The French National Research Agency Projects for science

Voir cette page en français

ANR funded project

Sciences et technologies logicielles (DS0704) 2014
Projet AnaStaSec

Static Analysis for Security Properties

An emerging structure in our information processing-based society is the notion of trusted complex systems interacting via heterogeneous networks with an open, mostly untrusted world. This view characterises a wide variety of systems ranging from the information system of a company to the connected components of a private house, all of which have to be connected with the outside. It is in particular the case for some aircraft-embedded computer systems, which communicate with the ground through untrusted communication media. Besides, the increasing demand for new capabilities, such as enhanced on-board connectivity, e.g. using mobile devices, together with the need for cost reduction, lead to more integrated and interconnected systems. For instance, modern aircrafts embed a large number of computer systems, from safety-critical cockpit avionics to passenger entertainment. Some systems meet both safety and security requirements. Despite thorough segregation of subsystems and networks, some shared communication resources raise the concern for possible intrusions.

Some techniques have been developed and still need to be investigated to ensure security and confidentiality properties of such systems. Moreover, most of them are model-based techniques operating only at architectural level and provide no guarantee on the actual implementations. However, most security incidents are due to attackers exploiting subtle implementation-level software vulnerabilities. Systems should therefore be analysed at software level as well (i.e. source or executable code), in order to provide formal assurance that security properties indeed hold for real systems.

Because of the size of such systems, and considering that they are evolving entities, the only economically viable alternative is to perform automatic analyses. Such analyses of security and confidentiality properties have never been achieved on large-scale systems where security properties interact with other software properties, and even the mapping between high-level models of the systems and the large software base implementing them has never been reached and represents an important challenge. The goal of this project is to develop the new concepts and technologies necessary to meet such a challenge.

This project will allow for the formal verification of security properties of software-intensive embedded systems, using automatic static analysis techniques at different levels of representation: models, source and binary codes. Among expected outcomes of the project will be a set of prototype tools, able to deal with realistic large systems and the elaboration of industrial security evaluation processes, based on static analysis.




Inria Rennes - Bretagne Atlantique Centre de recherche Inria Rennes - Bretagne Atlantique

CEA-LIST Commissariat à l'Energie Atomique

INRIA Paris-Rocquencourt INRIA Paris-Rocquencourt


ANR grant: 755 793 euros
Beginning and duration: octobre 2014 - 48 mois


ANR Programme: Sciences et technologies logicielles (DS0704) 2014

Project ID: ANR-14-CE28-0014

Project coordinator:
Monsieur Jérôme Feret (INRIA Paris-Rocquencourt)


Back to the previous page


The project coordinator is the author of this abstract and is therefore responsible for the content of the summary. The ANR disclaims all responsibility in connection with its content.