Jérémy Briffaut

Learn More
This paper presents a new framework based on a meta-policy linked to a new intrusion detection approach. It deploys a MAC kernel within a distributed system while guaranteeing the consistency of the security policy, preventing any accidental or malicious update of the local policies of each host. Access control decisions are resolved locally in accordance(More)
This paper focuses on the enforcement of security properties fitting with dynamic Mandatory Access Control policies. It adds complementary results to previous works of the authors in order to better address dynamic policies. Previous works of the authors provide several advances for enforcing the security of MAC system.An administration language for(More)
Efficient Mandatory Access Control of Virtual Machines remains an open problem for protecting efficiently Cloud Systems. For example , the MAC protection must allow some information flows between two virtual machines while preventing other information flows between those two machines. For solving these problems, the virtual environment must guarantee an(More)
—Enforcement of security properties by Operating Systems is an open problem. To the best of our knowledge, the solution presented in this paper 1 is the first one that enables a wide range of integrity and confidentiality properties to be enforced. A unified formalization is proposed for the major properties of the literature and new ones are defined using(More)
Complying with security and privacy requirements of appliances such as mobile handsets, personal computers, servers for customers, enterprises and governments is mandatory to prevent from theft of sensitive data and to preserve their integrity. Nowadays, with the rising of the Cloud Computing approach in business fields, security and privacy are even more(More)
This paper enlarges previous works of the authors related to the security of a high-interaction honeypot. The challenge is to have a Security Property Language (SPL) for defining the required properties for controlling the activities between processes and resources. That language must authorize the definition of security properties related to(More)
— This paper 1 presents the design and discusses the results of a secured high-interaction honeypot. The challenge is to have a honeypot that welcomes attackers, allows userland malicious activities but prevents system corruption. The honeypot must authorize real malicious activities. It must ease the analysis of those activities. A clustered honeypot is(More)