SUJET DE THÈSE
Security Patch Management for Naval Systems
Context
In response to the goal of acquiring cybersecurity skills and technologies set out in the 2013 White Paper on Defense, the Naval Systems Cyberdefense Chair was established through academic and industrial cooperation between Télécom Bretagne, the École Navale, DCNS, and Thales. The application of cybersecurity research to the naval sector is particularly crucial at a time when ships—both civilian and military—are integrating numerous IT systems that control critical mechanical actuators or enable the vessel to communicate, navigate, and perceive its operational environment.
Although beneficial in terms of efficiency and precision, the presence of these IT systems can create vulnerabilities that attackers may exploit. These vulnerabilities may be software-based, hardware-related, organizational, or human, raising challenges in their detection and remediation. The objective of this PhD research, which began in October 2015, is to design processes and tools for managing the deployment of countermeasures that mitigate potential vulnerabilities in these complex cyber-physical systems. To achieve this, we have developed a behavioral modeling and knowledge maintenance process for ships, spanning the entire lifecycle of the system (tasks 1-1 to 1-3), which serves as the foundation for the vulnerability response process (tasks 2-1 to 2-4).
Task 2-2, "Impact Analysis," is the scientific core of this research. Based on a behavioral modeling approach using finite state automata, this task results in the expression of the impact of an atomic modification on the overall system behavior and its ability to perform critical missions, represented in the form of a metric.
This process has been validated through simulation, and an experiment is currently underway to confirm its applicability to real-world systems.
