Section: Contracts and Grants with Industry
Participants : Olivier Festor [ contact ] , Jérôme Francois.
January 2009 - December 2011
INRIA, EURECOM, Symantec Labs, Orange Labs
VAMPIRE is a collaborative project which aims at providing the conceptual approaches and the practical solutions to detect and manage vulnerabilities in the current and future Internet.
The project targets the development of advanced vulnerability discovery methods based on :
smart fault injection -fuzzing-
stateful and automated fuzzing and
passive host-level attack detection.
The project particularly targets IMS and VoIP services and infrastructures. The major research activities undertaken in the VAMPIRE project will be to build a theory of fuzzing and vulnerability monitoring capable to provide both quantitative and qualitative indicators, as well as to provide a structured approach capable to deal efficiently with unknown applications/services.
VAMPIRE is funded by the French National Research Agency (ANR) under contract no. ANR-08-VERS-017. INRIA is leading the project. In the first year, the project did make major progress on identification of unknown protocols, feedback-based fuzzing as well as on IMS and VoIP fuzzing. Several vulnerabilities have been discovered in multiple implementations tested within the project.