Guillaume Hiet

Guillaume Hiet
CentraleSupélec | ECP · CIDRE team

PhD

About

47
Publications
7,102
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
293
Citations
Additional affiliations
October 2010 - present
CentraleSupélec
Position
  • Professor (Assistant)
Description
  • My research interests are in network and computer security, with a focus on security monitoring, Information Flow Control and security of low level components (firmware and hardware security mechanisms).
October 2010 - present
CentraleSupélec
Position
  • Professor (Assistant)
Education
October 2005 - October 2008
University of Rennes
Field of study
  • Computer Science
September 2003 - September 2005
Supélec
Field of study
  • Computer Science
September 2001 - September 2003
École nationale supérieure d'arts et métiers
Field of study
  • Mechanical Engineering

Publications

Publications (47)
Article
In this paper we develop an alert correlation framework specifically tailored for Industrial Control Systems (ICSs). Alert correlation is a set of techniques used to process alerts raised by various intrusion detection systems in order to a eliminate redundant alerts, reduce the number of false alerts, and reconstruct attack scenarios. In ICSs the...
Article
Modern computing systems have grown in complexity, and even though system components are generally carefully designed and even verified by different groups of people, the composition of these components is often regarded with less attention. Inconsistencies between components’ assumptions on the rest of the system can have significant repercussions...
Article
Despite the deployment of preventive security mechanisms to protect the assets and computing platforms of users, intrusions eventually occur. We propose a novel intrusion survivability approach to withstand ongoing intrusions. Our approach relies on an orchestration of fine-grained recovery and per-service responses (e.g., privileges removal). Such...
Preprint
Full-text available
Despite the deployment of preventive security mechanisms to protect the assets and computing platforms of users, intrusions eventually occur. We propose a novel intrusion survivability approach to withstand ongoing intrusions. Our approach relies on an orchestration of fine-grained recovery and per-service responses (e.g., privileges removal). Such...
Conference Paper
Despite the deployment of preventive security mechanisms to protect the assets and computing platforms of users, intrusions eventually occur. We propose a novel intrusion survivability approach to withstand ongoing intrusions. Our approach relies on an orchestration of fine-grained recovery and per-service responses (e.g., privileges removal). Such...
Conference Paper
At present, computer science studies generally offer courses addressing mobile development and they use mobile technologies for illustrating theoretical concepts such as operating system, design patterns, and compilation because Android and iOS use a large variety of technologies for developing applications. Teaching courses on security is also bec...
Preprint
Full-text available
DIFT (Dynamic Information Flow Tracking) has been a hot topic for more than a decade. Unfortunately, existing hardware DIFT approaches have not been widely used neither by research community nor by hardware vendors. It is due to two major reasons: current hardware DIFT solutions lack support for multi-threaded applications and implementations for h...
Preprint
Full-text available
Most of hardware-assisted solutions for software security, program monitoring, and event-checking approaches require instrumentation of the target software, an operation which can be performed using an SBI (Static Binary Instrumentation) or a DBI (Dynamic Binary Instrumentation) framework. Hardware-assisted instrumentation can use one of these two...
Preprint
Full-text available
This work details a hardware-assisted approach for information flow tracking implemented on reconfigurable chips. Current solutions are either time-consuming or hardly portable (modifications of both sofware/hardware layers). This work takes benefits from debug components included in ARMv7 processors to retrieve details on instructions committed by...
Chapter
Modern computing systems have grown in complexity, and the attack surface has increased accordingly. Even though system components are generally carefully designed and even verified by different groups of people, the composition of these components is often regarded with less attention. This paves the way for “architectural attacks”, a class of sec...
Preprint
Highly privileged software, such as firmware, is an attractive target for attackers. Thus, BIOS vendors use cryptographic signatures to ensure firmware integrity at boot time. Nevertheless, such protection does not prevent an attacker from exploiting vulnerabilities at runtime. To detect such attacks, we propose an event-based behavior monitoring a...
Article
Sophisticated process-aware attacks targeting industrial control systems require adequate detection measures taking into account the physical process. This paper proposes an approach relying on automatically mined process specifications to detect attacks on sequential control systems. The specifications are synthesized as monitors that read the exe...
Conference Paper
Full-text available
Highly privileged software, such as firmware, is an attractive target for attackers. Thus, BIOS vendors use cryptographic signatures to ensure firmware integrity at boot time. Nevertheless, such protection does not prevent an attacker from exploiting vulnerabilities at runtime. To detect such attacks, we propose an event-based behavior monitoring a...
Conference Paper
Full-text available
Web-browser security with emphasis on JavaScript security, is one of the important problems of the modern world. The potency of information flow control (IFC) in the context of JavaScript is quite appealing. In this paper, we adopt an earlier technique, Address Split Design (ASD), proposed by Deepak et al. [12]. We propose an alternate data-structu...
Conference Paper
Over time, hardware designs have constantly grown in complexity and modern platforms involve multiple interconnected hardware components. During the last decade, several vulnerability disclosures have proven that trust in hardware can be misplaced. In this article, we give a formal definition of Hardware-based Security Enforcement (HSE) mechanisms,...
Conference Paper
Industrial control systems (ICS) can be subject to highly sophisticated attacks which may lead the process towards critical states. Due to the particular context of ICS, protection mechanisms are not always practical, nor sufficient. On the other hand, developing a process-aware intrusion detection solution with satisfactory alert characterization...
Conference Paper
This work details a hardware-assisted approach for information flow tracking implemented on a reconfigurable chip. Current solutions are either time-consuming or hardly portable (modifications of both sofware/hardware layers). This work takes benefits from debug components included in ARMv7 processors to retrieve details on instructions committed b...
Conference Paper
The security of the web-browser and JavaScript is pivotal in today's world. The potency of information flow control in the context of JavaScript is quite appealing. In this paper, we propose a new secure information flow control model specifically designed for JavaScript. In our approach, we augment the standard symbol table with a mechanism that r...
Article
Network security products, such as NIDS or application firewalls, tend to focus on application level communication flows. However, adding support for new proprietary and often undocumented protocols, implies the reverse engineering of these protocols. Currently, this task is performed manually. Considering the difficulty and time needed for manual...
Article
Dans cet article, nous etudions formellement les flots d'information induits par les executions d'un systeme mettant en oeuvre une politique de controle d'acces. Plus precisement, le modele generique de controle d'acces que nous proposons permet d'identifier deux ensembles de flots : les flots d'information qui sont rendus possibles par les acces a...
Conference Paper
The purpose of this paper is the modelization and simulation of zombie machines for the evaluation of Network Intrusion Detection Systems (NIDS), used to detect botnets. We propose an automatic method to infer zombies behaviours through the analysis of messages exchanged with their masters. Once computed, a model provides a way to generate realisti...
Article
Full-text available
Le choix de Java est souvent guidé par la sécurité qu'il est censé apporter. La plate-forme d'exécution Java assure en effet des propriétés de sécurité permettant notamment de se prémunir contre l'exploitation de la mémoire. Toutefois, de nombreuses vulnérabilités publiques concernent Java, notamment sa bibliothèque standard. Qu'en est-il donc de l...
Article
Full-text available
La sécurité informatique est un enjeu crucial. Elle consiste en premier lieu à définir une politique de sécurité puis à mettre en œuvre cette politique. Les approches préventives comme le contrôle d'accès sont essentielles mais insuffisantes. Il est donc nécessaire de recourir à la détection d'intrusions. En particulier, l'approche de détection d'i...
Conference Paper
Full-text available
This article focuses on intrusion detection in systems using Web applications and COTS. We present a solution that combines policy-based intrusion detection and information flow control. We describe JBlare, an inline Java monitor that tracks inter-method flows in Java applications. This monitor collaborates with Blare, a monitor that tracks informa...

Network

Cited By