quelle filière 2A Ensimag pour quels aspects de la...

•  F. Duchene and R. Groz

Un point de vue (parmi tant d’autres): quelle filière 2A Ensimag pour quels aspects de la sécurité informatique?

… et que faire après la 2A ?

SecurIMAG

2012-04-05

WARNING: SecurIMAG is a security club at Ensimag. Thoughts, ideas and opinions are not related to Ensimag. The authors assume no liability including for errors and omissions.

¡¡_ (in)security we trust _!!!

Grenoble INP Ensimag

?"

ANPE"

IF"

ISI"

MMIS"

TEL"

SLE"

Sommaire

2 SecurIMAG - title - author - date

•  1. Après ma 1A? •  Poncifs… •  Comparatif .. (Subjectif) •  Options •  IRL, Projet SPE

•  2. Après ma 2A? •  Quelques idées de cursus

o  SCCI o  Université Etrangère

•  0. Ethics and Computer Science Security.. •  3. Après mon diplôme?

•  Quelques idées de métiers

1. Après ma 1A Ensimag?


1A"

IF" ISI" MMIS" SLE" TEL"

Quelques poncifs qui ont la peau dure…


•  « je veux faire de la sécu, donc je vais en ISI »

Hunger Games (2012), poisonous berries

(presque) toutes les filières traitent de la sécurité. Selon la filière, tel ou tel aspect est davantage développé.

•  « en SLE & TEL, il y a des Phelmas donc … » Le respect des autres et l’humilité vous seront des qualités TRES UTILES. Les prérequis sont certes différents, mais les élèves de ces filières sont très investis et curieux.

Un (pseudo) comparatif (trop?) subjectif..


•  Pour chaque filière sont considérés UNIQUEMENT les cours OBLIGATOIRE dans la filière A non présents dans la partie OBLIGATOIRE d’au moins 1 autre filière et en rapport avec la sécurité

•  Note de 0 à 5 selon domaine relatif à la sécurité •  Les options “security related” sont listées séparément

IF .. 3A (w.out options) [1/2]


Titre& #&H& Enseignant& Web&

5MMSSI&–&Sécurité&des&Systèmes&d’informa?on&

18"(2011)"3>"36?(2012)"

F."Duchene"and"K."Hossen"

hDp://ensiwiki.ensimag.fr/index.php/5MMSSI""

IF .. 3A (w.out options) [2/2]


0"

1"

2"

3"

4"

5"

HW,"Low3Level"(Arch,"ASM)"

Network"

Cryptography"System"(OperaZng,"

Web)"

ValidaZon,"Test"

IF&2A&

IF"2A"

ISI (w.out options) [1/3]


COURS&SECURITE&DANS&CURSUS& Enseignant&

#H&& Web&

4MMSAP&–&Séman?que&et&Analyse&des&Programmes&

M.L.&Potet& 36& hRps://intranet.ensimag.fr/KIOSK/Ma?eres/4MMSAP/&&

5MMMSSIWModèles&pour&la&sécurité&des&systèmes&informa?ques&

M.L.&Potet& 18&

5MMISSIWIntroduc?on&à&la&sécurité&des&systèmes&d'informa?on&&

Y.&Deneullin&

18&

5MMTLSFT3Test"des"logiciels,"sureté"de"foncZonnement"et"tolérance"aux"fautes"

R."Groz"and".."

18"



PROJETS&3A&(choisir&2&parmi&3)& Enseignant&

#H&& Web&

5MMPATAC& &Projet"ATAC":"ApplicaZons"sécurisées"pour"la"technologie"JAVA"

M.L.&Potet&and&…&?&

36&

5MMPCIS& "Projet"CIS":"ConstrucZon"d'infrastructures"sécurisées"

DENNEULIN&Yves&

18&



0"

1"

2"

3"

4"

5"


Network"


Web)"

ValidaZon,"Test"

ISI&2A+3A&

ISI"2A+3A"

Filière'«'standard'»'Ensimag'où'il'y'a'le'plus'de'sécurité'en'3A'

MMIS (w.out options) [1/2]


Enseignant&

#H&& Web&

LOADW5MMSSI&Sécurité&des&Systèmes&d’informa?on&&!!!…&très&probable&que&ce&cours&disparaisse&en&2012W2013..!!!&

F.&Duchene&and&K.&Hossen&

18&W>&36?(2012)&

hRps://ensiwiki.ensimag.fr/index.php/5MMSSI&&

MMIS (w.out options) [2/2]


0"

1"

2"

3"

4"

5"


Network"


Web)"

ValidaZon,"Test"

MMIS&2A+3A&

MMIS"2A+3A"

SLE (w.out options) [1/2]


#&H& Enseignant& Web& Remarque&

5MMSSEWSécurité&des&systèmes&embarqués&&

36& LEVEUGLE&Régis&

Laser,"radiaZons"sur"puces…"

5MMTF&–&tolerance&aux&fautes&&

18" ANGHEL"Lorena"

5MMVSE&W&Valida?on&des&systèmes&embarqués&&

18" MARANINCHI"Florence"

SLE (w.out options) [2/2]


0"

1"

2"

3"

4"

5"


Network"


Web)"

ValidaZon,"Test"SLE"2A+3A"

TEL (w.out options) [1/2]


#&H& Enseignant& Web&

4MMSR&–&Sécurité&des&Réseaux&

18& F.&Duchene&and&K.&Hossen&and&…&

hRp://ensiwiki.ensimag.fr/index.php/4MMSR&&

4MMICN&–&Informa?on&et&codage&numérique&

36& Laurent&ROS,&JeanWLouis&ROCH&

hRps://intranet.ensimag.fr/KIOSK/Ma?eres/4MMICN/&&

TEL (w.out options) [2/2]


0"

1"

2"

3"

4"

5"


Network"


Web)"

ValidaZon,"Test"SLE"2A"

Filière'où'il'y'a'le'plus'de'sécurité'en'2A'

Enseignements optionnels .. ou non strictement sécurité, mais liés


Désigna?on& Enseignants& #H& IF& ISI& MMIS& SLE& TEL&

5MMTLSFTWTest&des&logiciels,&sureté&de&fonc?onnement&et&tolérance&aux&fautes&

R."Groz"and".."

18" OBLIG"

x"

4MMCRY&W&Codes:&cryptographie,&compression,&correc?on&d'erreurs&

JL."Roch"and".."

36" x" x" X"

4MMCSE"3"ConcepZon"de"systèmes"d'exploitaZon"&

Y."Denneulin" 36" OBLIG"

OBLG"

x"

Prenez votre avenir en main…


•  Des aspects sécurité (voire des projets dédiés) existent indépendemment de la filière, comme nous venons le voir

•  Pour teinter davantage votre cursus: •  Introduction à la Recherche en Laboratoire (IRL)

o  Cf quelques exemples sécurité 2011-2012 slide suivante

•  Projet de Spécialité

–  https://intranet.ensimag.fr/KIOSK/Matieres/4MMPSPE/ –  Cryptologie, Sécurité et Codage –  GL et Languages –  Système –  Information et Communication

Quelques IRL sécurité en 2011-2012


•  Sécurité “Binaire”: o  Analyse de code binaire pour la recherche de vulnérabilités

–  DUREUIL, Louis (ISI) o  Obfuscation de code et analyse de binaire (M.L. Potet, L. Mounier)

•  Sécurité “HW”: o  Programmation sur architecture GPU – Application aux attaques sur équipements

sécurisés (R. Leveugle, P. Maistri) –  BELLOT, Zoé (ISI)

o  Attaques sur équipements sécurisés : analyse de l'impact du bruit de mesure

•  Sécurité “Réseau”: o  Étude des réseaux de logiciels malveillants (G. Berger-Sabbatel)

–  C. Mougey (ISI)

•  Validation & Test: o  Évaluation et test d'un protocole de routage dans les réseaux de capteur (M.

Heusse) –  BLEUSE, Raphaël (ISI)

2. Après ma 2A Ensimag?


2A"

3A"«"classique"»"Ensimag" M2"SCCI" M2"MOSIG" Univ."étrangère"

M2 (Rech.) MOSIG


•  Cours sécurité moins nombreux que dans le master MOSIG

•  A approfondir…

•  Liens: o  http://mosig.imag.fr/MainEn/News o  http://www-ufrima.imag.fr/spip.php?rubrique94

M2 (Pro. ou Rech.) SCCI


Crypto"and"ApplicaZons"• PKI"• MulZmedia:"DRM"• Proofs"

AdministraZon" Smart"Card"

ValidaZon:"• Binary"Analysis"• Security"Models"• Model"Checking"

Adudit,"Test"and"exploitaZon:"• Pentest,"Audit"norms"• Fuzzing"• In"memory"+"web"vuln."Exploit"

M2'dédié'à'la'sécurité.'

SOME'LECTURES'EXAMPLES'

http://intranet.ensimag.fr/KIOSK/index.php?PATH=/Master%20SCCI/

Echange à l’étranger


•  Durée: •  6 mois •  1 an •  2x6 mois

•  MANY universities have security lectures: o  Switzerland: KTH, EPFL, .. o  Australia: UQ.. o  Canada: Polytechnique de Montréal..

•  Please contribute when you search for universities having interesting security courses!

https://ensiwiki.ensimag.fr/index.php/Portail:SecurIMAG_Ensimag_IT_security_and_hacking_club/studies

E.g. Fabien

Echange à l’étranger: quelques critères


•  Contenu Cours … en fonction de ce qui vous intéresse •  Enseignants •  Renommée Université •  Localisation Géographique •  Coût

A curriculum idea…


1A" TEL2A" IRL?" Projet"Spé"(sécu"/"GL)"

3A"

M2"SCCI"

Echange"à"l’étranger"

Filière'où'il'y'a'le'plus'de'sécurité'en'2A'

Approfondissement en 3A

0. CyberSecurity


•  1960-1980: Cold War, the threat was nuclear weapons •  Destroy a world zone within 30 minutes

•  2000+ « Cyberwar» (fr: Cyberguerre) •  Cyber-Attack able to paralyze the World within

seconds •  Everything is connected to the Internet:

o  Electrical Plants o  Transportation o  Industrial plants

•  Some famous examples: o  200+ non-legitimate certificates certificates issued by Diginotar Cas o  Eg: Stuxnet (damaged Iran Nuclear Plant)

http://intranet.ensimag.fr/KIOSK/Matieres/3MMRTEL/

0. Be a WHITE-HAT


https://ensiwiki.ensimag.fr/index.php/4MMSR-Network_Security-2011-2012

3. Après mon diplôme?


•  Quelques métiers techniques •  Quelques métiers davantage abstraits

•  Pour les structures, comme toujours… http://ensiwiki.ensimag.fr/index.php/A_career_in_Information_Security

>> Stagiaires, Diplômés, ou tout simplement averti, contribuez! <<

Le'focus'est'fait'sur'les'METIERS,'pas'sur'les'structures'(entreprises,'labos,'organismes..)'

3.1. Quelques idées de métiers techniques


Ingénieur"MSc"Ensimag"

Sécu.&Défensive&(70%?)&

IntégraZon" QoS,"prevent"DDoS" Dev." Researcher:"

crypto"Researcher:"anZ3exploit"

Researcher:"malware,"botnet"

Sécu."Offensive&(30%?)&

Forensics" Pentester" Exploit"Writer" Researcher"

3.1.1. Some Technical Jobs - Defensive Security


•  Integration, deployement, configuration •  QoS / performance / availability •  Developer •  Research:

•  Crypto •  Anti-Exploitation •  Malware, Botnet

Integration, Deployment, Configuration


•  !! PLENTY OF JOBS.

•  Firewalls with DPI capabilities: •  Eg: Dropping a packet if not conform to RFC

•  Hardening: •  Linux Kernel recompilation •  SMTP servers

•  Deploying a log management solution (fr: SIEM)

QoS, availability


•  Eg: actively protect a corporation against DDOS

Developer


•  Develop •  “secure” software (with few vulnerabilitie) •  Software that ensure security properties (eg:

authentification, identification)

•  E.g. A. Maillet, Evidian, Web-SSO

Researcher: crypto


•  Proposing new / improve existing : •  Key Exchange algorithm •  Hash function •  (A)symmetric algorithm •  Secret Sharing scheme

Philippe Elbaz-Vincent

Adi Shamir

Researcher: anti vulnerability exploitation


•  Propose new / improve existing techniques for: •  defeating exploits

o  In memory vulnerability: –  Eg: preventing memory pages to be marked as

both writable and executable: NX/DEP –  Adding randomization of assumed values: ASLR

o  Web Vulnerabilities: –  Filtering –  Dynamic Data Tainting

•  increasing the cost of writing attacks: o  isolating components

–  Mandatory Integrity Control –  NT Security Tokens

Researcher: other Reverse-Engineering ++


•  Malware Analyst •  Writing signatures and heuristics •  http://pferrie.host22.com/ •  Propose new techniques for detection,

classification of malwares

•  Botnet researcher: •  Categorize, Classify, Detect •  Eg: Eric Freyssinet, Domagoj Babic

Researcher: reverse-engineering ++


•  Crypto reverser: •  By observing binaries, network captures.. identify

which encryption algorithm was used

HoneyPots


•  Computer, service – generally not referenced anywhere

•  If contacted, probably because attacker did a network scan

•  Simulate at least one vulnerable computer

Researcher: Access Control Models


•  How to: •  classify assets (data, computers, networks) •  and grant access control

•  .. While still respecting a given security policy ?

3.1.2. Some Technical jobs – Offensive Security


•  Forensics •  Penetration tester •  Research:

•  Network Security •  Vulnerability Hunter •  Malware analyst •  Exploit Writer •  Crypto reverser

Forensics


https://ensiwiki.ensimag.fr/index.php/Fichier:SecurIMAG-2011-12-08-Windows_NT6.1-Live_forensics_and_exploitation.pdf


Penetration-Testing basics

•  An attacker’s objective: run on the victim’s computer a code he controls: the payload P

•  How to do it? •  Problem 1: Find a vulnerability A •  Problem 2: exploit it

o  craft inputs to the system to exploit A, and st. payload P would be run

2012-02-10-UJF-SAFE-Metasploit-Hands_on_lab 2

Pentesting basics

45 UJF-SAFE-AFM-Metasploit - hands on lab - F. Duchene and K. Hossen

•  Pentest: service requested by a company for security professionals pentesters to:

•  attack their corporate network as hostile attackers would •  in the limit of the attack surface •  up to a certain exploitation level

•  Pentesters then have to produce a 7. report that highlights: •  found vulnerabilities •  counter-measures they propose •  risk analysis (=synthesis of the vulnerabilities impacts)

1. “Pre-engagement Interactions “

A proposed pentest methodology

46 UJF-SAFE-AFM-Metasploit - hands on lab - F. Duchene and K. Hossen

Pre3engagement"interacZons"

Intelligence"Gathering"

Threat"Modeling"

Vulnerability"Analysis"ExploitaZon"

Post"ExploitaZon"

ReporZng"

Metasploit – the Pentester Testers Guide - David Kennedy, Jim O’Gorman, Devon Kearns, and Mati Aharoni - 2011

Penetration Tester (aka Pentester)


•  !!! Not a tester of BIC Pencils !

•  A slowly rising tendency: no-limit pentest (pentest+researcher)

•  (minor): might do physical penetration testing, social engineering

+"

• Variety"

3"

• Perimeter,"LimitaZon""• DuraZon"

Vulnerability, Exploit researchers


•  Vulnerability Detection: •  Imagine new / improve (eventually formalize) existing

methods for testing systems and detecting faults that have a security impact o  Marie-Laure Potet o  Roland Groz o  Sanjay Rawat o  Karim Hossen

•  Exploit Writer: •  A vulnerability has been found. •  Write an exploitation code for that vulnerability •  Eg: VUPEN

Network Security


•  Propose new techniques for traffic classification: o  Eg: Intrusion Detection System, Firewalls.. o  Maciej Korczynski

•  Search for vulnerabilities in protocol implementations: o  Eg: DNS, ipv6 …

•  Search / prove logical flaws do exist in a given cryptographic protocol:

o  Pascal Lafourcade, Laurent Mounier, Marie-Laure Potet, Karim Hossen

o  Eg: Model Checking, proof automation

3.2. Quelques idées de métiers plus abstraits


Ingénieur"MSc"Ensimag"

Sécu."Défensive&

Commercial" Pre3Sales"/"Avant3Vente" CSO"/"RSSI"

Sécu."(Of/De)fensive?&

Auditor"

CSO / RSSI(fr.) [1/3]


•  A corporation is HUGE! (think about Microsoft, 80.000 employes).

•  Some objectives: •  Protect intellectual property •  Prevent intrusions •  Recover from a disaster •  AND ..

o  Allow employes to work remotely

•  Some questions to be answered:

•  How to PRIORITIZE security related investments?

CSO / RSSI [2/3]


•  A possible answer: “Security driven by metrics”

•  Do { o  Identify Assets o  Define strategy, define counter-measures, planify deployment o  Request for security audits (technical AND organizational) o  Analyze the result (risk)

} until (gotFired() || leftCompany() || hugeAttackOccurs() || boardDoesnotUnderstandNeedOfSecurity())

CSO / RSSI [3/3] – some famous figures


Bernard Ourghanlian, CTO and CSO Microsoft France

PhD Mathematics Alpha Processors CTO DEC Windows Internals 5th ed. Member of INRIA-MSR executive comitee

Whitfield Diffie Former CSO Sun Microsystems

"was always concerned about individuals, an individual's privacy as opposed to Government secrecy.

BSc MIT, MSc Standford, PhD Swiss Federal IT = ETH Zurich “Connaissance de F. Autreau”

Auditor


•  Read and get training + certifications for •  ISO 2700x •  MEHARI •  EBIOS •  ..

•  Interview employees, observe if processes are done in according to: •  those recommendations •  the entity security policy

•  Report •  (minor): might do physical penetration testing, social

engineering

Pre-Sales / Avant-Vente


•  Your company sells SW. A potential customer considers buying your product. He requests for a POC specialy crafted for his needs

•  Technical expert in few systems

•  Eg: Hospitals requires: •  Strong authentication (>=2 factors) •  Ability to authenticate to any workstation •  Authentication process: efficiency (URGENCES) •  Traceability: Access to patient medical files

Commercial


•  Communication skills

•  Might be a career for people who are single: •  Travel •  Diners with customers •  Stressful .. Will I sell and get that salary?

•  Salary: fix + variable (% on sales)

3.3. Some structures idea


Gov."

• SGDN"3"ANSSI"• Min."Def."3"DGSE"

• Army"• Police,"Gendarmerie"

• …"

Public"

• Verimag,"LIG"• CEA3DAM"• ETH"• KIT"• Berkeley"• …"

Private"

• VUPEN"• SogeZ3ESEC"• Toucan"Systems"

• Quarkslab"• …"

For a LITTLE MORE IMPORTANT (but still FAR FROM being COMPLETE) list: http://ensiwiki.ensimag.fr/index.php/A_career_in_Information_Security >> Stagiaires, Diplômés, ou tout simplement averti, contribuez! <<

The End.. ?


… Be a Counter Cyber-Terrorist :)


•  Contribute to protect your country, company •  Knowledge is power…

UNA PREGUNTA?

quelle filière 2A Ensimag pour quels aspects de la...

Documents

Transcript of quelle filière 2A Ensimag pour quels aspects de la...