks. However, attacking the control and monitoring channels between a plant and its remote controller is attractive, too. There is a diversity of attacks, such as manipulating a plant’s input signals, controller logic, and output signals. To detect and mitigate the impact of such various attacks and to make a plant more resilient, we introduce a self-learning controller proxy in the plant’s communication channel to the controller. It acts as a local trust anchor to the commands received from a remote controller. It does black box self-learning of the controller algorithms and audits its operations. Once an attack is detected, the plant pivots into self-piloting mode. We investigate design alternatives for the controller proxy. We evaluate how complex the control algorithms can be to enable self-piloting resilience.

In this paper, we tackle the issue of security of multi-agent systems of embedded agents. These systems provide scalable and flexible ways to control complex, distributed and interconnected systems of embedded components, which can connect to and disconnect from the system during runtime. The lack of central authority makes such systems more dynamic and adaptive. However, securing these systems is challenging and raises many issues. In this work, we aim at providing a public key infrastructure to enable agents to securely connect to the system while it runs and without the need to load certificates beforehand. To do so, we establish an infrastructure where agents generate their own keys and ask for certificate from certificate authorities. Those authorities act without the need to coordinate themselves and distribute certificates to requesters, following the rules of a trust management system. The infrastructure provides the ability for the agents to obtain certificates and establish secure communications between themselves without the need of an external, centralized system.

Literature shows that trust typically relies on knowledge about the communication partner. Federated learning is an approach for collaboratively improving machine learning models. It allows collaborators to share Machine Learning models without revealing secrets, as only the abstract models and not the data used for their creation is shared. Federated learning thereby provides a mechanism to create trust without revealing secrets, such as specificities of local industrial systems. A fundamental challenge, however, is determining how much trust is justified for each contributor to collaboratively optimize the joint models. By assigning equal trust to each contribution, divergence of a model from its optimum can easily happen --- caused by errors, bad observations, or cyberattacks. Trust also depends on how much an aggregated model contributes to the objectives of a party. For example, a model trained for an OT system is typically useless for monitoring IT systems. This paper shows first directions how heterogeneous distributed data sources could be integrated using federated learning methods. With an extended abstract, it shows current research directions and open issues from a cyber-analyst's perspective.