My main research interests are computer and network security, particularly Host-based Intrusion Detection Systems. In the last few years, I became increasingly interested in the security of software close to the hardware, such as operating systems or UEFI (Unified Extensible Firmware Interface) firmware, and I proposed detection approaches specifically targeting these systems. This evolution led me to explore the security of interfaces between software and hardware more generally.
The objective of the SECUREVAL project is to design new tools for security assessment. As part of this project, the SUSHI team's contribution focuses on tasks 4.4 Formal analyses and models at the software-hardware boundary (of which I am the leader) and 3.2 Tools for vulnerability analysis in binary code.
In the ANR TrustGW project, we consider a system composed of IoT objects connected to a gateway. This gateway is, in turn, connected to one or more cloud servers. The architecture of the gateway, which is at the heart of the project, is heterogeneous (software-hardware), composed of a baseband processor, an application processor, and hardware accelerators implemented on an FPGA. A hypervisor allows to share these resources and to allocate them to different virtual machines. TrustGW is a collaborative project between the ARCAD team from Lab-STICC, the SYSCOM team from IETR, and the CIDRE team from IRISA. In this project, we will explore, with my colleagues Frédéric Tronel and Pierre Wilke, hardware-assisted DIFT approaches for hybrid applications, which offload part of their computation to an FPGA.
SCRATCHS is a collaboration between researchers in the fields of formal methods (Celtique, Inria Rennes), security (Cidre, CentraleSupélec Rennes), and hardware design (Lab-STICC). Our goal is to co-design a RISC-V processor and a compiler toolchain to ensure by construction that a security-sensitive code is immune to timing side-channel attacks while running at maximal speed. We claim that a co-design is essential for end-to-end security: cooperation between the compiler and hardware is necessary to avoid time leaks due to the micro-architecture with minimal overhead. In the context of this project, I supervise the Ph.D. of Jean-Loup Houdot on security-enhancing compilation against side-channel attacks.
The SECUTRACE research project aims to contribute to the dependability and cyber-security of systems by exploiting the trace generation mechanisms available in most consumer hardware platforms. These mechanisms are, for example, available in embedded systems using ARM processors (CoreSight technology) and on computers using Intel processors (Intel PT technology). SECUTRACE is a collaborative project between the CIDRE team at CentraleSupélec/Inria (France) and Volker Stolz’s team at Western Norway University of Applied Sciences (HVL). This work should ultimately reduce the defect rate in software, mitigate the effects of programming errors, and provide new ways to detect intrusions.
I proposed in 2019, with my colleagues Clémentine Maurice (CNRS, IRISA EMSEC), Frédéric Tronel (CentraleSupélec, IRISA CIDRE), Jean-Louis Lanet (Inria, IRISA CIDRE) and Ronan Lashermes (Inria), a project for a Thematic Semester on the Security of Software/Hardware Interfaces (SILM), which has been selected by the partners of the PEC (Pôle d’Excellence Cyber) research centre. Such a semester was funded by the DGA and managed by Inria. As the chair-holder of the SILM thematic semester, I organized various events (summer school, workshops, seminars), and I invited world researchers from academic, industrial, and governmental institutions who work in this field. I also wrote a white paper for the DGA, outlining the state-of-the-art and strategic axes to be developed, both from a scientific and industrial point of view. During this semester, I was in partial secondment (50%) at Inria from October 2019 to October 2020.
Dynamic Information Flow Control (DIFC) imply a large overhead induced by the monitoring process. Some attempts rely on a hardware-software approach where DIFC operations are delegated to a coprocessor. Nevertheless, such approaches are based on modified processors. Beyond the fact hardware-assisted DIFC is hardly adopted, existing works do not take care of coprocessor security and multicore/multiprocessor embedded systems. We thus plan to implement DIFC mechanisms including a non-modified ARM processor and a FPGA.
The CominLabs HardBlare project is a cooperation with the CentraleSupélec IETR SCEE team and the UBS Lab-STICC laboratory. Mounir Nasr Allah is doing his PhD in the context of this project.
I regularly collaborate with the ANSSI. In the Ph.D. of Thomas Letan, we were interested in the formalization of hardware platforms and the security mechanisms they provide. We investigated the use of formal methods to assess the security guarantees provided by hardware platforms in the SpecCert and FreeSpec projects with Thomas Lethan. Matthieu Baty has also started a Ph.D. in the framework of the strategic partnership between Inria and ANSSI.
I have established a long-term collaboration with HP Inc. Labs to enhance the security of their PC platform. I also made a one-month visit to HP Labs in 2016. We maintained this collaboration through the Ph.D. of Ronny Chevalier and then through Titouan Lazard’s master internship.
Attacks targeting web browsers constitute a major threat. We tackled in the context of the CominLabs SecCloud project attacks induced by client-side code execution (javascript, flash or html5). Existing security mechanisms such as os-level access control often are not sufficient to prevent client-side browser attacks as the web browser is granted the same privileges as the user. The idea is to monitor information flows within the web browser in order to enforce a security information flow policy. Such a policy should allow to define fine-grained information flow rules between user data and distant web sites. We proposed a new secure information flow control model specifically designed for JavaScript.
In our approach, we augment the standard symbol table with a mechanism that replaces the reference address for secret values based on the current execution stack. This mechanism also ensures that the secret is stored in a dedicated memory location thereby protecting the secret from any unintended leakage or modification by a malicious JavaScript. This work on detection of illegal information flow in JavaScript has received the best paper award at the 9th International Conference on Security of Information and Networks (SIN 2016): https://hal.inria.fr/hal-01344565
This study was conducted in cooperation with other Inria Teams (Ascola and Celtique). Deepak Subramanian did his PhD in the context of this project.
The main objective of the Blare Inria Technological Development Action was to enhance the maturity level of two software tools developed by the CIDRE team: kBlare and JBlare. Theses tools consists in dynamic information flow monitors implemented in COTS: kBlare is a monitor implemented within the Linux kernel, JBlare is a monitor implemented within the Java Virtual Machine (JamVM).
Guillaume Brogi was hired as an engineer to work on that project. The main results of this ADT are the followings: we deployed a communication infrastructure composed of a dedicated public Web site with up-to-date documentation, mailing lists, a bug tracker and Git repositories; we deployed a Jenkins continuous integration tool and we have used it to enhance the quality of our code (several non obvious bug have been fixed thanks to this tool); we developed a unit testing framework dedicated to information flow control monitors testing.
The network security products, such as the NIDS or firewalls, tend to focus on application-level communication protocols. For known and documented protocols, it is easy to implement the required mechanisms. Conversely, for proprietary and undocumented protocols, the implementation is hardest because this implies the reverse engineering of these protocols.
I supervised the PhD of Georges Bossert in the context of a CIFRE contract with AMOSSYS, an SME located in Rennes. We proposed new approaches to reverse both the vocabulary and the grammar of a protocol. We developed Netzob, a tool dedicated to this task. We proposed two important improvements of the protocol inference process. First, we improved the message format reverse engineering phase. Unlike previous work, our approach uses contextual information and its semantic definition as a key parameter in both the processes of message clustering and field partitioning. We can also detect complex linear and nonlinear relationships between value, size and offset of message fields using correlation-based filtering. Besides, our multi-step pre-clustering phase reduces the required computation time of the main clustering phase. These results have been presented in ASIACCS 2014 conference. The second aspect of this work consisted in enhancing the grammar inference phase. We proposed a new approach that combines passive and active algorithms to infer protocol grammars. This approach also relies on grammar decompositions. We use semantic information to split the large inference task into separate parallel sub-tasks. Our solution reduces the computation time of the whole inference. Moreover our approach is more stealthy since less messages and in particular less invalid messages are sent to the inferred implementation.
| 2022- | Lionel Hemmerlé, Design and implementation of a language dedicated to the introspection of a virtual machine within a hypervisor (ANR TRUSTGW) | 
| 2021- | Jean-Loup Hatchikian-Houdot, Security-Enhancing Compiler against Side-Channel Attacks (CominLabs and ANR) | 
| 2020- | Matthieu Baty, Formal Specification and Verification of Security Mechanisms for RISC-V Processors (ANSSI grant) | 
| 2019-2023 | Nicolas Bellec, Security enhancement in embedded hard real-time systems (Breizh Cybervalley grant) | 
| 2018-2022 | Camille Le Bon, Dynamic optimization and analysis of binary programs for cybersecurity (DGA grant) | 
| 2016-2019 | Ronny Chevalier, Enhanced Computer Platform Security through an Intrusion Detection Approach (HP CIFRE grant) | 
| 2015-2018 | Oualid Koucham, Intrusion Detection for Industrial Control Systems (DGA grant) | 
| 2015-2020 | Mounir Nasr Allah, Combining Static Analyses with Dynamic Hardware-Based Analyses for Information Flow Control (CominLabs project) | 
| 2014-2018 | Thomas Letan, Security of the Low-level Components of a Computer Platform (ANSSI employee) | 
| 2013-2017 | Deepak Subramanian, Multi-level Information Flow Monitoring (CominLabs project) | 
| 2010-2014 | Georges Bossert, Exploiting Semantic for the Automatic Reverse Engineering of Communication Protocols (AMOSSYS CIFRE grant) | 
| 2024 | Oumar Niang, Dynamic information flow tracking in hybrid applications" | 
| 2022 | Romain Ninot, Dynamic Information Flow Tracking for Hybrid Applications | 
| 2022 | Lionel Hemmerlé, Design and Implementation of a Language Dedicated to Virtual Machine Introspection within a Hypervisor | 
| 2022 | Damien Armillon, Selective Dynamic Information Flow Tracking Using Dynamic Binary Instrumentation | 
| 2019 | Titouan Lazard, Hardware-based Monitoring of Chipset Components | 
| 2016 | Jianqiao Xu, Development of Memory-based Attacks for Android Platform | 
| 2016 | Ronny Chevalier, Coprocessor-based Low-level Intrusion Detection | 
| 2013 | Oualid Koucham, Development of a Smart Fuzzing Plugin for Netzob | 
| 2013 | Eric Asselin, Automatic Generation of Protocol Decoders | 
| 2013 | Thomas Letan, Cooperation between OS and Java-level IFC Monitors | 
| 2011 | Mounir Assaf, Combining Static and Dynamic Analysis to Detect Intrusion using Information Flow Control |