Accepted Papers
Decentralization of Identities in the Blockchain
The use of blockchain technology has been widespread globally for over a decade. Primarily oriented towards decentralized applications, this technology enables information exchange, particularly through the use of smart contracts, without requiring trust between different parties. In this paper, we explore several approaches for storing, securing, and controlling access to personal data by users. Specifically, the use of smart contracts allows for the on-demand deployment and provision of a portion of the information system containing the user's personal data.
Ahmed Abid
(Université de rennes, FR)
;
Pierre Alain
(Irisa, FR)
An IT system built with cybersecurity best practice: a utopia?
Best practice defines all the professional practices that must be respected to ensure that work is carried out correctly. Transposed to the world of cybersecurity, this includes ANSSI technical guidelines. At a time when cyber threats are multiplying their targets and intensifying, and when the pace of deployment of digital services is driven by business and costs, is it a utopia of experts to build (or rebuild) an IS according to cybersecurity best practice? Through concrete technical subjects (e.g. IT administration, nomadism) illustrated by feedback from recent years, ANSSI presents an introspection on the creation of a technical doctrine and its deployment in operational reality. Finally, in a context where the number of regulated players is growing and collective awareness of cyber risk is more or less advanced, ANSSI proposes ways of completing this doctrine, making it more widely accessible, and implementing it gradually in a variety of contexts (e.g. limited resources, low exposure to the targeted cyber threat).
Olivier Mémin
(ANSSI, FR)
Towards the use of the DISARM matrix as a lever for raising awareness and protecting audiences targeted by disinformation operations
The emergence of vocabulary previously reserved for military conflicts within the field of communication highlights how information has become a key issue in current confrontations. The increasing importance of information in these conflicts has been made possible by recent transformations in adoption, production, and dissemination practices driven by digital tools and social networks. Democracies, where information and opinions are free, are destabilized by campaigns spreading false information or deliberate misinformation orchestrated by authoritarian regimes, for which disinformation is part of a strategy targeting adversaries. We propose to acknowledge this ongoing information warfare and, after conducting an inventory of media literacy and awareness programs, to assess the level of protection or resistance capabilities among the audiences targeted by these disinformation campaigns. To model what is happening at different scales—strategy, moderation, influence, reception, and sharing—a parallel will be drawn with air defense systems intended to protect populations from asymmetrical saturation attacks. Beyond this comparison, the cognitive mechanisms employed by individuals when confronted with new information on social networks will be described. Similarly, influence and propagation models on social networks will be compared to identify leverage points within individuals that could be acted upon. Various frameworks, analysis models, and particularly the DISARM matrix will be examined to determine how they could drive the development of new tools for raising awareness and protecting social network users of all ages. The potential for creating engaging scenarios or serious games for adults based on the DISARM matrix will also be discussed.
Jean-Philippe Riant
(DATASK - Pôle d'excellence cyber Rennes, FR)
;
Ugo Peyre
(DATASK - Pôle d'excellence cyber Rennes, FR)
Analysis of access control mechanisms for a dynamic and decentralized approach of data-centric security (DCS)
Today, in many domains, stakeholders handle sensitive data that needs to be protected according to their confidentiality level. Among existing security paradigms, data-centric security (DCS) places security as close as possible to the data, to ensure confidentiality on any network, communication channel or storage server. To achieve this, DCS requirements are implemented through access control mechanisms. These mechanisms need to be (1) dynamic, to enable actors in a secure system to join it opportunistically and (2) decentralized, to guarantee data availability. However, existing approaches only partially address these challenges. In this article, we illustrate these challenges using two examples and discuss the limitations of existing approaches in addressing them.
Etienne Lemonnier
(Académie Militaire de Saint-Cyr Coëtquidan, CReC Saint-Cyr, FR)
;
Jamal El Hachem
(Université Bretagne Sud, IRISA, FR)
;
Lionel Touseau
(Académie Militaire de Saint-Cyr Coëtquidan, CReC Saint-Cyr, FR)
;
Jérémy Buisson
(Ecole de l'air et de l'espace, CRéA, FR)
;
Nicolas Belloir
(Académie Militaire de Saint-Cyr Coëtquidan, CReC Saint-Cyr, FR)
;
Jean-François Wiorek
(Thales Group, FR)