Commissariat à l’énergie atomique et aux énergies alternatives, France

Profile

CEA LIST is a public research institute focusing on the development of software and hardware technology for highly integrated complex systems (transport, energy, robotics, etc). It is part of the French Alternative Energies and Atomic Energy Commission. Within LIST, the DILS department offers a wide variety of tools and techniques covering the whole software development chain, from modelling to unit, integration, and system testing. This includes in particular the design and validation of complex, critical system and software over the project life cycle, and the use of formal verification techniques on software.

CEA has a long experience and expertise in assessing safety and security issues concerning complex ICT-related systems in various application domains.

This experience stems from two main activities, which are highly relevant to the AQUAS project: the development of a safety and security oriented software design and validation methodology called Sophia and the Frama-C software analysis platform http://frama-c.com/ which has recently been acknowledged as one among the very few software analyzers that can pass the US NIST SATE V criteria[1]. In 2014, the maturity level of these security activities have led to the launch of the TrustInSoft spin-off, whose business is to provide cyber-security certification kits and perform audits for a large variety of software. CEA is also a long partner of standardization bodies and normative working groups among which the OMG (Object Management Group – CEA is one of the main contributors and the current chair of the UML profile, MARTE) and within the NIS Public-Private Platform at ENISA (European Union Agency for Network and Information Security), especially within WG3 “Secure ICT Research and Innovation”.

Relevant expertise

CEA and ALL4TEC have a common R&D laboratory. Results from the project will be integrated within the Eclipse Safety Framework developed jointly and hosted by the Polarsys initiative.

These activities will be studied from a methodological viewpoint in WP2 and applied on two uses Cases ATM Use Case and Rail Carriage Mechanism.

SOFIA framework for model-based Safety and reliability analysis. The tool is integrated with Papyrus System Modeling tool.

Papyrius system Modeling framework highly customizable using UML profile mechanisms.

Qompass multi-criteria architectural evaluation support integrated with Papyrus and using MARTE notations. It is integrated with Papyrus tool.

Frama-C formal Code analysis tool.

Participation in project IMOFIS, VERDE, SIRSEC, BUILD-it-SAFE, Romeo2, RISC, SESAM-GRID, and Maenad.

Main tasks

CEA has a common laboratory with ALL4Tec and joint works on system engineering and model-based testing bricks to enhance the All4Tec offer (e.g. SafetyArchitect). AQUAS will be an opportunity to foster this technological transfer.

CEA has a strategic partnership regarding the promotion and development of formal techniques in various application domains. AQUAS will benefit from this joint work.

CEA has been working with Tecnalia on a recent CIPS Action the RISC project which targeted the convergence of cyber and physical security assessment methods. A use case was centered on the security of metro Bilbao. This joint work has been successfully conducted and is on its way to be furter developed in forthcoming H2020 security calls.

[1] US National Institute of Standards and Technology initiative Static Analysis Tool Exposition, see http://trust-in-soft.com/resources/nist_sate_v_ockham/.