Ludovic Piètre-Cambacédès

Learn More
Safety and security issues are increasingly converging on the same critical systems, leading to new situations in which these closely interdependent notions should now be considered together. Indeed, the related requirements, technical and organizational measures can have various interactions and side-effects ranging from mutual reinforcements to complete(More)
This paper presents the current state of the art on attack and defense modeling approaches that are based on directed acyclic graphs (DAGs). DAGs allow for a hierarchical decomposition of complex scenarios into simple, easily understandable and quantifiable actions. Methods based on threat trees and Bayesian networks are two well-known approaches to(More)
Boolean logic Driven Markov Processes (BDMP) are a powerful modeling tool used in the reliability and safety domains. We propose to take advantage of their capabilities to go beyond the traditional techniques used to model attack scenarios. In particular we show how this new approach can be seen as preferable to attack trees and Petri net-based methods.(More)
The meaning of the terms “security” and “safety” varies considerably from one context to another, leading to potential ambiguities. These ambiguities are very problematic in the critical infrastructure protection domain, which involves multiple actors and engineering disciplines. Avoiding misunderstandings caused by the ambiguities during the early stages(More)
This article focuses on cryptographic key management systems (KMS) for SCADA systems environments. It first gives a generic view on the constraints, requirements and desired technical properties in SCADA contexts. Then, the most widespread solutions are presented, before discussing how they meet such conditions. The work done by different initiatives on(More)
Attack modeling has recently been adopted by security analysts as a useful tool in risk assessment of cyber-physical systems. We propose in this paper to model the Stuxnet attack with BDMP (Boolean logic Driven Markov Processes) formalism and to show the advantages of such modeling. After a description of the architecture targeted by Stuxnet, we explain the(More)
The digitalization of industrial control systems (ICS) raises several security threats that can endanger the safety of the critical infrastructures supervised by such systems. This paper presents an analysis method that enables the identification and ranking of risks leading to a safety issue, regardless of the origin of those risks: accidental or due to(More)