Skip to Main content Skip to Navigation

Contrôle d'accès obligatoire pour systèmes à objets : défense en profondeur des objets Java

Abstract : Objects based systems are presents everywhere in our life. When such a system presents vulnerabilities, confidentiality and integrity are thus widely compromised. For example, Java is an object language authorizing many cyber-attacks between 2012 and 2013 leading the US department of homeland security to recommend its abandon. This thesis proposes to limit the relations between the objects thanks to a mandatory access control. First, a general model of objects supporting objects and prototypes languages is defined. Second, the elementary relations are formalized in order to control them. Those relations include the reference, interaction and three types of flow (activity, information and data). Automata authorize a logic that enables to compute the required mandatory policy. At the same time, the computation of the MAC policy and the efficiency are solved since the policy is reduced. Experimentations use the JAAS security objectives existing in the Java language. Thus, one year of Java vulnerabilities is prevented thanks to the Metasploit framework.
Document type :
Complete list of metadata

Cited literature [124 references]  Display  Hide  Download
Contributor : ABES STAR :  Contact
Submitted on : Tuesday, May 24, 2016 - 10:02:07 AM
Last modification on : Monday, May 9, 2022 - 5:22:48 PM
Long-term archiving on: : Thursday, August 25, 2016 - 10:30:14 AM


Version validated by the jury (STAR)


  • HAL Id : tel-01320558, version 1


Benjamin Venelle. Contrôle d'accès obligatoire pour systèmes à objets : défense en profondeur des objets Java. Cryptographie et sécurité [cs.CR]. Université d'Orléans, 2015. Français. ⟨NNT : 2015ORLE2023⟩. ⟨tel-01320558⟩



Record views


Files downloads