Skip to Main content Skip to Navigation

Sécurité par analyse comportementale de fonctions embarquées sur plateformes avioniques modulaires intégrées

Aliénor Damien 1
1 LAAS-TSF - Équipe Tolérance aux fautes et Sûreté de Fonctionnement informatique
LAAS - Laboratoire d'analyse et d'architecture des systèmes
Abstract : Today, air transportation is one of the safest transportation modes, with a continuous reduction in the risk of accidents since the early days of aviation. In recent decades, several advances have been achieved in avionics systems (such as connectivity, resource sharing, COTS) to improve the passenger experience and reduce costs. While these evolutions have been well managed from safety point of view, nevertheless, from the security point of view, they have led to new attack vectors. Considering recent attacks on embedded or critical systems, it is becoming essential to anticipate the potential malicious modification of an aircraft application in future systems. Recently, several studies have been carried out to improve aircraft security. Most of them focus on the aircraft interfaces (communication means or software updates) or on the development phase (risk analysis, vulnerability tests). A few works proposed in-depth defense measures (OS hardening, intrusion detection), in particular to protect against internal attackers.In this thesis, we assume that a malicious application was introduced inside an avionics computer. More specifically, we study the development of an intrusion detection system within an avionics computer. Taking into account the specific constraints related to avionics applications, we have formalized six specific objectives to develop such solution, related to detection efficiency, aircraft lifetime, performance, real-time impact, safety impact, and certification. To fulfill these objectives, this thesis presents a comprehensive approach to integrate an anomaly-based intrusion detection system into an avionics computer, based on the IMA (Integrated Modular Avionics) development process. The normal behavior of an avionics application is modeled during the integration phase, based on the static and deterministic characteristics of avionics applications, and on the existing means that have been developed for safety. This model of normal behavior is then embedded onboard the aircraft and allows to detect any deviation of behavior during the operation phase. In addition, an on-board anomaly analysis function offers a first level of on-board diagnosis and some flexibility once the aircraft is in operation.This approach has been implemented on two case studies to validate its feasibility and assess its detection capabilities and resource consumption. Firstly, an attack injection tool was developed in order to compensate for the lack of existing means to test our approach. Then, several behavioral detection solutions were proposed and evaluated, based on two types of models: OCSVM and Timed Automata. Two of them were implemented in an embedded prototype, and provided very good results in terms of detection efficiency and resource consumption. Finally, the anomaly analysis function has also been implemented, and the associated experiments showed encouraging results regarding the possibility to embed such a system onboard an aircraft.
Document type :
Complete list of metadata

Cited literature [93 references]  Display  Hide  Download
Contributor : Abes Star :  Contact
Submitted on : Friday, October 23, 2020 - 3:06:08 PM
Last modification on : Thursday, June 10, 2021 - 3:01:30 AM


Version validated by the jury (STAR)


  • HAL Id : tel-02953842, version 2


Aliénor Damien. Sécurité par analyse comportementale de fonctions embarquées sur plateformes avioniques modulaires intégrées. Cryptographie et sécurité [cs.CR]. INSA de Toulouse, 2020. Français. ⟨NNT : 2020ISAT0001⟩. ⟨tel-02953842v2⟩



Record views


Files downloads