S1.1: RESEARCH AND DEVELOPMENT IN EUROPE FOR COMPETITIVE MANUFACTURING. Competitiveness of Industry by means of Cross Fertilisation

Similar documents
FORMAL VERIFICATION OF EMBEDDED SOFTWARE THROUGH FRAMA-C. Julien Signoles Software Security Labs CEA LIST

Innovation policy for Industry 4.0

Cyber Security Technologies

MASP Chapter on Safety and Security

SIMPLIFYING THE CAR. Helix chassis. Helix chassis. Helix chassis WIND RIVER HELIX CHASSIS WIND RIVER HELIX DRIVE WIND RIVER HELIX CARSYNC

The Road to Industry 4.0

BUILDING FUNCTIONAL SAFETY PRODUCTS WITH WIND RIVER VXWORKS RTOS

Cybersecurity & Risks Analysis

Riccardo Mariani, Intel Fellow, IOTG SEG, Chief Functional Safety Technologist

Cybersecurity and Communications Based Train Control

Smart Manufacturing and Standards: The NIST Role

The Challenges of Risk Assessment for Smart Grid

Don t Be the Developer Whose Rocket Crashes on Lift off LDRA Ltd

Cyber Security for Process Control Systems ABB's view

Secure Product Design Lifecycle for Connected Vehicles

Expanding Cyber Security Management for Critical Infrastructure

Cybersecurity Presidential Policy Directive Frequently Asked Questions. kpmg.com

CCNA Cybersecurity Operations 1.1 Scope and Sequence

CCNA Cybersecurity Operations. Program Overview

Enhancing infrastructure cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services

AUTOMOTIVE FUNCTIONAL SAFETY: ACCELERATING INNOVATION THROUGH COOPERATION AND CONSENSUS IN STANDARDS

Cisco Connected Factory Accelerator Bundles

THE RTOS AS THE ENGINE POWERING THE INTERNET OF THINGS

Seagate Supply Chain Standards and Operational Systems

Security: The Key to Affordable Unmanned Aircraft Systems

Disaster Management and Security Solutions to Usher in the IoT Era

Cyber Threat Assessment and Mitigation for Power Grids Lloyd Wihl Director, Application Engineering Scalable Network Technologies

Featured Articles II Security Platforms Hitachi s Security Solution Platforms for Social Infrastructure

FORTIKA - Cyber Security Accelerator for trusted SMEs IT Ecosystems THE PROJECT

Chapter 18 SaskPower Managing the Risk of Cyber Incidents 1.0 MAIN POINTS

EU LEIT-ICT program and SE position on FP9

KPIT S Connected Vehicle Practice

IOT FLAGSHIP PROJECT. Dr. Mario Drobics, AIT

Maturity assessment on Cybersecurity for critical infrastructures

Professional Services Overview

Ongoing EPRI Plant Modernization and Configuration Management Initiatives

FLUID COMPUTING. ARC FORUM, India Ricky Watts Director of Industrial Solutions, Wind River IN A SOFTWARE-DEFINED WORLD

Cyber Risk A new challenge for Classification Societies

National Cybersecurity Center of Excellence

Assessments Audits CERTIFICATION

to Address Cyber Physical Systems Security (CPSSEC)

Safety & Cybersecurity of embedded softwares in product and process

The Future of Smart Cards: Bigger, Faster and More Secure

Scalable Security solutions to enable Cyber Security and to manage Digital Identities

Top 10 ICS Cybersecurity Problems Observed in Critical Infrastructure

Protecting productivity with Industrial Security Services

Tradition meets modernity

SANS SCADA and Process Control Europe Rome 2011

National Institute of Standards and Technology

Enabling Safe, Secure, Smarter Cars from Silicon to Software. Jeff Hutton Synopsys Automotive Business Development

Security by Default: Enabling Transformation Through Cyber Resilience

Presentation's title

INDUSTRIAL SECURITY STORMSHIELD PROTECTION FOR OPERATIONAL NETWORKS. Unified Threat Management and Next-Generation Firewalls Solutions

Challenges in Maritime and Supply Chains Security

cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services

Power Grid Resilience, Reliability and Security Research at Idaho National Laboratory

ATTIVO NETWORKS THREATDEFEND PLATFORM INTEGRATION WITH CISCO SYSTEMS PROTECTS THE NETWORK

Accelerating Innovation and Collaboration for the Next Stage

Digitalization of Nuclear Power Plants at EDF

ENISA & Cybersecurity. Dr. Udo Helmbrecht Executive Director, European Network & Information Security Agency (ENISA) 25 October 2010

PROFINET The leading communication system

CYBERSECURITY IN THE INDUSTRIAL INTERNET OF THINGS

MITA s approach to Open Standards. Presented by: Noel Cuschieri 24 th November 2015

Five Steps to Improving Security in Embedded Systems

Best Practices Process & Technology. Sachin Dhiman, Senior Technical Consultant, LDRA

Security Challenges with ITS : A law enforcement view

NCCoE TRUSTED CLOUD: A SECURE SOLUTION

Risk Informed Cyber Security for Nuclear Power Plants

Validating the Security of the Borderless Infrastructure

Improving Security in Embedded Systems Felix Baum, Product Line Manager

SGS CYBER SECURITY GROWTH OPPORTUNITIES

Automotive Anomaly Monitors and Threat Analysis in the Cloud

Role of I&C Conceptual Design in NPP Licensing

Securing the future of mobility

SMART Ship Program. Najmeh Masoudi Cyber safety and security manager. Palazzo S. Giorgio - Genova, 28/06/ Copyright Bureau Veritas

COMPUTER SECURITY DESIGN METHODOLOGY FOR NUCLEAR FACILITY & PHYSICAL PROTECTION SYSTEMS

COUNCIL OF THE EUROPEAN UNION. Brussels, 24 May /13. Interinstitutional File: 2013/0027 (COD)

Control System Security for Social Infrastructure

Descriptions for CIS Classes (Fall 2017)

From Design to Production

Doug Couto Texas A&M Transportation Technology Conference 2017 College Station, Texas May 4, 2017

Brussels, 19 May 2011 COUNCIL THE EUROPEAN UNION 10299/11 TELECOM 71 DATAPROTECT 55 JAI 332 PROCIV 66. NOTE From : COREPER

HORIZON 2020 WORK PROGRAMME I: INFORMATION AND COMMUNICATION TECHNOLOGIES

Securing Industrial Control Systems

Media (NEM) Initiative

Birgit Morlion. DG Communications Networks, Content and Technology (DG CONNECT)

Cyber Security in Europe

Cyber Security Requirements for Supply Chain. June 17, 2015

Welcome to the Second Annual Intelligence & National Security Forum

ARC VIEW. Critical Industries Need Active Defense and Intelligence-driven Cybersecurity. Keywords. Summary. By Sid Snitkin

IoT & SCADA Cyber Security Services

IndusSec. Industrial Network Security System. 9three Solutions Inc.

Real-Time Systems and Intel take industrial embedded systems to the next level

Establishing a Framework for Effective Testing and Validation of Critical Infrastructure Cyber-Security

Protecting Buildings Operational Technology (OT) from Evolving Cyber Threats & Vulnerabilities

Europe s Advanced Manufacturing Partnership Factories of the Future. Željko Pazin Executive Director

Incentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO

Who Goes There? Access Control in Water/Wastewater Siemens AG All Rights Reserved. siemens.com/ruggedcom

ENISA EU Threat Landscape

Plant Security Services Protecting productivity in the digital era October

Transcription:

S1.1: RESEARCH AND DEVELOPMENT IN EUROPE FOR COMPETITIVE MANUFACTURING Competitiveness of Industry by means of Cross Fertilisation

STORYLINE: FOCUS ON KEY ENABLERS FOR DISTRIBUTED INDUSTRIALS SYSTEMS HOW INNOVATIONS BENEFIT FROM THE «PAST»

WHEN A LAB BECOMES AN R.T.O The era of Physics and nuclear The era of new technologies Change of paradigm Massive Introduction of ICT in all the Sectors Transformation of CEA 3

WHEN A LAB BECOMES AN R.T.O Transfer of high performance technologies to INDUSTRY Digitalisation of power generation factories in the 80 In core and out core sensor monitoring reactor Robotics for assembly Control Command Reactor Sensor and Software security High performance simulation infrastructure System Modelling Distributed architectures Numerical models * Available from power generation portfolio 4

A TYPICAL PORTFOLIO Part of COMPONENTS and S.O.C ENGINEERING Transfer to Aero, Auto, etc Manycore processor Safe RT OS IC Architecture IC & SOC simulation Imaging EMC / RF Reliability Smart Sensors Green computing Wire diagnostic Pedestrian detection Geolocalisation by vision Safe control command Energy management Modeling tool Security library

LET S HAVE EXAMPLES CREATED FOR THE ENERGY GENERATION SECTOR Sources: http://www.actionplant-project.eu/public/documents/roadmap.pdf

LET S HAVE EXAMPLES CREATED FOR THE ENERGY GENERATION SECTOR Secure Real Time execution Access to formalisation: Model Based Engineering Access to formalisation: Model Based Engineering Sources: http://www.actionplant-project.eu/public/documents/roadmap.pdf

FOCUS ON SEVERAL INCREMENTAL INNOVATIONS Secure Real Time execution Access to formalisation: Model Based Engineering Confidence in software and systems: Formal methods 8

SECURE REAL TIME EXECUTION PROBLEM: SAFETY PROVEN REAL TIME OPERATING SYSTEM Embedded software architecture that combines memory and temporal protection. Multicore management at OS level From 1993 To 2011 Nuclear Automotive Energy Manycore Secured Hypervision INNOVATION: Software availability is predictable and guaranteed Optimized architecture for running critical/non critical tasks simultaneously To 2015 9

FOCUS ON SEVERAL INCREMENTAL INNOVATIONS Secure Real Time execution Access to formalisation: Model Based Engineering Confidence in software and systems: Formal methods 10

MODEL DRIVEN ENGINEERING MODEL-DRIVEN ENGINEERING WITH PAPYRUS Open-source Graphical Modeling Tool Suite Multi-purpose modeling (business, system, software, real-time) Interoperable with external tools Easy to build customized tool-chains for specific domains and needs (robotics, automotive, avionics, telecommunications, energy, cyber-security) Tool suite Wide adoption in industrial settings!

MODEL DRIVEN ENGINEERING Papyrus for manufacturing, what s new? Holistic integration and optimisation of ISA95 levels through system modeling Product View Business view: : Optimisation criteria fixed here Enterprise process view Manufacturing process view Standard ISA-95 Level 4 : Enterprise processes Level 3: Manufacturing processes Level 2: Manufacturing Operations Level 1: Sensors, machines

SYSTEM ENGINEERING AND MANUFACTURING Business Process modeling and simulation Cobots and tele-op control Architecture optimization Model-based testing and validation

FOCUS ON SEVERAL INCREMENTAL INNOVATIONS Secure Real Time execution Access to formalisation: Model Based Engineering Confidence in software and systems: Formal methods 14

CYBERATTACKS ON REAL WORLD 2007: A generator self-destruct after an experimental cyberattack in a powerplant 2008: A polish teenager takes control (via internet) of a tram and makes it derailing. 2010: STUXNET worm was targeting the Iranian nuclear program 2010: Wireless sensors used for carjacking DECEMBER 3, 2015

CYBERSECURITY : MAIN AXES Software verification Industrial systems Secured components : OS & virtualization Cloud computing Processing on encrypted data Data processing & analysis IT & networks Security of communicating objects Internet of Things Extraction & synthesis from multimedia data Intelligence

COMPLEX SYSTEM: THE AUTOMOTIVE AS AN EXAMPLE ENGINE ADAS COMFORT Multimedia

Network Firewall Network translation Workstation firewall Application integrity Kernel controls Hypervisor separation Hardware watchdog BASICS OF CYBERATTACKS Threats 1: Where are the security holes? Code Analysis Attacker Threats 2: How sequences can be used? Risk Analysis

AUTOMATED RISK ANALYSIS Threats 1: Where are the security holes? RISK Analysis EBIOS Risk Analysis Sophia System Development SOPHIA-Requirements Model Design Concept & Requirements Validation Acceptance & Maintenance Top Event SOPHIA-FTA SOPHIA-FMEA SOPHIA-ModelChecking Preliminary Safety Assessment Design & Optimization Validation Integration & Test System Safety Assessment Implementation Basic Event

SOURCE CODE ANALYSIS WITH FRAMA-C Threats 2: How sequences can be used? CODE Analysis Code verification tool: Modular. Cooperative. 100% bugs detected. <weakness id="2958"> <name>invalid memory access</name> <location path="synthetic/testcases/cwe126_buffer_overread/s0 2/CWE126_Buffer_Overread malloc_wchar_t_loop_03.c" line="70"> </location> <grade severity="4"/> <output><textoutput><![cdata[../ppc/share/libc/wcha r.c:32:[kernel] warning: out of bounds write. assert \valid(tmp); stack: wmemset :: testcases/cwe126_buffer_overread/s02/cwe126_buffer_ Overread malloc_wchar_t_loop_03.c:70 <- goodg2b1 :: testcases/cwe126_buffer_overread/s02/cwe126_buffer_ Overread malloc_wchar_t_loop_03.c:123 <- CWE126_Buffer_Overread malloc_wchar_t_loop_03_good ]]></textoutput></output></weakness> Safety A380 programme Nuclear plant code analysis Certification COTS verification (security protocols, compression library, etc.).

SOURCE CODE ANALYSIS WITH FRAMA-C Threats 2: How sequences can be used? CODE Analysis Open-source Code Analysis Platform to guarantee absence of software vulnerabilities, conformity to safety and security coding-standards, conformity to specifications Modular via plug-ins Collaborative Combination of formal methods for better coverage > 100+ kloc > C source code > Highest cert ification requ irements > 80% code coverage > 200 alarms Wide adoption for critical domains & needs! <weakness id="2958"> <name>invalid memory access</name> <location path="synthetic/testcases/cwe126_buffer_overread/s0 2/CWE126_Buffer_Overread malloc_wchar_t_loop_03.c" line="70"> </location> <grade severity="4"/> <output><textoutput><![cdata[../ppc/share/libc/wcha r.c:32:[kernel] warning: out of bounds write. assert \valid(tmp); stack: wmemset :: testcases/cwe126_buffer_overread/s02/cwe126_buffer_ Overread malloc_wchar_t_loop_03.c:70 <- goodg2b1 :: testcases/cwe126_buffer_overread/s02/cwe126_buffer_ Overread malloc_wchar_t_loop_03.c:123 <- CWE126_Buffer_Overread malloc_wchar_t_loop_03_good ]]></textoutput></output></weakness> Safety A380 program Nuclear power plant software analysis Certification Health robotics Validation of COTS software (security protocols, compression libraries, etc.). Awarded by NIST

EXAMPLE OF ANALYSIS DETECTING SECURITY FLAWS How do we reach the sophisticated last vulnerabilities in core IT components? Detect all occurrences of a given category of vulnerabilities. Using automated code analyses Handling general-purpose code constructs Derived from DO / ISO-proven tools THREAT INTELLIGENCE Making sense of artefacts, communications, and interactions. Data analysis Pattern identification Traffic analysis Text and picture analysis Information search Multimedia, multilingual Visual analytics Fixed a condition where QLZ_MEMORY_SAFE could fail detecting corrupted data. Thanks to Pascal Cuoq and Kerstin Hartig who used Frama- C's value analysis!

Examples: 1 Revolution in CyberSecurity verification 2 Large Code Base Verification Defense Advanced Research Projects Agency Objective: Revolutionize cybersecurity evaluation accelerate cost-effective formal verification of source code Means & Method : exploit gamers ingenuity in CrowdSourced Formal Verification (CSFV) via prototype games assess absence of critical security flaws in code Objective: Guarantee absence of faults in SCADA system large code base Means & Method: Frama-C toolkit : develop automated testing - pinpoint run-time errors & causes - assess structural properties: memory separation, cyclic behaviours achieve IEC60880 Class 1 (Nuclear) safety-critical software certification

Didier VANDEN ABEELE CEA LIST Deputy Director -European Affairs didier.vanden-abeele@cea.fr +33 6 78 13 81 18 PAGE 24

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback