Every year since 1997, the French Ministry of Defense has organized a cybersecurity event to bring together governmental, industrial, and academic stakeholders. This event, both educational and scientific, gathers experts, researchers, practitioners and decision-makers in order to explore an important topic within the field of cybersecurity. This inter-disciplinary approach allows operational practitioners to learn about and anticipate future technological inflexion points, and for industry and academia to confront research and product development to operational realities. Conference occurs during European Cyber Week (ECW).
The 27th C&ESAR conference theme will be Deceptive security
Cybersecurity has developed over the past fifteen years in response to the increasing aggressiveness of computer attacks. The rise of cyberspace is inherent in the explosion in the need for services and communications and therefore speed and new technologies. Built on a pragmatic basis to provide new products, cyberspace has reached a level of complexity that is difficult to master. This situation gave a preponderant advantage to the attackers who knew how to transform an imperfection into a breach and then into attack scenarios for hostile ends. The IT security response has evolved from deep static protection to resilient detection, and now for considering the logic of dynamic counterattacks. The time scale between the occurrence of an attack, its detection and its elimination is an important characteristic: from an indefinite duration to a few days, then from a few days to a few hours, the challenge now consists in acting in real time against the attacker. Digital deception is at the heart of this cybersecurity strategy. The aim is to return the attacker's weapons, seeking to deceive him and dissuade him from been discovered. Digital deception is part of cyber deterrence.
Call for papers is now open until June 26th 2020!
CALL FOR PAPERS
Defensive lure arsenal has historically relied on honeypots. These statically analyzed the deviation of components compared to a known and healthy behavior. This generation has encountered two pitfalls: scalabity to cover diversity and complexity of digital systems, and excessive false positives. Honeypots evolve to become active traps disseminated in the real environment to understand better attacker’s strategies. Decoy deployment architectures specialize according to application (information systems, industrial systems, finance, medical, etc.), to the components targeted by the attacks (servers, firewalls, antivirus, etc.) or to the offensive load (malware, etc.). Lures tend to generate real positives in real time. Their effectiveness relies on two properties, one inherent in security components, non-compromise, and the other characteristic of attack: stealth.
This new generation of digital decoys consolidates investigations within security operational centers (SOC). Thus, logics of deductive (deterministic) or inductive (hypothetical) reasoning confront each other to characterize attackers' operating mode by tightening it up to attack attribution.
However, its active behavior raises regulatory issues (privacy).
Digital decoy becomes an essential component of defensive activities in cybersecurity, because it contributes to efficiency of response scenarios.
C&ESAR 2020 program committee will appreciate submissions in the following areas:
– Tools for deceptive security : honeypots, lures, traps – decoy deployment architectures
– Specialized decoy for services, for security, against malware ...
– Digital decoy properties: non-compromise, stealth...
– Forensics : deductive / inductive reasoning, attacks characterization, attribution ...
– Security Operational Center : deceptive security in escalation scenarios
– Decoys and attack models (MITRE ATT@CK ...), contribution to characterization (CAPEC …), to knowledge of cyber risk (cyber threat intelligence - CTI)
– Decoy and regulation (privacy, NIS Directive…).
Submission of the proposals (long absracts between 3 to 6 pages) : June 26th
Notification to authors : September 3rd
Final version (8 to 16 pages) : October 2nd
Conference : Novembre 17-18
C&ESAR PROGRAMME COMMITTEE
Erwan ABGRALL (MINARM)
José ARAUJO (ANSSI)
Christophe BIDAN (CentraleSupélec)
Yves CORREC (ARCSI)
Frédéric CUPPENS (IMT Atlantique)
Herve DEBAR (Télécom SudParis)
Eric DUPUIS (Orange)
Guillaume DUVEAU (MINARM)
Ivan FONTARENSKY (THALES)
Patrick HEBRARD (NAVAL Group)
Sylvain LAFARGUE (SAFRAN)
Benoît MARTIN (DGA)
Guillaume MEIER (AIRBUS)
Ludovic PIETRE-CAMBACEDES (EDF)
Assia TRIA (CEA)
Eric WIATROWSKI (Orange)