Skip to Main content Skip to Navigation
Theses

Contrôle d'accès obligatoire pour systèmes à objets : défense en profondeur des objets Java

Abstract : Objects based systems are presents everywhere in our life. When such a system presents vulnerabilities, confidentiality and integrity are thus widely compromised. For example, Java is an object language authorizing many cyber-attacks between 2012 and 2013 leading the US department of homeland security to recommend its abandon. This thesis proposes to limit the relations between the objects thanks to a mandatory access control. First, a general model of objects supporting objects and prototypes languages is defined. Second, the elementary relations are formalized in order to control them. Those relations include the reference, interaction and three types of flow (activity, information and data). Automata authorize a logic that enables to compute the required mandatory policy. At the same time, the computation of the MAC policy and the efficiency are solved since the policy is reduced. Experimentations use the JAAS security objectives existing in the Java language. Thus, one year of Java vulnerabilities is prevented thanks to the Metasploit framework.
Document type :
Theses
Complete list of metadatas

Cited literature [124 references]  Display  Hide  Download

https://tel.archives-ouvertes.fr/tel-01320558
Contributor : Abes Star :  Contact
Submitted on : Tuesday, May 24, 2016 - 10:02:07 AM
Last modification on : Wednesday, November 20, 2019 - 1:42:47 AM
Long-term archiving on: : Thursday, August 25, 2016 - 10:30:14 AM

File

benjamin_venelle_3887.pdf
Version validated by the jury (STAR)

Identifiers

  • HAL Id : tel-01320558, version 1

Citation

Benjamin Venelle. Contrôle d'accès obligatoire pour systèmes à objets : défense en profondeur des objets Java. Cryptographie et sécurité [cs.CR]. Université d'Orléans, 2015. Français. ⟨NNT : 2015ORLE2023⟩. ⟨tel-01320558⟩

Share

Metrics

Record views

432

Files downloads

1338