Why is it important to work on the (network) lower layers in cybersecurity?

ERCI, European Railway Clusters Initiative, Lille, FRANCE, 27-/06/2018 - 27/06/2018Présentation des travaux du LEOST sur l'analyse des signaux de bas niveau pour détecter des attaque

A service discovery and automatic deployment component-based software infrastructure for Ubiquitous Computing

International audienceSoftware applications running on mobile devices are more and more needed. These applications have strong requirements to address: device heterogeneity, limited resources, networked communications, and security. Moreover it is required to have appropriate application design, discovery, deployment, and execution paradigms. These requirements are similar to those of any ubiquitous computing application. In this paper, we present a component-based software infrastructure to design, discover, deploy, and execute ubiquitous computing contextual applications. Applications are designed as assemblies of distributed software components. These assemblies are dynamically discovered according to end-users' physical location and device capabilities. Then appropriate assemblies are automatically deployed on users' devices. Ubiquitous contextual services and our software infrastructure are built on top of the OMG's CORBA Component Model (CCM) and are implemented using the OpenCCM platform. As illustration, a service to get information about departure trains is described in detail

Component-based modeling and observer-based verification for railway safety-critical applications

1th International Symposium on Formal Aspects of Component Software , Bertinoro, Italie, 10-/09/2014 - 12/09/2015International audienceOne of the challenges that engineers face, during the development process of safety-critical systems, is the verification of safety application models before implementation. Formalization is important in order to verify that the design meets the specified safety requirements. In this paper, we formally describe the set of transformation rules, which are defined for the automatic transformation of safety application source models to timed automata target models. The source models are based on our domain-specific component model, named SARA, dedicated to SAfety-critical RAilway control applications. The target models are then used for the observer-based verification of safety requirements. This method provides an intuitive way of expressing system properties without requiring a significant knowledge of higher order logic and theorem proving, as required in most of existing approaches. An experimentation over a chosen benchmark at rail-road crossing protection application is shown to highlight the proposed approach

A Cyber-Physical Threat Analysis for Microgrids

SSD 2018, 15th International Multi-Conference on Systems, Signals and Devices, Hammamet, TUNISIE, 19-/03/2018 - 22/03/2018MicroGrids (MGS) are foreseen as a building block of the smart grid. They allow for the integration of distributed energy resources and storage within the conventional grid. This is partly possible through deployment of Information and Communication Technologies (ICTS) within these structures. Therefore cyber security is a major concern for MGS. This paper investigates cyber-physical security aspects of the MG, including vulnerabilities and threat landscape. A cyber-physical security risk assessment is presented for evaluating impacts of exploiting existing vulnerabilities by potential threats on MG operations

Cyber-Physical Security Risk Assessment for Train Control and Monitoring Systems

SSV 2018, 1st International Workshop on System Security and Vulnerability, IEEE CNS Conference on Communications and Network Security, Pekin, CHINE, 30-/05/2018 - 01/06/2018Future railway systems should bring convenience to people's lives. In fact, due to the move away from bespoke stand- alone systems to open-platform, standardized equipments and increasing use of networked control and automation systems and connected technologies, the efficiency and the safety of railway services are improving. However, this dependence of automation, control and communication technologies makes railway systems becoming increasingly vulnerable to cyber-attacks and security threats which affects the overall performance. This paper deals with cybersecurity concerns facing these systems. As such, we analyse characteristics of railway threat landscape. Then, we discuss the direct impacts of the identified potential threats and their consequences on the whole system and we evaluate resulted risks. For space limitation, we choose to present the impact, likelihood and risk analysis for one functionality of the system, namely External Door control (EDC). Some good practices and related techniques for the development of safer, more comfortable, and more secure future railway systems are also discussed

Safety component-based approach and its application to ERTMS/ETCS on-board train control system

International audienceSafety-critical software is becoming more and more complex and at the same time it operates in frequently changing environments on which it reacts by reconfiguring its architecture. Thus, an appropriate modelling approach is needed to reduce the complexity of designing and to enable the verification of dynamic reconfiguration behaviour before the deployment at runtime. The paradigm of software component-based engineering provides an essential support for this. However, composing software from many reconfigurable components can lead to a huge number of possible compositional configurations difficult to handle at design time. Moreover, analysing all possible sequences of reconfiguration, including failure situations, is far beyond feasibility without an appropriate abstraction and granularity levels. In this paper, we propose a hierarchical component-based design approach to reduce the complexity of designing and to analyse the dynamic reconfiguration behaviour. We illustrate our approach with a case study derived from ERTMS/ETCS level 2

Une Infrastructure à Composants pour des Applications Ubiquitaires

National audienceLa multiplication des terminaux mobiles et la généralisation des réseaux sans fil impliquent des changements dans la conception et l'exécution des applications logicielles. La problématique est maintenant clairement identifiée sous le terme informatique ubiquitaire. Nous présentons dans ce papier une infrastructure dédiée aux services contextuels ubiquitaires. Ceux-ci sont conçus sous la forme d'assemblages de composants logiciels distribués et découverts dynamiquement en fonction de la localisation du terminal utilisateur et de ses caractéristiques, puis automatiquement déployés sur ce dernier. Nous avons implanté cette infrastructure, ainsi qu'un exemple de service, au dessus du modèle de composants CORBA de l'OMG et de la plate-forme libre OpenCCM

A Component-based Software Infrastructure for Ubiquitous Computing

(c) IEEE - The original publication is available at http://www.ieee.orgInternational audienceMultiplication of mobile devices and generalized use of wireless networks imply changes on the design and execution of distributed software applications targeting ubiquitous computing. Many strong requirements have to be addressed: heterogeneity and limited resources of wireless networks and mobile devices, networked communications between distributed applications, dynamic discovery and automatic deployment on mobile devices. In this paper, we present a component-based software infrastructure to design, discover, deploy, and execute ubiquitous contextual services, i.e. distributed applications providing services to mobile end-users but only available from a particular place. These ubiquitous contextual services are designed as assemblies of distributed software components. These assemblies are dynamically discovered according to end-users' physical location and device capabilities. Then, appropriate assemblies are automatically deployed on users' devices. We have implemented this approach (the software infrastructure and a ubiquitous application example) on top of the OMG CORBA Component Model and the OpenCCM open source platform

Cyber-physical Threats and Vulnerabilities Analysis for Train Control and Monitoring Systems

IEEE ISNCC 2018, International Symposium on Networks, Computers and Communications, Rome, ITALIE, 19-/06/2018 - 21/06/2018Cyber-physical security is a major concern for the new generation of trains. In fact, trains are increasingly relying on automation, control and communication technologies in order to improve the efficiency and safety of their services as well as the comfort of passengers. This dependency introduces certainly new vulnerabilities and entry points to the system which exposes the system to new threat scenarios. This paper deals with cyber-physical security aspects of Train Control and Monitoring System

A Component-based Software Infrastructure for Ubiquitous Computing

(c) IEEE - The original publication is available at http://www.ieee.orgInternational audienceMultiplication of mobile devices and generalized use of wireless networks imply changes on the design and execution of distributed software applications targeting ubiquitous computing. Many strong requirements have to be addressed: heterogeneity and limited resources of wireless networks and mobile devices, networked communications between distributed applications, dynamic discovery and automatic deployment on mobile devices. In this paper, we present a component-based software infrastructure to design, discover, deploy, and execute ubiquitous contextual services, i.e. distributed applications providing services to mobile end-users but only available from a particular place. These ubiquitous contextual services are designed as assemblies of distributed software components. These assemblies are dynamically discovered according to end-users' physical location and device capabilities. Then, appropriate assemblies are automatically deployed on users' devices. We have implemented this approach (the software infrastructure and a ubiquitous application example) on top of the OMG CORBA Component Model and the OpenCCM open source platform