Skip to Main content Skip to Navigation
Theses

Génération et évaluation de mécanismes de détection des intrusions au niveau applicatif

Jonathan-Christofer Demay 1, 2
1 CIDRE - Confidentialité, Intégrité, Disponibilité et Répartition
CentraleSupélec, Inria Rennes – Bretagne Atlantique , IRISA-D1 - SYSTÈMES LARGE ÉCHELLE
Abstract : The most common anomaly detection mechanisms at application level consists in detecting a deviation of the control-flow of a program. A popular method to detect such anomaly is the use of application sequences of system calls. However, such methods do not detect mimicry attacks or attacks against the integrity of the system call parameters. These kinds of attacks can be achieved by targeting non-control-data items used by the process. To enhance such detection mechanisms, we propose an approach to detect in the application the corruption of non-control-data items that have an influence on the system calls. This approach consists in building automatically a data-oriented behaviour model of an application by static analysis of its source code. We have implemented our approach in a detection mecanism that targets applications written in C. This implementation is used to illustrate the proposed approach on various examples. To further evaluate our detection mecanism, we also propose an approach to simulate attacks that target non-control-data items. This approach consists in building a fault model that reproduces the internal state of an application after such an attack. We have implemented an evaluation platform using our fault model together with an injection mecanism. This plateform is used to perform an injection campaign on two examples in order to evaluate the detection capabilities of our data-oriented behaviour model.
Complete list of metadatas

Cited literature [104 references]  Display  Hide  Download

https://tel.archives-ouvertes.fr/tel-00659694
Contributor : Anne Cloirec <>
Submitted on : Friday, January 13, 2012 - 2:17:17 PM
Last modification on : Friday, April 10, 2020 - 2:11:39 AM
Document(s) archivé(s) le : Monday, November 19, 2012 - 1:35:33 PM

Identifiers

  • HAL Id : tel-00659694, version 1

Citation

Jonathan-Christofer Demay. Génération et évaluation de mécanismes de détection des intrusions au niveau applicatif. Cryptographie et sécurité [cs.CR]. Université Rennes 1, 2011. Français. ⟨tel-00659694⟩

Share

Metrics

Record views

753

Files downloads

2524