Bonjour à tous,
vous êtes cordialement invités au séminaire inter équipes du LTCI sur
les Systèmes Embarqués Critiques, qui aura lieu le jeudi 22 Février
à Télécom ParisTech, en simultané sur les sites de Paris (salle A401
et/ou B115 en fonction du nombre de participants) et de Sophia Antipolis
(salle Shannon).
Voici le programme:
10h00 – 10h45 : exposé de Jean Leneutre
10h45 – 11h00 : pause café/viennoiseries
11h00 – 11h45 : exposé de Benjamin Dauphin
Vous trouverez les résumés de ces présentations ci-dessous.
******************* First talk ****************************
*** Speaker: Jean Leneutre (ACES Team)
*** Title: Towards a strategic approach to security based on game theory
*********************************************************
Abstract: In the recent years, a large number of works have proposed
to use game
theory as a decision support framework for security. Problems tackled
in these works include:
– how to optimize the allocation of security resources?
– how to configure in an optimal way protection or monitoring
resources?
– how to select the best security response to an incident?
Along this line of research, we will present in this talk a recent
contribution related to the integrity and availability of outsourced
data. A Service Level Agreement (SLA) is usually signed between the
Coud Provider and the customer. For redundancy purposes, it is
important to verify the Cloud Provider’s compliance with data backup
requirements in the SLA. There exists a number of security mechanisms
to check the integrity and availability of outsourced data. This task
can be performed by the customer or be delegated to an independent
entity that we will refer to as the Verifier. However, checking the
availability of data introduces extra costs, which can discourage the
customer of performing data verification too often. The interaction
between the Verifier and the Cloud provider can be captured using game
theory in order to find an optimal data verification strategy. We
formulate this problem as a two player non-cooperative one-shot
game. We consider the case in which each type of data is replicated a
number of times that can depend on a set of parameters including,
among others, its size and sensitivity. We analyze the strategies of
the cloud provider and the verifier at the Nash Equilibrium and derive
the expected behavior of both players. We also consider a second
formulation of the problem as a Stackelberg game in which there are a
leader and a follower. While, providing some valuable insights for
decision making in security, these models based on game theory are not
without limitations, in particular regarding the high level of
abstraction that it implies. In a second part of the talk, we will
discuss these limitations, and propose future research directions to
improve the applicability of game theoretic approaches to security.
************************* Second talk ***************************
*** Speaker: Benjamin Dauphin (LabSoc team)
*** Title: Automating the Measurements and Identifying Power MOSFET Devices
****************************************************************
Power MOSFET devices are a primary component of power converters, and
so are widely used in electronic systems. This widespread usage makes
the study of the devices an important domain. Understanding the way
these devices function enables to design more performant systems.
Also, due to their extensive use, ensuring the security of embedded
system involves ensuring the authenticity of the power MOSFET devices
they contain. The authenticity must be ensured because a refurbished
or a counterfeit device could affect performances and/or security of
critical systems such as automobiles.
To achieve device authentication we:
– Designed an automatic measurement system to measure more easily the
devices, and
– Used Machine Learning on the measurement curves obtained in order to
identify devices
*********************************************************************************************