Skip to Main content Skip to Navigation
Theses

Sécurité des noyaux de systèmes d'exploitation

Eric Lacombe 1
1 LAAS-TSF - Équipe Tolérance aux fautes et Sûreté de Fonctionnement informatique
LAAS - Laboratoire d'analyse et d'architecture des systèmes
Abstract : This Ph.D thesis addresses the integrity preservation of current operating systems. The main goal is to counter current and future threats coming from malware that infects the kernel of these systems (as kernel rootkits) or at least that provoke a loss of their integrity (as hypervisor rootkits). The first part of this document focuses on such malware. First, logical attacks are presented globally. Then, a classification of malicious actions that lead to the loss of kernel integrity is proposed. Finally, the outcomes of a study on kernel rootkits are given and the creation of an original rootkit is explained. The second part deals with kernel protection. After describing the state of the art, an original approach is proposed, based on the concept of constraint preservation. First, the essential elements which a kernel rests on are identified and the required constraints on these elements for correct kernel operation are exhibited. A lightweight hypervisor (Hytux) has been elaborated to prevent any violation of these constraints by intercepting some actions of the kernel. Its implementation is described for a 64-bit Linux kernel on an x86 architecture that supports the Intel VT-x and VT-d technologies.
Document type :
Theses
Complete list of metadata

Cited literature [147 references]  Display  Hide  Download

https://tel.archives-ouvertes.fr/tel-00462534
Contributor : Arlette Evrard <>
Submitted on : Wednesday, March 10, 2010 - 9:53:15 AM
Last modification on : Thursday, June 10, 2021 - 3:02:19 AM
Long-term archiving on: : Thursday, October 18, 2012 - 4:50:09 PM

Identifiers

  • HAL Id : tel-00462534, version 1

Citation

Eric Lacombe. Sécurité des noyaux de systèmes d'exploitation. Informatique [cs]. INSA de Toulouse, 2009. Français. ⟨tel-00462534⟩

Share

Metrics

Record views

734

Files downloads

10225