, le processus en espace utilisateur est tout à fait capable de réaliser les traitements dans le cas d'autres systèmes. Notre approche a montré son efficacité pour formaliser des modèles de protection dynamique
, Il est donc envisageable de définir différents modèles de protection dynamique adaptée à des contextes particuliers Nous avons proposé un nouveau modèle Mais il est tout à fait possible d'en définir de nouveaux pour supporter d'autres usages Notre approche est applicable à l'analyse de programmes ou d'activités malicieuses. C'est ce que nous avons montré dans le cadre du pot de miel client. Il semble possible d'élargir cette approche pour qu'elle puisse être intégrée dans le cadre de laboratoires d'analyse virologique. Dans ce cadre, nous pourrions fournir un environnement d'exécution contrôlé pour les virus, qui permette à la fois d'empêcher la propagation des virus tout en les caractérisant par leur impact sur le système au moyen de nos propriétés de sécurité. Ainsi, non seulement
, Role-based authorization constraints specification, ACM Trans. Inf. Syst. Secur, vol.3, issue.4, pp.207-226, 2000.
, The Extended Schematic Protection Model, Journal of Computer Security, vol.1, issue.3-4, pp.3-4335, 1992.
DOI : 10.3233/JCS-1992-13-408
, Composing system integrity using I/O automata, Tenth Annual Computer Security Applications Conference, pp.34-43, 1994.
DOI : 10.1109/CSAC.1994.367321
, Computer security threat monitoring and surveillance Défi de sécurité ANR SEC&SI. http://goo.gl/obXf A domain and type enforcement UNIX prototype Dynamic enforcement of abstract separation of duty constraints, Proceedings of the 5th USENIX UNIX Security Symposium ESORICS'09 : Proceedings of the 14th European conference on Research in computer security, pp.127-140, 1980.
, More enforceable security policies Secure computer systems : Mathematical foundations and model, Foundations of Computer Security, 1973.
, Integrity considerations for secure computer systems, 1975.
, A practical alternative to hierarchical integrity policies The chinese wall security policy, The 8th National Computer Security Conference Security and Privacy IEEE Symposium on, pp.18-27, 1985.
, The Chinese Wall security policy, Proceedings. 1989 IEEE Symposium on Security and Privacy, pp.206-214, 1989.
DOI : 10.1109/SECPRI.1989.36295
, Formalisation et garantie de propriétés de sécurité système : application à la détection d'intrusions, 2007.
, Formalization of security properties : enforcement for MAC operating systems and verification of dynamic MAC policies, International journal on advances in security, vol.2, issue.4, pp.325-343, 2009.
URL : https://hal.archives-ouvertes.fr/hal-00464773
, SEC&SI : Un défi pour la réalisation d'un système d'exploitation cloisonné et sécurisé pour l'Internaute : Le Projet SPACLik, Symposium sur la Sécurité des Technologies de l'Information et de la Communication, 2009.
, A type system for data-flow integrity on Windows Vista, ACM SIGPLAN Notices, issue.12, p.439, 2009.
, Mops : an infrastructure for examining security properties of software, CCS '02 : Proceedings of the 9th ACM conference on Computer and communications security, pp.235-244, 2002.
, A Comparison of Commercial and Military Computer Security Policies, Proc. IEEE Symp. Computer Security and Privacy, pp.184-194, 1987.
, Dytan, Proceedings of the 2007 international symposium on Software testing and analysis, ISSTA '07, pp.196-206, 2007.
DOI : 10.1145/1273463.1273490
, Detection and analysis of driveby-download attacks and malicious javascript code, WWW '10 : Proceedings of the 19th international conference on World wide web, pp.281-290, 2010.
, Raceguard : kernel protection from temporary file race vulnerabilities, SSYM'01 : Proceedings of the 10th conference on USENIX Security Symposium, pp.13-13, 2001.
, Raksha : a flexible information flow architecture for software security, ISCA '07 : Proceedings of the 34th annual international symposium on Computer architecture, pp.482-493, 2007.
, Real-world buffer overflow protection for userspace & kernelspace, SS'08 : Proceedings of the 17th conference on Security symposium, pp.395-410, 2008.
, Manageable fine-grained information flow, ACM SIGOPS Operating Systems Review, vol.42, issue.4, pp.301-313, 2008.
DOI : 10.1145/1357010.1352624
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.154.2269
, Role-based access controls, 15th National Computer Security Conference, pp.554-563, 1992.
, Classification of security properties (part i : Information flow), 2001.
, A nonfunctional approach to system integrity. Selected Areas in Communications, IEEE Journal on, vol.21, issue.1, pp.36-43, 2003.
, A security model of dynamic labeling providing a tiered approach to verification, SP '96 : Proceedings of the 1996 IEEE Symposium on Security and Privacy, p.142, 1996.
, Computer immunology, Communications of the ACM, vol.40, issue.10, pp.88-96, 1997.
DOI : 10.1145/262793.262811
, LOMAC: Low Water-Mark integrity protection for COTS environments, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000, pp.230-245, 2000.
DOI : 10.1109/SECPRI.2000.848460
, Ensuring continuity during dynamic security policy reconfiguration in DTE, Proceedings. 1998 IEEE Symposium on Security and Privacy (Cat. No.98CB36186), pp.15-26, 1998.
DOI : 10.1109/SECPRI.1998.674820
, Security Policies and Security Models, 1982 IEEE Symposium on Security and Privacy, pp.11-20, 1982.
DOI : 10.1109/SP.1982.10014
, Verifying information flow goals in Security-Enhanced Linux, Journal of Computer Security, vol.13, issue.1, pp.115-134, 2005.
DOI : 10.3233/JCS-2005-13105
, Protection in operating systems, Communications of the ACM, vol.19, issue.8, pp.461-471, 1976.
DOI : 10.1145/360303.360333
, Trusted declassification:, Proceedings of the 2006 workshop on Programming languages and analysis for security , PLAS '06, pp.65-74, 2006.
DOI : 10.1145/1134744.1134757
, From trusted to secure : building and executing applications that enforce system security, ATC'07 : 2007 USENIX Annual Technical Conference on Proceedings of the USENIX Annual Technical Conference, pp.1-14, 2007.
, TrustedBox: a kernel-level integrity checker, Proceedings 15th Annual Computer Security Applications Conference (ACSAC'99), pp.189-198, 1999.
DOI : 10.1109/CSAC.1999.816027
, The basic integrity theorem, Proceedings Computer Security Foundations Workshop IV, pp.89-97, 1991.
DOI : 10.1109/CSFW.1991.151573
, Practical safety in flexible access control models, ACM Transactions on Information and System Security, vol.4, issue.2, pp.158-190, 2001.
DOI : 10.1145/501963.501966
, Detecting past and present intrusions through vulnerability-specific predicates, SOSP '05 : Proceedings of the twentieth ACM symposium on Operating systems principles, pp.91-104, 2005.
DOI : 10.1145/1095809.1095820
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.81.29
, Dynamic access control through Petri net workflows, Proceedings 16th Annual Computer Security Applications Conference (ACSAC'00), p.159, 2000.
DOI : 10.1109/ACSAC.2000.898869
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.22.8936
, Automated detection of vulnerabilities in privileged programs by execution monitoring, Tenth Annual Computer Security Applications Conference, pp.134-144, 1994.
DOI : 10.1109/CSAC.1994.367313
, Noninterference and intrusion detection, Proceedings 2002 IEEE Symposium on Security and Privacy, pp.177-187, 2002.
DOI : 10.1109/SECPRI.2002.1004370
, Execution monitoring of securitycritical programs in distributed systems : A specification-based approach, pp.175-187, 1997.
, Noninterference for a practical difcbased operating system, SP '09 : Proceedings of the 2009 30th IEEE Symposium on Security and Privacy, pp.61-76, 2009.
, Mutual exclusion of roles as a means of implementing separation of duty in role-based access control systems, Proceedings of the second ACM workshop on Role-based access control , RBAC '97, pp.23-30, 1997.
DOI : 10.1145/266741.266749
, Dynamic protection structures, Proceedings of the November 18-20, 1969, fall joint computer conference on, AFIPS '69 (Fall), pp.27-38, 1969.
DOI : 10.1145/1478559.1478563
, Protection, The 5th Symposium on Information Sciences and Systems, pp.437-443, 1971.
DOI : 10.1145/775265.775268
, A note on the confinement problem, Communications of the ACM, vol.16, issue.10, pp.613-615, 1973.
DOI : 10.1145/362375.362389
, Using mandatory integrity to enforce 'commercial' security, Proceedings. 1988 IEEE Symposium on Security and Privacy, pp.140-146, 1988.
DOI : 10.1109/SECPRI.1988.8106
, Detection of file-based race conditions, International Journal of Information Security, vol.pages, issue.1-2, pp.105-119, 2005.
DOI : 10.1007/s10207-004-0068-2
, Usable Mandatory Integrity Protection for Operating Systems, 2007 IEEE Symposium on Security and Privacy (SP '07), pp.164-178, 2007.
DOI : 10.1109/SP.2007.37
, On mutually exclusive roles and separation-of-duty, ACM Transactions on Information and System Security, vol.10, issue.2, p.5, 2007.
DOI : 10.1145/1237500.1237501
, Enforcing Mandatory Integrity Protection in Operating System, ICCNMC '01 : Proceedings of the 2001 International Conference on Computer Networks and Mobile Computing (ICCNMC'01), p.435, 2001.
, Chinese wall security policy-an aggressive model, [1989 Proceedings] Fifth Annual Computer Security Applications Conference, pp.282-289, 1989.
DOI : 10.1109/CSAC.1989.81064
, Chinese wall security model and conflict analysis, pp.122-127, 2000.
, Chinese wall security policy-revisited a short proof, 2007 IEEE International Conference on Systems, Man and Cybernetics, pp.3027-3028, 2007.
DOI : 10.1109/ICSMC.2007.4414179
, Granular computing and flow analysis on discretionary access control: Solving the propagation problem, 2009 IEEE International Conference on Systems, Man and Cybernetics, pp.2965-2971, 2009.
DOI : 10.1109/ICSMC.2009.5345955
, The Inevitability of Failure : The Flawed Assumption of Security in Modern Computing Environments, Proceedings of the 21st National Information Systems Security Conference, pp.303-314, 1998.
, Trojan horse resistant discretionary access control, Proceedings of the 14th ACM symposium on Access control models and technologies, SACMAT '09, pp.237-246, 2009.
DOI : 10.1145/1542207.1542244
, Secure applications need flexible operating systems The Sixth Workshop on Hot Topics in, In Operating Systems, pp.56-61, 1997.
, Operating system integrity in OS/VS2, IBM Systems Journal, vol.13, issue.3, pp.230-252, 1974.
DOI : 10.1147/sj.133.0230
, Kernel and shell based applications integrity assurance, Proceedings 13th Annual Computer Security Applications Conference, p.34, 1997.
DOI : 10.1109/CSAC.1997.646171
, On the complexity of event ordering for shared-memory parallel program executions, Proceedings of the 1990 International Conference on Parallel Processing, pp.93-97, 1990.
, What are race conditions?: Some issues and formalizations, ACM Letters on Programming Languages and Systems, vol.1, issue.1, pp.74-88, 1992.
DOI : 10.1145/130616.130623
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.145.1099
, Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software, Proceedings of the Network and Distributed System Security Symposium, 2005.
, A process state-transition analysis and its application to intrusion detection, Proceedings 15th Annual Computer Security Applications Conference (ACSAC'99), p.378, 1999.
DOI : 10.1109/CSAC.1999.816050
, The role graph model and conflict of interest, ACM Transactions on Information and System Security, vol.2, issue.1, pp.3-33, 1999.
DOI : 10.1145/300830.300832
, The ghost in the browser analysis of web-based malware, HotBots'07 : Proceedings of the first conference on First Workshop on Hot Topics in Understanding Botnets, pp.4-4, 2007.
, LIFT: A Low-Overhead Practical Information Flow Tracking System for Detecting Security Attacks, 2006 39th Annual IEEE/ACM International Symposium on Microarchitecture (MICRO'06), pp.135-148, 2006.
DOI : 10.1109/MICRO.2006.29
, Application security support in the operating system kernel, Proceedings of the 2006 ACM Symposium on Information, computer and communications security , ASIACCS '06, pp.201-211, 2006.
DOI : 10.1145/1128817.1128848
, Trusted path execution for the linux 2.6 kernel as a linux security module, ATEC '04 : Proceedings of the annual conference on USENIX Annual Technical Conference, pp.34-34, 2004.
, An Information Flow Approach for Preventing Race Conditions : Dynamic Protection of the Linux OS, Fourth International Conference on Emerging Security Information, Systems and Technologies SECURWARE'10, pp.11-16, 2010.
URL : https://hal.archives-ouvertes.fr/hal-00474156
, The bell and la padula security model Language-based informationflow security. Selected Areas in Communications, IEEE Journal on, vol.21, issue.1, pp.5-19, 1984.
, The protection of information in computer systems, Proceedings of the IEEE, vol.63, issue.9, pp.1278-1308, 1975.
DOI : 10.1109/PROC.1975.9939
, Separation of duties in computerized information systems, IFIP WG11.3 Workshop on Database Security, 1990.
, A lattice interpretation of the Chinese Wall policy, Proceedings of the 15th NIST-NCSC National Computer Security Conference, pp.329-339, 1992.
, The schematic protection model: its definition and analysis for acyclic attenuating schemes, Journal of the ACM, vol.35, issue.2, pp.404-432, 1988.
DOI : 10.1145/42282.42286
, The typed access matrix model, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy, pp.122-136, 1992.
DOI : 10.1109/RISP.1992.213266
, Experience with transactions in quicksilver, SOSP '91 : Proceedings of the thirteenth ACM symposium on Operating systems principles, pp.239-253, 1991.
, Enforceable security policies, ACM Transactions on Information and System Security, vol.3, issue.1, pp.30-50, 2000.
DOI : 10.1145/353323.353382
, Model Checking An Entire Linux Distribution for Security Violations, 21st Annual Computer Security Applications Conference (ACSAC'05), pp.13-22, 2005.
DOI : 10.1109/CSAC.2005.39
, On preventing intrusions by process behavior monitoring, Proceedings of the Workshop on Intrusion Detection and Network Monitoring, pp.29-40, 1999.
, A specification-based approach for building survivable systems, Proc. 21st NIST-NCSC National Information Systems Security Conference, pp.338-347, 1998.
, Separation of duty in role-based environments, Proceedings 10th Computer Security Foundations Workshop, p.183, 1997.
DOI : 10.1109/CSFW.1997.596811
, DRACULA: Detector of Data Races in Signals Handlers, 2008 15th Asia-Pacific Software Engineering Conference, pp.17-24, 2008.
DOI : 10.1109/APSEC.2008.25
, Specifying and Enforcing a Fine-Grained Information Flow Policy : Model and Experiments, Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications, p.56, 2010.
URL : https://hal.archives-ouvertes.fr/hal-00516672
, Portably solving file tocttou races with hardness amplification, FAST'08 : Proceedings of the 6th USENIX Conference on File and Storage Technologies, pp.1-18, 2008.
, Dynamic detection and prevention of race conditions in file accesses, SSYM'03 : Proceedings of the 12th conference on USENIX Security Symposium, pp.17-17, 2003.
, Preventing race condition attacks on file-systems, Proceedings of the 2005 ACM symposium on Applied computing , SAC '05, pp.346-353, 2005.
DOI : 10.1145/1066677.1066758
, Experiences with specificationbased intrusion detection, Recent Advances in Intrusion Detection, 4th International Symposium Proceedings, pp.172-189, 2001.
, Constraint satisfaction in logic programming, 1989.
, Labels and event processes in the Asbestos operating system, ACM Transactions on Computer Systems, vol.25, issue.4, p.11, 2007.
DOI : 10.1145/1314299.1314302
, Precip : Towards practical and retrofittable confidential information protection, NDSS, 2008.
, An analysis of covert timing channels, pp.2-7, 1991.
, Extending ACID semantics to the file system, ACM Transactions on Storage, vol.3, issue.2, p.4, 2007.
DOI : 10.1145/1242520.1242521
, Panorama, Proceedings of the 14th ACM conference on Computer and communications security , CCS '07, pp.116-127, 2007.
DOI : 10.1145/1315245.1315261
, Making information flow explicit in HiStar, OSDI '06 : Proceedings of the 7th USENIX Symposium on Operating Systems Design and Implementation, pp.19-19, 2006.
DOI : 10.1145/2018396.2018419
, une de ces régles n'est pas respectée Un niveau d'intégrité est défini pour chaque contexte. Dans notre modélisation, le niveau d'intégrité a pour forme un label supplémentaire sur chaque contexte Afin de faciliter l'utilisation des niveaux d'intégrité, nous introduisons une fonction int(cs) qui retourne le niveau d'intégrité du contexte : int : CS ? N. Les niveaux d'intégrité sont fixés par l'administrateur, Nous utilisons la fonction int() ainsi que les trois régles de Biba pour modéliser la propriété