- Risk analysis for the cyber-security of the information system embedded in the plane
- Recommandations for the sub-contractors (coding rules, vulnerability analysis, guidelines for evaluating COTS)
- LaFoSec (2010-2012)
The LaFoSec project is a study of the intrinsic security of functional languages commissioned by the French Network and Information Security Agency ANSSI and carried out by a consortium led by SafeRiver.
The purpose of the LaFoSec project is to provide a theoretical study of the security of functional programming traits through an analysis of the OCaml, F# and Scala languages with regard to security, and an in depth analysis of OCaml's runtime system. Following these analyses, a set of security recommendations for secure OCaml developments were issued.
As part of an experimentation for the project, SafeRiver has developed a validator of XML files with respect to an XSD description. This application has been developed in OCaml respecting the security recommendations. This application has been evaluated at the EAL4+ level.
The results of this study have been presented at JFLAs 2013 (Tuesday 17h-19h45).
Authors: Damien Doligez, Christèle Faure, Thérèse Hardin, Manuel Maarek
Conference: JFLA (Journée Francophone des Langages Applicatifs) 2013
The public results are available on the ANSSI Web site.
- Static analysis of the code of the A400M engines
Thales Communication & Security:
- Study about formal methods for the development of cryptographic components in the context of the ArchiSec PEA