Post on 28-Jul-2020
• F. Duchene and R. Groz
Un point de vue (parmi tant d’autres): quelle filière 2A Ensimag pour quels aspects de la sécurité informatique?
… et que faire après la 2A ?
SecurIMAG
2012-04-05
WARNING: SecurIMAG is a security club at Ensimag. Thoughts, ideas and opinions are not related to Ensimag. The authors assume no liability including for errors and omissions.
¡¡_ (in)security we trust _!!!
Grenoble INP Ensimag
?"
ANPE"
IF"
ISI"
MMIS"
TEL"
SLE"
Sommaire
2 SecurIMAG - title - author - date
• 1. Après ma 1A? • Poncifs… • Comparatif .. (Subjectif) • Options • IRL, Projet SPE
• 2. Après ma 2A? • Quelques idées de cursus
o SCCI o Université Etrangère
• 0. Ethics and Computer Science Security.. • 3. Après mon diplôme?
• Quelques idées de métiers
1. Après ma 1A Ensimag?
3 SecurIMAG - title - author - date
1A"
IF" ISI" MMIS" SLE" TEL"
Quelques poncifs qui ont la peau dure…
4 SecurIMAG - title - author - date
• « je veux faire de la sécu, donc je vais en ISI »
Hunger Games (2012), poisonous berries
(presque) toutes les filières traitent de la sécurité. Selon la filière, tel ou tel aspect est davantage développé.
• « en SLE & TEL, il y a des Phelmas donc … » Le respect des autres et l’humilité vous seront des qualités TRES UTILES. Les prérequis sont certes différents, mais les élèves de ces filières sont très investis et curieux.
Un (pseudo) comparatif (trop?) subjectif..
5 SecurIMAG - title - author - date
• Pour chaque filière sont considérés UNIQUEMENT les cours OBLIGATOIRE dans la filière A non présents dans la partie OBLIGATOIRE d’au moins 1 autre filière et en rapport avec la sécurité
• Note de 0 à 5 selon domaine relatif à la sécurité • Les options “security related” sont listées séparément
IF .. 3A (w.out options) [1/2]
6 SecurIMAG - title - author - date
Titre& #&H& Enseignant& Web&
5MMSSI&–&Sécurité&des&Systèmes&d’informa?on&
18"(2011)"3>"36?(2012)"
F."Duchene"and"K."Hossen"
hDp://ensiwiki.ensimag.fr/index.php/5MMSSI""
IF .. 3A (w.out options) [2/2]
7 SecurIMAG - title - author - date
0"
1"
2"
3"
4"
5"
HW,"Low3Level"(Arch,"ASM)"
Network"
Cryptography"System"(OperaZng,"
Web)"
ValidaZon,"Test"
IF&2A&
IF"2A"
ISI (w.out options) [1/3]
8 SecurIMAG - title - author - date
COURS&SECURITE&DANS&CURSUS& Enseignant&
#H&& Web&
4MMSAP&–&Séman?que&et&Analyse&des&Programmes&
M.L.&Potet& 36& hRps://intranet.ensimag.fr/KIOSK/Ma?eres/4MMSAP/&&
5MMMSSIWModèles&pour&la&sécurité&des&systèmes&informa?ques&
M.L.&Potet& 18&
5MMISSIWIntroduc?on&à&la&sécurité&des&systèmes&d'informa?on&&
Y.&Deneullin&
18&
5MMTLSFT3Test"des"logiciels,"sureté"de"foncZonnement"et"tolérance"aux"fautes"
R."Groz"and".."
18"
ISI (w.out options) [2/3]
9 SecurIMAG - title - author - date
PROJETS&3A&(choisir&2&parmi&3)& Enseignant&
#H&& Web&
5MMPATAC& &Projet"ATAC":"ApplicaZons"sécurisées"pour"la"technologie"JAVA"
M.L.&Potet&and&…&?&
36&
5MMPCIS& "Projet"CIS":"ConstrucZon"d'infrastructures"sécurisées"
DENNEULIN&Yves&
18&
ISI (w.out options) [3/3]
10 SecurIMAG - title - author - date
0"
1"
2"
3"
4"
5"
HW,"Low3Level"(Arch,"ASM)"
Network"
Cryptography"System"(OperaZng,"
Web)"
ValidaZon,"Test"
ISI&2A+3A&
ISI"2A+3A"
Filière'«'standard'»'Ensimag'où'il'y'a'le'plus'de'sécurité'en'3A'
MMIS (w.out options) [1/2]
11 SecurIMAG - title - author - date
Enseignant&
#H&& Web&
LOADW5MMSSI&Sécurité&des&Systèmes&d’informa?on&&!!!…&très&probable&que&ce&cours&disparaisse&en&2012W2013..!!!&
F.&Duchene&and&K.&Hossen&
18&W>&36?(2012)&
hRps://ensiwiki.ensimag.fr/index.php/5MMSSI&&
MMIS (w.out options) [2/2]
12 SecurIMAG - title - author - date
0"
1"
2"
3"
4"
5"
HW,"Low3Level"(Arch,"ASM)"
Network"
Cryptography"System"(OperaZng,"
Web)"
ValidaZon,"Test"
MMIS&2A+3A&
MMIS"2A+3A"
SLE (w.out options) [1/2]
13 SecurIMAG - title - author - date
#&H& Enseignant& Web& Remarque&
5MMSSEWSécurité&des&systèmes&embarqués&&
36& LEVEUGLE&Régis&
Laser,"radiaZons"sur"puces…"
5MMTF&–&tolerance&aux&fautes&&
18" ANGHEL"Lorena"
5MMVSE&W&Valida?on&des&systèmes&embarqués&&
18" MARANINCHI"Florence"
SLE (w.out options) [2/2]
14 SecurIMAG - title - author - date
0"
1"
2"
3"
4"
5"
HW,"Low3Level"(Arch,"ASM)"
Network"
Cryptography"System"(OperaZng,"
Web)"
ValidaZon,"Test"SLE"2A+3A"
TEL (w.out options) [1/2]
15 SecurIMAG - title - author - date
#&H& Enseignant& Web&
4MMSR&–&Sécurité&des&Réseaux&
18& F.&Duchene&and&K.&Hossen&and&…&
hRp://ensiwiki.ensimag.fr/index.php/4MMSR&&
4MMICN&–&Informa?on&et&codage&numérique&
36& Laurent&ROS,&JeanWLouis&ROCH&
hRps://intranet.ensimag.fr/KIOSK/Ma?eres/4MMICN/&&
TEL (w.out options) [2/2]
16 SecurIMAG - title - author - date
0"
1"
2"
3"
4"
5"
HW,"Low3Level"(Arch,"ASM)"
Network"
Cryptography"System"(OperaZng,"
Web)"
ValidaZon,"Test"SLE"2A"
Filière'où'il'y'a'le'plus'de'sécurité'en'2A'
Enseignements optionnels .. ou non strictement sécurité, mais liés
17 SecurIMAG - title - author - date
Désigna?on& Enseignants& #H& IF& ISI& MMIS& SLE& TEL&
5MMTLSFTWTest&des&logiciels,&sureté&de&fonc?onnement&et&tolérance&aux&fautes&
R."Groz"and".."
18" OBLIG"
x"
4MMCRY&W&Codes:&cryptographie,&compression,&correc?on&d'erreurs&
JL."Roch"and".."
36" x" x" X"
4MMCSE"3"ConcepZon"de"systèmes"d'exploitaZon"&
Y."Denneulin" 36" OBLIG"
OBLG"
x"
Prenez votre avenir en main…
18 SecurIMAG - title - author - date
• Des aspects sécurité (voire des projets dédiés) existent indépendemment de la filière, comme nous venons le voir
• Pour teinter davantage votre cursus: • Introduction à la Recherche en Laboratoire (IRL)
o Cf quelques exemples sécurité 2011-2012 slide suivante
• Projet de Spécialité
– https://intranet.ensimag.fr/KIOSK/Matieres/4MMPSPE/ – Cryptologie, Sécurité et Codage – GL et Languages – Système – Information et Communication
Quelques IRL sécurité en 2011-2012
19 SecurIMAG - title - author - date
• Sécurité “Binaire”: o Analyse de code binaire pour la recherche de vulnérabilités
– DUREUIL, Louis (ISI) o Obfuscation de code et analyse de binaire (M.L. Potet, L. Mounier)
• Sécurité “HW”: o Programmation sur architecture GPU – Application aux attaques sur équipements
sécurisés (R. Leveugle, P. Maistri) – BELLOT, Zoé (ISI)
o Attaques sur équipements sécurisés : analyse de l'impact du bruit de mesure
• Sécurité “Réseau”: o Étude des réseaux de logiciels malveillants (G. Berger-Sabbatel)
– C. Mougey (ISI)
• Validation & Test: o Évaluation et test d'un protocole de routage dans les réseaux de capteur (M.
Heusse) – BLEUSE, Raphaël (ISI)
2. Après ma 2A Ensimag?
20 SecurIMAG - title - author - date
2A"
3A"«"classique"»"Ensimag" M2"SCCI" M2"MOSIG" Univ."étrangère"
M2 (Rech.) MOSIG
21 SecurIMAG - title - author - date
• Cours sécurité moins nombreux que dans le master MOSIG
• A approfondir…
• Liens: o http://mosig.imag.fr/MainEn/News o http://www-ufrima.imag.fr/spip.php?rubrique94
M2 (Pro. ou Rech.) SCCI
22 SecurIMAG - title - author - date
Crypto"and"ApplicaZons"• PKI"• MulZmedia:"DRM"• Proofs"
AdministraZon" Smart"Card"
ValidaZon:"• Binary"Analysis"• Security"Models"• Model"Checking"
Adudit,"Test"and"exploitaZon:"• Pentest,"Audit"norms"• Fuzzing"• In"memory"+"web"vuln."Exploit"
M2'dédié'à'la'sécurité.'
SOME'LECTURES'EXAMPLES'
http://intranet.ensimag.fr/KIOSK/index.php?PATH=/Master%20SCCI/
Echange à l’étranger
23 SecurIMAG - title - author - date
• Durée: • 6 mois • 1 an • 2x6 mois
• MANY universities have security lectures: o Switzerland: KTH, EPFL, .. o Australia: UQ.. o Canada: Polytechnique de Montréal..
• Please contribute when you search for universities having interesting security courses!
https://ensiwiki.ensimag.fr/index.php/Portail:SecurIMAG_Ensimag_IT_security_and_hacking_club/studies
E.g. Fabien
Echange à l’étranger: quelques critères
24 SecurIMAG - title - author - date
• Contenu Cours … en fonction de ce qui vous intéresse • Enseignants • Renommée Université • Localisation Géographique • Coût
A curriculum idea…
25 SecurIMAG - title - author - date
1A" TEL2A" IRL?" Projet"Spé"(sécu"/"GL)"
3A"
M2"SCCI"
Echange"à"l’étranger"
Filière'où'il'y'a'le'plus'de'sécurité'en'2A'
Approfondissement en 3A
0. CyberSecurity
27 SecurIMAG - title - author - date
• 1960-1980: Cold War, the threat was nuclear weapons • Destroy a world zone within 30 minutes
• 2000+ « Cyberwar» (fr: Cyberguerre) • Cyber-Attack able to paralyze the World within
seconds • Everything is connected to the Internet:
o Electrical Plants o Transportation o Industrial plants
• Some famous examples: o 200+ non-legitimate certificates certificates issued by Diginotar Cas o Eg: Stuxnet (damaged Iran Nuclear Plant)
http://intranet.ensimag.fr/KIOSK/Matieres/3MMRTEL/
0. Be a WHITE-HAT
28 SecurIMAG - title - author - date
https://ensiwiki.ensimag.fr/index.php/4MMSR-Network_Security-2011-2012
3. Après mon diplôme?
29 SecurIMAG - title - author - date
• Quelques métiers techniques • Quelques métiers davantage abstraits
• Pour les structures, comme toujours… http://ensiwiki.ensimag.fr/index.php/A_career_in_Information_Security
>> Stagiaires, Diplômés, ou tout simplement averti, contribuez! <<
Le'focus'est'fait'sur'les'METIERS,'pas'sur'les'structures'(entreprises,'labos,'organismes..)'
3.1. Quelques idées de métiers techniques
30 SecurIMAG - title - author - date
Ingénieur"MSc"Ensimag"
Sécu.&Défensive&(70%?)&
IntégraZon" QoS,"prevent"DDoS" Dev." Researcher:"
crypto"Researcher:"anZ3exploit"
Researcher:"malware,"botnet"
Sécu."Offensive&(30%?)&
Forensics" Pentester" Exploit"Writer" Researcher"
3.1.1. Some Technical Jobs - Defensive Security
31 SecurIMAG - title - author - date
• Integration, deployement, configuration • QoS / performance / availability • Developer • Research:
• Crypto • Anti-Exploitation • Malware, Botnet
Integration, Deployment, Configuration
32 SecurIMAG - title - author - date
• !! PLENTY OF JOBS.
• Firewalls with DPI capabilities: • Eg: Dropping a packet if not conform to RFC
• Hardening: • Linux Kernel recompilation • SMTP servers
• Deploying a log management solution (fr: SIEM)
QoS, availability
33 SecurIMAG - title - author - date
• Eg: actively protect a corporation against DDOS
Developer
34 SecurIMAG - title - author - date
• Develop • “secure” software (with few vulnerabilitie) • Software that ensure security properties (eg:
authentification, identification)
• E.g. A. Maillet, Evidian, Web-SSO
Researcher: crypto
35 SecurIMAG - title - author - date
• Proposing new / improve existing : • Key Exchange algorithm • Hash function • (A)symmetric algorithm • Secret Sharing scheme
Philippe Elbaz-Vincent
Adi Shamir
Researcher: anti vulnerability exploitation
36 SecurIMAG - title - author - date
• Propose new / improve existing techniques for: • defeating exploits
o In memory vulnerability: – Eg: preventing memory pages to be marked as
both writable and executable: NX/DEP – Adding randomization of assumed values: ASLR
o Web Vulnerabilities: – Filtering – Dynamic Data Tainting
• increasing the cost of writing attacks: o isolating components
– Mandatory Integrity Control – NT Security Tokens
Researcher: other Reverse-Engineering ++
37 SecurIMAG - title - author - date
• Malware Analyst • Writing signatures and heuristics • http://pferrie.host22.com/ • Propose new techniques for detection,
classification of malwares
• Botnet researcher: • Categorize, Classify, Detect • Eg: Eric Freyssinet, Domagoj Babic
Researcher: reverse-engineering ++
38 SecurIMAG - title - author - date
• Crypto reverser: • By observing binaries, network captures.. identify
which encryption algorithm was used
HoneyPots
39 SecurIMAG - title - author - date
• Computer, service – generally not referenced anywhere
• If contacted, probably because attacker did a network scan
• Simulate at least one vulnerable computer
Researcher: Access Control Models
40 SecurIMAG - title - author - date
• How to: • classify assets (data, computers, networks) • and grant access control
• .. While still respecting a given security policy ?
3.1.2. Some Technical jobs – Offensive Security
41 SecurIMAG - title - author - date
• Forensics • Penetration tester • Research:
• Network Security • Vulnerability Hunter • Malware analyst • Exploit Writer • Crypto reverser
Forensics
42 SecurIMAG - title - author - date
https://ensiwiki.ensimag.fr/index.php/Fichier:SecurIMAG-2011-12-08-Windows_NT6.1-Live_forensics_and_exploitation.pdf
43 SecurIMAG - title - author - date
44 SecurIMAG - title - author - date
Penetration-Testing basics
• An attacker’s objective: run on the victim’s computer a code he controls: the payload P
• How to do it? • Problem 1: Find a vulnerability A • Problem 2: exploit it
o craft inputs to the system to exploit A, and st. payload P would be run
2012-02-10-UJF-SAFE-Metasploit-Hands_on_lab 2
Pentesting basics
45 UJF-SAFE-AFM-Metasploit - hands on lab - F. Duchene and K. Hossen
• Pentest: service requested by a company for security professionals pentesters to:
• attack their corporate network as hostile attackers would • in the limit of the attack surface • up to a certain exploitation level
• Pentesters then have to produce a 7. report that highlights: • found vulnerabilities • counter-measures they propose • risk analysis (=synthesis of the vulnerabilities impacts)
1. “Pre-engagement Interactions “
A proposed pentest methodology
46 UJF-SAFE-AFM-Metasploit - hands on lab - F. Duchene and K. Hossen
Pre3engagement"interacZons"
Intelligence"Gathering"
Threat"Modeling"
Vulnerability"Analysis"ExploitaZon"
Post"ExploitaZon"
ReporZng"
Metasploit – the Pentester Testers Guide - David Kennedy, Jim O’Gorman, Devon Kearns, and Mati Aharoni - 2011
Penetration Tester (aka Pentester)
47 SecurIMAG - title - author - date
• !!! Not a tester of BIC Pencils !
• A slowly rising tendency: no-limit pentest (pentest+researcher)
• (minor): might do physical penetration testing, social engineering
+"
• Variety"
3"
• Perimeter,"LimitaZon""• DuraZon"
Vulnerability, Exploit researchers
48 SecurIMAG - title - author - date
• Vulnerability Detection: • Imagine new / improve (eventually formalize) existing
methods for testing systems and detecting faults that have a security impact o Marie-Laure Potet o Roland Groz o Sanjay Rawat o Karim Hossen
• Exploit Writer: • A vulnerability has been found. • Write an exploitation code for that vulnerability • Eg: VUPEN
Network Security
49 SecurIMAG - title - author - date
• Propose new techniques for traffic classification: o Eg: Intrusion Detection System, Firewalls.. o Maciej Korczynski
• Search for vulnerabilities in protocol implementations: o Eg: DNS, ipv6 …
• Search / prove logical flaws do exist in a given cryptographic protocol:
o Pascal Lafourcade, Laurent Mounier, Marie-Laure Potet, Karim Hossen
o Eg: Model Checking, proof automation
3.2. Quelques idées de métiers plus abstraits
50 SecurIMAG - title - author - date
Ingénieur"MSc"Ensimag"
Sécu."Défensive&
Commercial" Pre3Sales"/"Avant3Vente" CSO"/"RSSI"
Sécu."(Of/De)fensive?&
Auditor"
CSO / RSSI(fr.) [1/3]
51 SecurIMAG - title - author - date
• A corporation is HUGE! (think about Microsoft, 80.000 employes).
• Some objectives: • Protect intellectual property • Prevent intrusions • Recover from a disaster • AND ..
o Allow employes to work remotely
• Some questions to be answered:
• How to PRIORITIZE security related investments?
CSO / RSSI [2/3]
52 SecurIMAG - title - author - date
• A possible answer: “Security driven by metrics”
• Do { o Identify Assets o Define strategy, define counter-measures, planify deployment o Request for security audits (technical AND organizational) o Analyze the result (risk)
} until (gotFired() || leftCompany() || hugeAttackOccurs() || boardDoesnotUnderstandNeedOfSecurity())
CSO / RSSI [3/3] – some famous figures
53 SecurIMAG - title - author - date
Bernard Ourghanlian, CTO and CSO Microsoft France
PhD Mathematics Alpha Processors CTO DEC Windows Internals 5th ed. Member of INRIA-MSR executive comitee
Whitfield Diffie Former CSO Sun Microsystems
"was always concerned about individuals, an individual's privacy as opposed to Government secrecy.
BSc MIT, MSc Standford, PhD Swiss Federal IT = ETH Zurich “Connaissance de F. Autreau”
Auditor
54 SecurIMAG - title - author - date
• Read and get training + certifications for • ISO 2700x • MEHARI • EBIOS • ..
• Interview employees, observe if processes are done in according to: • those recommendations • the entity security policy
• Report • (minor): might do physical penetration testing, social
engineering
Pre-Sales / Avant-Vente
55 SecurIMAG - title - author - date
• Your company sells SW. A potential customer considers buying your product. He requests for a POC specialy crafted for his needs
• Technical expert in few systems
• Eg: Hospitals requires: • Strong authentication (>=2 factors) • Ability to authenticate to any workstation • Authentication process: efficiency (URGENCES) • Traceability: Access to patient medical files
Commercial
56 SecurIMAG - title - author - date
• Communication skills
• Might be a career for people who are single: • Travel • Diners with customers • Stressful .. Will I sell and get that salary?
• Salary: fix + variable (% on sales)
3.3. Some structures idea
57 SecurIMAG - title - author - date
Gov."
• SGDN"3"ANSSI"• Min."Def."3"DGSE"
• Army"• Police,"Gendarmerie"
• …"
Public"
• Verimag,"LIG"• CEA3DAM"• ETH"• KIT"• Berkeley"• …"
Private"
• VUPEN"• SogeZ3ESEC"• Toucan"Systems"
• Quarkslab"• …"
For a LITTLE MORE IMPORTANT (but still FAR FROM being COMPLETE) list: http://ensiwiki.ensimag.fr/index.php/A_career_in_Information_Security >> Stagiaires, Diplômés, ou tout simplement averti, contribuez! <<
The End.. ?
58 SecurIMAG - title - author - date
… Be a Counter Cyber-Terrorist :)
59 SecurIMAG - title - author - date
• Contribute to protect your country, company • Knowledge is power…
UNA PREGUNTA?