Phd System Security - Caen, France - Orange SA

Orange SA

Entreprise vérifiée

Caen, France

il y a 1 semaine

Posté par:

Sophie Dupont

beBee Recruiter

Description

About the role:

Your role is to carry out a thesis work on "System security: a programmable OS-level approach to monitor executions and network flows ".

There are complementary ways to secure containers from the lower software layers of cloud infrastructures. However, host-based security (4) has limitations.

For example, recent research work has shown that behavioral analysis detection approach are likely to remain ineffective in detecting ransomware (5).

Network-based security (4) examines network traffic to detect attacks.

Netwok virtualization (Network Function Virtualization) and softwarization (Software Defined Network) which are currently being generalized, are paving the way for programmable security (6).

Nevertheless, network-based security also has limitations, for example in detecting denial of service attacks with low network traffic due to traffic analysis which is still mainly quantitative today.

The main objective of the thesis is to combine these two approaches based on the host and the network, today conducted (too) independently of each other.

The thesis consists in finding OS-level mechanisms allowing to coordinate the analysis of network flows and execution states of the containers involved in the exchange of network traffic.

Thus, by allowing a programmable and combined analysis of the network flows of attacks and their execution and/or their impact on the execution of the attacked container, advances in security delivered from the operator infrastructures are expected.

The first objective of the thesis will be to propose (semi) automated and programmable OS-level mechanisms to collect and analyze per process network traffic sent and received.

The second objective will consist in formalizing the contributions of this network/IT contextualization and illustrating them with at least one type of attack, for example mapping the network flows of a distributed attack by identifying the processes involved or analyzing post-mortem the progress of a ransomware attack thanks to data-provenance mechanisms.

About you:

IT and security skills are required to be able to carry out this research work in good conditions. The skills sought are in-depth knowledge of operating systems with, if possible, a specialization in virtualization. Strong knowledge of security, and more particularly a strong interest in security at low-level software layers (system) are essential.

Moreover, autonomy, curiosity, and open-mindedness are qualities particularly appreciated for research work. Dynamism, proactiveness and communication skills are also qualities required for this position.

English will be predominant throughout the thesis, both in reading (state of the art), in writing (writing articles) and speaking (presentation of results at international conferences).

An excellent level in English is therefore required.

References:

Container Security:
Issues, Challenges, and the RoadAhead. Sari Sultan, Imtiaz Ahmad, and Tassos Dimitriou. 2019, IEEE Access, pp. pp

Snappy:
Programmable kernel-level policies for containers. Belair, M., Laniepce, S., Menaud, J.M.

Gwangju / Virtual, South Korea : 36th ACM/SIGAPP Symposium On Applied Computing., 2021.

Scarfone, Karen. Guide to Intrusion Detection and Prevention Systems (IDPS). s.

l:
National Institute of Standards and Technology (NIST), 2007. Special Publication

On the Effectiveness of Behavior-based Ransomware Detection. Jaehyun Han, Zhiqiang Lin, and Donald Porter. s.

l:
In Proceedings of the 16th International Conference on Security and Privacy in Communication Networks, 2020.

Poseidon:
Mitigating Volumetric DDoS Attacks with Programmable Switches. Zhang, Menghao, G. Li, Shicheng Wang, Chang Liu, Ang Chen, H. Hu, G. Gu, Q. Li, M. Xu and Jianping Wu.

San Diego, California :
NDSS, 2020.

Additional information:

The doctoral student will be integrated into the DPI research team located in Caen (Normandy, France), which includes around fifteen permanent staff and welcomes several doctoral and post-doctoral students in various fields of security research.

The doctoral student will be able to rely on the container security research results of an ex-doctoral student of the team, newly recruited within the department at the end of his thesis as a researcher in system security.

The thesis will give rise to the publication of several articles in conferences at the highest scientific level and the doctoral student will benefit, for possible patent filings, from the support of a patent engineer) to value his contributions ("Intellectual Property and Licensing" department of Orange Innovation Research).

This security research is intimately nourished by the evolution of virtualized IT and network infrastructures, which are becoming programmable, automatable and intelligent.

It also wants to be influential on future virtualization techniques.

Department:

Orange Innovation brings together the research and innovation acti