es
Universidad Estatal (Francia), Examinar oportunidades similares
SL-DRT-21-0559
Cyber security : hardware and sofware
We consider the general context of automated code-level security analysis. While standard attacks such as control-flow hijacking take advantage of programming flaws (typically, missing bound checks), recent micro-architectural attacks take advantage of subtle behaviours at the micro-architectural levels, typically speculative behaviours introduced in modern architectures for efficiency, in order to bypass protections and leak sensitive data. These vulnerabilities are extremely hard to find by a human expert, as they require to reason at a very low-level, on an exponential number of otherwise-hidden speculative behaviours, and on complex security properties (leaks and data interference, rather than standard memory corruptions). The goal of this doctoral work is to understand how automated symbolic verification and bug finding methods (especially but not limited to, symbolic execution) can be efficiently lifted to the case of speculative micro-architectural attacks, with the ultimate goal of securing essential security primitives in cryptographic libraries and OS kernels. This general objective raises challenges in terms of semantics of speculative behaviours, semantics of security properties and scalability of verification techniques. These techniques will be implemented in the binary-level code analysis framework BINSEC and their benefits assessed through rigorous experimental evaluation.
Département Ingénierie Logiciels et Systèmes (LIST)
Laboratoire pour la Sûreté du Logiciel
Saclay
BARDIN Sébastien
CEA
DRT/DILS
bâtiment 862, bureau 1018CEA Saclay91191 Gif sur Yvettes
Phone number:
Email: sebastien.bardin@cea.fr
Nice-Sophia-Antipolis
Sciences et Technologies de l’Information et de la Communication (STIC) - Nice -
Start date on
REZK Tamara
Inria
Sophia Antipolis
Phone number:
Elige el país al que quieres viajar para estudiar gratis, trabajar o hacer voluntariado