Airbus:

  • Risk analysis for the cyber-security of the information system embedded in the plane
  • Recommandations for the sub-contractors (coding rules, vulnerability analysis, guidelines for evaluating COTS)

ANSSI:

  • LaFoSec (2010-2012)

          The LaFoSec project is a study of the intrinsic security of functional languages commissioned by the French Network and Information Security Agency ANSSI and carried out by a consortium led by SafeRiver.

          The purpose of the LaFoSec project is to provide a theoretical study of the security of functional programming traits through an analysis of the OCaml, F# and Scala languages with regard to security, and an in depth analysis of OCaml's runtime system. Following these analyses, a set of security recommendations for secure OCaml developments were issued.

          As part of an experimentation for the project, SafeRiver has developed a validator of XML files with respect to an XSD description. This application has been developed in OCaml respecting the security recommendations. This application has been evaluated at the EAL4+ level.

          The results of this study have been presented at JFLAs 2013 (Tuesday 17h-19h45).

          Authors: Damien Doligez, Christèle Faure, Thérèse Hardin, Manuel Maarek

          Conference: JFLA (Journée Francophone des Langages Applicatifs) 2013

          Links:

                    General presentation of the LaFoSec study (in french)

                    LaFoSec: Recommandations for the OCaml developer (in french)

                    LaFoSec: OCaml language evolution proposal for answering security needs (in french)

                    LaFoSec: Development of an XML validator in OCaml (in french)

          The public results are available on the ANSSI Web site.

    Safran:

    • Static analysis of the code of the A400M engines

    Thales Communication & Security:

    • Study about formal methods for the development of cryptographic components in the context of the ArchiSec PEA