Pierre Bieber

Learn More
Safety assessment of complex systems traditionally requires the combination of various results derived from various models The Al tarica language was designed to formally specify the behaviour of systems when faults occurs A unique Altarica model can be assessed by means of complementary tools such as fault tree generator and model checker This paper(More)
This paper presents an approach enabling a smart card is-suer to verify that a new applet securely interacts with already down-loaded applets. A security policy has been deened that associates levels to applet attributes and methods and deenes authorized ows between levels. We propose a technique based on model checking to verify that actual information ows(More)
This paper aims at presenting methods and tools that are developed in the ISAAC project (Improvement of Safety Activities on Aeronautical Complex Systems, www.isaac-fp6.org), a European Community funded project, to support the safety assessment of complex embedded systems. The ISAAC methodology proposes to base as much of the safety analyses as is feasibly(More)
This paper presents some practical issues of a joint project between Gemplus and ONERA. In this approach, a smart card issuer can verify that a new applet securely interacts with already loaded applets. A security policy has been defined that associates levels to applet attributes and methods and defines authorized flows between levels. We propose a(More)
With respect to condentiality, a computer security policy denes what information stored in a computer users have the permission to know. We propose to express these policies with an epistemic and deontic logic. In this context, condentiality is dened by the formula K A ' ! R A ' that could be read \if A knows ' then A should have the permission to know '".(More)
In the context of the modal logic of security, conden-tiality is dened by the formula K B ' ! R B ' that could be read \ If B knows ' then B should have the permission to know '". We propose a new semantics for the R B modal operator, such that the denition of security would allow a certain number of dependencies (called secure dependencies) between objects(More)
The next generation of IMA platforms should include reconfiguration capabilities in order to limit the effect of hardware failures on aircraft operational reliability. In this paper, we investigate architecture principles for such platforms and propose adequate reconfiguration services. A preliminary analysis of the design feasibility and its contribution(More)