Jean Leneutre

Abstract: In the recent years, a large number of works have proposed to use game theory as a decision support framework for security. Problems tackled in these works include:
– how to optimize the allocation of security resources?
– how to configure in an optimal way protection or monitoring
resources?
– how to select the best security response to an incident?

Along this line of research, we will present in this talk a recent contribution related to the integrity and availability of outsourced data. A Service Level Agreement (SLA) is usually signed between the Cloud Provider and the customer. For redundancy purposes, it is important to verify the Cloud Provider’s compliance with data backup requirements in the SLA. There exists a number of security mechanisms to check the integrity and availability of outsourced data. This task can be performed by the customer or be delegated to an independent entity that we will refer to as the Verifier. However, checking the availability of data introduces extra costs, which can discourage the customer of performing data verification too often. The interaction between the Verifier and the Cloud provider can be captured using game theory in order to find an optimal data verification strategy. We formulate this problem as a two player non-cooperative one-shot game. We consider the case in which each type of data is replicated a number of times that can depend on a set of parameters including, among others, its size and sensitivity. We analyze the strategies of the cloud provider and the verifier at the Nash Equilibrium and derive the expected behavior of both players. We also consider a second formulation of the problem as a Stackelberg game in which there are a leader and a follower. While, providing some valuable insights for decision making in security, these models based on game theory are not without limitations, in particular regarding the high level of abstraction that it implies.  In a second part of the talk, we will discuss these limitations, and propose future research directions to improve the applicability of game theoretic approaches to security.

Benjamin Dauphin (LabSoc team)

Power MOSFET devices are a primary component of power converters, and so are widely used in electronic systems. This widespread usage makes the study of the devices an important domain.  Understanding the way these devices function enables to design more performant systems. Also, due to their extensive use, ensuring the security of embedded system involves ensuring the authenticity of the power MOSFET devices they contain. The authenticity must be ensured because a refurbished or a counterfeit device could affect performances and/or security of critical systems such as automobiles.

To achieve device authentication we:
– Designed an automatic measurement system to measure more easily the devices, and
– Used Machine Learning on the measurement curves obtained in order to identify devices