International Association for Cryptologic Research

International Association
for Cryptologic Research

All job postings
CEA-LETI Grenoble, France
Industrial systems are often used to monitor and control a physical process such as energy production and distribution, water cleaning or transport systems. They are often simply called Supervisory Control And Data Acquisition (SCADA) systems. Due to their interaction withthe real world, the safety of these systems is critical and any incident can potentially harm humans and the environment. One of the main research axis in cybersecurity of industrial systems deals with combination of safety and security properties. Safety relates to applicative properties of the system (e.g. chemical properties for a chemical factory); while security properties take into account how an intruder can harm the system. As show in [3], combining safety and security is a challenging topic as these properties can be either dependent, strengthening, antagonist or independent. currently no tool is able to handle both aspects at the same time. In this context, we propose a Ph.D thesis revolving around modeling of industrial systems taking into account both safety properties of the physical process and security properties. Besides the definition of an accurate, yet automatically analyzable modeling framework/language, many aspects can be part of the subject. For instance, programmable automata (PLC) configuration files could be generated from this model in order to only deploy programs validated beforehand. PLC vulnerabilities could be studied (firmware reverse engineering, protocol fuzzing) in order to test the technical feasibility of found attacks. Finally, in a certification context, security analyzes on the model could include requirements from standards such as IEC 62443 [5] to help evaluation process
Contact: Maxime Puys
Last updated: 2020-04-27 posted on 2020-04-16