27th C&ESAR

CONFERENCE

November 17-18, 2020

Every year since 1997, the French Ministry of Defense has organized a cybersecurity event to bring together governmental, industrial, and academic stakeholders. This event, both educational and scientific, gathers experts, researchers, practitioners and decision-makers in order to explore an important topic within the field of cybersecurity. This inter-disciplinary approach allows operational practitioners to learn about and anticipate future technological inflexion points, and for industry and academia to confront research and product development to operational realities. Conference occurs during European Cyber Week (ECW).

 

 

The 27th C&ESAR conference theme will be Deceptive security

 

Cybersecurity has developed over the past fifteen years in response to the increasing aggressiveness of computer attacks. The rise of cyberspace is inherent in the explosion in the need for services and communications and therefore speed and new technologies. Built on a pragmatic basis to provide new products, cyberspace has reached a level of complexity that is difficult to master. This situation gave a preponderant advantage to the attackers who knew how to transform an imperfection into a breach and then into attack scenarios for hostile ends. The IT security response has evolved from deep static protection to resilient detection, and now for considering the logic of dynamic counterattacks. The time scale between the occurrence of an attack, its detection and its elimination is an important characteristic: from an indefinite duration to a few days, then from a few days to a few hours, the challenge now consists in acting in real time against the attacker. Digital deception is at the heart of this cybersecurity strategy. The aim is to return the attacker's weapons, seeking to deceive him and dissuade him from been discovered. Digital deception is part of cyber deterrence.

Program november 17, 2020​ - Deceptive security

9h00 : Opening speech

9h20 : Program

Benoît MARTIN - DGA-MI

LOCKS AND OPPORTUNITIES

9h30 : Le leurrage numérique comme complément de l'approche de cyber défense

Laurent CORDIVAL, Fabien THUROT - Beijaflore

10h00 : Cyber Threat Intelligence en boucle courte avec un Honey Net

Laurent AUFRECHTER - Thales

10h30 : Break

11h00 :  Sur la croyance, la plausibilité et l’immersivité associées à un réseau de profils fictifs utilisé comme un dispositif de sonde

Thierry BERTHIER - Univ. Limoges, Eric HAZANE - HUB IA France, Thomas ANGLADE - Itrust

11h30 : BEEZH: une plateforme de détonation réaliste pour l’analyse des modes opératoires d’attaquants

Frédéric GUIHERY, Alban SIFFER - Amossys

12h00 : Lunch

13h30 : Holistic Threat Management System

Alexandre GRAU - Holiseum

14h00 : HoneyWISE : stratégie d’exploitation d’honeytokens en environnement Active Directory

Nathan FAEDDA, Augustin TOURNYOL du CLOS - Wavestone

 

USE'S CASES

14h30 : Plateforme de leurrage et de simulation hybride d’activités maritimes

David LE GOFF, David BROSSET - IRENAV

15h00 : Break

15h30 : High-interaction honeypot

Marc-Olivier PAHL - IMT Atlantique

16h00 : HoPLA: a Honeypot Platform to Lure Attacker

Elisa CHIAPPONI - EURECOM, Onur CATAKOGLU - Amadeus IT Group, Olivier THONNARD - Amadeus IT Group, Marc DACIER - EURECOM

16h30 : WonderCloud, une plateforme pour l’analyse et l’émulation de micro- logiciels ainsi que la composition de pots de miels

Mathieu GALISSOT, Maxime PUYS, Pierre-Henri THEVENON - Univ. Grenoble - CEA LETI

17h00 : Leurrage et Jumeau Numérique

Marwan ABBAS - SesameIT, Hervé DEBAR - SAMOVAR, Jerome GOUY - SesameIT

17h30 : End of interventions

20h00 : Social event ECW (mandatory registration)

Program november 18, 2020​ - Deceptive security

DETECTION

9h00 : A framework based on dynamic algorithm configuration and incremental learning to protect UEBA algorithms from conceptual drift, cyber deception techniques and model-poisoning

Thomas ANGLADE - ITrust, Thierry BERTHIER - Univ. Limoges

9h30 : A framework based on dynamic algorithm configuration and incremental learning to protect UEBA algorithms from conceptual drift, cyber deception techniques and model-poisoning

Cédric HERZOG - Inria​

DECEPTIVE SECURITY VS REGULATION

10h00 : Le leurrage numérique – des mesures actives de cyberdéfence? Une étude de cas suisse

Bastien WANNER - Université de Lausanne

10h30 : Break

11h00 : Leurrage et provocation à l'infraction

Jean-Nicolas ROBIN - Chaire cyberdéfense & cuersécurité Saint Cyr

CLOSING

11h30 : Closing speech

12h00 : End of C&ESAR 2020

CALL FOR PAPERS

 

Defensive lure arsenal has historically relied on honeypots. These statically analyzed the deviation of components compared to a known and healthy behavior. This generation has encountered two pitfalls: scalabity to cover diversity and complexity of digital systems, and excessive false positives. Honeypots evolve to become active traps disseminated in the real environment to understand better attacker’s strategies. Decoy deployment architectures specialize according to application (information systems, industrial systems, finance, medical, etc.), to the components targeted by the attacks (servers, firewalls, antivirus, etc.) or to the offensive load (malware, etc.). Lures tend to generate real positives in real time. Their effectiveness relies on two properties, one inherent in security components, non-compromise, and the other characteristic of attack: stealth.

This new generation of digital decoys consolidates investigations within security operational centers (SOC). Thus, logics of deductive (deterministic) or inductive (hypothetical) reasoning confront each other to characterize attackers' operating mode by tightening it up to attack attribution.

However, its active behavior raises regulatory issues (privacy).

Digital decoy becomes an essential component of defensive activities in cybersecurity, because it contributes to efficiency of response scenarios.

C&ESAR 2020 program committee will appreciate submissions in the following areas:

– Tools for deceptive security : honeypots, lures, traps – decoy deployment architectures

– Specialized decoy for services, for security, against malware ...

– Digital decoy properties: non-compromise, stealth...

– Forensics : deductive / inductive reasoning, attacks characterization, attribution ...

– Security Operational Center : deceptive security in escalation scenarios

– Decoys and attack models (MITRE ATT@CK ...), contribution to characterization (CAPEC …), to knowledge of cyber risk (cyber threat intelligence - CTI)

– Decoy and regulation (privacy, NIS Directive…).

IMPORTANT DATES

Submission of the proposals (long absracts between 3 to 6 pages) : June 26th 

Notification to authors : September 3rd

Final version (8 to 16 pages) : October 2nd

Conference : Novembre 17-18

C&ESAR PROGRAMME COMMITTEE

Erwan ABGRALL (MINARM)
José ARAUJO (ANSSI)
Christophe BIDAN (CentraleSupélec)
Yves CORREC (ARCSI)
Frédéric CUPPENS (IMT Atlantique)
Herve DEBAR (Télécom SudParis)
Eric DUPUIS (Orange)
Guillaume DUVEAU (MINARM)
Ivan FONTARENSKY (THALES)
Patrick HEBRARD (NAVAL Group)
Sylvain LAFARGUE (SAFRAN)
Benoît MARTIN (DGA)
Guillaume MEIER (AIRBUS)
Ludovic PIETRE-CAMBACEDES (EDF)
Assia TRIA (CEA)
Eric WIATROWSKI (Orange)

 

ORGANISED BY

MINARM.jpg
DGA.jpg

IN PARTNERSHIP WITH

logo CESIN.png

RECEIVE OUR NEWSLETTERS

Sign up so you don't miss any news from European Cyber Week

En s'abonnant à la newsletter, l'utilisateur autorise le partage de son email avec les organisateurs de la ECW. Hopscotch Congrès s'engage à ne pas utiliser votre adresse email hors du cadre de la European Cyber Week ainsi qu'à ne pas la transmettre à des tiers.
/
By subscribing to the newsletter, you agree to share your email address with the organizers. Hopscotch Congrès will not communicate / spread / publish or otherwise give away your address outside ECW organization.

NEXT EDITION IN :

EUROPEAN CYBER WEEK 2020

ecw@hopscotchcongres.com

  • Gris Icône YouTube
  • Gris LinkedIn Icône
  • Grey Twitter Icon