Contrôle d'accès obligatoire pour systèmes à objets : défense en profondeur des objets Java

Abstract : Objects based systems are presents everywhere in our life. When such a system presents vulnerabilities, confidentiality and integrity are thus widely compromised. For example, Java is an object language authorizing many cyber-attacks between 2012 and 2013 leading the US department of homeland security to recommend its abandon. This thesis proposes to limit the relations between the objects thanks to a mandatory access control. First, a general model of objects supporting objects and prototypes languages is defined. Second, the elementary relations are formalized in order to control them. Those relations include the reference, interaction and three types of flow (activity, information and data). Automata authorize a logic that enables to compute the required mandatory policy. At the same time, the computation of the MAC policy and the efficiency are solved since the policy is reduced. Experimentations use the JAAS security objectives existing in the Java language. Thus, one year of Java vulnerabilities is prevented thanks to the Metasploit framework.
Document type :
Theses
Complete list of metadatas

Cited literature [124 references]  Display  Hide  Download

https://tel.archives-ouvertes.fr/tel-01320558
Contributor : Abes Star <>
Submitted on : Tuesday, May 24, 2016 - 10:02:07 AM
Last modification on : Thursday, January 17, 2019 - 3:10:02 PM
Long-term archiving on : Thursday, August 25, 2016 - 10:30:14 AM

File

benjamin_venelle_3887.pdf
Version validated by the jury (STAR)

Identifiers

  • HAL Id : tel-01320558, version 1

Collections

Citation

Benjamin Venelle. Contrôle d'accès obligatoire pour systèmes à objets : défense en profondeur des objets Java. Cryptographie et sécurité [cs.CR]. Université d'Orléans, 2015. Français. ⟨NNT : 2015ORLE2023⟩. ⟨tel-01320558⟩

Share

Metrics

Record views

353

Files downloads

972