De sécurité de l'information à la sécurité Ontological

par Aisling Connolly

Projet de thèse en Informatique

Sous la direction de David Naccache.

Thèses en préparation à Paris Sciences et Lettres , dans le cadre de École doctorale de Sciences mathématiques de Paris Centre (Paris) , en partenariat avec LIENS - Laboratoire d'informatique de l'École normale supérieure (laboratoire) et de École normale supérieure (Paris ; 1985-....) (établissement de préparation de la thèse) depuis le 01-10-2015 .


  • Résumé

    A brief look at any “good” cryptographic paper reveals that cryptographers rarely consider the meaning or even the structure of protected data. When a message is signed, hashed or encrypted, data is considered as raw bits fed into functions. Interestingly, cryptographers consider this low-level treatment as a virtue rather than a limitation because cryptographic algorithms do not assume anything about the structure of the data that they process. Information security specialists work at a higher abstraction level and devise methods to protect structured information. For instance, SQL injections target database entries, Java bytecode verifiers check type semantics and antiviruses analyze executable programs. We believe that protecting data and information will start to become insufficient as we move into an era of ontology and knowledge. As we write these lines, ontologies already allow autonomous cars to make driving decisions. Ontologies also entrust computers with the authority to make important financial decisions. Hence, it appears necessary to start formalizing the foundations of ontological security. Here the adversary does not necessarily want to access data or corrupt information but to maliciously modify inferred knowledge. Little seems to exist in this area today. In addition to setting the foundations of ontological security, I plan to build upon work currently being investigated by two students at ENS, in which they investigate methods to try to protect knowledge by relying on the assumption that if the syntactic tree of a message is revealed, little can be inferred about the message. I plan to add to this by further reducing knowledge by exploiting any transform mapping of natural integers to knowledge.

  • Titre traduit

    From Information Security to Ontological Security


  • Résumé

    A brief look at any “good” cryptographic paper reveals that cryptographers rarely consider the meaning or even the structure of protected data. When a message is signed, hashed or encrypted, data is considered as raw bits fed into functions. Interestingly, cryptographers consider this low-level treatment as a virtue rather than a limitation because cryptographic algorithms do not assume anything about the structure of the data that they process. Information security specialists work at a higher abstraction level and devise methods to protect structured information. For instance, SQL injections target database entries, Java bytecode verifiers check type semantics and antiviruses analyze executable programs. We believe that protecting data and information will start to become insufficient as we move into an era of ontology and knowledge. As we write these lines, ontologies already allow autonomous cars to make driving decisions. Ontologies also entrust computers with the authority to make important financial decisions. Hence, it appears necessary to start formalizing the foundations of ontological security. Here the adversary does not necessarily want to access data or corrupt information but to maliciously modify inferred knowledge. Little seems to exist in this area today. In addition to setting the foundations of ontological security, I plan to build upon work currently being investigated by two students at ENS, in which they investigate methods to try to protect knowledge by relying on the assumption that if the syntactic tree of a message is revealed, little can be inferred about the message. I plan to add to this by further reducing knowledge by exploiting any transform mapping of natural integers to knowledge.