• The new technology provides for the creation of cyber ranges, isolated environments where attack scenarios can be deployed and tested without any risk to production systems.
• Conducted in collaboration with Amossys and financed by Bpifrance, the SecurityTwin project is exploring the development of security measures that make use of digital twins of information systems.
In your research on cyberattack scenarios, what have you found to be the limitations of traditional approaches?
As scientists, we seek to formalize attacks to analyse them more effectively. More often than not, when we want to describe possible scenarios, we choose to represent them with graphs of naive models, which don’t show operational details that should be included in deep-level analysis. This is the main limitation of traditional approaches : they do not sufficiently reflect the complexity of information systems, the difficulty of accurately modelling operational details and the full extent of possible interaction between the elements involved.
With digital twins, we can test countermeasures and security tools without putting production systems at risk.
Can you tell me about the tools that your team has developed?
Our role is to develop tools and methodologies that improve our understanding and anticipation of attack scenarios, by enhancing our ability to formalize potential attacks and facilitating the creation of environments for the testing and validation of countermeasures. We also collaborate with industrial partners on the development of applications based on our research which are used to reinforce the security of IT systems in several sectors.
We develop attack scenarios that can be deployed and tested in Cyber Ranges: that is to say, artificially isolated environments, which are used to train cybersecurity experts and evaluate cybersecurity tools under true-to-life conditions. The idea is to gain a better understanding of vulnerabilities and to improve the response to security incidents. We have also developed an artificial traffic generator to populate these test environments with believable data in realistically simulated traffic.
You are also working on digital twins of information systems… Can you tell us about this initiative?
We are working with Amossys on a project called SecurityTwin which has been funded by Bpifrance. The goal is to develop easily updatable digital models of information systems that mirror all their security characteristics, which can be used to identify potential pathways for critical attacks. With digital twins, we can also test countermeasures and security tools without putting production systems at risk. A key advantage is that they allow us to adopt a proactive approach to reinforcing system security. For example, once a vulnerability has been identified, we can target it with simulated attacks and test a range of countermeasures to identify the most efficient ones. This enables companies to prioritize security initiatives and optimize the efficient allocation of resources.
How has increased automation influenced your approach to the modelling of attack scenarios?
The automation of attacks has not had a fundamental impact on our approach to modelling scenarios. Automated attacking tools like botnets have been around for some time. Generative AI has just made it a little easier to develop them. Complex modelling is still required for all kinds of attack scenarios. We still need to understand how attackers will penetrate a system, and what knowledge they will acquire. Automation has made it easier to launch attacks, potentially increasing their frequency, but it has not affected our goal, which is to model interaction along a full range of possible routes through information systems, so as to identify and reinforce possible weak points.