Programming: Security and Reliability of Computing Systems

New digital technologies raise numerous questions relating to security, safety and confidentiality, trust, authentication and identification, certification, data protection and traceability. The level of trust that the user has in these technologies, which include a significant software component, is key to their acceptance.

The Institute commits to guaranteeing that these software programs operate properly, through secure development methods (formal languages, mathematics, proof, verification, as well as software code and component certification). Dedicated programming language will be developed using code generation, associated static analysis technology, as well as new generalistic languages. Also to be developed, in relation to proof assistants, is ease of description, animation and analysis, as well as extension of source code guarantees and models with executable codes and executables. High-performance software and system verification methods must be developed, as with the formal verification that will need to combine existing test and proof methods in environments that design code production system. Also to be taken into account will be business elements, previously developed software, and open-source software.

« The new digital technologies raise numerous questions relating to security, safety and confidentiality, trust, authentication and identification, certification, data protection and traceability. »

The other priority relating to programming is ensuring data, communication and exchange security, through cryptography, security policies and virus protection. Needs relating to cryptographic primitives are key points in developing trustworthy systems. Cryptography protocols for new applications (vote, signature, security services) must be proven. Complex security protocols must be verified in realistic environments with modular proof and by validating the abstractions and cryptographic primitives. Specific investigations will be conducted, over and above the failure models used for operating security, in order to develop operational and propagation models of the vulnerabilities. Computer virology (virus detection and study of how viruses propagate themselves) is a field at the forefront that will enable vulnerability operation and propagation to be modeled. Cooperation between the research database and cryptography will be explored to ensure data integrity and confidentiality. Special attention will be paid to the risks linked to implementing online services that are based on open-source (cases of numerous critical or embedded systems) and distributed systems. Safety must be carefully studied in order to be guaranteed before the mobile ad hoc networks without fixed infrastructures are rolled out.