Service interruption on Monday 11 July from 12:30 to 13:00: all the sites of the CCSD (HAL, Epiciences, SciencesConf, AureHAL) will be inaccessible (network hardware connection).
Skip to Main content Skip to Navigation
Conference papers

Confiance: detecting vulnerabilities in Java Card applets

Léopold Ouairy 1 Hélène Le Bouder 2, 3 Jean-Louis Lanet 1 
1 CIDRE - Confidentialité, Intégrité, Disponibilité et Répartition
CentraleSupélec, Inria Rennes – Bretagne Atlantique , IRISA-D1 - SYSTÈMES LARGE ÉCHELLE
2 OCIF - Objets communicants pour l'Internet du futur
IMT Atlantique - IMT Atlantique Bretagne-Pays de la Loire, IRISA-D2 - RÉSEAUX, TÉLÉCOMMUNICATION ET SERVICES
Abstract : This study focuses on automatically detecting wrong implementations of specification in Java Card programs, without any knowledge on the source code or the specification itself. To achieve this, an approach based on Natural Language Processing and machine-learning is proposed. First, an oracle gathering methods with similar semantics in groups, is created. This focuses on evaluating our approach performances during the neighborhood discovery. Based on the groups automatically retrieved, the anomaly detection is based on Control Flow Graph of programs of these groups. In order to benchmark its ability to detect vulnerabilities, another oracle of vulnerabilities is created. This oracle knows every anomaly the approach should automatically retrieve. Both the neighborhood discovery and the anomaly detection are benchmarked using the precision, the recall and the F1 score metrics. Our approach is implemented in a tool: Confiance and it is compared to another machine-learning tool for automatic vulnerability detection. The results expose the better performances of Confiance over another approach in order to detect vulnerabilities in open-source programs available online.
Document type :
Conference papers
Complete list of metadata

Cited literature [18 references]  Display  Hide  Download

https://hal.inria.fr/hal-02933668
Contributor : Léopold Ouairy Connect in order to contact the contributor
Submitted on : Tuesday, September 8, 2020 - 10:00:06 PM
Last modification on : Monday, April 4, 2022 - 9:28:24 AM
Long-term archiving on: : Friday, December 4, 2020 - 7:37:06 PM

File

anomaly_detection.pdf
Files produced by the author(s)

Identifiers

Citation

Léopold Ouairy, Hélène Le Bouder, Jean-Louis Lanet. Confiance: detecting vulnerabilities in Java Card applets. ARES 2020: 15th International Conference on Availability, Reliability and Security, Aug 2020, Dublin (effectué en visioconférence), Ireland. ⟨10.1145/3407023.3407031⟩. ⟨hal-02933668⟩

Share

Metrics

Record views

86

Files downloads

295