ENSTA Bretagne : sécurité informatique

Processes For Safe And Secure Software And Systems (P4S team)

The team’s interest is in methods and tools for specifying and describing systems and software, with a view to assessing and analyzing their performances. This will, in turn, increase user confidence and guarantee the operating safety and security of digital systems.

Enhance the operating safety and security of digital systems: methodological strands

  • System modeling to describe the needs of the system under study
  • Modeling of construction processes and their improvement, which is critical for the safety, and security of and, more generally, confidence in, the system studied.
  • Federation of models since varying viewpoints need to be merged.
  • Free modeling to enable specific viewpoints to be developed, as no framework can encompass all viewpoints.
  • Formal verification at all levels: intra-model and inter-model.
  • As well as automated and semi-automated methods alike.

Expertise

  • Model-driven engineering,
  • Software engineering,
  • Software verification
  • Product lines
  • (Self) adaptive systems
  • Cognitive systems
  • Requirements engineering
  • Formal specification
  • Diagnosis
  • Executable semantics, 
  • Formal verification
  • Debugging 

Collaborations

  • Companies: Airbus, Thales, PragmaDEV, Kereval, Davidson, Lucio-Zekat
  • Institutions: DGA, CEA
  • Academia: IRISA
  • Research Groups: GPL, SOC2
Examples of research programs
Specification and formalization of secure software and hardware architecture
  • Cyber-security modelling and analysis framework" research project: Developing a cohesive framework for the specification, formalization and analysis of secure software and hardware architecture
  • in progress since December 2020
    funded by the AID (Defense Innovation Agency)
  • led by Raul Mazo Pena, a research professor at ENSTA Bretagne / Lab-STICC (SHARP department, P4S team)

To find out more: read the article on this program

It is still early days for the "Security by Design" approach and significant R&D efforts will be required for its use to become systematic and widespread. That’s the aim of this groundbreaking project, which is in some ways opening up a whole new engineering discipline by outlining a new vision. To take up this challenge, the project sets out to create a cohesive, overarching theory, with systematic design tools, techniques and methods.

Ker-Seveco: connected vehicle security
  • Project funded by the Brittany Region and FEDER
  • started at the end of 2019 until 2022
  • 3 partners: KEREVAL, Mobility Tech Green and ENSTA Bretagne
  • led by: Joël Champeau, a research professor at ENSTA Bretagne, UMR (joint research unit) Lab-STICC (SHARP department, P4S team

The project sets out to develop products and services embedded in connected vehicles, as well as associated off-board services.

These on-board services will have gone through a secure development process.

ENSTA Bretagne’s contribution involves developing a design methodology and tooling of cybersecurity tests specially geared towards "connected vehicles".

This method will need to range from the system level, factoring in the security requirements, to the communication modules of the embedded calculator.

The expected results of the project are the development of such new mobility services as fleet management, development of a CyberLab to run the security tests of the services and a methodological support grounded in a formal verification of the security requirements.

 

Modeling and simulation of a product development plan

...

Modeling and monitoring of security contracts in a "Secure by design" approach

...

contact

Ciprian Téodorov
Associate Professor
IT Departement
Lab-STICC laboratory / SHARP Department / P4S Team
+33 (0)2 98 34 89 53