Program

Timetable

breakfast
9:00am Opening speech Yves Denneulin
9:15am (Keynote) Protecting Data on Smartphones & Tablets using Trusted Computing Stefan Saroiu
10:15am BtleJuice: the Bluetooth Smart Man In The Middle Framework Damien Cauquil
break
11:15am Arybo : Manipulation, Canonicalization and Identification of Mixed Boolean-Arithmetic Symbolic Expressions Adrien Guinet, Marion Videau and Ninon Eyrolles
11:45am Scapy in 15 minutes Guillaume Valadon
12:00am Radare2 in 15 minutes Julien Voisin
12:15pm Is Docker Secure? Manideep Konakandla
lunch
2:00pm (Invited Talk) Gorille : Another approach to binary code analysis Jean-Yves Marion
2:45pm Improving dm-crypt performance for XTS-AES mode through extended requests: first results Levent Demir, Mathieu Thierry and Vincent Roca
break
3:45pm (Invited Talk) M\\'etamorphose.univ-nantes.fr Rémi Lehn
4:30pm Old Memories Requiem *an anonymous pnwer*
5:00pm RUMP session
5:30pm Closing speech
cocktail
6:30pm Workshops
pizzas
9:30pm CTF
0:30am Live session Doktor Vax
6:30am The End

(Keynote) Protecting Data on Smartphones & Tablets using Trusted Computing

Abstract

Smartphone and tablets have treasures of personal and highly sensitive data, such as our e-mails, our calendars, our phone call histories, our voice recordings, our notes, and even our health information. This data can be easily stolen or manipulated. For example, malware could siphon this data off to a remote server. Malicious applications can fabricate or alter sensors data by faking GPS locations or photoshopping photos. Even worse, moderately skilled attackers could read sensitive information straight from a stolen device's flash card or even from its volatile memory (RAM).

This talk presents two approaches to data protection on smartphone and tablets. First, we build software abstractions designed for the security needs of today's operating systems, networks, and cloud systems. For example, we built a software-only implementation of a TPM chip that runs in the firmware of millions of Windows Phones and Microsoft Surfaces, and was the first hardware or software implementation to support the newly released TPM 2.0 specification. Other examples include software abstractions for trusted sensors and for the cloud, or a TPM designed from cross-device scenarios.

Second, we make use of trusted computing hardware to design and implement systems that offer strong security protections against malware, malicious applications, and attackers. For example, we will present Sentry, a system that allows mobile applications and OS components to store their code and data on the ARM System-on-Chip (SoC) rather than in volatile memory. With Sentry, smartphones and tablets can become much more resilient against memory-based attacks, such as cold-boot, using a bus monitor to observe the memory bus, and DMA attacks. Another example is Trusted Language Runtime a small runtime that offers a .NET interface to ARM TrustZone. TLR enables separating an application's security-sensitive logic from the rest of the application, and isolates it from the OS and other applications.

All this work is done jointly with many researchers at Microsoft Research, engineers in the Windows group at Microsoft, and students from ETH Zurich, Max-Planck Institute for Software Systems, U. of British Columbia, and U. of California at San Diego.

Stefan Saroiu

Stefan Saroiu is a researcher in the Mobility and Networking Research group at Microsoft Research (MSR) in Redmond. Stefan's research interests span mobile systems, computer security, and distributed systems. Before joining MSR in 2008, Stefan spent three years as an Assistant Professor at the University of Toronto, and four months at Amazon.com as a visiting researcher where he worked on the early designs of their new shopping cart system (aka Dynamo). Stefan received his Ph.D. from the University of Washington where he was co-advised by Steve Gribble and Hank Levy.


Invited talks

More info to come...


Accepted papers

BtleJuice: the Bluetooth Smart Man In The Middle Framework

A lot of Bluetooth Low Energy capable devices are spread since the last few years, offering a brand new way to compromise many "smart" objects: fitness wristbands, smart locks and padlocks and even healthcare devices. But this protocol poses some new challenges: how may one easily intercept every communication between a device and an application ?

During months (years ?) we've been using Bluetooth Low Energy sniffers (like Ubertooth or even Adafruit's Bluefruit sniffer) to perform security assessments on many connected devices, with not so much success because of the erratic way BLE sniffers work. There were no easy way to perform a decent man-in-the-middle attack on BLE enabled devices.

This is why we developed 'BtleJuice', the first framework to fill in the gap and allow spying on communications between two BLE devices without SDR. We designed it to be modular and to allow MAC spoofing using a compatible Bluetooth LE adapter.

Arybo : Manipulation, Canonicalization and Identification of Mixed Boolean-Arithmetic Symbolic Expressions

This article presents arybo , a tool that gives a bit-level symbolic representation of expressions involving various types of operators on bit strings. Such a tool can be used to gain a better understanding of complex expressions, for example expressions that mix both arithmetic and boolean operators. It can also be useful for optimization purposes, such as proving bit hacks easily.

We describe why we created this tool and the various related issues, such as the choice of the internal representation and the various possible optimizations. We also show how it can be used to identify some basic arithmetic or boolean functions, and present various usage examples.

Halcyon IDE – A faster way to build custom Nmap scans

Halcyon is the first IDE specifically focused on Nmap Script (NSE) Develop-ment. This research idea was originated while writing custom Nmap Scripts for Enterprise Penetration Testing Scenarios. The existing challenge in developing Nmap Scripts (NSE) was the lack of a development environment that gives easiness in building custom scripts for real world scanning, at the same time fast enough to develop such custom scripts. Halcyon is free to use, java based application that comes with code intelligence, code builder, auto-completion, debugging and error correction options and also a bunch of other features like other development IDE(s) has. This research was started to give better development interface/environment to researchers and thus enhance the number of NSE writers in the information security community.

Halcyon IDE can understand Nmap library as well as traditional LUA syntax. Possible repetitive codes such as web crawling, bruteforcing etc., is pre-built in the IDE and this makes easy for script writers to save their time while developing majority of test scenarios.

Following are the features provided by Halcyon IDE:

Website: halcyon-ide.org

Is Docker secure?

The concept of containerization was in Linux from ages in the form of jails, zones, LXC etc. but from the past 2 years the concept of containers gained tremendous recognition. The whole credit goes to "Docker" which made the concept of containerization very useful and handy by adding many benefits to previous container technologies. Tech giants like Redhat, Google, IBM, VMware etc. are not only the contributors to this most active open source project but also major users of it. Only Google spins up more than 2 billion containers per week, more than 3,300 containers per second. Inspired from Docker, Microsoft also started its container technology by extending its research project "Drawbridge". The affect of containers already impacted the virtual machine market and this impact is going to increase significantly in near future.

Security is always an important issue for any upcoming technology and Docker is no exception to it. This presentation starts with brief introduction to containers vs. virtualization technology, Docker ecosystem and then goes deep into "Docker security". Below is the brief description about the topics that are going to be covered w.r.t to Docker Security.

Improving dm-crypt performance for XTS-AES mode through extended requests: first results

Using dedicated hardware is common to accelerate crypto- graphic operations: complex operations are managed by a dedicated co- processor, and data is transferred between RAM and the crypto-engine through DMA operations. The CPU is therefore free for other tasks, which is vital in embedded environments with limited CPU power. In this work we discuss and benchmark XTS-EAS, using either software or mixed approaches, using Linux and dm-crypt, and a low power AT- MEL board, featuring an AES crypto-engine that supports ECB-AES but not the XTS-AES mode. We show that the dm-crypt module used in Linux for full disk encryption has limitations that can be relaxed when considering higher block sizes. We demonstrate that performance gains almost by a factor two are possible, which opens new opportunities for future use-cases.