Inria launches the first French high security academic research laboratory
Located at the heart of Inria’s Nancy-Grand Est centre, the high security computing laboratory (LHS) is aimed at hosting decisive research work for making networks, Internet exchanges and associated telecommunications equipment safe. Alongside its partners, Inria is today inaugurating this completely new research facility. The LHS provides the technological and regulatory framework needed for scientific advances that accompany developments in our technological society. Open to industrial partners, the laboratory also represents a favourable opportunity for reliability tests that are needed before various technological products or solutions can be put on the market.
A completely new facility to support leading-edge computing security work
Placed in an enclosed environment with an insulated Internet network and with access protected by biometric recognition, the laboratory offers a reliable technological and regulatory framework for conducting sensitive tests and operations. It has been designed for guaranteeing the security of the data, phenomena and equipment being analysed.
It comprises three distinct areas:
- working room for researchers;
- cluster room equipped with three units:
- a virtual telescope which picks up malicious codes and signs of attacks and which enables Internet probe experiments;
- a "test-tube" sealed network which allows sensitive experiments, such as analysing malicious codes, to be run without running the risk of contaminating the entire network;
- a production unit for distributing the tools developed in the LHS: anti-virus, analysis tools etc ;
- "red" room. Not connected to the network, this room enables the handling of very sensitive information and data. This room receives equipment or material to be studied in total confidentiality as part of partnerships with industry.
Three major areas of expertise: virology, network analysis and protection, and detection of weaknesses in communicating systems:
- Virology: how can tomorrow’s viruses be recognised?
- Network supervision: how to analyse and make network exchanges safe?
- Detection of vulnerabilities in communicating systems: enabling industry to conduct reliability tests
Virology: how can tomorrow’s viruses be recognised?
Researchers from the CARTE team analyse malicious codes and develop the anti-virus solutions of the future.
They have updated a new method for detecting viruses which takes into account a fundamental parameter: the capacity of the virus to mutate, like a living virus. Awarded a prize in the 2009 national competition to encourage innovative technology businesses in the “Emerging” category, their technique allows the virus’ signature or skeleton to be extracted, namely the bit of the programme that does not change despite the mutations.
"This outcome enables more effective anti-virus programmes to be envisaged because they are capable of recognising viruses even once they have mutated. There are other scientific challenges to be faced, such as updating methods for identifying new viruses for which we do not understand the skeleton! With the LHS, we have the environment we need to run our tests in the future", emphasises Jean-Yves Marion, the CARTE team’s director.
In addition, the CARTE team is working on neutralising botnets, networks of infected computers which are used for sending out spam and which could also be used for attacking Internet services. The researchers are also taking an interest in other vulnerable technological platforms such as telephones and on-board systems (e.g. cars etc.)
Network supervision: how to analyse and make network exchanges safe?
Researches from the MADYNES team are studying major communication systems to understand their functioning and to put analysis and control systems in place, notably for combating security faults.
Some of their latest results: the design of an algorithm enabling probes to be placed on a large network pair by pair and allowing activity on this network to be observed. Researchers have succeeded in analysing the traffic on a network with 4 million machines by placing around twenty probes and without having to make use of large calculation capacities.
"Several areas of application have already been envisaged, notably as part of the ANR MAPE programme, to help the appropriate authorities in their fight against cyber crime”, highlights Olivier Festor, the team’s director.
Detection of vulnerabilities in communicating systems: enabling industry to conduct reliability tests
In the design and certification phase, equipment manufacturers need to be able to test their equipment’s reliability and to evaluate its resistance to different types of attacks or threats.
With an insulated Internet network and ultra-secure equipment, the LHS is a perfect place for conducting these types of tests.
Amongst the identified risks, there are notably, Internet telephone services. In this field, researchers from the MADYNES team have produced an up-to-date software suite called KIF, which allows Internet telephone weaknesses to be detected automatically.
A COMPLETELY NEW STRUCTURE IN FRANCE INVOLVING NEW PARTNERS
A completely new structure in France involving many partners The high security computing laboratory of Inria’s Nancy-Grand Est Centre has been helped by funding from the FEDER (European Fund for Regional Development), the Region of Lorraine, the Greater Nancy Metropolitan District and the Ministry for Higher Education and Research via the Regional Research and Technology Delegation. Business research has been undertaken in partnership with universities in Lorraine, the CNRS (French National Centre for Scientific Research
A public science and technology institution, supervised by the French Ministries of Research and Industry. Annual budget (2009): €217 million, 21% of which represents its own resources. Regional research centres: Paris - Rocquencourt, Sophia Antipolis – Méditerranée, Grenoble – Rhône-Alpes, Nancy – Grand Est, Rennes – Bretagne Atlantique, Bordeaux – Sud Ouest, Lille – Nord Europe, Saclay – Île-de-France. 3,150 researchers, including more than 1,000 PhD students, working within more than 170 project-teams, the majority of which are shared with other bodies, Grandes Ecoles and universities. 80 associate teams worldwide. Around one hundred businesses created since 1984.