Formalisation de propriétés de sécurité pour la protection des systèmes d'exploitation

Abstract : The subject of this thesis is to propose an in-depth protection that can be enforced by the operating system. First, we present that current security solutions are weak in the expression of security. Indeed, most of them support only one security properties. We introduce a language that allows to formalize a large set of security properties. This language expresses directs and transitives system activities. It allows to formalize the majority of integrity and confidentiality security properties introduced in the litterature. Moreover, the language can also expresses dynamic security properties. We introduces a new dynamic security model for the protection of multiple security domains managed by a web browser. We define a method to compil our language. The purpose is to analyze the system call done by the users processes. The compilation process build and analyze an information flow graph. Futhermore, we show that the complexity of our protection solution is low. We propose an implementation of this language as a dynamic mandatory access control for Linux. We experiment it on large scale high interaction honeypots. Our protection shows its efficiency both for clients and servers. Moreover, it presents interesting perspectives for the protection of other systems and for the vulnerability analysis. This work has contributed to the SPACLik project that wins the security contest of the French National Research Agency : ANR SEC&SI.
Document type :
Informatique [cs]. Université d'Orléans, 2010. Français. <NNT : 2010ORLE2075>
Contributor : Abes Star <>
Submitted on : Tuesday, September 13, 2011 - 3:12:24 PM
Last modification on : Tuesday, July 8, 2014 - 7:17:53 PM
Document(s) archivé(s) le : Wednesday, December 14, 2011 - 2:31:36 AM




  • HAL Id : tel-00623075, version 1



Jonathan Rouzaud-Cornabas. Formalisation de propriétés de sécurité pour la protection des systèmes d'exploitation. Informatique [cs]. Université d'Orléans, 2010. Français. <NNT : 2010ORLE2075>. <tel-00623075>




Notice views


Document downloads