Formalisation et garantie de propriétés de sécurité système : application à la détection d'intrusions

Abstract : In this thesis, we are interested in the guaranty of the properties of integrity and confidentiality of an information system. We first of all propose a language of description of the system activities used as a basis for the definition of a set of security properties. This language rests on a notion of causal dependence between system calls and on operators of correlation. Thanks to this language, we can define all the system security properties classically met in the literature, extend these properties and propose news of them. In order to guaranty the respect of these properties, an implementation of this language is presented. We prove that this implementation captures all the dependences perceptible by a system. This method thus makes it possible to enumerate the whole of the possible violations of the properties expressed by our language. Our solution exploits the definition of an access control policy in order to compute various graphs. These graphs contain the terminals of the language and make it possible to guaranty the respect of the properties. We then use this method to provide a system of detection of intrusions which detects the effective violations of the properties. The tool can re-use the access control policies available for various target systems DAC (Windows, Linux) or MAC such as SELinux and grsecurity. This tool was tested on a honeypot during several months and makes it possible to detect the violations of the desired properties.
Liste complète des métadonnées

https://tel.archives-ouvertes.fr/tel-00261613
Contributor : Jérémy Briffaut <>
Submitted on : Friday, March 7, 2008 - 4:25:19 PM
Last modification on : Thursday, January 17, 2019 - 3:06:04 PM
Document(s) archivé(s) le : Friday, September 28, 2012 - 10:56:25 AM

Identifiers

  • HAL Id : tel-00261613, version 1

Citation

Jérémy Briffaut. Formalisation et garantie de propriétés de sécurité système : application à la détection d'intrusions. Autre [cs.OH]. Université d'Orléans, 2007. Français. ⟨tel-00261613⟩

Share

Metrics

Record views

597

Files downloads

2625