I have been involved in several research projects related to Information and Communication Technologies (ICT) security.
Projects funded under the 7th Framework Programme of the European Commission
MAnagement of Security information and events in Service Infrastructures (FP7-ICT-2009-5-MASSIF)
The main objective of MASSIF (MAnagement of Security information and events in Service Infrastructures) is to achieve a significant advance in the area of SIEM (Security Information and Event Management). On the base of proper multi-level event correlation MASSIF will provide innovation techniques in order to enable the detection of upcoming security threats and trigger remediation actions even before the occurrence of possible security incidences. Thus, MASSIF will develop a new generation SIEM framework for service infrastructures supporting intelligent, scalable, and multi-level/multi-domain security event processing and predictive security monitoring. Such service-level SIEM involves the modelling and formal validation of security, including trusted computing concepts, architecture for dependable and resilient collection of service events, supported by an extremely scalable and high performance event collection and processing framework, in the context of service-level attack models.
In the MASSIF project, Télécom SudParis provides the following contributions:
-
Technical management of the project. Hervé Debar is the technical director of the MASSIF project.
-
SIEM architecture. Télécom SudParis is involved in the definition of the architecture of the MASSIF SIEM platform.
-
Event languages. Télécom SudParis is developing an ontology of event languages and processes related to SIEM.
-
Decision support system for threat mitigation. Télécom SudParis is developing a decision support environment using simulation platforms provided by SPIIRAS and FRAUNHOFER-SIT to help operators select and deploy the appropriate and most efficient defense measures in the face of cyber attacks.
DEcentralized, cooperative and privacy-preserving MONitoring for trustworthinesS (DEMONS)
As an Integrating Project strategy, DEMONS aims at addressing all the key aspects essential in monitoring approaches for the Future Internet. DEMONS’ ultimate goal is to i) design a more scalable, flexible and autonomic monitoring infrastructure, ii) exploit monitoring intelligence distributed inside programmable traffic probes and mediating devices, iii) improve monitoring applications’ performance, capability effectiveness (detection, reporting, and mitigation) and deployment easiness, iv) operating in compliance with the customers’ privacy rights, and v) taking advantage of cross-domain cooperation mechanisms to permit improved defence against global scale cooperative threats and operational failures.
Visual Analytic Representation of Large Datasets for Enhancing Network Security (Vis-Sense)
VIS-SENSE is an EU-funded research project focused on the development of visual analytics technologies for the enhancement of international network security. The VIS-SENSE project uses visualization and data-mining technologies to identify and predict complex patterns of abnormal behaviour. The VIS-SENSE team works in various application areas ranging from network information security and attack attribution to attack prediction and the detection of BGP hijacking. The ultimate goal of VIS-SENSE is to stimulate proactive measures, which improve efforts to combat cyber-crime, and also to enhance the prediction of attacks.
Projects funded under French funding schemes
CompatibleOne
The CompatibleOne project identifies, aggregates and integrates leading open source technologies into a rich and comprehensive ‘cloudware’ stack. CompatibleOne is developing a meta-model-based framework for the abstraction of the configuration, management and integration of these technologies. This ‘cloudware’ framework, based on open, common standards and leading open source technologies, will offer cloud builders the greatest possible interoperability.