Claire Loiseaux - Academia.edu (original) (raw)
Uploads
Papers by Claire Loiseaux
Lecture Notes in Computer Science, 1993
We study property preserving transformations for reactive systems. A key idea is the use of ~ ~o,... more We study property preserving transformations for reactive systems. A key idea is the use of ~ ~o, ~ ~-simulations which are simulations parameterized by a Galois connection (~, ~b), relating the lattices of properties of two systems. We propose and study a notion of preservation of properties expressed by formulas of a logic, by a function ~0 mapping sets of states of a system S into sets of states of a system S'. Roughly speaking, ~a preserves f if the satisfaction of f at some state of S implies that f is satisfied by any state in the image of this state by ~. The main results concern the preservation of properties expressed in sublauguages of the branching time p-calculus when two systems • and S' are related via < ~0, ~b >-simulations. They can be used in particular to verify a property for a system by proving this property on a simpler system which is an abstraction of it.
Proceedings of the 5th International Conference on Vehicle Technology and Intelligent Transport Systems, 2019
Keeping a vehicle secure implies provide of a long-term support, where over-the-air updates (OTA)... more Keeping a vehicle secure implies provide of a long-term support, where over-the-air updates (OTA) play an essential role. Clear understanding of OTA threats is essential to counter them efficiently. Existing research on OTA threats often exclude human actors, such as drivers and maintenance personnel, as well as leave aside privacy threats. This paper addresses the gap by investigates security and privacy OTA threats relevant for vehicle manufacturers for the whole product lifecycle. We report on a practical scenario "long term support", its data flow elements, and outcomes of threat analyses. We apply state of the art approaches, such as STRIDE (extended with an automotive template) and LINDDUN, to an automotive case and consider an automotivespecific UNECE OTA threat catalogue. Outcomes indicate complementarity of these methods and provide inputs to studies how well they address practical automotive cases. 2 BACKGROUND Security is one of the biggest challenges for OTA updates due to the severity and liability of potential 550
Lecture Notes in Computer Science, 2019
Extreme weather and the proliferation of impervious areas in urban watersheds increases the frequ... more Extreme weather and the proliferation of impervious areas in urban watersheds increases the frequency of flood events and deepens water quality concerns. Bioretention is a type of green infrastructure practice developed to mitigate these impacts by reducing peak flows, runoff volume, and nutrient loads in stormwater. However, studies have shown inconsistency in the ability of bioretention to manage some pollutants, particularly some forms of nitrogen. Innovative sensor and control technologies are being tested to actively manage urban stormwater, primarily in open water stormwater systems such as wet ponds. Through these cyber-physical controls, it may be possible to optimize storage time and/or soil moisture dynamics within bioretention cells to create more favorable conditions for water quality improvements. A column study testing the influence of active control on bioretention system performance was conducted over a 9-week period. Active control columns were regulated based on either maintaining a specific water level or soil moisture content and were compared to free draining (FD) and internal water storage standards. Actively controlled bioretention columns performed similarly, with the soil moisture-based control showing the best performance with over 86% removal of metals and total suspended solids (TSS) while also exhibiting the highest ammonium removal (43%) and second highest nitrate removal (74%). While all column types showed mostly similar TSS and metal removal trends (median 94 and 98%, respectively), traditionally FD and internal water storage configurations promoted aerobic and anaerobic processes, respectively, which suggests that actively controlled systems have greater potential for targeting both processes. The results suggest that active controls can improve upon standard bioretention designs, but further optimization is required to balance the water quality benefits gained by retention time against storage needs for impending storms.
Lecture Notes in Computer Science, 2021
Vehicle systems engineering experiences new challenges with vehicle electrification, advanced dri... more Vehicle systems engineering experiences new challenges with vehicle electrification, advanced driving systems, and connected vehicles. Modern architectural designs cope with an increasing number of functionalities integrated into complex Electric/Electronic (E/E) systems. Such complexity is extended, adding V2X (Vehicle-to-everything) communication systems, which provide remote communication services that collect, store, and manipulate confidential data. The impact on Safety, Security, and Privacy (SSP) of these new advanced technological systems requires the implementation of new processes during their development phase. Therefore, new product development strategies need to be implemented to integrate SSP mechanism across the entire product development lifecycle. The European H2020 ECSEL project SECREDAS proposes an innovative solution for Safety, Security and Privacy specifically for automated systems. The project outlines the shortcomings of existing SSP approaches and proposes its own approach to implementing SSP mechanism for the emerging technologies. This approach includes a reference architecture with SSP features implemented by a set of reusable Design Patterns (DPs) along with their associated technology elements. This guideline proposes rules for developing new architectural Safety, Security, and Privacy implementations in a product under development using Design Patterns.
2019 15th European Dependable Computing Conference (EDCC), 2019
Safety-critical systems are required to comply with safety standards. These systems are increasin... more Safety-critical systems are required to comply with safety standards. These systems are increasingly digitized and networked to an extent where they need to also comply with security and privacy standards. This paper aims to provide insights into how practitioners apply the standards on safety, security or privacy (Sa/Se/Pr), as well as how they employ Sa/Se/Pr analysis methodologies and software tools to meet such criteria. To this end, we conducted a questionnaire-based survey within the participants of an EU project SECREDAS and obtained 21 responses.
We study property preserving transformations for reactive systems. A key idea is the use of %-sim... more We study property preserving transformations for reactive systems. A key idea is the use of %-simulations which are simulations parametrized by a relation %, relating the domains of two systems. We particularly address the problem of property preserving abstractions of composed programs. For a very general notion of parallel composition, we give the conditions under which simulation is a precongruence for parallel composition and we study which kind of global properties are preserved by these abstractions.
Formal Methods in System Design, 1995
We study property preserving transformations for reactive systems. The main idea is the use of si... more We study property preserving transformations for reactive systems. The main idea is the use of simulationsparameterized by Galois connections(), relating the lattices of properties of two systems. We propose and study a notion of preservation of properties expressed by formulas of a logic, by a function mapping sets of states of a system S into sets of states of a system S'. We g i v e results on the preservation of properties expressed in sublanguages of the branching time-calculus when two systems S and S' are related via h i-simulations. They can be used to verify a property for a system by v erifying the same property on a simpler system which i s a n abstraction of it. We s h o w also under which conditions abstraction of concurrent systems can be computed from the abstraction of their components. This allows a compositional application of the proposed veri cation method. This is a revised version of the papers 2] and 16] the results are fully developed in 27].
Lecture Notes in Computer Science, 1993
~,Ve give the description of a verification tool taking boolean programs of guarded commands as i... more ~,Ve give the description of a verification tool taking boolean programs of guarded commands as input; internal representation of programs are sets of Binary Decision Diagrams (BDD) (one for each guarded command). It allows to construct an abstract program of the same form obtained using an abstraction relation given by a boolean expression on "concrete" and "abstract" ~riables. The tool allows the verification of CTL formulas on programs. Vv'e illustrate its possibilities on an example.
ASTRA is a security analysis method based on the systematic collection and analysis of security r... more ASTRA is a security analysis method based on the systematic collection and analysis of security relevant information to detect inconsistencies and assess residual risks. ASTRA can accommodate organizational as well as technical aspects of security and it can be applied to innovative products for which no security data (e.g. vulnerability or attack database) is available. In addition, ASTRA explicitly deals with the notion of responsibility and naturally leads to an iterative refinement approach. This paper provides an introduction to the method and comparison with related work.
Proceedings of the Fourth International Workshop on Computer Aided Verification, 1992
We study property preserving transformations for reactive systems. A key idea is the use of -simu... more We study property preserving transformations for reactive systems. A key idea is the use of -simulations which are simulations parameterized by a Galois connection (ϕ, ψ), relating the lattices of properties of two systems.
Modeling and Verification of Parallel Processes, 2001
ABSTRACT
Lecture Notes in Computer Science, 2001
ABSTRACT
Revised Papers from the First International Workshop on Java on Smart Cards Programming and Security, 2000
ABSTRACT
Lecture Notes in Computer Science, 1993
Lecture Notes in Computer Science, 1993
We study property preserving transformations for reactive systems. A key idea is the use of ~ ~o,... more We study property preserving transformations for reactive systems. A key idea is the use of ~ ~o, ~ ~-simulations which are simulations parameterized by a Galois connection (~, ~b), relating the lattices of properties of two systems. We propose and study a notion of preservation of properties expressed by formulas of a logic, by a function ~0 mapping sets of states of a system S into sets of states of a system S'. Roughly speaking, ~a preserves f if the satisfaction of f at some state of S implies that f is satisfied by any state in the image of this state by ~. The main results concern the preservation of properties expressed in sublauguages of the branching time p-calculus when two systems • and S' are related via < ~0, ~b >-simulations. They can be used in particular to verify a property for a system by proving this property on a simpler system which is an abstraction of it.
Proceedings of the 5th International Conference on Vehicle Technology and Intelligent Transport Systems, 2019
Keeping a vehicle secure implies provide of a long-term support, where over-the-air updates (OTA)... more Keeping a vehicle secure implies provide of a long-term support, where over-the-air updates (OTA) play an essential role. Clear understanding of OTA threats is essential to counter them efficiently. Existing research on OTA threats often exclude human actors, such as drivers and maintenance personnel, as well as leave aside privacy threats. This paper addresses the gap by investigates security and privacy OTA threats relevant for vehicle manufacturers for the whole product lifecycle. We report on a practical scenario "long term support", its data flow elements, and outcomes of threat analyses. We apply state of the art approaches, such as STRIDE (extended with an automotive template) and LINDDUN, to an automotive case and consider an automotivespecific UNECE OTA threat catalogue. Outcomes indicate complementarity of these methods and provide inputs to studies how well they address practical automotive cases. 2 BACKGROUND Security is one of the biggest challenges for OTA updates due to the severity and liability of potential 550
Lecture Notes in Computer Science, 2019
Extreme weather and the proliferation of impervious areas in urban watersheds increases the frequ... more Extreme weather and the proliferation of impervious areas in urban watersheds increases the frequency of flood events and deepens water quality concerns. Bioretention is a type of green infrastructure practice developed to mitigate these impacts by reducing peak flows, runoff volume, and nutrient loads in stormwater. However, studies have shown inconsistency in the ability of bioretention to manage some pollutants, particularly some forms of nitrogen. Innovative sensor and control technologies are being tested to actively manage urban stormwater, primarily in open water stormwater systems such as wet ponds. Through these cyber-physical controls, it may be possible to optimize storage time and/or soil moisture dynamics within bioretention cells to create more favorable conditions for water quality improvements. A column study testing the influence of active control on bioretention system performance was conducted over a 9-week period. Active control columns were regulated based on either maintaining a specific water level or soil moisture content and were compared to free draining (FD) and internal water storage standards. Actively controlled bioretention columns performed similarly, with the soil moisture-based control showing the best performance with over 86% removal of metals and total suspended solids (TSS) while also exhibiting the highest ammonium removal (43%) and second highest nitrate removal (74%). While all column types showed mostly similar TSS and metal removal trends (median 94 and 98%, respectively), traditionally FD and internal water storage configurations promoted aerobic and anaerobic processes, respectively, which suggests that actively controlled systems have greater potential for targeting both processes. The results suggest that active controls can improve upon standard bioretention designs, but further optimization is required to balance the water quality benefits gained by retention time against storage needs for impending storms.
Lecture Notes in Computer Science, 2021
Vehicle systems engineering experiences new challenges with vehicle electrification, advanced dri... more Vehicle systems engineering experiences new challenges with vehicle electrification, advanced driving systems, and connected vehicles. Modern architectural designs cope with an increasing number of functionalities integrated into complex Electric/Electronic (E/E) systems. Such complexity is extended, adding V2X (Vehicle-to-everything) communication systems, which provide remote communication services that collect, store, and manipulate confidential data. The impact on Safety, Security, and Privacy (SSP) of these new advanced technological systems requires the implementation of new processes during their development phase. Therefore, new product development strategies need to be implemented to integrate SSP mechanism across the entire product development lifecycle. The European H2020 ECSEL project SECREDAS proposes an innovative solution for Safety, Security and Privacy specifically for automated systems. The project outlines the shortcomings of existing SSP approaches and proposes its own approach to implementing SSP mechanism for the emerging technologies. This approach includes a reference architecture with SSP features implemented by a set of reusable Design Patterns (DPs) along with their associated technology elements. This guideline proposes rules for developing new architectural Safety, Security, and Privacy implementations in a product under development using Design Patterns.
2019 15th European Dependable Computing Conference (EDCC), 2019
Safety-critical systems are required to comply with safety standards. These systems are increasin... more Safety-critical systems are required to comply with safety standards. These systems are increasingly digitized and networked to an extent where they need to also comply with security and privacy standards. This paper aims to provide insights into how practitioners apply the standards on safety, security or privacy (Sa/Se/Pr), as well as how they employ Sa/Se/Pr analysis methodologies and software tools to meet such criteria. To this end, we conducted a questionnaire-based survey within the participants of an EU project SECREDAS and obtained 21 responses.
We study property preserving transformations for reactive systems. A key idea is the use of %-sim... more We study property preserving transformations for reactive systems. A key idea is the use of %-simulations which are simulations parametrized by a relation %, relating the domains of two systems. We particularly address the problem of property preserving abstractions of composed programs. For a very general notion of parallel composition, we give the conditions under which simulation is a precongruence for parallel composition and we study which kind of global properties are preserved by these abstractions.
Formal Methods in System Design, 1995
We study property preserving transformations for reactive systems. The main idea is the use of si... more We study property preserving transformations for reactive systems. The main idea is the use of simulationsparameterized by Galois connections(), relating the lattices of properties of two systems. We propose and study a notion of preservation of properties expressed by formulas of a logic, by a function mapping sets of states of a system S into sets of states of a system S'. We g i v e results on the preservation of properties expressed in sublanguages of the branching time-calculus when two systems S and S' are related via h i-simulations. They can be used to verify a property for a system by v erifying the same property on a simpler system which i s a n abstraction of it. We s h o w also under which conditions abstraction of concurrent systems can be computed from the abstraction of their components. This allows a compositional application of the proposed veri cation method. This is a revised version of the papers 2] and 16] the results are fully developed in 27].
Lecture Notes in Computer Science, 1993
~,Ve give the description of a verification tool taking boolean programs of guarded commands as i... more ~,Ve give the description of a verification tool taking boolean programs of guarded commands as input; internal representation of programs are sets of Binary Decision Diagrams (BDD) (one for each guarded command). It allows to construct an abstract program of the same form obtained using an abstraction relation given by a boolean expression on "concrete" and "abstract" ~riables. The tool allows the verification of CTL formulas on programs. Vv'e illustrate its possibilities on an example.
ASTRA is a security analysis method based on the systematic collection and analysis of security r... more ASTRA is a security analysis method based on the systematic collection and analysis of security relevant information to detect inconsistencies and assess residual risks. ASTRA can accommodate organizational as well as technical aspects of security and it can be applied to innovative products for which no security data (e.g. vulnerability or attack database) is available. In addition, ASTRA explicitly deals with the notion of responsibility and naturally leads to an iterative refinement approach. This paper provides an introduction to the method and comparison with related work.
Proceedings of the Fourth International Workshop on Computer Aided Verification, 1992
We study property preserving transformations for reactive systems. A key idea is the use of -simu... more We study property preserving transformations for reactive systems. A key idea is the use of -simulations which are simulations parameterized by a Galois connection (ϕ, ψ), relating the lattices of properties of two systems.
Modeling and Verification of Parallel Processes, 2001
ABSTRACT
Lecture Notes in Computer Science, 2001
ABSTRACT
Revised Papers from the First International Workshop on Java on Smart Cards Programming and Security, 2000
ABSTRACT
Lecture Notes in Computer Science, 1993