Description Company: None
Keywords: Data collection, securing hosting/storage, collaborative platform, large scale experimentation
Functional Components Description
The High-Security Laboratory (HSL) is designed to host decisive research activities in order to make networks, Internet exchanges and associated telecommunications equipment safer. It allows to collect and store data while ensuring their confidentiality and integrity, both logically and physically, while offering a safe environment for researchers to work. The HSL relies on “trust zones”, dedicated and isolated environments with limited and controlled interactions with the Internet. Such an environment benefits from all the services offered by the HSL (network and data protection, automatic backup, local services – APT, DNS, LDAP, NTP…) while been always separated from the outside world by two levels of security from different constructors/technologies (two firewalls from different constructors for the logical aspects, two different biometric authentication mechanisms for the physical ones)., as shown in Figure 1. Such trust zones are deployed for each hosted project, including its own network and VLAN to ensure it is isolated from other hosted projects, but also user accounts and groups dedicated to the project in the HSL LDAP directory, associated firewalling and users/groups access lists policies (ACLs). These zones are fully integrated to the automatic configuration and software management solution (puppet). The access to such a trust zone is possible through a dedicated Virtual Private Network (VPN), deployed exclusively for each project, and only limited to the user accounts linked to the project’s LDAP groups.
Allow secure hosting and analysis of sensitive data via dedicated trust zones
Data collection and analysis via security sensors for a long term perspective
Place distributed data sensors and probes on the Internet, collect and enrich data automatically, and allow researchers to work on these datasets in the HSL
Large scale experiments
Allow researchers to run Internet-wide experiments such as port scanning
Dissemination and communication
Allow researchers to deploy public services or disseminate results regarding their activities in the HSL
Use request:Non profit (NDA and/or acknowledgement required)
Keywords: HW security evaluation, ransomware IDS
Functional Components Description
The Platform Faustine is dedicated to EM fault injection. The EM hardware is controlled through several parameters (power,waveform,…). It is adapted from low-end microcontroller (e.g. ST32) to high-end multocore SoC (e.g. Rasberry Pi3).Data acquisition is done through a high-speed oscilloscope.The target is inside a Farady cage to avoid exteral EM perturbance. The device is mounted on a X-T-Z table allowing a high precision position of the probe. Several probes are available large coverage or precise coverage. Home-made probe for specific usage can also be used. A camera inside the cage allows a visual positioning of the device under the probe.
The Mom platform is dedicated in one hand to grab malware from external database, to execute them on a Windows (7/810 operating system 32 and 64 bits) bare metal platform. Then, the platform stores the live samples in a database labelling with a probable identification. In the other hand, MoM can execute anti ransomware solution 24/7 on the slaves, recording several parameters like the number of byte lost before detection, the number of files lost and so on. The automated process is the following: a new image with different is loaded on a slave, a ransomware is sent to the slave, a session is automatically simulated (mouse, keybord, applications processes,…) and the ransomware is executed. If after a 15 minutes delay no activity is detected, a new image is loaded and a new ransomware is tested.If the ciphering activity is detected then the test results are stored in the database.
Use request:Non profit