Techniques de détection d'erreur appliquées à la détection d'intrusion

Ce document constitue un dossier de demande d'inscription a l'Habilitation a Diriger des Recherches. Il resume 10 annees d'activites professionnelles passees en tant qu'enseignant-chercheur sur le campus de Rennes de Supelec. Ce document est constitue de deux parties. La premiere partie propose une presentation du candidat qui prend la forme d'un curriculum vitae, d'une presentation des activites d'enseignement et d'une presentation des activites de recherche. L'ensemble se termine par une liste de publications. La seconde partie est une synthese d'une partie des activites de recherche menees ces dix dernieres annees. Un etat de l'art pose les concepts sur lesquels reposent ces travaux. Ensuite quatre activites de recherche sont presentees, chacune d'elle mettant en evidence la pertinence de certaines techniques de detection d'erreur dans le domaine de la detection d'intrusion.

[1]  Pierre-Antoine Champin,et al.  Measuring the Similarity of Labeled Graphs , 2003, ICCBR.

[2]  D. Elliott Bell,et al.  Secure Computer System: Unified Exposition and Multics Interpretation , 1976 .

[3]  Jacob A. Abraham,et al.  CEDA: control-flow error detection through assertions , 2006, 12th IEEE International On-Line Testing Symposium (IOLTS'06).

[4]  Jun Xu,et al.  Non-Control-Data Attacks Are Realistic Threats , 2005, USENIX Security Symposium.

[5]  Eric Totel,et al.  Anomaly Detection with Diagnosis in Diversified Systems using Information Flow Graphs , 2008, SEC.

[6]  Debin Gao,et al.  Gray-box extraction of execution graphs for anomaly detection , 2004, CCS '04.

[7]  Carl E. Landwehr,et al.  Basic concepts and taxonomy of dependable and secure computing , 2004, IEEE Transactions on Dependable and Secure Computing.

[8]  Vincent Nicomette,et al.  A Clustering Approach for Web Vulnerabilities Detection , 2011, 2011 IEEE 17th Pacific Rim International Symposium on Dependable Computing.

[9]  Marc Dacier,et al.  Towards a taxonomy of intrusion-detection systems , 1999, Comput. Networks.

[10]  Karl N. Levitt,et al.  Learning Unknown Attacks - A Start , 2002, RAID.

[11]  Miguel Castro,et al.  Preventing Memory Error Exploits with WIT , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[12]  Jean Arlat,et al.  Definition and analysis of hardware- and software-fault-tolerant architectures , 1990, Computer.

[13]  David W. Binkley,et al.  Program slicing , 2008, 2008 Frontiers of Software Maintenance.

[14]  Bruno d'Ausbourg,et al.  Implementing Secure Dependencies over a Network by Designing a Distributed Security SubSystem , 1996, J. Comput. Secur..

[15]  Derek Bruening,et al.  Secure Execution via Program Shepherding , 2002, USENIX Security Symposium.

[16]  Michael Karr,et al.  Affine relationships among variables of a program , 1976, Acta Informatica.

[17]  Giovanni Vigna,et al.  Swaddler: An Approach for the Anomaly-Based Detection of State Violations in Web Applications , 2007, RAID.

[18]  Martín Abadi,et al.  A Theory of Secure Control Flow , 2005, ICFEM.

[19]  Philippe Granger,et al.  Static Analysis of Linear Congruence Equalities among Variables of a Program , 1991, TAPSOFT, Vol.1.

[20]  Massimo Violante,et al.  Soft-error detection using control flow assertions , 2003, Proceedings 18th IEEE Symposium on Defect and Fault Tolerance in VLSI Systems.

[21]  Stephanie Forrest,et al.  Intrusion Detection Using Sequences of System Calls , 1998, J. Comput. Secur..

[22]  Eric Totel,et al.  COTS Diversity Based Intrusion Detection and Application to Web Servers , 2005, RAID.

[23]  Karl N. Levitt,et al.  Automated detection of vulnerabilities in privileged programs by execution monitoring , 1994, Tenth Annual Computer Security Applications Conference.

[24]  R. Sekar,et al.  Dataflow anomaly detection , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).

[25]  Debin Gao,et al.  On Gray-Box Program Tracking for Anomaly Detection , 2004, USENIX Security Symposium.

[26]  Stephen McCamant,et al.  The Daikon system for dynamic detection of likely invariants , 2007, Sci. Comput. Program..

[27]  Brian Randell,et al.  System structure for software fault tolerance , 1975, IEEE Transactions on Software Engineering.

[28]  Karl N. Levitt,et al.  A specification-based intrusion detection system for AODV , 2003, SASN '03.

[29]  Christophe Bidan,et al.  An Improved Reference Flow Control Model for Policy-Based Intrusion Detection , 2003, ESORICS.

[30]  Christopher Krügel,et al.  Toward Automated Detection of Logic Vulnerabilities in Web Applications , 2010, USENIX Security Symposium.

[31]  Vincent Nicomette,et al.  The Design of a Generic Intrusion-Tolerant Architecture for Web Servers , 2009, IEEE Transactions on Dependable and Secure Computing.

[32]  Benjamin Morin,et al.  Policy-based intrusion detection in Web applications by monitoring Java information flows , 2008, 2008 Third International Conference on Risks and Security of Internet and Systems.

[33]  Patrick Cousot,et al.  Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints , 1977, POPL.

[34]  Giovanni Vigna,et al.  Exploiting Execution Context for the Detection of Anomalous System Calls , 2007, RAID.

[35]  Miguel Castro,et al.  Securing software by enforcing data-flow integrity , 2006, OSDI '06.

[36]  Nicolas Halbwachs,et al.  Automatic discovery of linear restraints among variables of a program , 1978, POPL.

[37]  Philippe Granger Static analysis of arithmetical congruences , 1989 .

[38]  Giovanni Vigna,et al.  A stateful intrusion detection system for World-Wide Web servers , 2003, 19th Annual Computer Security Applications Conference, 2003. Proceedings..

[39]  Nicholas Nethercote,et al.  Valgrind: a framework for heavyweight dynamic binary instrumentation , 2007, PLDI '07.

[40]  Debin Gao,et al.  Behavioral Distance for Intrusion Detection , 2005, RAID.

[41]  Frédéric Tronel,et al.  Detecting Illegal System Calls Using a Data-Oriented Detection Model , 2011, SEC.

[42]  Karl N. Levitt,et al.  Execution monitoring of security-critical programs in distributed systems: a specification-based approach , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[43]  Debin Gao,et al.  Beyond Output Voting: Detecting Compromised Replicas Using HMM-Based Behavioral Distance , 2009, IEEE Transactions on Dependable and Secure Computing.

[44]  Sadie Creese,et al.  Conceptual Model and Architecture of MAFTIA , 2003 .