Skip to Main content Skip to Navigation
Theses

Nouvelles approches de la sécurité informatique reposant sur la vision offensive et bas-niveau des systèmes

Abstract : Understanding computer security requires a strong knowledge of the underlying technologies and a deep awareness of the origin of today’s threats. To help the community facing the new challenges of computer security,our research is based on these fundamentals.One of our goal was to include in our work, both of the offensive and defensive approaches, to best meet the requirements of the fight against cyber threats. Starting with a technical background and knowing the attacker’s point of view allowed us to design both offensive and defensive tools.Our work aims at enhancing the defense of several systems by first looking for vulnerabilities in them. Thus, we worked on several axes to provide a strong defense in depth. At first, we improved the security of MASM compiler by exploiting a vulnerability that has been present for more than 20 years. It had allowed to silently introduce backdoors at compilation time. On the other hand, we developed new evasion techniques for malware, in order to better manage them. One of these techniques allows to detect any type of automatic analysis environment used nowadays. At the best of our knowledge, there is no other technique able to produce similar results with such operational consequences. Finally, we managed keyloggers threat thanks to an extensive and unpublished documentation of Windows 10 internal mechanisms, achieved through a reverse engineering process. Within this context, we proved that it is possible to produce a solution above those existing at the moment.From the correction of the vulnerability found in the compiler to the design of new evasion techniques, we made sure to bring innovative architectures to improve the security of the systems in the long run. This has been achieved through the tool we built to prevent users from being victims of keyloggers, through the new forensicmethods we elaborated based on the Superfetch service, though the new techniques we discovered to detect web crawler-traps, though the studies done about UEFI full encryption system and though the algorithms created to classify malicious programs.All this research work has been published in different academic and hacking international conferences, including DefCon and Black Hat USA in addition to several scientific articles and CVE-2018-8232. In conclusion, we have privileged works that aim to analyze, evaluate and enhance the security of a project at different levels.Many domains have been covered because computer security is a global and ultimately multidisciplinary field, which often requires cross-disciplinary skills. The idea is to always secure the information processed by an automated system, from its collection, its processing to its storage, while ensuring there is no threat acting against programs which are running as expected.
Complete list of metadata

https://pastel.archives-ouvertes.fr/tel-03684078
Contributor : ABES STAR :  Contact
Submitted on : Wednesday, June 1, 2022 - 10:39:16 AM
Last modification on : Wednesday, September 28, 2022 - 5:52:03 AM
Long-term archiving on: : Friday, September 2, 2022 - 6:32:21 PM

File

88794_DAVID_2021_archivage.pdf
Version validated by the jury (STAR)

Identifiers

  • HAL Id : tel-03684078, version 1

Citation

Baptiste David. Nouvelles approches de la sécurité informatique reposant sur la vision offensive et bas-niveau des systèmes. Performance et fiabilité [cs.PF]. HESAM Université, 2021. Français. ⟨NNT : 2021HESAE061⟩. ⟨tel-03684078⟩

Share

Metrics

Record views

63

Files downloads

21