Olivier Levillain scite author profile

Cybersecurity education and training are essential prerequisites of achieving a secure and privacy-friendly digital environment. Both professionals and the general public widely acknowledge the need for high-quality university education programs and professional training courses. However, guides, recommendations, practical tools, and good examples that could help institutions design appropriate cybersecurity programs are still missing. In particular, a comprehensive method to identify skills needed by cybersecurity work roles offered on the job market is missing. This paper aims to provide practical tools and strategies to help higher education providers design good cybersecurity curricula. First, we analyze the content of 89 existing study programs worldwide, collect recommendations of renowned institutions within and outside the EU, and provide a comprehensive survey accompanied by a dynamic web application called Education Map. Based on the knowledge about the current state in cybersecurity education, we design the SPARTA Cybersecurity Skills Framework that provides the currently missing link between work roles and required expertise and shows how to develop a curriculum that reflects job market requirements. Finally, we provide a practical tool that implements the framework and helps education and training providers design new study programs and analyze existing ones by considering the requirements of cybersecurity work roles.

show abstract

Analysis of QUIC Session Establishment and Its Implementations

Gagliardi

Levillain

2020

View full text Add to dashboard Cite

In the recent years, the major web companies have been working to improve the user experience and to secure the communications between their users and the services they provide. QUIC is such an initiative, and it is currently being designed by the IETF. In a nutshell, QUIC originally intended to merge features from TCP/SCTP, TLS 1.3 and HTTP/2 into one big protocol. The current specification proposes a more modular definition, where each feature (transport, cryptography, application, packet reemission) are defined in separate internet drafts. We studied the QUIC internet drafts related to the transport and cryptographic layers, from version 18 to version 23, and focused on the connection establishment with existing implementations. We propose a first implementation of QUIC connection establishment using Scapy, which allowed us to forge a critical opinion of the current specification, with a special focus on the induced difficulties in the implementation. With our simple stack, we also tested the behaviour of the existing implementations with regards to security-related constraints (explicit or implicit) from the internet drafts. This gives us an interesting view of the state of QUIC implementations.

show abstract

Caradoc: A Pragmatic Approach to PDF Parsing and Validation

Endignoux

Levillain

Migeon

2016

View full text Add to dashboard Cite

PDF has become a de facto standard for exchanging electronic documents, for visualization as well as for printing. However, it has also become a common delivery channel for malware, and previous work has highlighted features that lead to security issues. In our work, we focus on the structure of the format, independently from specific features. By methodically testing PDF readers against hand-crafted files, we show that the interpretation of PDF files at the structural level may cause some form of denial of service, or be ambiguous and lead to rendering inconsistencies among readers. We then propose a pragmatic solution by restricting the syntax to avoid common errors, and propose a formal grammar for it. We explain how data consistency can be validated at a finer-grained level using a dedicated type checker. Finally, we assess this approach on a set of real-world files and show that our proposals are realistic.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.