The team
Homepage








Publications
Research projects
Teaching
Open positions
Eurecom

 
Results
Partners
Team
Publications
 
Internet security
 
    The overall objective of this project is to study security for the Internet. The Network Security Team is currently undertaking the following two projects in that area.

     

  • SEVA Project (RNRT  project)

    • An extranet is an extended intranet intended for joint projects between several enterprises sharing some of their resources (data bases, information systems, etc.). SEVA (Sécurisation d'Extranet Virtuel en utilisant des Agents intelligents), which began in June 1999, is a joint work between ATOS, EDF, Eurécom, and Gemplus, and is supported by the French RNRT ("Réseau National de Recherche en Télécommunication") research program. The project aims at providing flexible secured extranets. SEVA Project

    Driving the access to the extranet with agents

    The required technologies which are already in use in products like firewalls, smart cards or Java, will be combined to achieve the main goal: dynamically update elements that implement the global security policy, for instance after an intrusion detection, in compliance with each partner's own security rules. Intelligent agents will realize this task.

    The widespread use of agents does require the integrity of their code and data, i.e. they need to be protected from malicious execution environments. The NSTEAM from Eurécom has already been working for a while on mobile code protection and some techniques have been developed in Sergio Loureiro's PhD "Secure Agents in Electronic Commerce", yielding two articles and a patent. More generally, the security mechanisms proposed by the project should be of interest for mobile code technologies in the electronic commerce field.
     

  • Tools

    • The goal of this project is to develop practical tools and an experimental know-how in order to help increase user awareness in the area of Internet security. Internet protocols and applications widely suffer from security exposures due to programming errors or bugs exploited by hackers. Because of the diversity of these errors, the security solutions to these problems o not lend themselves to a systematic approach. The project first aims at gaining a good understanding of known exposures in selected areas: attacks on IP and TCP, exposures with HTTP, web servers, and Java. The first outcome of the project will be a dynamic information and demonstration package for each area including vulnerability test tools for well-known attacks. The vulnerability testing will further focus on two directions:

    • generation of malicious TCP/IP traffic from a high-level definition of attack scenarios. The objective is to develop a graphical tool for the design of new attack scenarios on TCP/IP. For each new input scenario, the tool will build a traffic generating program. Each program will be built out of existent malicious traffic patterns defined as software components.
    • network scanning using existing network management and protocol features. The goal of this sub-project is to develop a tool for network discovery avoiding detection. The new tool will integrate modules from existing tools and allow for incremental addition of new scanning techniques as plug-ins.
     
[Webmaster] - [NSTeam] - Eurecom - 09/11/98