, Le(s) client(s) et le(s) serveur(s) contrôlant la pompe ne peuvent parler qu'entre eux

, Seule la variable ns=5 ;s=Pompe.Etat contrôlant l'état de la pompe peut être écrite

, Les valeurs écrites sur la variable ns=5 ;s=Pompe.Etat ne peuvent être que-1

, Lorsque la variable ns=5 ;s=Pompe.Etat change de valeur, elle ne doit pas recevoir de nouvelle requête pendant une minute, le temps que la pompe prenne en compte le changement

, Le(s) client(s) et le(s) serveur(s) ne doivent pas envoyer plus de 100 requêtes ou réponses par minute

, La pompe ne doit pas être arrêtée si la cuve est pleine. Cela signifie que la variable ns=5 ;s=Pompe.Etat ne doit pas être mise à 0 si la variable ns=5

, Attaque 1 : Un autre protocole qu'OPC-UA est utilisé sur le réseau

, Le(s) client(s) contrôlant la pompe envoie(nt) une requête à un autre serveur qu'à celui contrôlant la pompe. Dans une autre version de cette attaque, le(s) serveur(s) contrôlant la pompe envoie(nt) une réponse à d'autres clients que ceux les contrôlant, Attaque, vol.2

, Attaque 3 : Écrire dans la variable ns=5

, Écrire une valeur différente de-1, Attaque, vol.4

, Changer l'état de la pompe plus d'une fois en moins d'une minute, Attaque, vol.5

, Attaque 6 : Envoyer plus de 100 requêtes ou réponses par minute

, Arrêter la pompe si la cuve est pleine, cela signifie forcer la variable ns=5 ;s=Pompe.Etat à 0 alors que la variable ns=5, Attaque, vol.7

, celui-ci peut par exemple tenter d'initier une connexion SSH avec le serveur, ce qui est interdit par la propriété 1. Si l'attaquant est un serveur corrompu, il peut par exemple répondre au client dans le mauvais protocole en espérant provoquer une erreur. De même l'attaque 2 est toujours possible si l, Quelque soit la topologie, l'attaque 1 est toujours possible si l'attaquant est un client corrompu ou en MITM, en effet

, Topologie 1 : Un seul serveur MODBUS ou OPC-UA (configuré en mode None) contrôle l'ensemble du procédé. Il communique avec un client MODBUS ou OPC-UA qui contrôle la pompe et lit l'état du capteur. Quel que soit la position de l'attaquant

, Un seul serveur OPC-UA (configuré en mode Sign ou SignEncrypt) contrôle l'ensemble du procédé et communique avec un client OPC-UA qui contrôle la pompe et lit l'état du capteur. Si l'attaquant est le client ou le serveur corrompu, toutes les attaques sont possibles, S'il est en MITM, vol.2

C. .. , 26 2.2. Système victime de l'attaque Maroochy Shire

.. .. Vue-réseau-du-système,

. .. Exemple-de-commandes,

.. .. Exemple-de-commande-de-lecture,

.. .. Exemple-de-commande-d'écriture,

. Deux-requêtes and O. .. Réponses,

. , Positions possibles d'un filtre

. .. Attaque-maroochy-shire,

. .. , Protocole Needham-Schroeder (version simplifiée), p.82

. Attaque-contre-le-protocole-needham-schroeder, , p.82, 1995.

. .. Système-de-déduction-de-l'intrus-dolev-yao, 88 4.5. Le sous-protocole OPC-UA OpenSecureChannel en mode SignEncrypt, p.94

S. .. Attaque-sur-n-c-:-i-usurpe-c-en-parlant-À, , p.96

O. Le-sous-protocole and . .. Createsession-en-mode-signencrypt, 98 4.8. Relations entre nos propriétés : A ? B est vraie si un protocole assurant A assure aussi B

. Deux-requêtes, M. .. Réponses, and . Fovino, Deux requêtes et réponses OPC-UA en mode SignEncrypt, 2009.

. , Chaîne de mise

L. .. Spics and . .. De-risques, Exemple de topologie (attaquants en rouge), vol.128

. , Variation de l'attaque Maroochy Shire

. , 70 3.6. Traduction du pattern de nombre de battements de variables pour un canal

. .. , 87 4.2. Résultats pour le sous-protocole OpenSecureChannel, État de l'art des vérifications de protocoles industriels, p.97

. .. Résultats-pour-le-sous-protocole-createsession, 99 4.5. Résultats pour le sous-protocole CreateSession avec contre-mesures, p.112

. .. Exemple-d'objectifs-retenus, 129 5.2. Exemple de vecteurs d'attaques pour chaque protocole

. .. Needham-schroeder, 60 4.1. Théories équationnelles pour les signatures cryptographiques

. , Équations pour gérer la mémoire

B. , Espace d'adressage OPC-UA pour l'exemple de l'attaque Maroochy Shire 173

B. , Fichier de config. bas niveau pour l'exemple de l'attaque Maroochy Shire 174

. Abadi, M. Needham-;-abadi, and R. Needham, Prudent engineering practice for cryptographic protocols, IEEE transactions on Software Engineering, vol.22, issue.1, pp.6-97, 1996.

W. Abrams, M. Abrams, and J. Weiss, Malicious control system cyber security attack case study-maroochy water services, australia. McLean, VA : The MITRE Corporation, vol.17, pp.156-169, 2008.

, Cryptographic Protection of SCADA Communications. American Gas Association, vol.14, 2006.

D. Alberts, C. J. Alberts, and A. Dorofee, Managing information security risks : the OCTAVE approach, vol.120, 2002.

P. Allot, SCADA et MES : les vérités qui dérangent. L'usine nouvelle, 2014.

A. Schneider-;-alpern, B. Schneider, and F. B. , Defining liveness. Information processing letters, vol.21, pp.181-185, 1985.

B. Alpern and F. B. Schneider, Recognizing safety and liveness, vol.2, pp.117-126, 1987.

R. Amoah, Formal security analysis of the DNP3-Secure Authentication Protocol, vol.86, 2016.

E. G. Amoroso, Fundamentals of computer security technology, vol.120, 1994.

, Expression des besoins et identification des objectifs de sécurité. Agence nationale de la sécurité des systèmes d'information. (cf, vol.36, pp.120-157, 2010.

, Cas pratique. Agence nationale de la sécurité des systèmes d'information, vol.12, 2012.

, Maîtriser la ssi pour les systèmes industriels. Agence nationale de la sécurité des systèmes d'information, vol.12, 2012.

, Mesures détaillées. Agence nationale de la sécurité des systèmes d'information, vol.12, 2014.

, Méthode de classification et mesures principales. Agence nationale de la sécurité des systèmes d'information, vol.12, 2014.

, Architecture robuste pour les automates et matériels des infrastructures sensibles, 2014.

. Arapinis, , 2014.

, Statverif : Verification of stateful processes, Journal of Computer Security, vol.22, issue.5, pp.743-821

[. Armando, , 2012.

, The avantssar platform for the automated validation of trust and security of serviceoriented architectures. Tools and Algorithms for the Construction and Analysis of Systems, vol.122, pp.267-282

[. Armando, The AVISPA tool for the automated validation of internet security protocols and applications, Proc. of CAV'2005, vol.3576, pp.281-285, 2005.
URL : https://hal.archives-ouvertes.fr/inria-00000408

[. Armando, Satmc : A sat-based model checker for security-critical systems, TACAS, vol.8413, pp.31-45, 2014.
DOI : 10.1007/978-3-642-54862-8_3
URL : https://link.springer.com/content/pdf/10.1007%2F978-3-642-54862-8_3.pdf

A. Armando and L. Compagna, An optimized intruder model for SAT-based model-checking of security protocols, vol.125, pp.91-108, 2005.

, Foia response documents. United States Department of Homeland Security, 2014.

. Avizienis, Basic concepts and taxonomy of dependable and secure computing, IEEE transactions on dependable and secure computing, vol.1, issue.1, pp.11-33, 2004.
DOI : 10.1109/tdsc.2004.2
URL : http://drum.lib.umd.edu/bitstream/1903/6459/1/TR_2004-47.pdf

. Badrignans, Security Architecture for Embedded Point-toPoints Splitting Protocols, vol.36, pp.75-156, 2017.

[. Barrett, , 2009.

, Satisfiability modulo theories. Handbook of satisfiability, vol.185, pp.825-885

[. Basin, Computer Security-ESORICS 2003 : 8th European Symposium on Research in Computer Security, vol.84, pp.253-270, 2003.

[. Bauer, Runtime verification for ltl and tltl, ACM Transactions on Software Engineering and Methodology (TOSEM), vol.20, issue.4, p.14, 2011.
DOI : 10.1145/2000799.2000800

Y. Bertot and P. Castéran, Interactive theorem proving and program development : Coq'Art : the calculus of inductive constructions, vol.37, 2013.
DOI : 10.1007/978-3-662-07964-5
URL : https://hal.archives-ouvertes.fr/hal-00344237

B. Blanchet, An efficient cryptographic protocol verifier based on Prolog rules, Proceedings of the 14th IEEE Workshop on Computer Security Foundations, CSFW '01, vol.85, pp.94-142, 2001.
DOI : 10.1109/csfw.2001.930138

P. Blanchet, B. Blanchet, and A. Podelski, Verification of cryptographic protocols : Tagging enforces termination, Foundations of Software Science and Computation Structures, vol.90, pp.136-152, 2003.
DOI : 10.1016/j.tcs.2004.10.018
URL : https://doi.org/10.1016/j.tcs.2004.10.018

[. Blanchet, Proverif 1.96 : Automatic cryptographic protocol verifier, user manual and tutorial, vol.85, pp.94-142, 2017.

L. Blankenship, The conscience of a hacker. Phrack, Volume One, vol.15, 1986.

[. Boichut, Improvements on the genet and klay technique to automatically verify security protocols, Proc. AVIS, vol.4, 2004.

[. Bortolozzo, Attacking and fixing pkcs# 11 security tokens, Proceedings of the 17th ACM conference on Computer and communications security, vol.84, pp.260-269, 2010.

[. Broadfoot, Automating data independence, ESORICS, vol.90, pp.175-190, 2000.

, Cip implementation plan of the national plan for information infrastructure protection. Federal Ministry of the Interior and Bundesamt für Sicherheit in der Informationstechnik, vol.13, 2009.

[. Buckshaw, Mission oriented risk and design analysis of critical information systems, Military Operations Research, vol.10, issue.2, pp.19-38, 2005.

[. Burrows, A logic of authentication, In Proceedings of the Royal Society of London A : Mathematical, Physical and Engineering Sciences, vol.426, pp.233-271, 1989.

S. T. Bushby, BACnet : a standard communication infrastructure for intelligent buildings, Automation in Construction, vol.6, issue.5, pp.529-540, 1997.

[. Byres, The use of attack trees in assessing vulnerabilities in scada systems, Proceedings of the international infrastructure survivability workshop, vol.121, p.149, 2004.

[. Byres, On shaky grounda study of security vulnerabilities in control protocols, Proc. 5th American Nuclear Society Int. Mtg. on Nuclear Plant Instrumentation, Controls, and HMI Technology, vol.121, 2006.

[. Cárdenas, Attacks against process control systems : risk assessment, Bibliographie detection, and response, Proceedings of the 6th ACM symposium on information, computer and communications security, vol.44, pp.75-122, 2011.

C. , The safety-progress classification, Logic and Algebra of Specification, pp.43-76, 1993.

Q. Chen and S. Abdelwahed, A model-based approach to self-protection in scada systems, 9th International Workshop on Feedback Computing, vol.14, 2014.

[. Cherdantseva, A review of cyber security risk assessment methods for SCADA systems, Computers & Security, vol.56, pp.121-149, 2015.

[. Cheung, Using model-based intrusion detection for scada networks, Proceedings of the SCADA security scientific symposium, vol.46, pp.1-12, 2007.

[. Cimpean, Appropriate security measures for smart grids-Guidelines to assess the sophistication of security measures implementation, vol.12, 2012.

C. and A. , Guide to hazard and operability studies. The Chemical Industry Safety and Health Council of the Chemical Industries Association Ltd, vol.119, 1977.

[. Clarke, Practical modern SCADA protocols : DNP3, 60870.5 and related systems, vol.7, pp.112-168, 2004.

. Clavel, Principles of maude, Electronic Notes in Theoretical Computer Science, vol.4, pp.65-89, 1996.

W. Clinton, Presidential decision directive 63. The White House, 1998.

, Méthode harmonisée d'analyse des risques, vol.36, pp.120-157, 2010.

C. Conchon, S. Conchon, and J. Caire, Expression des besoins et identification des objectifs de résilience. C&esar'15. (cf, vol.130, 2015.

V. Cortier-;-cortier, Vérifier les protocoles cryptographiques, vol.24, pp.115-140, 2005.

D. P. Cox-;-cox, The application of autonomic computing for the protection of industrial control systems, 2011.

, Good practice guide-process control and scada secguide, vol.13, 2008.

, Good practice guide-cyber security assessments of industrial control systems, vol.13, 2011.

C. Cremers, The Scyther Tool : Verification, falsification, and analysis of security protocols, Computer Aided Verification, 20th International Conference, vol.5123, pp.414-418, 2008.

C. Cremers, Key exchange in ipsec revisited : Formal analysis of ikev1 and ikev2, Computer Security-ESORICS, vol.85, pp.315-334, 2011.

, Csfi atc (air traffic control) cyber security project. Cyber Security Forum Initiative, vol.14, 2015.

[. Debar, A revised taxonomy for intrusion-detection systems, Annales Des Télécommunications, vol.55, issue.7, pp.361-378, 2000.

F. Diallo, D. Diallo, and M. Feuillet, Détection d'intrusion dans les systèmes industriels : Suricata et le cas MODBUS. C&ESAR2014. (cf, vol.44, 2014.

R. Dierks, T. Dierks, and E. Rescorla, The transport layer security (TLS) protocol, version 1.2. IETF RFC 5246, vol.95, 2008.

, Translation of the german national standard din 19245 parts 1 and 2. Profibus Nutzerorganization eV Std, 1991.

[. Dittrich, The active database management system manifesto : A rulebase of adbms features, International Workshop on Rules in Database Systems, vol.52, pp.1-17, 1995.

Y. Dolev, D. Dolev, and A. C. Yao, On the security of public key protocols. Information Theory, IEEE Transactions on, vol.29, issue.2, pp.198-208, 1981.

[. Dreier, Formal analysis of combinations of secure protocols, 10th International Symposium on Foundations & Practice of Security, vol.113, 2017.
URL : https://hal.archives-ouvertes.fr/hal-01558552

[. Dreier, Formally verifying flow integrity properties in industrial systems, SECRYPT 2017-14th International Conference on Security and Cryptography, vol.12, pp.112-157, 2017.
URL : https://hal.archives-ouvertes.fr/hal-01959766

. Dumas, Private multi-party matrix multiplication and trust computations, Proceedings of the 13th International Joint Conference on e-Business and Telecommunications, vol.4, pp.61-72, 2016.
URL : https://hal.archives-ouvertes.fr/hal-01344750

. Dumas, Dual protocols for private multi-party matrix multiplication and trust computations, Computers & Security, vol.91, 2017.
URL : https://hal.archives-ouvertes.fr/hal-01497866

B. Dutertre, Formal modeling and analysis of the MODBUS protocol, Critical Infrastructure Protection, vol.86, pp.189-204, 2007.

. Dzung, Security for industrial communication systems, Proceedings of the IEEE, vol.93, issue.6, pp.1152-1177, 2005.
DOI : 10.1109/jproc.2005.849714
URL : http://www.tik.ee.ethz.ch/~naedele/ProcIEEE05.pdf

. Eilenberg, S. Tilson-;-eilenberg, and B. Tilson, Automata, languages, and machines, vol.76, 1974.

C. Emerson, E. Emerson, and E. Clarke, Characterizing correctness properties of parallel programs using fixpoints. Automata, Languages and Programming, vol.37, pp.169-181, 1980.
DOI : 10.1007/3-540-10003-2_69

C. A. Ericson, Fault tree analysis, System Safety Conference, vol.120, pp.1-9, 1999.

[. Falcone, What can you verify and enforce at runtime ? STTT, vol.14, pp.349-382, 2012.
DOI : 10.1007/s10009-011-0196-8
URL : http://www.irisa.fr/vertecs/Publis/Ps/STTT-2011.pdf

[. Falcone, Synthesizing enforcement monitors wrt. the safety-progress classification of properties, International Conference on Information Systems Security, vol.44, p.77, 2008.
URL : https://hal.archives-ouvertes.fr/hal-00346063

[. Falcone, Enforcement monitoring wrt. the safety-progress classification of properties, Proceedings of the 2009 ACM symposium on Applied Computing, vol.77, pp.593-600, 2009.
DOI : 10.1145/1529282.1529408
URL : https://hal.archives-ouvertes.fr/hal-00953590

[. Falliere, , 2011.

P. W. Fong-;-fong, Access control by tracking shallow execution history, Proceedings. 2004 IEEE Symposium on, vol.75, pp.43-55, 2004.

P. Hutchinson-;-ford-hutchinson, Securing FTP with TLS. IETF RFC 4217, 2005.

. Foster, Report of the commission to assess the threat to the united states from electromagnetic pulse (emp) attack : Critical national infrastructures, 2008.

[. Fovino, Design and implementation of a secure MODBUS protocol, Critical Infrastructure Protection III, vol.311, pp.112-177, 2009.

. Genet and T. Genet, Decidable approximations of sets of descendants and sets of normal forms, RTA, vol.1379, pp.151-165, 1998.
URL : https://hal.archives-ouvertes.fr/inria-00098700

. Gibson-robinson, Fdr3-a modern refinement checker for csp, Tools and Algorithms for the Construction and Analysis of Systems, vol.82, pp.187-201, 2014.

J. Girard-;-girard, Linear logic. Theoretical computer science, vol.50, pp.1-101, 1987.
URL : https://hal.archives-ouvertes.fr/inria-00075966

J. H. Graham and S. C. Patel, Security considerations in SCADA communication protocols, vol.87, p.112, 2004.

A. Greenberg-;-greenberg, Hackers reveal nasty new car attacks-with me behind the wheel, 2013.

A. Greenberg-;-greenberg, Hackers remotely kill a jeep on the highway-with me in it, 2015.

P. ;. Guiochet, J. Guiochet, and D. Powell, Etude et analyse de différents dispositifs externes de sécurité-innocuité de type safety bag, 2005.

T. L. Hardy, Software and System Safety. AuthorHouse. (cf, vol.20, 2012.

[. Hayden, An abbreviated history of automation & industrial controls systems and cybersecurity, SANS Analyst Whitepaper, 2014.

E. Hayes, G. Hayes, and K. El-khatib, Securing MODBUS transactions using hash-based message authentication codes and stream transmission control protocol, Communications and Information Technology (ICCIT), 2013.

, Third International Conference on, vol.80, pp.112-177

K. Holt, T. J. Holt, and M. Kilger, Know your enemy : The social dynamics of hacking. The Honeynet Project, vol.15, pp.1-17, 2012.

A. Horn-;-horn, On sentences which are true of direct unions of algebras, The Journal of Symbolic Logic, vol.16, issue.1, p.142, 1951.

, Gestion des risques-Techniques d'évaluation des risques, International Electrotechnical Commission, vol.118, p.31010, 2009.

, Dependability management-Part 3-1 : Application guide-Analysis techniques for dependability-Guide on methodology. International Electrotechnical Commission, vol.118, 2003.

, Analysis techniques for system reliability-Procedure for failure mode and effects analysis (FMEA). International Electrotechnical Commission, vol.37, pp.119-157, 1985.

, Programmable controllers-Part 3 : Programming languages, International Electrotechnical Commission, vol.26, 2013.

, Industrial communication networks-Fieldbus specifications, International Electrotechnical Commission, issue.7, p.61158, 2014.

, Functional safety of electrical/electronic/programmable electronic safety-related systems. International Electrotechnical Commission, vol.119, p.61508, 2010.

, Hazard and operability studies (HAZOP studies). International Electrotechnical Commission. (cf, vol.37, pp.119-157, 2001.

, Intégration des systèmes entreprise-contrôle. International Electrotechnical Commission, 2013.

, Power systems management and associated information exchange-data and communications security, International Electrotechnical Commission, vol.13, p.62351, 2016.

, Industrial communication networks-High availability automation networks-Part 3 : Parallel Redundancy Protocol (PRP) and High-availability Seamless Redundancy (HSR). International Electrotechnical Commission, vol.102, p.62439, 2016.

, Industrial communication networks-Network and system security, International Electrotechnical Commission, issue.11, p.62443, 2010.

, OPC Unified Architecture. International Electrotechnical Commission, vol.7, 2015.

, Nuclear power plants-instrumentation and control systems-requirements for security programmes for computer-based systems, International Electrotechnical Commission, vol.13, 2014.

, Nuclear power plants-instrumentation and control systems-requirements for coordinating safety and cybersecurity. International Electrotechnical Commission, vol.13, p.62859, 2016.

. Igure, Security issues in SCADA networks, Computers & Security, vol.25, issue.7, pp.498-506, 2006.

, Industrial Automation and Control Systems Security. International Society of Automation, p.99, 2007.

, Information technology-Security techniquesInformation security management systems. International Organization for Standardization, p.27000, 2005.

, Information technology-Security techniquesCode of practice for information security management. International Organization for Standardization, p.27002, 2005.

, Information technology-Security techniques-Information security risk management. International Organization for Standardization, vol.119, p.27002, 2011.

, Information technology-Security techniquesInformation security management guidelines based on ISO/IEC 27002 for process control systems specific to the energy utility industry. International Organization for Standardization, p.27019, 2013.

, Information technology-Telecommunications and information exchange between systems-Local and metropolitan area networks-Specific requirements. International Organization for Standardization, p.8802, 1998.

, Cyber security of the smart grid control systems : intrusion detection in IEC 61850 communication networks, 2017.

A. Khaled, Production des scénarios d'attaques à partir de spécifications, vol.132, 2017.

F. Klay and L. Vigneron, Automatic methods for analyzing non-repudiation protocols with an active intruder, Formal Aspects in Security and Trust, vol.5491, pp.192-209, 2009.
URL : https://hal.archives-ouvertes.fr/inria-00179550

S. C. Kleene, Introduction to metamathematics, vol.57, 1952.

T. A. Kletz, HAZOP and HAZAN : identifying and assessing process industry hazards. IChemE. (cf, vol.37, p.157, 1999.

[. Knowles, A survey of cyber security management in industrial control systems, International journal of critical infrastructure protection, vol.9, pp.52-80, 2015.

[. Koucham, Detecting Process-Aware Attacks in Sequential Control Systems, vol.44, p.77, 2016.
URL : https://hal.archives-ouvertes.fr/hal-01361081

S. Kremer and J. Raskin, A game-based verification of non-repudiation and fair exchange protocols, International Conference on Concurrency Theory, vol.89, pp.551-565, 2001.

[. Kriaa, A model based approach for SCADA safety and security joint modelling : S-Cube, IET System Safety and Cyber Security. IET Digital Library, vol.122, p.149, 2015.

[. Kriaa, Modeling the stuxnet attack with bdmp : Towards more formal risk assessments, Risk and Security of Internet and Systems (CRiSIS), 2012 7th International Conference on, vol.122, pp.1-8, 2012.
URL : https://hal.archives-ouvertes.fr/hal-01222960

[. Kriaa, A survey of approaches combining safety and security for industrial control systems, Reliability Engineering & System Safety, vol.139, pp.156-178, 2015.
URL : https://hal.archives-ouvertes.fr/hal-01222958

P. Lafourcade and M. Puys, Performance evaluations of cryptographic protocols verification tools dealing with algebraic properties, Foundations and Practice of Security-8th International Symposium, FPS 2015, vol.85, pp.137-155, 2015.
URL : https://hal.archives-ouvertes.fr/hal-01306395

L. Lamport, Proving the correctness of multiprocess programs, IEEE transactions on software engineering, vol.43, issue.2, pp.125-143, 1977.

R. Langner, Stuxnet : Dissecting a cyberwarfare weapon, vol.9, pp.49-51, 2011.

. Brewer, A. Lee, and T. Brewer, Guidelines for smart grid cyber security, vol.1, 2010.

[. Lee, German steel mill cyber attack. Industrial Control Systems, vol.22, p.30, 2014.

[. Lee, Analysis of the cyber attack on the ukrainian power grid, SANS Industrial Control Systems, vol.22, 2016.

[. Leszczyna, Protecting industrial control systems-Recommendations for europe and member states, vol.12, 2011.

[. Ligatti, Enforcing non-safety security policies with program monitors, European Symposium on Research in Computer Security, vol.44, pp.355-373, 2005.

J. Lions, Ariane 5 flight 501 failure, vol.81, 1996.

G. Lowe, An attack on the needham-schroeder public-key authentication protocol, Information processing letters, vol.56, issue.3, pp.83-177, 1995.

G. Lowe, Breaking and fixing the needham-schroeder publickey protocol using fdr, International Workshop on Tools and Algorithms for the Construction and Analysis of Systems, vol.82, pp.147-166, 1996.

G. Lowe-;-lowe, A hierarchy of authentication specifications, Computer security foundations workshop, 1997. Proceedings., 10th, vol.89, pp.31-43, 1997.

G. Lowe-;-lowe, Casper : A compiler for the analysis of security protocols, Journal of computer security, vol.6, issue.1, pp.53-84, 1998.

W. Mack, W. Alford-;-mack, L. Alford, and G. P. Lamport, Basic concepts, vol.43, pp.7-43, 1985.

K. Mahaffey-;-mahaffey, Hacking a Tesla Model S : What we found and what we learned. Lookout Blog, 2015.

A. Markov-;-markov, Extension of the limit theorems of probability theory to a sum of variables connected in a chain, Reprinted in Appendix B of : R. Howard. Dynamic Probabilistic Systems, vol.1, 1971.

A. A. Markov, Rasprostranenie zakona bol'shih chisel na velichiny, zavisyaschie drug ot druga. Izvestiya Fiziko-matematicheskogo obschestva pri Kazanskom universitete, vol.15, p.18, 1906.

[. Mcqueen, Quantitative cyber risk reduction estimation methodology for a small scada control system, System Sciences, 2006. HICSS'06. Proceedings of the 39th Annual Hawaii International Conference on, vol.9, pp.226-226, 2006.

S. Mead, N. R. Mead, and T. Stehney, Security quality requirements engineering (SQUARE) methodology, volume 30, vol.120, 2005.

C. Meadows, The nrl protocol analyzer : An overview, The Journal of Logic Programming, vol.26, issue.2, pp.113-131, 1996.

[. Meier, The tamarin prover for the symbolic analysis of security protocols, Computer Aided Verification, vol.8044, p.147, 2013.

[. Milner, A calculus of mobile processes, i. Information and computation, vol.100, p.142, 1992.

, MODBUS IDA, MODBUS messaging on TCP/IP implementation guide v1.0a. (cf. p 7, pp.107-108, 2004.

. Morris, Deterministic intrusion detection rules for modbus protocols, 46th Hawaii International Conference on, vol.44, pp.1773-1781, 2013.

T. Murata-;-murata, Petri nets : Properties, analysis and applications, Proceedings of the IEEE, vol.77, pp.541-580, 1989.

D. Nardella, , 2016.

R. M. Schroeder-;-needham and M. D. Schroeder, Using encryption for authentication in large networks of computers, Communications of the ACM, vol.21, issue.12, pp.993-999, 1978.

T. R. Nicely, Ten pentium division flaw, Virginia Scientists Newsletter, vol.1, p.3, 1995.

, Effects of ethernet-based, non-safety related controls on the safe and continued operation of nuclear power stations. Nuclear Regulatory Commission and others-US NRC Information Notice, vol.20, p.15, 2007.

. Patel, Improving the cyber security of SCADA communication networks, Commun. ACM, vol.52, issue.7, pp.139-142, 2009.

. Patel, Quantitatively assessing the vulnerability of critical information systems : A new method for evaluating security enhancements, International Journal of Information Management, vol.28, issue.6, pp.483-491, 2008.

Y. Patel, S. C. Yu, and Y. , Analysis of SCADA security models, International Management Review, vol.3, issue.2, p.68, 2007.

L. C. Paulson-;-paulson, Isabelle : A generic theorem prover, vol.828, 1994.

A. Pauna and K. Moulinos, Window of exposure.. . a real problem for SCADA Systems. European Union Agency for Network and Information Security, 2013.

V. Paxson, Bro : a system for detecting network intruders in real-time, Computer networks, vol.31, issue.23, pp.2435-2463, 1999.

J. Pearl-;-pearl, Bayesian networks : A model of self-activated memory for evidential reasoning, Proceedings of the 7th Conference of the Cognitive Science Society, vol.120, pp.329-334, 1985.

C. A. Petri, Kommunikation mit automaten, vol.120, 1962.

L. Piètre-cambacédès, The relationships between safety and security. Theses, Télécom ParisTech. (cf. p 10 et 118), 2010.

. Cambacédès, L. Bouissou-;-piètre-cambacédès, and M. Bouissou, Cross-fertilization between safety and security engineering, Reliability Engineering & System Safety, vol.110, pp.110-126, 2013.

C. Cambacédès, L. Chaudet, and C. , The sema referential framework : Avoiding ambiguities in the terms "security" and "safety, International Journal of Critical Infrastructure Protection, vol.3, issue.2, pp.55-66, 2010.

. Piètre-cambacédès, Security modeling with bdmp : from theory to implementation, Network and Information Systems Security (SAR-SSI), vol.122, pp.1-8, 2011.

A. Pnueli and A. Zaks, Psl model checking and runtime verification via testers, International Symposium on Formal Methods, vol.44, pp.573-586, 2006.

[. Post, The performance of opc-ua security model at field device level, ICINCO-RA, vol.32, pp.337-341, 2009.

J. Postel and J. Reynolds, File Transfert Protocol. IETF RFC 959, 1985.

. Puys, Formal analysis of security properties on the OPC-UA SCADA protocol, Computer Safety, Reliability, and Security-35th International Conference, vol.36, pp.112-157, 2016.
URL : https://hal.archives-ouvertes.fr/hal-01366059

. Puys, Génération systématique de scénarios d'attaques contre des systèmes industriels, Approches Formelles dans l'Assistance au Développement de Logiciels, vol.37, pp.148-158, 2016.

. Puys, Generation of applicative attacks scenarios against industrial systems, Foundations and Practice of Security-10th International Symposium, vol.123, pp.133-148, 2017.
DOI : 10.1007/978-3-319-75650-9_9
URL : https://hal.archives-ouvertes.fr/hal-01615534

. Puys, Domain specific stateful filtering with worst-case bandwidth, CRITIS'16, vol.36, pp.156-167, 2016.
DOI : 10.1007/978-3-319-71368-7_28
URL : https://hal.archives-ouvertes.fr/hal-01393829

J. Queille and J. Sifakis, Specification and verification of concurrent systems in cesar, International Symposium on programming, vol.37, pp.337-351, 1982.
DOI : 10.1007/3-540-11494-7_22

E. Rescorla, HTTP Over TLS. IETF RFC 2818, 2000.
DOI : 10.17487/rfc2818
URL : https://www.rfc-editor.org/rfc/pdfrfc/rfc2818.txt.pdf

M. Rocchetto and N. O. Tippenhauer, Cpdy : Extending the dolev-yao attacker with physical-layer interactions, International Conference on Formal Engineering Methods, vol.122, pp.175-192, 2016.
DOI : 10.1007/978-3-319-47846-3_12
URL : http://arxiv.org/pdf/1607.02562

M. Rocchetto and N. O. Tippenhauer, Towards formal security analysis of industrial control systems, Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security, vol.122, p.142, 2017.

A. W. Roscoe-;-roscoe, A classical mind : essays in honour of CAR Hoare, 1994.

. Ross, Security and privacy controls for federal information systems and organizations, NIST Special Publication, vol.800, p.53, 2013.
DOI : 10.6028/nist.sp.800-53ar4
URL : https://doi.org/10.6028/nist.sp.800-53ar4

P. Roussel, PROLOG : Manuel de Reference et d'Utilisation. Université d'Aix-Marseille II, vol.84, 1975.

, Rail cyber security guidance to industry. Rail Safety and Standards Board, vol.14, 2016.

H. Saul, E. Saul, and A. Hutchison, SPEAR II-the security protocol engineering and analysis resource, vol.84, 1999.

[. Schmidt, Automated analysis of diffie-hellman protocols and advanced security properties, Computer Security Foundations Symposium (CSF), 2012 IEEE 25th, vol.85, p.147, 2012.
DOI : 10.1109/csf.2012.25

F. B. Schneider-;-schneider, Enforceable security policies, ACM Transactions on Information and System Security (TISSEC), vol.3, issue.1, pp.30-50, 2000.

S. Schneider-;-schneider, Verifying authentication protocols in csp. Software Engineering, IEEE Transactions on, vol.24, issue.9, pp.741-758, 1998.

B. Schneier, Attack trees. Dr. Dobb's journal, vol.24, pp.21-29, 1999.

B. ;. Sharangpani, H. Sharangpani, and M. Barton, Statistical analysis of floating point flaw in the pentium processor, 1994.

J. Slay and M. Miller, Lessons learned from the maroochy water breach, International Conference on Critical Infrastructure Protection, vol.17, pp.156-169, 2007.
DOI : 10.1007/978-0-387-75462-8_6
URL : https://link.springer.com/content/pdf/10.1007%2F978-0-387-75462-8_6.pdf

, Snort : Open source network intrusion prevention system, 2016.

[. Stouffer, Guide to industrial control systems (ICS) security. NIST special publication, vol.12, p.800, 2011.

, Suricata : Open Source IDS / IPS / NSM engine, 2016.

, Cybersecurity for critical infrastructures : Attack and defense modeling, IEEE Transactions on Systems, Man, and Cybernetics-Part A : Systems and Humans, vol.40, issue.4, pp.853-865, 2010.

M. Turuani, The CL-Atse Protocol Analyser, 17th International Conference on Term Rewriting and ApplicationsRTA, vol.4098, pp.277-286, 2006.
URL : https://hal.archives-ouvertes.fr/inria-00103573

A. Villemeur, Sureté de fonctionnement des systèmes industriels : fiabilité-facteurs humains, informatisation, vol.119, 1988.

K. ;. Viswanathan, M. Viswanathan, and M. Kim, Foundations for the run-time monitoring of reactive systems-fundamentals of the mac language, International Colloquium on Theoretical Aspects of Computing, pp.543-556, 2004.

J. Waldner-;-waldner, CIM : les nouvelles perspectives de la production. Dunod. (cf, vol.177, 1990.

[. Wanying, The study of security issues for the industrial control systems communication protocols, Joint International Mechanical, Electronic and Information Technology Conference (JIMET 2015). (cf, vol.86, 2015.

. Weiss and J. Weiss, Protecting industrial control systems from electronic threats, vol.16, pp.168-169, 2010.

T. J. Williams, A Reference Model for Computer Integrated Manufacturing (CIM) : A Description from the Viewpoint of Industrial Automation : Prepared by CIM Reference Model Committee International Purdue Workshop on Industrial Computer Systems. Instrument Society of America, vol.177, 1991.

A. Wool, A quantitative study of firewall configuration errors, Computer, vol.37, issue.6, pp.62-67, 2004.