S1.1: RESEARCH AND DEVELOPMENT IN EUROPE FOR COMPETITIVE MANUFACTURING Competitiveness of Industry by means of Cross Fertilisation
STORYLINE: FOCUS ON KEY ENABLERS FOR DISTRIBUTED INDUSTRIALS SYSTEMS HOW INNOVATIONS BENEFIT FROM THE «PAST»
WHEN A LAB BECOMES AN R.T.O The era of Physics and nuclear The era of new technologies Change of paradigm Massive Introduction of ICT in all the Sectors Transformation of CEA 3
WHEN A LAB BECOMES AN R.T.O Transfer of high performance technologies to INDUSTRY Digitalisation of power generation factories in the 80 In core and out core sensor monitoring reactor Robotics for assembly Control Command Reactor Sensor and Software security High performance simulation infrastructure System Modelling Distributed architectures Numerical models * Available from power generation portfolio 4
A TYPICAL PORTFOLIO Part of COMPONENTS and S.O.C ENGINEERING Transfer to Aero, Auto, etc Manycore processor Safe RT OS IC Architecture IC & SOC simulation Imaging EMC / RF Reliability Smart Sensors Green computing Wire diagnostic Pedestrian detection Geolocalisation by vision Safe control command Energy management Modeling tool Security library
LET S HAVE EXAMPLES CREATED FOR THE ENERGY GENERATION SECTOR Sources: http://www.actionplant-project.eu/public/documents/roadmap.pdf
LET S HAVE EXAMPLES CREATED FOR THE ENERGY GENERATION SECTOR Secure Real Time execution Access to formalisation: Model Based Engineering Access to formalisation: Model Based Engineering Sources: http://www.actionplant-project.eu/public/documents/roadmap.pdf
FOCUS ON SEVERAL INCREMENTAL INNOVATIONS Secure Real Time execution Access to formalisation: Model Based Engineering Confidence in software and systems: Formal methods 8
SECURE REAL TIME EXECUTION PROBLEM: SAFETY PROVEN REAL TIME OPERATING SYSTEM Embedded software architecture that combines memory and temporal protection. Multicore management at OS level From 1993 To 2011 Nuclear Automotive Energy Manycore Secured Hypervision INNOVATION: Software availability is predictable and guaranteed Optimized architecture for running critical/non critical tasks simultaneously To 2015 9
FOCUS ON SEVERAL INCREMENTAL INNOVATIONS Secure Real Time execution Access to formalisation: Model Based Engineering Confidence in software and systems: Formal methods 10
MODEL DRIVEN ENGINEERING MODEL-DRIVEN ENGINEERING WITH PAPYRUS Open-source Graphical Modeling Tool Suite Multi-purpose modeling (business, system, software, real-time) Interoperable with external tools Easy to build customized tool-chains for specific domains and needs (robotics, automotive, avionics, telecommunications, energy, cyber-security) Tool suite Wide adoption in industrial settings!
MODEL DRIVEN ENGINEERING Papyrus for manufacturing, what s new? Holistic integration and optimisation of ISA95 levels through system modeling Product View Business view: : Optimisation criteria fixed here Enterprise process view Manufacturing process view Standard ISA-95 Level 4 : Enterprise processes Level 3: Manufacturing processes Level 2: Manufacturing Operations Level 1: Sensors, machines
SYSTEM ENGINEERING AND MANUFACTURING Business Process modeling and simulation Cobots and tele-op control Architecture optimization Model-based testing and validation
FOCUS ON SEVERAL INCREMENTAL INNOVATIONS Secure Real Time execution Access to formalisation: Model Based Engineering Confidence in software and systems: Formal methods 14
CYBERATTACKS ON REAL WORLD 2007: A generator self-destruct after an experimental cyberattack in a powerplant 2008: A polish teenager takes control (via internet) of a tram and makes it derailing. 2010: STUXNET worm was targeting the Iranian nuclear program 2010: Wireless sensors used for carjacking DECEMBER 3, 2015
CYBERSECURITY : MAIN AXES Software verification Industrial systems Secured components : OS & virtualization Cloud computing Processing on encrypted data Data processing & analysis IT & networks Security of communicating objects Internet of Things Extraction & synthesis from multimedia data Intelligence
COMPLEX SYSTEM: THE AUTOMOTIVE AS AN EXAMPLE ENGINE ADAS COMFORT Multimedia
Network Firewall Network translation Workstation firewall Application integrity Kernel controls Hypervisor separation Hardware watchdog BASICS OF CYBERATTACKS Threats 1: Where are the security holes? Code Analysis Attacker Threats 2: How sequences can be used? Risk Analysis
AUTOMATED RISK ANALYSIS Threats 1: Where are the security holes? RISK Analysis EBIOS Risk Analysis Sophia System Development SOPHIA-Requirements Model Design Concept & Requirements Validation Acceptance & Maintenance Top Event SOPHIA-FTA SOPHIA-FMEA SOPHIA-ModelChecking Preliminary Safety Assessment Design & Optimization Validation Integration & Test System Safety Assessment Implementation Basic Event
SOURCE CODE ANALYSIS WITH FRAMA-C Threats 2: How sequences can be used? CODE Analysis Code verification tool: Modular. Cooperative. 100% bugs detected. <weakness id="2958"> <name>invalid memory access</name> <location path="synthetic/testcases/cwe126_buffer_overread/s0 2/CWE126_Buffer_Overread malloc_wchar_t_loop_03.c" line="70"> </location> <grade severity="4"/> <output><textoutput><![cdata[../ppc/share/libc/wcha r.c:32:[kernel] warning: out of bounds write. assert \valid(tmp); stack: wmemset :: testcases/cwe126_buffer_overread/s02/cwe126_buffer_ Overread malloc_wchar_t_loop_03.c:70 <- goodg2b1 :: testcases/cwe126_buffer_overread/s02/cwe126_buffer_ Overread malloc_wchar_t_loop_03.c:123 <- CWE126_Buffer_Overread malloc_wchar_t_loop_03_good ]]></textoutput></output></weakness> Safety A380 programme Nuclear plant code analysis Certification COTS verification (security protocols, compression library, etc.).
SOURCE CODE ANALYSIS WITH FRAMA-C Threats 2: How sequences can be used? CODE Analysis Open-source Code Analysis Platform to guarantee absence of software vulnerabilities, conformity to safety and security coding-standards, conformity to specifications Modular via plug-ins Collaborative Combination of formal methods for better coverage > 100+ kloc > C source code > Highest cert ification requ irements > 80% code coverage > 200 alarms Wide adoption for critical domains & needs! <weakness id="2958"> <name>invalid memory access</name> <location path="synthetic/testcases/cwe126_buffer_overread/s0 2/CWE126_Buffer_Overread malloc_wchar_t_loop_03.c" line="70"> </location> <grade severity="4"/> <output><textoutput><![cdata[../ppc/share/libc/wcha r.c:32:[kernel] warning: out of bounds write. assert \valid(tmp); stack: wmemset :: testcases/cwe126_buffer_overread/s02/cwe126_buffer_ Overread malloc_wchar_t_loop_03.c:70 <- goodg2b1 :: testcases/cwe126_buffer_overread/s02/cwe126_buffer_ Overread malloc_wchar_t_loop_03.c:123 <- CWE126_Buffer_Overread malloc_wchar_t_loop_03_good ]]></textoutput></output></weakness> Safety A380 program Nuclear power plant software analysis Certification Health robotics Validation of COTS software (security protocols, compression libraries, etc.). Awarded by NIST
EXAMPLE OF ANALYSIS DETECTING SECURITY FLAWS How do we reach the sophisticated last vulnerabilities in core IT components? Detect all occurrences of a given category of vulnerabilities. Using automated code analyses Handling general-purpose code constructs Derived from DO / ISO-proven tools THREAT INTELLIGENCE Making sense of artefacts, communications, and interactions. Data analysis Pattern identification Traffic analysis Text and picture analysis Information search Multimedia, multilingual Visual analytics Fixed a condition where QLZ_MEMORY_SAFE could fail detecting corrupted data. Thanks to Pascal Cuoq and Kerstin Hartig who used Frama- C's value analysis!
Examples: 1 Revolution in CyberSecurity verification 2 Large Code Base Verification Defense Advanced Research Projects Agency Objective: Revolutionize cybersecurity evaluation accelerate cost-effective formal verification of source code Means & Method : exploit gamers ingenuity in CrowdSourced Formal Verification (CSFV) via prototype games assess absence of critical security flaws in code Objective: Guarantee absence of faults in SCADA system large code base Means & Method: Frama-C toolkit : develop automated testing - pinpoint run-time errors & causes - assess structural properties: memory separation, cyclic behaviours achieve IEC60880 Class 1 (Nuclear) safety-critical software certification
Didier VANDEN ABEELE CEA LIST Deputy Director -European Affairs didier.vanden-abeele@cea.fr +33 6 78 13 81 18 PAGE 24