Florian Stosse

Ground segment security for the Galileo programme.

Cybersecurity Subject Matter Expert for the R&T project Horizon Europe 034 (Advanced Platform-oriented Ground Infrastructure) aiming at developing the next-generation Ground Segment for Galileo, LEO-PNT (Celeste) and other sovereign European space programs.

Security engineering for the « Space & Communications » business unit at Safran Data Systems (subsidiary of Safran Electronics & Defense).

➤ Hardening of embedded Windows platforms (7 & 10/11)

• Configuration of advanced OS security features (Device Guard KMCI/UMCI/HVCI, Secure Boot, Defender, Exploit Protection, Windows Firewall)
• GPO hardening based on DISA STIG, CIS, and DGA-MI baselines using a custom ADMX template
• Systems maintenance (patch management, firmware updates) and Nessus compliance/vulnerability scanning

➤ Integration of advanced security functions & architectures

• Implementation of discrete TPMs, data-at-rest protection (pre-boot authentication), and container isolation (Hyper-V)
• Deployment of data-in-transit protection (Stunnel, dynamic IPsec tunnels)

➤ Technical leadership & expert support

• Serving as technical referent on OS & security matters for internal and external stakeholders
• Contribution to pre-sales, bid proposals, compliance matrices, security procedures, and user manuals

Study of software countermeasures for microarchitectural hardware vulnerabilities (Spectre, Meltdown, …)

• State of the art of existing countermeasures (LFENCE, Speculative Load Hardening, …)
• Study of impacts: generated code size, performance, residual risk, …
• Proof of concept of a detection and remediation plug-in using static analysis for the Frama-C platform: detection of conditional branches vulnerable to Spectre v1 and automatic insertion of mitigation instructions
• Literature monitoring: research and reading of academic papers on software security, knowledge capitalization and dissemination to team members

Security activities in the RAMS department of the European Technical Center (R&D center) at Bureau Veritas.

➤ Connected and autonomous vehicles security

• Co-writer of the BV-CARCYBERSEC-001 guidelines: « Cybersecurity for connected cars: best practices »
• Bureau Veritas representative at the ISO 21434 (« Automotive Cybersecurity Engineering ») Joint Working Group and French mirror group
• Cybersecurity and safety co-engineering process design for automotive manufacturers (based on SAE J3061 and ISO 26262)

➤ Embedded (IoT) and industrial systems (SCADA/ICS) security

• IEC 62443 auditing and certification
• IoT products security assessment

➤ Software security

• Static code analysis using Frama-C (developed by CEA-List)
• Co-writer of the BV-SW200 guidelines: « Cybersecurity Guidelines for Development & Assessment of Software »