es
Universidad Estatal (Francia), Examinar oportunidades similares
SL-DRT-21-0031
Cyber security : hardware and sofware
Industrial systems are often used to monitor and control a physical process such as energy production and distribution, water cleaning or transport systems. They are often simply called Supervisory Control And Data Acquisition (SCADA) systems. Due to their interaction with the real world, the safety of these systems is critical and any incident can potentially harm humans and the environment. Since the Stuxnet worm in 2010, such systems increasingly face cyberattacks caused by various intruders, including terrorists or enemy governments [1]. As the frequency of such attacks is increasing, the security of SCADA systems becomes a priority for governmental agencies [2].One of the main research axis in cybersecurity of industrial systems deals with combination of safety and security properties. Safety relates to applicative properties of the system (e.g. chemical properties for a chemical factory); while security properties take into account how an intruder can harm the system. As show in [3], combining safety and security is a challenging topic as these properties can be either dependent, strengthening, antagonist or independent. As show in [4], combining both safety and security in a common modeling is challenging as both come with sources of combinatorial explosion. Moreover, there are tools used either for security or safety analyzes but currently no tool is able to handle both aspects at the same time.In this context, we propose a Ph.D thesis revolving around modeling of industrial systems taking into account both safety properties of the physical process and security properties. Besides the definition of an accurate, yet automatically analyzable modeling framework/language, many aspects can be part of the subject. For instance, programmable automata (PLC) configuration files could be generated from this model in order to only deploy programs validated beforehand. PLC vulnerabilities could be studied (firmware reverse engineering, protocol fuzzing) in order to test the technical feasibility of found attacks. Finally, in a certification context, security analyzes on the model could include requirements from standards such as IEC 62443 [5] to help evaluation process.Références[1] J. Weiss, Protecting industrial control systems from electronic, Momentum Press, 2010. [2] ANSSI, Managing cybersecurity for ICS, ANSSI, 2012. [3] L. Piètre-Cambacédès, Des relations entre sûreté et sécurité, Paris: Télécom ParisTech, 2010. [4] M. P. a. A. K. M. Puys, Generation of applicative attacks scenarios against industrial systems, Nancy: FPS’17, 2017. [5] IEC-62443, Industrial communication networks - Network and, International Electrotechnical Commission, 2010.
Département Systèmes (LETI)
Laboratoire Sécurité des Objets et des Systèmes Physiques
Grenoble
PUYS Maxime
CEA
DRT/DSYS/SSSEC/LSOSP
Phone number:
Email:
Université Grenoble Alpes
Mathématiques, Sciences et Technologies de l’Information, Informatique (MSTII)
Start date on 01-10-2021
MOCANU Stéphane
Grenoble INP
Laboratoire LIGEquipe commune Inria CTRL-ACentre de recherche Inria Rhône-AlpesAntenne Inria GIANTBâtiment 50 C 1er, Bureau 221Minatec Campus17 rue des Martyrs38054 Grenoble Cedex
Phone number: 04 38 78 60 47
Email: stephane.mocanu@grenoble-inp.fr
Elige el país al que quieres viajar para estudiar gratis, trabajar o hacer voluntariado