le processus en espace utilisateur est tout à fait capable de réaliser les traitements dans le cas d'autres systèmes. Notre approche a montré son efficacité pour formaliser des modèles de protection dynamique ,
Il est donc envisageable de définir différents modèles de protection dynamique adaptée à des contextes particuliers Nous avons proposé un nouveau modèle Mais il est tout à fait possible d'en définir de nouveaux pour supporter d'autres usages Notre approche est applicable à l'analyse de programmes ou d'activités malicieuses. C'est ce que nous avons montré dans le cadre du pot de miel client. Il semble possible d'élargir cette approche pour qu'elle puisse être intégrée dans le cadre de laboratoires d'analyse virologique. Dans ce cadre, nous pourrions fournir un environnement d'exécution contrôlé pour les virus, qui permette à la fois d'empêcher la propagation des virus tout en les caractérisant par leur impact sur le système au moyen de nos propriétés de sécurité. Ainsi, non seulement ,
Role-based authorization constraints specification, ACM Trans. Inf. Syst. Secur, vol.3, issue.4, pp.207-226, 2000. ,
The Extended Schematic Protection Model, Journal of Computer Security, vol.1, issue.3-4, pp.3-4335, 1992. ,
DOI : 10.3233/JCS-1992-13-408
Composing system integrity using I/O automata, Tenth Annual Computer Security Applications Conference, pp.34-43, 1994. ,
DOI : 10.1109/CSAC.1994.367321
Computer security threat monitoring and surveillance Défi de sécurité ANR SEC&SI. http://goo.gl/obXf A domain and type enforcement UNIX prototype Dynamic enforcement of abstract separation of duty constraints, Proceedings of the 5th USENIX UNIX Security Symposium ESORICS'09 : Proceedings of the 14th European conference on Research in computer security, pp.127-140, 1980. ,
More enforceable security policies Secure computer systems : Mathematical foundations and model, Foundations of Computer Security, 1973. ,
Integrity considerations for secure computer systems, 1975. ,
A practical alternative to hierarchical integrity policies The chinese wall security policy, The 8th National Computer Security Conference Security and Privacy IEEE Symposium on, pp.18-27, 1985. ,
The Chinese Wall security policy, Proceedings. 1989 IEEE Symposium on Security and Privacy, pp.206-214, 1989. ,
DOI : 10.1109/SECPRI.1989.36295
Formalisation et garantie de propriétés de sécurité système : application à la détection d'intrusions, 2007. ,
Formalization of security properties : enforcement for MAC operating systems and verification of dynamic MAC policies, International journal on advances in security, vol.2, issue.4, pp.325-343, 2009. ,
URL : https://hal.archives-ouvertes.fr/hal-00464773
SEC&SI : Un défi pour la réalisation d'un système d'exploitation cloisonné et sécurisé pour l'Internaute : Le Projet SPACLik, Symposium sur la Sécurité des Technologies de l'Information et de la Communication, 2009. ,
A type system for data-flow integrity on Windows Vista, ACM SIGPLAN Notices, issue.12, p.439, 2009. ,
Mops : an infrastructure for examining security properties of software, CCS '02 : Proceedings of the 9th ACM conference on Computer and communications security, pp.235-244, 2002. ,
A Comparison of Commercial and Military Computer Security Policies, Proc. IEEE Symp. Computer Security and Privacy, pp.184-194, 1987. ,
Dytan, Proceedings of the 2007 international symposium on Software testing and analysis, ISSTA '07, pp.196-206, 2007. ,
DOI : 10.1145/1273463.1273490
Detection and analysis of driveby-download attacks and malicious javascript code, WWW '10 : Proceedings of the 19th international conference on World wide web, pp.281-290, 2010. ,
Raceguard : kernel protection from temporary file race vulnerabilities, SSYM'01 : Proceedings of the 10th conference on USENIX Security Symposium, pp.13-13, 2001. ,
Raksha : a flexible information flow architecture for software security, ISCA '07 : Proceedings of the 34th annual international symposium on Computer architecture, pp.482-493, 2007. ,
Real-world buffer overflow protection for userspace & kernelspace, SS'08 : Proceedings of the 17th conference on Security symposium, pp.395-410, 2008. ,
Manageable fine-grained information flow, ACM SIGOPS Operating Systems Review, vol.42, issue.4, pp.301-313, 2008. ,
DOI : 10.1145/1357010.1352624
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.154.2269
Role-based access controls, 15th National Computer Security Conference, pp.554-563, 1992. ,
Classification of security properties (part i : Information flow), 2001. ,
A nonfunctional approach to system integrity. Selected Areas in Communications, IEEE Journal on, vol.21, issue.1, pp.36-43, 2003. ,
A security model of dynamic labeling providing a tiered approach to verification, SP '96 : Proceedings of the 1996 IEEE Symposium on Security and Privacy, p.142, 1996. ,
Computer immunology, Communications of the ACM, vol.40, issue.10, pp.88-96, 1997. ,
DOI : 10.1145/262793.262811
LOMAC: Low Water-Mark integrity protection for COTS environments, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000, pp.230-245, 2000. ,
DOI : 10.1109/SECPRI.2000.848460
Ensuring continuity during dynamic security policy reconfiguration in DTE, Proceedings. 1998 IEEE Symposium on Security and Privacy (Cat. No.98CB36186), pp.15-26, 1998. ,
DOI : 10.1109/SECPRI.1998.674820
Security Policies and Security Models, 1982 IEEE Symposium on Security and Privacy, pp.11-20, 1982. ,
DOI : 10.1109/SP.1982.10014
Verifying information flow goals in Security-Enhanced Linux, Journal of Computer Security, vol.13, issue.1, pp.115-134, 2005. ,
DOI : 10.3233/JCS-2005-13105
Protection in operating systems, Communications of the ACM, vol.19, issue.8, pp.461-471, 1976. ,
DOI : 10.1145/360303.360333
Trusted declassification:, Proceedings of the 2006 workshop on Programming languages and analysis for security , PLAS '06, pp.65-74, 2006. ,
DOI : 10.1145/1134744.1134757
From trusted to secure : building and executing applications that enforce system security, ATC'07 : 2007 USENIX Annual Technical Conference on Proceedings of the USENIX Annual Technical Conference, pp.1-14, 2007. ,
TrustedBox: a kernel-level integrity checker, Proceedings 15th Annual Computer Security Applications Conference (ACSAC'99), pp.189-198, 1999. ,
DOI : 10.1109/CSAC.1999.816027
The basic integrity theorem, Proceedings Computer Security Foundations Workshop IV, pp.89-97, 1991. ,
DOI : 10.1109/CSFW.1991.151573
Practical safety in flexible access control models, ACM Transactions on Information and System Security, vol.4, issue.2, pp.158-190, 2001. ,
DOI : 10.1145/501963.501966
Detecting past and present intrusions through vulnerability-specific predicates, SOSP '05 : Proceedings of the twentieth ACM symposium on Operating systems principles, pp.91-104, 2005. ,
DOI : 10.1145/1095809.1095820
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.81.29
Dynamic access control through Petri net workflows, Proceedings 16th Annual Computer Security Applications Conference (ACSAC'00), p.159, 2000. ,
DOI : 10.1109/ACSAC.2000.898869
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.22.8936
Automated detection of vulnerabilities in privileged programs by execution monitoring, Tenth Annual Computer Security Applications Conference, pp.134-144, 1994. ,
DOI : 10.1109/CSAC.1994.367313
Noninterference and intrusion detection, Proceedings 2002 IEEE Symposium on Security and Privacy, pp.177-187, 2002. ,
DOI : 10.1109/SECPRI.2002.1004370
Execution monitoring of securitycritical programs in distributed systems : A specification-based approach, pp.175-187, 1997. ,
Noninterference for a practical difcbased operating system, SP '09 : Proceedings of the 2009 30th IEEE Symposium on Security and Privacy, pp.61-76, 2009. ,
Mutual exclusion of roles as a means of implementing separation of duty in role-based access control systems, Proceedings of the second ACM workshop on Role-based access control , RBAC '97, pp.23-30, 1997. ,
DOI : 10.1145/266741.266749
Dynamic protection structures, Proceedings of the November 18-20, 1969, fall joint computer conference on, AFIPS '69 (Fall), pp.27-38, 1969. ,
DOI : 10.1145/1478559.1478563
Protection, The 5th Symposium on Information Sciences and Systems, pp.437-443, 1971. ,
DOI : 10.1145/775265.775268
A note on the confinement problem, Communications of the ACM, vol.16, issue.10, pp.613-615, 1973. ,
DOI : 10.1145/362375.362389
Using mandatory integrity to enforce 'commercial' security, Proceedings. 1988 IEEE Symposium on Security and Privacy, pp.140-146, 1988. ,
DOI : 10.1109/SECPRI.1988.8106
Detection of file-based race conditions, International Journal of Information Security, vol.pages, issue.1-2, pp.105-119, 2005. ,
DOI : 10.1007/s10207-004-0068-2
Usable Mandatory Integrity Protection for Operating Systems, 2007 IEEE Symposium on Security and Privacy (SP '07), pp.164-178, 2007. ,
DOI : 10.1109/SP.2007.37
On mutually exclusive roles and separation-of-duty, ACM Transactions on Information and System Security, vol.10, issue.2, p.5, 2007. ,
DOI : 10.1145/1237500.1237501
Enforcing Mandatory Integrity Protection in Operating System, ICCNMC '01 : Proceedings of the 2001 International Conference on Computer Networks and Mobile Computing (ICCNMC'01), p.435, 2001. ,
Chinese wall security policy-an aggressive model, [1989 Proceedings] Fifth Annual Computer Security Applications Conference, pp.282-289, 1989. ,
DOI : 10.1109/CSAC.1989.81064
Chinese wall security model and conflict analysis, pp.122-127, 2000. ,
Chinese wall security policy-revisited a short proof, 2007 IEEE International Conference on Systems, Man and Cybernetics, pp.3027-3028, 2007. ,
DOI : 10.1109/ICSMC.2007.4414179
Granular computing and flow analysis on discretionary access control: Solving the propagation problem, 2009 IEEE International Conference on Systems, Man and Cybernetics, pp.2965-2971, 2009. ,
DOI : 10.1109/ICSMC.2009.5345955
The Inevitability of Failure : The Flawed Assumption of Security in Modern Computing Environments, Proceedings of the 21st National Information Systems Security Conference, pp.303-314, 1998. ,
Trojan horse resistant discretionary access control, Proceedings of the 14th ACM symposium on Access control models and technologies, SACMAT '09, pp.237-246, 2009. ,
DOI : 10.1145/1542207.1542244
Secure applications need flexible operating systems The Sixth Workshop on Hot Topics in, In Operating Systems, pp.56-61, 1997. ,
Operating system integrity in OS/VS2, IBM Systems Journal, vol.13, issue.3, pp.230-252, 1974. ,
DOI : 10.1147/sj.133.0230
Kernel and shell based applications integrity assurance, Proceedings 13th Annual Computer Security Applications Conference, p.34, 1997. ,
DOI : 10.1109/CSAC.1997.646171
On the complexity of event ordering for shared-memory parallel program executions, Proceedings of the 1990 International Conference on Parallel Processing, pp.93-97, 1990. ,
What are race conditions?: Some issues and formalizations, ACM Letters on Programming Languages and Systems, vol.1, issue.1, pp.74-88, 1992. ,
DOI : 10.1145/130616.130623
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.145.1099
Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software, Proceedings of the Network and Distributed System Security Symposium, 2005. ,
A process state-transition analysis and its application to intrusion detection, Proceedings 15th Annual Computer Security Applications Conference (ACSAC'99), p.378, 1999. ,
DOI : 10.1109/CSAC.1999.816050
The role graph model and conflict of interest, ACM Transactions on Information and System Security, vol.2, issue.1, pp.3-33, 1999. ,
DOI : 10.1145/300830.300832
The ghost in the browser analysis of web-based malware, HotBots'07 : Proceedings of the first conference on First Workshop on Hot Topics in Understanding Botnets, pp.4-4, 2007. ,
LIFT: A Low-Overhead Practical Information Flow Tracking System for Detecting Security Attacks, 2006 39th Annual IEEE/ACM International Symposium on Microarchitecture (MICRO'06), pp.135-148, 2006. ,
DOI : 10.1109/MICRO.2006.29
Application security support in the operating system kernel, Proceedings of the 2006 ACM Symposium on Information, computer and communications security , ASIACCS '06, pp.201-211, 2006. ,
DOI : 10.1145/1128817.1128848
Trusted path execution for the linux 2.6 kernel as a linux security module, ATEC '04 : Proceedings of the annual conference on USENIX Annual Technical Conference, pp.34-34, 2004. ,
An Information Flow Approach for Preventing Race Conditions : Dynamic Protection of the Linux OS, Fourth International Conference on Emerging Security Information, Systems and Technologies SECURWARE'10, pp.11-16, 2010. ,
URL : https://hal.archives-ouvertes.fr/hal-00474156
The bell and la padula security model Language-based informationflow security. Selected Areas in Communications, IEEE Journal on, vol.21, issue.1, pp.5-19, 1984. ,
The protection of information in computer systems, Proceedings of the IEEE, vol.63, issue.9, pp.1278-1308, 1975. ,
DOI : 10.1109/PROC.1975.9939
Separation of duties in computerized information systems, IFIP WG11.3 Workshop on Database Security, 1990. ,
A lattice interpretation of the Chinese Wall policy, Proceedings of the 15th NIST-NCSC National Computer Security Conference, pp.329-339, 1992. ,
The schematic protection model: its definition and analysis for acyclic attenuating schemes, Journal of the ACM, vol.35, issue.2, pp.404-432, 1988. ,
DOI : 10.1145/42282.42286
The typed access matrix model, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy, pp.122-136, 1992. ,
DOI : 10.1109/RISP.1992.213266
Experience with transactions in quicksilver, SOSP '91 : Proceedings of the thirteenth ACM symposium on Operating systems principles, pp.239-253, 1991. ,
Enforceable security policies, ACM Transactions on Information and System Security, vol.3, issue.1, pp.30-50, 2000. ,
DOI : 10.1145/353323.353382
Model Checking An Entire Linux Distribution for Security Violations, 21st Annual Computer Security Applications Conference (ACSAC'05), pp.13-22, 2005. ,
DOI : 10.1109/CSAC.2005.39
On preventing intrusions by process behavior monitoring, Proceedings of the Workshop on Intrusion Detection and Network Monitoring, pp.29-40, 1999. ,
A specification-based approach for building survivable systems, Proc. 21st NIST-NCSC National Information Systems Security Conference, pp.338-347, 1998. ,
Separation of duty in role-based environments, Proceedings 10th Computer Security Foundations Workshop, p.183, 1997. ,
DOI : 10.1109/CSFW.1997.596811
DRACULA: Detector of Data Races in Signals Handlers, 2008 15th Asia-Pacific Software Engineering Conference, pp.17-24, 2008. ,
DOI : 10.1109/APSEC.2008.25
Specifying and Enforcing a Fine-Grained Information Flow Policy : Model and Experiments, Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications, p.56, 2010. ,
URL : https://hal.archives-ouvertes.fr/hal-00516672
Portably solving file tocttou races with hardness amplification, FAST'08 : Proceedings of the 6th USENIX Conference on File and Storage Technologies, pp.1-18, 2008. ,
Dynamic detection and prevention of race conditions in file accesses, SSYM'03 : Proceedings of the 12th conference on USENIX Security Symposium, pp.17-17, 2003. ,
Preventing race condition attacks on file-systems, Proceedings of the 2005 ACM symposium on Applied computing , SAC '05, pp.346-353, 2005. ,
DOI : 10.1145/1066677.1066758
Experiences with specificationbased intrusion detection, Recent Advances in Intrusion Detection, 4th International Symposium Proceedings, pp.172-189, 2001. ,
Constraint satisfaction in logic programming, 1989. ,
Labels and event processes in the Asbestos operating system, ACM Transactions on Computer Systems, vol.25, issue.4, p.11, 2007. ,
DOI : 10.1145/1314299.1314302
Precip : Towards practical and retrofittable confidential information protection, NDSS, 2008. ,
An analysis of covert timing channels, pp.2-7, 1991. ,
Extending ACID semantics to the file system, ACM Transactions on Storage, vol.3, issue.2, p.4, 2007. ,
DOI : 10.1145/1242520.1242521
Panorama, Proceedings of the 14th ACM conference on Computer and communications security , CCS '07, pp.116-127, 2007. ,
DOI : 10.1145/1315245.1315261
Making information flow explicit in HiStar, OSDI '06 : Proceedings of the 7th USENIX Symposium on Operating Systems Design and Implementation, pp.19-19, 2006. ,
DOI : 10.1145/2018396.2018419
une de ces régles n'est pas respectée Un niveau d'intégrité est défini pour chaque contexte. Dans notre modélisation, le niveau d'intégrité a pour forme un label supplémentaire sur chaque contexte Afin de faciliter l'utilisation des niveaux d'intégrité, nous introduisons une fonction int(cs) qui retourne le niveau d'intégrité du contexte : int : CS ? N. Les niveaux d'intégrité sont fixés par l'administrateur, Nous utilisons la fonction int() ainsi que les trois régles de Biba pour modéliser la propriété ,