Skip to Main content Skip to Navigation
Theses

Detecting and Surviving Intrusions: Exploring New Host-Based Intrusion Detection, Recovery, and Response Approaches

Ronny Chevalier 1, 2
1 CIDRE - Confidentialité, Intégrité, Disponibilité et Répartition
CentraleSupélec, Inria Rennes – Bretagne Atlantique , IRISA-D1 - SYSTÈMES LARGE ÉCHELLE
Abstract : Computing platforms, such as embedded systems or laptops, are built with layers of preventive security mechanisms to reduce the likelihood of attackers successfully compromising them. Nevertheless, given time and despite decades of improvements in preventive security, intrusions still happen. Therefore, systems should expect intrusions to occur, thus they should be built to detect and to survive them. Commodity Operating Systems (OSs) are deployed with intrusion detection solutions, but their ability to survive them is limited. State-of-the-art approaches from industry or academia either involve manual procedures, loss of availability, coarse-grained responses, or non-negligible performance overhead. Moreover, low-level components, such as the BIOS, are increasingly targeted by sophisticated attackers to implant stealthy and resilient malware. State- of-the-art solutions, however, mainly focus on boot time integrity, leaving the runtime part of the BIOS—known as the System Management Mode (SMM)—a prime target. This dissertation shows that we can build platforms that detect intrusions at the BIOS level and survive intrusions at the OS level. First, by demonstrating that intrusion survivability is a viable approach for commodity OSs. We develop a new approach that address various limitations from the literature, and we evaluate its security and performance. Second, by developing a hardware-based approach that detects attacks at the BIOS level where we demonstrate its feasibility with multiple detection methods.
Document type :
Theses
Complete list of metadatas

Cited literature [292 references]  Display  Hide  Download

https://hal.inria.fr/tel-02417644
Contributor : Ronny Chevalier <>
Submitted on : Wednesday, December 18, 2019 - 12:22:31 PM
Last modification on : Friday, October 23, 2020 - 4:40:05 PM
Long-term archiving on: : Thursday, March 19, 2020 - 7:15:37 PM

File

detecting-and-surviving-intrus...
Files produced by the author(s)

Identifiers

  • HAL Id : tel-02417644, version 1

Citation

Ronny Chevalier. Detecting and Surviving Intrusions: Exploring New Host-Based Intrusion Detection, Recovery, and Response Approaches. Cryptography and Security [cs.CR]. CentraleSupélec, 2019. English. ⟨tel-02417644⟩

Share

Metrics

Record views

257

Files downloads

1118