Formalisation de propriétés de sécurité pour la protection des systèmes d'exploitation

Abstract : The subject of this thesis is to propose an in-depth protection that can be enforced by the operating system. First, we present that current security solutions are weak in the expression of security. Indeed, most of them support only one security properties. We introduce a language that allows to formalize a large set of security properties. This language expresses directs and transitives system activities. It allows to formalize the majority of integrity and confidentiality security properties introduced in the litterature. Moreover, the language can also expresses dynamic security properties. We introduces a new dynamic security model for the protection of multiple security domains managed by a web browser. We define a method to compil our language. The purpose is to analyze the system call done by the users processes. The compilation process build and analyze an information flow graph. Futhermore, we show that the complexity of our protection solution is low. We propose an implementation of this language as a dynamic mandatory access control for Linux. We experiment it on large scale high interaction honeypots. Our protection shows its efficiency both for clients and servers. Moreover, it presents interesting perspectives for the protection of other systems and for the vulnerability analysis. This work has contributed to the SPACLik project that wins the security contest of the French National Research Agency : ANR SEC&SI.
Document type :
Theses
Computer Science [cs]. Université d'Orléans, 2010. French. <NNT : 2010ORLE2075>


https://tel.archives-ouvertes.fr/tel-00623075
Contributor : Abes Star <>
Submitted on : Tuesday, September 13, 2011 - 3:12:24 PM
Last modification on : Tuesday, July 8, 2014 - 7:17:53 PM

File

jonathan.rouzaudcornabas_2180_...
fileSource_public_star

Identifiers

  • HAL Id : tel-00623075, version 1

Collections

Citation

Jonathan Rouzaud-Cornabas. Formalisation de propriétés de sécurité pour la protection des systèmes d'exploitation. Computer Science [cs]. Université d'Orléans, 2010. French. <NNT : 2010ORLE2075>. <tel-00623075>

Export

Share

Metrics

Consultation de
la notice

376

Téléchargement du document

181