November 17-18, 2020
Every year since 1997, the French Ministry of Defense has organized a cybersecurity event to bring together governmental, industrial, and academic stakeholders. This event, both educational and scientific, gathers experts, researchers, practitioners and decision-makers in order to explore an important topic within the field of cybersecurity. This inter-disciplinary approach allows operational practitioners to learn about and anticipate future technological inflexion points, and for industry and academia to confront research and product development to operational realities. Conference occurs during European Cyber Week (ECW).
The 27th C&ESAR conference theme will be Deceptive security
Cybersecurity has developed over the past fifteen years in response to the increasing aggressiveness of computer attacks. The rise of cyberspace is inherent in the explosion in the need for services and communications and therefore speed and new technologies. Built on a pragmatic basis to provide new products, cyberspace has reached a level of complexity that is difficult to master. This situation gave a preponderant advantage to the attackers who knew how to transform an imperfection into a breach and then into attack scenarios for hostile ends. The IT security response has evolved from deep static protection to resilient detection, and now for considering the logic of dynamic counterattacks. The time scale between the occurrence of an attack, its detection and its elimination is an important characteristic: from an indefinite duration to a few days, then from a few days to a few hours, the challenge now consists in acting in real time against the attacker. Digital deception is at the heart of this cybersecurity strategy. The aim is to return the attacker's weapons, seeking to deceive him and dissuade him from been discovered. Digital deception is part of cyber deterrence.
Program november 17, 2020 - Deceptive security
9h00 : Opening speech
9h20 : Program
Benoît MARTIN - DGA-MI
LOCKS AND OPPORTUNITIES
9h30 : Le leurrage numérique comme complément de l'approche de cyber défense
Laurent CORDIVAL, Fabien THUROT - Beijaflore
10h00 : Cyber Threat Intelligence en boucle courte avec un Honey Net
Laurent AUFRECHTER - Thales
10h30 : Break
11h00 : Sur la croyance, la plausibilité et l’immersivité associées à un réseau de profils fictifs utilisé comme un dispositif de sonde
Thierry BERTHIER - Univ. Limoges, Eric HAZANE - HUB IA France, Thomas ANGLADE - Itrust
11h30 : BEEZH: une plateforme de détonation réaliste pour l’analyse des modes opératoires d’attaquants
Frédéric GUIHERY, Alban SIFFER - Amossys
12h00 : Lunch
13h30 : Holistic Threat Management System
Alexandre GRAU - Holiseum
14h00 : HoneyWISE : stratégie d’exploitation d’honeytokens en environnement Active Directory
Nathan FAEDDA, Augustin TOURNYOL du CLOS - Wavestone
14h30 : Plateforme de leurrage et de simulation hybride d’activités maritimes
David LE GOFF, David BROSSET - IRENAV
15h00 : Break
15h30 : High-interaction honeypot
Marc-Olivier PAHL - IMT Atlantique
16h00 : HoPLA: a Honeypot Platform to Lure Attacker
Elisa CHIAPPONI - EURECOM, Onur CATAKOGLU - Amadeus IT Group, Olivier THONNARD - Amadeus IT Group, Marc DACIER - EURECOM
16h30 : WonderCloud, une plateforme pour l’analyse et l’émulation de micro- logiciels ainsi que la composition de pots de miels
Mathieu GALISSOT, Maxime PUYS, Pierre-Henri THEVENON - Univ. Grenoble - CEA LETI
17h00 : Leurrage et Jumeau Numérique
Marwan ABBAS - SesameIT, Hervé DEBAR - SAMOVAR, Jerome GOUY - SesameIT
17h30 : End of interventions
20h00 : Social event ECW (mandatory registration)
Program november 18, 2020 - Deceptive security
9h00 : A framework based on dynamic algorithm configuration and incremental learning to protect UEBA algorithms from conceptual drift, cyber deception techniques and model-poisoning
Thomas ANGLADE - ITrust, Thierry BERTHIER - Univ. Limoges
9h30 : A framework based on dynamic algorithm configuration and incremental learning to protect UEBA algorithms from conceptual drift, cyber deception techniques and model-poisoning
Cédric HERZOG - Inria
DECEPTIVE SECURITY VS REGULATION
10h00 : Le leurrage numérique – des mesures actives de cyberdéfence? Une étude de cas suisse
Bastien WANNER - Université de Lausanne
10h30 : Break
11h00 : Leurrage et provocation à l'infraction
Jean-Nicolas ROBIN - Chaire cyberdéfense & cuersécurité Saint Cyr
11h30 : Closing speech
12h00 : End of C&ESAR 2020
CALL FOR PAPERS
Defensive lure arsenal has historically relied on honeypots. These statically analyzed the deviation of components compared to a known and healthy behavior. This generation has encountered two pitfalls: scalabity to cover diversity and complexity of digital systems, and excessive false positives. Honeypots evolve to become active traps disseminated in the real environment to understand better attacker’s strategies. Decoy deployment architectures specialize according to application (information systems, industrial systems, finance, medical, etc.), to the components targeted by the attacks (servers, firewalls, antivirus, etc.) or to the offensive load (malware, etc.). Lures tend to generate real positives in real time. Their effectiveness relies on two properties, one inherent in security components, non-compromise, and the other characteristic of attack: stealth.
This new generation of digital decoys consolidates investigations within security operational centers (SOC). Thus, logics of deductive (deterministic) or inductive (hypothetical) reasoning confront each other to characterize attackers' operating mode by tightening it up to attack attribution.
However, its active behavior raises regulatory issues (privacy).
Digital decoy becomes an essential component of defensive activities in cybersecurity, because it contributes to efficiency of response scenarios.
C&ESAR 2020 program committee will appreciate submissions in the following areas:
– Tools for deceptive security : honeypots, lures, traps – decoy deployment architectures
– Specialized decoy for services, for security, against malware ...
– Digital decoy properties: non-compromise, stealth...
– Forensics : deductive / inductive reasoning, attacks characterization, attribution ...
– Security Operational Center : deceptive security in escalation scenarios
– Decoys and attack models (MITRE ATT@CK ...), contribution to characterization (CAPEC …), to knowledge of cyber risk (cyber threat intelligence - CTI)
– Decoy and regulation (privacy, NIS Directive…).
Submission of the proposals (long absracts between 3 to 6 pages) : June 26th
Notification to authors : September 3rd
Final version (8 to 16 pages) : October 2nd
Conference : Novembre 17-18
C&ESAR PROGRAMME COMMITTEE
Erwan ABGRALL (MINARM)
José ARAUJO (ANSSI)
Christophe BIDAN (CentraleSupélec)
Yves CORREC (ARCSI)
Frédéric CUPPENS (IMT Atlantique)
Herve DEBAR (Télécom SudParis)
Eric DUPUIS (Orange)
Guillaume DUVEAU (MINARM)
Ivan FONTARENSKY (THALES)
Patrick HEBRARD (NAVAL Group)
Sylvain LAFARGUE (SAFRAN)
Benoît MARTIN (DGA)
Guillaume MEIER (AIRBUS)
Ludovic PIETRE-CAMBACEDES (EDF)
Assia TRIA (CEA)
Eric WIATROWSKI (Orange)