Skip to Main content Skip to Navigation

Detecting and Surviving Intrusions: Exploring New Host-Based Intrusion Detection, Recovery, and Response Approaches

Ronny Chevalier 1, 2
1 CIDRE - Confidentialité, Intégrité, Disponibilité et Répartition
CentraleSupélec, Inria Rennes – Bretagne Atlantique , IRISA-D1 - SYSTÈMES LARGE ÉCHELLE
Abstract : Computing platforms, such as embedded systems or laptops, are built with layers of preventive security mechanisms to reduce the likelihood of attackers successfully compromising them. Nevertheless, given time and despite decades of improvements in preventive security, intrusions still happen. Therefore, systems should expect intrusions to occur, thus they should be built to detect and to survive them. Commodity Operating Systems (OSs) are deployed with intrusion detection solutions, but their ability to survive them is limited. State-of-the-art approaches from industry or academia either involve manual procedures, loss of availability, coarse-grained responses, or non-negligible performance overhead. Moreover, low-level components, such as the BIOS, are increasingly targeted by sophisticated attackers to implant stealthy and resilient malware. State- of-the-art solutions, however, mainly focus on boot time integrity, leaving the runtime part of the BIOS—known as the System Management Mode (SMM)—a prime target. This dissertation shows that we can build platforms that detect intrusions at the BIOS level and survive intrusions at the OS level. First, by demonstrating that intrusion survivability is a viable approach for commodity OSs. We develop a new approach that address various limitations from the literature, and we evaluate its security and performance. Second, by developing a hardware-based approach that detects attacks at the BIOS level where we demonstrate its feasibility with multiple detection methods.
Document type :
Complete list of metadata

Cited literature [292 references]  Display  Hide  Download
Contributor : Ronny Chevalier Connect in order to contact the contributor
Submitted on : Wednesday, December 18, 2019 - 12:22:31 PM
Last modification on : Wednesday, November 3, 2021 - 8:09:54 AM
Long-term archiving on: : Thursday, March 19, 2020 - 7:15:37 PM


Files produced by the author(s)


  • HAL Id : tel-02417644, version 1


Ronny Chevalier. Detecting and Surviving Intrusions: Exploring New Host-Based Intrusion Detection, Recovery, and Response Approaches. Cryptography and Security [cs.CR]. CentraleSupélec, 2019. English. ⟨tel-02417644⟩



Record views


Files downloads