Security Analysis: From model to system analysis - Archive ouverte HAL Access content directly
Conference Papers Year :

Security Analysis: From model to system analysis

(1, 2) , (3, 2) , (3, 2) , (3, 2)
1
2
3

Abstract

There is a wide range of security solutions on cyber-physical systems, most aimed at preventing an adversary from gaining access to the system. However, to make a cyber-physical system more resilient and discover possible attack scenarios, it is necessary to analyze systems by taking into account their interactions with their environment. Standard formal analysis approaches are based on a model of the system. From a quantitative and qualitative point of view, the results of these analyzes depends on the model abstraction relative to the system. Usually, property verification is performed with formulas expressed in specific logics such as LTL or CTL. One of the problems is the semantic gap between textual requirements and these formalisms. In a security context, attacker interests are also necessary to take into account in the properties expression, in addition to system requirements. In this article we propose an approach allowing to analyze a real cyber-physical system while taking into account the interests of an attacker and while reducing the semantic gap between the textual requirements and logic formulas. The proposed methodology relies on the property specification patterns and the specification of an interface related to the state of the deployed embedded software. The motivating example used in this article comes from an industrial partner included in a collaborative project.
Fichier principal
Vignette du fichier
Property_verification_on_embedded_systems-1.pdf (437.48 Ko) Télécharger le fichier
Origin : Files produced by the author(s)

Dates and versions

hal-03866297 , version 1 (24-11-2022)

Identifiers

  • HAL Id : hal-03866297 , version 1

Cite

Drouot Bastien, Valery Monthe, Sylvain Guérin, Joël Champeau. Security Analysis: From model to system analysis. CRiSiS 2022 : International Conference on Risks and Security of Internet and Systems, Dec 2022, Sousse, Tunisia. ⟨hal-03866297⟩
0 View
0 Download

Share

Gmail Facebook Twitter LinkedIn More