Amphithéâtre Maurice Halbwachs, Site Marcelin Berthelot
Open to all
-

Abstract

Computer security is becoming a crucial issue in all countries and in all private and industrial computerized activities, to the extent that attacks on data and systems are ranked as major economic dangers by the World Economic Forum, just behind climatic disasters and natural disasters. The lecture began by analyzing the behavior of the various players : educated and uneducated individuals, CIOs (Chief Information Officers), managers, software and connected object manufacturers, all too often unaware of IT security issues, and of course the highly competent and well-organized attackers. He then presented an anthology of recent large-scale attacks, starting with massive data thefts, which are the main focus of the press, but also intrusions into large computerized systems (energy networks, hospitals, industry) and connected objects (cars, pacemakers, etc.). These latter attacks are particularly dangerous, but remain largely unknown to the general public. The lecture went on to analyze how these attacks work, either by exploiting weaknesses or uncertainties in users, or by exploiting bugs in computerized systems that are often minimal, or hidden channels for obtaining information. He then analyzed the contributions of research, showing how research in number and graph theory, or in mechanized mathematical logic, can increase or even prove the security of critical parts of  systems: efficient and secure encryption methods, encryption key exchange protocols, electronic voting, etc. The lecture ended with an analysis of recent insidious vulnerabilities inside microprocessors (Meltdown, Spectre, etc.).