L’Ecole doctorale : Sciences et Technologies de l’Information et de la Communication<\/p>\n
et le Laboratoire de recherche SAMOVAR<\/p>\n
pr\u00e9sentent Autoris\u00e9e \u00e0 pr\u00e9senter ses travaux en vue de l\u2019obtention du Doctorat de l’Universit\u00e9 Paris-Saclay, pr\u00e9par\u00e9 \u00e0 T\u00e9l\u00e9com SudParis en : informatique<\/p>\n Titre:<\/strong> \u00ab Une approche MDE pour construire des syst\u00e8mes d’information s\u00e9curis\u00e9s \u00bb<\/p>\n Quand:<\/strong> le VENDREDI 13 JANVIER 2017, \u00e0 14H00<\/p>\n O\u00f9:<\/strong> en salle A003, 9 Rue Charles Fourier, 91000 \u00c9vry<\/p>\n Membres du jury :<\/strong><\/p>\n R\u00e9sum\u00e9 : <\/strong> <\/p>\n Aujourd\u2019hui, les organisations s’appuient de plus en plus sur les syst\u00e8mes d’information pour collecter, manipuler et \u00e9changer leurs donn\u00e9es. Dans ces syst\u00e8mes, la s\u00e9curit\u00e9 joue un r\u00f4le essentiel. En effet, toute atteinte \u00e0 la s\u00e9curit\u00e9 peut entra\u00eener de graves cons\u00e9quences, voire d\u00e9truire la r\u00e9putation d’une organisation. Par cons\u00e9quent, des pr\u00e9cautions suffisantes doivent \u00eatre prises en compte. De plus, il est bien connu que plus t\u00f4t un probl\u00e8me est d\u00e9tect\u00e9, moins cher et plus facile il sera \u00e0 corriger. L’objectif de cette th\u00e8se est de d\u00e9finir les politiques de s\u00e9curit\u00e9 depuis les premi\u00e8res phases de d\u00e9veloppement et d\u2019assurer leur d\u00e9ploiement correct sur une infrastructure technologique donn\u00e9e. Notre approche commence par sp\u00e9cifier un ensemble d’exigences de s\u00e9curit\u00e9, i.e. des r\u00e8gles statiques et dynamiques, accompagn\u00e9es de l’aspect fonctionnel d’un syst\u00e8me bas\u00e9 sur UML (Unified Modeling Language). L’aspect fonctionnel est exprim\u00e9 par un diagramme de classes UML, les exigences de s\u00e9curit\u00e9 statiques sont mod\u00e9lis\u00e9es \u00e0 l’aide de diagrammes de SecureUML, et les r\u00e8gles dynamiques sont repr\u00e9sent\u00e9es en utilisant des diagrammes d’activit\u00e9s s\u00e9curis\u00e9es. Ensuite, nous d\u00e9finissons des r\u00e8gles de traduction pour obtenir des sp\u00e9cifications B \u00e0 partir de ces mod\u00e8les graphiques. La traduction vise \u00e0 donner une s\u00e9mantique pr\u00e9cise \u00e0 ces sch\u00e9mas permettant ainsi de prouver l’exactitude de ces mod\u00e8les et de v\u00e9rifier les politiques de s\u00e9curit\u00e9 par rapport au mod\u00e8le fonctionnel correspondant en utilisant les outils AtelierB prover et ProB animator. La sp\u00e9cification B obtenue est affin\u00e9e successivement \u00e0 une impl\u00e9mentation de type base de donn\u00e9es, qui est bas\u00e9e sur le paradigme AOP. Les affinements B sont \u00e9galement prouv\u00e9s pour s’assurer que l\u2019impl\u00e9mentation est correcte par rapport \u00e0 la sp\u00e9cification abstraite initiale. Le programme d\u2019AspectJ traduit permet la s\u00e9paration du code li\u00e9 \u00e0 la s\u00e9curit\u00e9 s\u00e9curit\u00e9 du reste de l’application. Cette approche permet d\u2019\u00e9viter la diffusion du code de l’application, et facilite ainsi le tra\u00e7age et le maintien. Enfin, nous d\u00e9veloppons un outil qui g\u00e9n\u00e8re automatiquement la sp\u00e9cification B \u00e0 partir des mod\u00e8les UML, et la d\u00e9rivation d’une impl\u00e9mentation d’AspectJ \u00e0 partir de la sp\u00e9cification B affin\u00e9e. L’outil aide \u00e0 d\u00e9charger les d\u00e9veloppeurs des t\u00e2ches difficiles et \u00e0 am\u00e9liorer la productivit\u00e9 du processus de d\u00e9veloppement.<\/p>\n Abstract :<\/strong><\/p>\n Nowadays, organizations rely more and more on information systems to collect, manipulate, and exchange their relevant and sensitive data. In these systems, security plays a vital role. Indeed, any security breach may cause serious consequences, even destroy an organization’s reputation. Hence, sufficient precautions should be taken into account. Moreover, it is well recognized that the earlier an error is discovered, the easier and cheaper it is debugged. The objective of this thesis is to define adequate security policies since the early development phases and ensure their correct deployment on a given technological infrastructure. Our approach starts by specifying a set of security requirements, i.e. static and dynamic rules, along with the functional aspect of a system based on the Unified Modeling Language (UML). Fundamentally, the functional aspect is expressed using a UML class diagram, the static security requirements are modeled using SecureUML diagrams, and the dynamic rules are represented using secure activity diagrams. We then define translation rules to obtain B specifications from these graphical models. The translation aims at giving a precise semantics to these diagrams, thus proving the correctness of these models and verifying security policies with respect to the related functional model using the AtelierB prover and the ProB animator. The obtained B specification is successively refined to a database-like implementation based on the AOP paradigm. The B refinements are also proved to make sure that the implementation is correct with respect to the initial abstract specification. Our translated AspectJ-based program allows separating the security enforcement code from the rest of the application. This approach avoids scattering and tangling the application’s code, thus it is easier to track and maintain. Finally, we develop a tool that automates the generation of the B specification from UML-based models and of the AspectJ program connected to a relational database management system from the B implementation. The tool helps disburden developers of the difficult and error-prone task and improve the productivity of the development process.<\/p>\n","protected":false},"excerpt":{"rendered":" L’Ecole doctorale : Sciences et Technologies de l’Information et de la Communication et le Laboratoire de recherche SAMOVAR pr\u00e9sentent l\u2019AVIS DE SOUTENANCE de Madame Thi Mai NGUYEN Autoris\u00e9e \u00e0 pr\u00e9senter ses travaux en vue de l\u2019obtention du Doctorat de l’Universit\u00e9 Paris-Saclay, pr\u00e9par\u00e9 \u00e0 T\u00e9l\u00e9com SudParis en : informatique Titre: \u00ab Une approche MDE pour construire […]<\/p>\n","protected":false},"author":1,"featured_media":828,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"ocean_post_layout":"","ocean_both_sidebars_style":"","ocean_both_sidebars_content_width":0,"ocean_both_sidebars_sidebars_width":0,"ocean_sidebar":"","ocean_second_sidebar":"","ocean_disable_margins":"enable","ocean_add_body_class":"","ocean_shortcode_before_top_bar":"","ocean_shortcode_after_top_bar":"","ocean_shortcode_before_header":"","ocean_shortcode_after_header":"","ocean_has_shortcode":"","ocean_shortcode_after_title":"","ocean_shortcode_before_footer_widgets":"","ocean_shortcode_after_footer_widgets":"","ocean_shortcode_before_footer_bottom":"","ocean_shortcode_after_footer_bottom":"","ocean_display_top_bar":"default","ocean_display_header":"default","ocean_header_style":"","ocean_center_header_left_menu":"","ocean_custom_header_template":"","ocean_custom_logo":0,"ocean_custom_retina_logo":0,"ocean_custom_logo_max_width":0,"ocean_custom_logo_tablet_max_width":0,"ocean_custom_logo_mobile_max_width":0,"ocean_custom_logo_max_height":0,"ocean_custom_logo_tablet_max_height":0,"ocean_custom_logo_mobile_max_height":0,"ocean_header_custom_menu":"","ocean_menu_typo_font_family":"","ocean_menu_typo_font_subset":"","ocean_menu_typo_font_size":0,"ocean_menu_typo_font_size_tablet":0,"ocean_menu_typo_font_size_mobile":0,"ocean_menu_typo_font_size_unit":"px","ocean_menu_typo_font_weight":"","ocean_menu_typo_font_weight_tablet":"","ocean_menu_typo_font_weight_mobile":"","ocean_menu_typo_transform":"","ocean_menu_typo_transform_tablet":"","ocean_menu_typo_transform_mobile":"","ocean_menu_typo_line_height":0,"ocean_menu_typo_line_height_tablet":0,"ocean_menu_typo_line_height_mobile":0,"ocean_menu_typo_line_height_unit":"","ocean_menu_typo_spacing":0,"ocean_menu_typo_spacing_tablet":0,"ocean_menu_typo_spacing_mobile":0,"ocean_menu_typo_spacing_unit":"","ocean_menu_link_color":"","ocean_menu_link_color_hover":"","ocean_menu_link_color_active":"","ocean_menu_link_background":"","ocean_menu_link_hover_background":"","ocean_menu_link_active_background":"","ocean_menu_social_links_bg":"","ocean_menu_social_hover_links_bg":"","ocean_menu_social_links_color":"","ocean_menu_social_hover_links_color":"","ocean_disable_title":"default","ocean_disable_heading":"default","ocean_post_title":"","ocean_post_subheading":"","ocean_post_title_style":"","ocean_post_title_background_color":"","ocean_post_title_background":0,"ocean_post_title_bg_image_position":"","ocean_post_title_bg_image_attachment":"","ocean_post_title_bg_image_repeat":"","ocean_post_title_bg_image_size":"","ocean_post_title_height":0,"ocean_post_title_bg_overlay":0.5,"ocean_post_title_bg_overlay_color":"","ocean_disable_breadcrumbs":"default","ocean_breadcrumbs_color":"","ocean_breadcrumbs_separator_color":"","ocean_breadcrumbs_links_color":"","ocean_breadcrumbs_links_hover_color":"","ocean_display_footer_widgets":"default","ocean_display_footer_bottom":"default","ocean_custom_footer_template":"","ocean_post_oembed":"","ocean_post_self_hosted_media":"","ocean_post_video_embed":"","ocean_link_format":"","ocean_link_format_target":"self","ocean_quote_format":"","ocean_quote_format_link":"post","ocean_gallery_link_images":"on","ocean_gallery_id":[],"footnotes":""},"categories":[344],"tags":[],"class_list":["post-829","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-theses-2017-fr","entry","has-media"],"_links":{"self":[{"href":"https:\/\/samovar.telecom-sudparis.eu\/index.php\/wp-json\/wp\/v2\/posts\/829","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/samovar.telecom-sudparis.eu\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/samovar.telecom-sudparis.eu\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/samovar.telecom-sudparis.eu\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/samovar.telecom-sudparis.eu\/index.php\/wp-json\/wp\/v2\/comments?post=829"}],"version-history":[{"count":1,"href":"https:\/\/samovar.telecom-sudparis.eu\/index.php\/wp-json\/wp\/v2\/posts\/829\/revisions"}],"predecessor-version":[{"id":1635,"href":"https:\/\/samovar.telecom-sudparis.eu\/index.php\/wp-json\/wp\/v2\/posts\/829\/revisions\/1635"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/samovar.telecom-sudparis.eu\/index.php\/wp-json\/wp\/v2\/media\/828"}],"wp:attachment":[{"href":"https:\/\/samovar.telecom-sudparis.eu\/index.php\/wp-json\/wp\/v2\/media?parent=829"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/samovar.telecom-sudparis.eu\/index.php\/wp-json\/wp\/v2\/categories?post=829"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/samovar.telecom-sudparis.eu\/index.php\/wp-json\/wp\/v2\/tags?post=829"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
\nl\u2019AVIS DE SOUTENANCE de Madame Thi Mai NGUYEN<\/strong><\/p>\n\n\n
\n Mme Amel MAMMAR <\/td>\n Ma\u00eetre de conf\u00e9rences HDR, Telecom SudParis, FRANCE <\/td>\n Directeur de these<\/td>\n<\/tr>\n \n Mme Regine LALEAU<\/td>\n Professeur, Universit\u00e9 Paris-Est Cr\u00e9teil, FRANCE<\/td>\n CoDirecteur de these<\/td>\n<\/tr>\n \n M. Pascal POIZAT<\/td>\n Professeur, Universit\u00e9 de Nanterre, FRANCE <\/td>\n Examinateur<\/td>\n<\/tr>\n \n M. Akram IDANI<\/td>\n Ma\u00eetre de conf\u00e9rences, Universit\u00e9 Grenoble Alpes, FRANCE <\/td>\n Examinateur<\/td>\n<\/tr>\n \n M. Paul GIBSON<\/td>\n Ma\u00eetre de conf\u00e9rences HDR, Telecom SudParis, FRANCE <\/td>\n Examinateur<\/td>\n<\/tr>\n \n M. Yves ROUDIER<\/td>\n Professeur, Universit\u00e9 de Sophia Antipolis, FRANCE <\/td>\n Rapporteur<\/td>\n<\/tr>\n \n M. Christian ATTIOGB\u00e9<\/td>\n Professeur, Universit\u00e9 de Nantes, FRANCE <\/td>\n Rapporteur<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n