Institut Polytechnique de Paris
Ecole Polytechnique ENSTA Ecole des Ponts ENSAE Télécom Paris Télécom SudParis
Share

International Winter School on Microarchitectural Security 2022

The International Winter School on Microarchitectural Security (Mic-Sec) offers academic and industrial talks along with hands-on experience on attacks, software and hardware countermeasure techniques with a special focus on side-channel attacks. The Mic-Sec Winter School 2022 edition will take place at the FIAP Paris from the 5th to the 9th of December 2022 in Paris, France.
International Winter School on Microarchitectural Security 2022

Today, computing systems are going through the trough of disillusionment related to the prevailing security. The revelations of security and privacy vulnerabilities in microprocessors, both at software and hardware levels, have been appalling. These microarchitectural vulnerabilities affect almost all processors, across virtually all operating systems and architectures.

One of the biggest problems in modern computing infrastructure today is that security is not regarded as a system-wide issue and, therefore, preventive measures are vulnerability-specific, limited in scope, and might even create new vulnerabilities. The primary reason behind this is the fact that almost every aspect in modern computing architectures can be subject to the discovery of new attack vector: from computational optimizations to storage elements and interfaces, from end-user applications to the operating system & hypervisors, and from the microarchitecture to the underlying hardware. This trend is getting further momentum, and worse, the complete attack surface is not yet known. The hardware is often considered as an abstract layer that delivers some computational infrastructure and is assumed to be correct. But it might leak critical information as a side effect of software implementation and execution.

Side-channel Attacks (SCAs) and defenses on the microarchitectural level, therefore, have become an important field of research. Side-channel attacks exploit existing vulnerabilities in order to extract privileged information at both physical and computational and storage levels. In order to enhance the resistance of cryptographic and security critical implementations within the design phase, countermeasures and analysis techniques are mandatory.

The MIC-SEC winter school offers academic and industrial talks along with hands-on experience on attacks, software and hardware countermeasure techniques with a special focus on side-channel attacks. The school offers discussions with industrial and academic partners to foresee the future of computing in security. The scope of the MIC-SEC winter school is as follows:

  • Side-Channel attacks and defenses 
  • Role of Machine Learning in microarchitectural security
  • Microarchitectural security at the interfaces of hardware and software, in particular industrial perspectives

MIC-SEC offers an opportunity to young researchers such as PhD students and research engineers from academia and industry with lectures and hands-on experiences to get to know the domain of microarchitectural security. It allows the participants to practise theoretical principles in reality. Attending students are strongly advised to actively take part in the poster session held at the MIC-SEC winter school. Furthermore, there is an opportunity for senior PhD students and research engineers to do a short presentation of their research work.

Title of the talk


AI and Side-channel analysis: Lessons learned so far

Abstract


In this talk we give an overview of the AI methods and techniques used in the field of hardware security and side-channel analysis in particular. We first discuss the ways in which Machine learning and AI changed the side-channel analysis landscape and attackers’ capabilities in particular. We survey several examples of AI assisting with leakage evaluation and discuss the impact of it. Finally, we also consider the way side-channel analysis and deep learning could be used for a new tempest-like attack called screen gleaning.

 

About the speaker


Lejla Batina is a professor in embedded systems security at the Radboud University in Nijmegen, the Netherlands. She made a Professional Doctorate in Engineering at the Eindhoven University of Technology (2001) and worked as a cryptographer for SafeNet B.V. (2001–2003). She received her Ph.D. from KU Leuven, Belgium (2005).

Her current research interests include implementations of cryptography and hardware security. Her research group at Radboud consists of 12 researchers, and 9 Ph.D. students have graduated under her supervision. She has authored or coauthored more than 140 referred articles.

Lejla Batina a senior member of IEEE and an Editorial board member of top journals in security, such as IEEE Transactions on Information Forensics and Security and ACM Transactions on Embedded Computing Systems. She was program co-chair of CHES 2014, ACM WiSec 2021 and she served as a track chair of DATE 2022 (Track D: Design Methods and Tools).

Title of the talk


Trustworthy Machine Learning... for Systems Security

 

Abstract


No day goes by without reading machine learning (ML) success stories across different application domains. Systems security is no exception, where ML's tantalizing results leave one to wonder whether there are any unsolved problems left. However, machine learning has no clairvoyant abilities and once the magic wears off, we're left in uncharted territory.

We, as a community, need to understand and improve the effectiveness of machine learning methods for systems security in the presence of adversaries. One of the core challenges is related to the representation of problem space objects (e.g., program binaries) in a numerical feature space, as the semantic gap makes it harder to reason about attacks and defences and often leaves room for adversarial manipulation. Inevitably, the effectiveness of machine learning methods for systems security are intertwined with the underlying abstractions, e.g., program analyses, used to represent the objects. In this context, is trustworthy machine learning possible?

In this lecture, I will first illustrate the challenges in the context of adversarial ML evasion attacks against malware classifiers. The classic formulation of evasion attacks is ill-suited for reasoning about how to generate realizable evasive malware in the problem space. I'll provide a deep dive into recent work that provides a theoretical reformulation of the problem and enables more principled attack designs. Implications are interesting, as the framework facilitates reasoning around end-to-end attacks that can generate real-world adversarial malware, at scale, that evades both vanilla and hardened classifiers, thus calling for novel defenses.

Next, I'll broaden our conversation to include not just robustness against specialized attacks, but also adversarial drifting, in which threats evolve and change over time. Prior work suggests adversarial ML evasion attacks are intrinsically linked with concept drift and we will discuss how drift affects the performance of malware classifiers, hinting at the role the underlying feature space abstraction has in the whole process.

Ultimately, these threats would not exist if the abstraction could capture the 'Platonic ideal' of interesting behaviour (e.g., maliciousness), however, such a solution is still out of reach. I'll conclude by outlining current research efforts to make this goal a reality, including robust feature development, assessing vulnerability to universal perturbations, and forecasting of future drift, which illustrate what trustworthy machine learning for systems security may eventually look like.

 

About the speaker


Lorenzo Cavallaro is a Full Professor of Computer Science in the Department of Computer Science at UCL, where he leads the Systems Security Research Lab. His research focuses on understanding and improving the effectiveness of machine learning methods for systems security in the presence of adversaries. In particular, Lorenzo Cavallaro and his lab investigate the intertwined relationships of program analysis and machine learning and the implications they have towards realizing Trustworthy ML for Systems Security. He publishes at and sits in the PC of top-tier conferences in computer security and received the Outstanding Paper Award at USENIX Security 2022.

 

Title of the talk


Requirements and Security Challenges for Resource-Constrained IoT End-Devices Baseband Processor

 

Abstract


Internet of Things (IoT) implementations span all sectors around the world and face an exponential increase in the number of IoT devices. Attacks against these devices represent a significant threat and one of the potential entry points relies on their communication capabilities where many vulnerabilities and attacks exist.

In that context, this presentation deals with baseband processor requirements and challenges for resource-constrained IoT end-devices using low-data-rate Sub-Ghz protocols. Several architectures for baseband processors will be discussed as well as existing attacks. Furthermore, a solution based on a multi-layer (network, execution and hardware) data tracing approach to detect logical attacks such as network availability (e.g., DoS, jamming) and data integrity (i.e., packet injection) in the network and in the baseband processor from the network entry point will also be discussed.

 

About the speakers


Guy Gogniat is a Full Professor in electrical and computer engineering (ECE) at the Université Bretagne Sud, Lorient, France, where he has been since 1998. He obtained his MSEE degree at the University of Paris Sud, Orsay, France, in 1995, and his PhD in ECE at the University of Nice-Sophia, Antipolis, France, in 1997. In 2005, he spent one year at the University of Massachusetts, Amherst, USA, as an invited researcher, where he worked on embedded system security using Reconfigurable technologies. His work focuses on embedded system security.

Title of the talk


The standards of embedded security

 

Abstract


With the considerable growth of the IoT market, embedded secure elements are increasingly being deployed in a variety of devices. At the same time, operators expect liability from IoT devices, as the entire system’s security collapses if the devices are compromised. In addition, the market needs a way to ensure a consistent measurement of the security level. Hence the need for standards that define the requirements and certification schemes which assess, through tests and validations, that the requirements are met.

In this course, Sylvain Guilley will introduce the different standards applicable to IoTs (CC, FIPS, OSCCA, Global Platform, EN ETSI 303 645) and make a specific focus on the automotive market, with ISO/SAE 21434:2021 standard. He will detail how these standards can be implemented in integrated Secure Elements (iSE) and explain in particular how to derive the relevant security functionalities. The security target is crucial in this respect, as it is important to design enough security while avoiding over-designing security. Finally, he will explain that, nowadays, device connectivity can be leveraged to effectively manage their security throughout their lifecycle. Such a capability requires both an uplink (the channel through which incidents are reported) and a downlink (the channel through which firmware is updated).

 

About the speaker


Sylvain Guilley is General Manager and CTO at Secure-IC, a French company offering security for embedded systems. Secure-IC's flagship product is the multi-certified Securyzr integrated Secure Element (iSE). He is also professor at Télécom-Paris and research associate at the École normale supérieure (ENS).

His research interests are trusted computing, cyber-physical security, secure prototyping in FPGA and ASIC, and formal / mathematical methods. Since 2012, he organizes the PROOFS workshop, which brings together researchers whose objective is to increase the trust in the security of embedded systems.

Sylvain Guilley is also lead editor of international standards, such as ISO/IEC 20897 (Physically Unclonable Functions), ISO/IEC 20085 (Calibration of non-invasive testing tools), and ISO/IEC 24485 (White Box Cryptography). He is associate editor of the Springer Journal of Cryptography Engineering (JCEN), has co-authored 250+ research papers and filed 40+ invention patents. He is member of the IACR, senior member of the IEEE and the CryptArchi club, and is an alumnus from the École Polytechnique and Télécom-Paris

Title of the talk


Security Implications of Power Management Mechanisms in Modern Processors: Current Studies and Future Trends

 

Abstract


Despite the failure of Dennard scaling, the slow-down in Moore’s Law, and the high power density of modern processors, power management mechanisms have enabled significant advances in modern microprocessor performance and energy efficiency. Yet, current power management architectures also pose serious security implications. This is mainly because functionality rather than security has been the main consideration in designing power management mechanisms in commodity microprocessors.

This talk will provide an overview of state-of-the-art power management mechanisms used in modern microprocessors. Based on this background, some of the recent-revealed new power management vulnerabilities in modern processors and their security implications will be presented. Finally, will be discussed practical mitigation mechanisms to protect a system against known vulnerabilities resulting from power management mechanisms.

 

About the speaker


Dr. Jawad Haj-Yahya received his Ph.D. in Computer Science from Haifa University, Israel. Jawad was a processor architect for many years at Intel. His awards and honors include the Intel Achievement Award (the highest award at Intel) for his significant contribution to Intel processors.

Jawad worked as a Senior Scientist in multiple universities at research centers, including Nanyang Technological University (NTU) Singapore, Institute of Microelectronics (IME) at A*STAR Singapore, ETH Zurich, and Huawei Zurich Research Center. Jawad led multiple research projects, including designing and architecting a RISC-V-based secure processor, an energy-efficient AI accelerator, and multiple power management architectures to improve the energy efficiency of modern client and server processors. Jawad recently joined Rivos inc. as a Principal Architect working on power management.

Title of the talk


Security challenges and opportunities in emerging device technologies

 

Abstract


While traditional chips in bulk silicon technology are widely used for reliable and highly efficient systems, there are applications that call for devices in other technologies. On the one hand, novel device technologies need to be re-evaluated with respect to potential threats and attacks, and how these can be faced with existing and novel security solutions and methods. On the other hand, emerging device technologies bring opportunities for building the secure systems of the future.

This talk will give an overview of the minimal hardware resources that are needed to build secure systems and discusses the state-of-the-art in the design of these hardware resources in emerging device technologies.

 

About the speaker


Nele Mentens is a professor at Leiden University in the Netherlands and KU Leuven in Belgium. Her research interests are in the field of configurable computing and hardware security. She was/is the PI in around 25 finished and ongoing research projects with national and international funding.

She serves/served as a program committee member of renowned international conferences on security and hardware design. She was the general co-chair of FPL'17 and she was/is the program chair of FPL'20, CARDIS'20, RAW'21, VLSID'22 and DDECS'23. She is (co-)author in around 150 publications in international journals, conferences and books. She received best paper awards and nominations at CHES'19, AsianHOST'17 and DATE'16. Nele Mentens serves as an associate editor for IEEE TIFS, IEEE CAS Magazine, IEEE S&P, and IEEE TCAD.

Title of the talk


Securing AI: On the Intentional Failures and How to Prevent Them

 

Abstract

This talk covers various attacks on deep learning and how to prevent them. We start with a general introduction to the security and privacy of deep learning, and afterward, we concentrate on several specific threats. More precisely, we discuss poisoning attacks and model stealing attacks. We also discuss how to defend against such attacks and novel challenges emerging when moving from a centralized to a federated learning setup.

 

About the speaker


Stjepan Picek is an associate professor at Radboud University, The Netherlands. His research interests are security/cryptography, machine learning, and evolutionary computation. Prior to the associate professor position, he was an assistant professor at TU Delft, and a postdoctoral researcher at MIT, USA and KU Leuven, Belgium. He finished his PhD in 2015 with a topic on cryptology and evolutionary computation techniques.

Stjepan Picek also has several years of experience working in industry and government. Up to now, he has given more than 25 invited talks at conferences and summer schools and published more than 130 referred papers. He was a general co-chair for Eurocrypt 2021, program committee member and reviewer for a number of conferences and journals, and a member of several professional societies.

Title of the talk


Transient execution attacks and defenses

 

Abstract


Microarchitectural security is one of the most challenging and exciting problems in system security today. With the discovery of transient execution attacks, it has become clear that microarchitectural attacks have significant impact on the security properties of software running on a processor that runs code from various stakeholders (such as, for instance, in the cloud).

During this lecture, Frank Piessens will provide an introduction to transient execution attacks and defenses using formal models for processors.

First, he will introduce a simple formal instructions set architecture (ISA), and show how to model a speculative and out-of-order processor implementing this ISA. Then he will discuss how to model microarchitectural attackers, and, by means of examples, how the powerful class of transient execution attacks is captured by this model.

The lecture will finish with formal statements of security objectives for defenses against these attacks, and to illustrate the usefulness of the introduced models, the design and implementation of one provably secure countermeasure will be discussed.

 

About the speaker


Frank Piessens is a full professor in the Department of Computer Science at the Katholieke Universiteit Leuven, Belgium. His research field is software and systems security. He has worked both on attack techniques, as well as on defenses.

On the defense side, he has contributed to verification techniques for C-like languages, the enforcement of information flow security, countermeasures for memory safety related vulnerabilities, and the design and implementation of embedded security architectures.

On the attack side, he has contributed to the discovery of several transient execution attacks, and to the development of exploitation techniques for memory safety vulnerabilities.

Frank Piessens has served on the program committee of numerous security and software conferences including ACM CCS, Usenix Security, IEEE Security & Privacy, and ACM POPL. He acted as program chair for the International Conference on Principles of Security and Trust (POST 2016), for the IEEE European Symposium on Security & Privacy (Euro S&P 2018 & 2019), and for the IEEE Secure Development Conference (SecDev 2021 & 2022).

Title of the talk


From Random Observations to Automated Leakage Discovery

 

Abstract


Microarchitectural security is still a relatively young research area. There are still many discoveries to be made, even for beginners in the field. Simple experiments with seemingly random, weird observations later turn out to be side channels or even processor vulnerabilities. However, even for domain experts, designing experiments to discover new side-channel leakage can be a tedious and time-consuming process that also requires a non-negligible amount of luck.

This talk will show how automation can help in this discovery process. It will cover recent advances in tooling and automation for microarchitectural leakage discovery, drawing parallels to the field of software testing. Although automation is still in an early stage when compared to software testing, it will show that the current approaches can already discover previously unknown side channels and transient-execution attacks.

 

Title of the hands-on session


Turning Timing Differences into Data Leakage

 

Abstract


In 2018, a new field of microarchitectural emerged with the publication of Meltdown and Spectre: Transient execution attacks. In contrast to traditional side-channel attacks, which leak metadata, transient execution attacks directly leak sensitive data. Such transient executions result from control- and data-flow mispredictions, as well as out-of-order execution after exceptions.

This 3-hour training will start with simple timing measurements and finally leak data via a transient-execution attack. It will start with the basics of measuring cache effects, an essential building block of transient execution attacks. Together with the speaker will be developped a Flush+Reload covert channel used as the encoding part in the transient-execution attack. Using this encoding will be implemented a Spectre attack to leak data from an application containing secrets.

 

About the speaker


Michael Schwarz is Faculty at the CISPA Helmholtz Center for Information Security in Saarbruecken, Germany, with a focus on microarchitectural side-channel attacks and system security. He obtained his PhD with the title "Software-based Side-Channel Attacks and Defenses in Restricted Environments" in 2019 from Graz University of Technology. He holds two master's degrees, one in computer science and one in software engineering with a strong focus on security.

He is a regular speaker at both academic and hacker conferences (10 times Black Hat, CCC, Blue Hat, etc.). He was part of one of the research teams that found the Meltdown, Spectre, Fallout, ZombieLoad, LVI, and PLATYPUS vulnerabilities. He was also part of the KAISER patch, the basis for Meltdown countermeasures now deployed in every modern operating system under names such as KPTI or KVA Shadow.

 

Title of the hands-on session


How to quickly deploy a SoC on FPGA to evaluate security solutions for communicating embedded systems?

 

Abstract


The evaluation of security countermeasures is essential. Experimentation on real use cases and reproducibility are also important. In the field of embedded systems security we often face a technological barrier and we have to master a multitude of software and hardware tools. Moreover, our contributions often target a specific point and therefore we are not necessarily experts of all the components of a system on chip (SoC). The technical task then usually takes a lot of time when creating an experimental test bench.

This practical work proposes to discover some tools allowing to deploy a SoC (with associated software) and to evaluate it on FPGA board for a use case of security of communicating embedded systems.

 

About the speaker


Philippe Tanguy is Associate professor at the Université de Bretagne Sud (UBS), in the UFR SSI. He is the study director of the Master of Cybersecurity of Embedded Systems (CSSE) at UBS. He performs his research activities at Lab-STICC in the ARCAD team. He has a PhD in Electronics and digital communication at IETR. Currently, his research activities are dedicated to IoT system with a focus on the Cyber Security issues.

Title of the talk


The Gates of Time: Improving Cache Attacks with Transient Execution

 

Abstract


More info coming soon.

 

Title of the tutorial


A Primer on Cache Attacks

 

Abstract


More info coming soon.

 

About the speaker


Yuval Yarom is an Associate Professor at the School of Computer Science at the University of Adelaide. He earned his Ph.D. in Computer Science from the University of Adelaide in 2014, and an M.Sc. in Computer Science and a B.Sc. in Mathematics and Computer Science from the Hebrew University of Jerusalem in 1993 and 1990, respectively. In between, he has been the Vice President of Research in Memco Software and a co-founder and Chief Technology Officer of Girafa.com.

Yuval Yarom's research explores the security of the interface between the software and the hardware. In particular, He is interested in the discrepancy between the way that programmers think about software execution and the concrete execution in modern processors. He works on identifying micro-architectural vulnerabilities, and on exploitation and mitigation techniques.

During the MIC-SEC winter school, one afternoon will be reserved for a poster session. All participants are invited to prepare a poster in A0 format, presenting their current research. Students are advised to bring their printed posters to display in the Poster Hall. Candidates who are willing to bring a poster should mention it in their registration.

There will also be some time for student’s presentations. Please understand that we will not have enough time to allow everybody to step on the stage. In order to maximize the number of presentations (without having to stay awake until midnight), senior PhD students are invited to submit a short presentation, showcasing their PhD in 180 seconds. In case of many submissions, there will be a selection of the best presentations. If you are interested to participate in this experience, please contact us by mail.

  Monday 5th - ROOM PARIS
8:30-10:10 AM Registration & Breakfast
10:10-10:30 AM Orientation
10:30-12:00 PM Jawad HAJ YAHYA, "Security Implications of Power Management Mechanisms in Modern Processors: Current Studies and Future Trends"
12:00-2:00 PM Lunch (at the Self, Ground floor)
2:00-3:30 PM Frank PIESSENS, "Transient execution attacks and defenses"
3:30-4:00 PM Coffee Break
4:00-5:30 PM Lorenzo CAVALLARO, "Trustworthy Machine Learning...for Systems Security"
5:30-7:00 PM Cocktail (Space Jean Monnet, 1st floor)
  Tuesday 6th - ROOM PARIS
8:30-10:00 AM Michael SCHWARZ, "From Random Observations to Automated Leakage Discovery"
10:00-10:30 AM Coffee Break
10:30-12:00 PM Michael SCHWARZ, "Turning Timing Differences into Data Leakage" (hands-on session)*
12:00-2:00 PM Lunch (at the Self, Ground floor)
2:00-3:30 PM Guy GOGNIAT, "Requirements and Security Challenges for Resource-Constrained IoT End-Devices Baseband Processor"
3:30-4:00 PM Coffee Break
4:00-5:30 PM Philippe TANGUY, "How to quickly deploy a SoC on FPGA to evaluate security solutions for communicating embedded systems?" (hands-on session)*
  Wednesday 7th - ROOM OSLO
10:00-10:30 AM Welcome Coffee (Space Jean Monnet, 1st floor)
10:30-12:00 PM Yuval YAROM, "A Primer on Cache Attacks" (tutorial)
12:00-2:00 PM Lunch (at the Self, Ground floor)
2:00-3:30 PM Yuval YAROM, "The Gates of Time: Improving Cache Attacks with Transient Execution" (talk)
3:30-5:00 PM Sylvain GUILLEY, "The standards of embedded security"
5:00-5:30 PM Coffee - End of the day (Space Jean Monnet, 1st floor)
  Thursday 8th - ROOM OSLO
8:30-10:00 AM Lejla BATINA, "AI and Side-channel analysis: Lessons learned so far"
10:00-10:30 AM Coffee Break (Space Jean Monnet, 1st floor)
10:30-12:00 PM Stjepan PICEK, "Securing AI: On the Intentional Failures and How to Prevent Them"
12:00-2:00 PM Lunch (at the Self, Ground floor)
2:00-3:30 PM Nele MENTENS, "Security challenges and opportunities in emerging device technologies"
3:30-4:00 PM Coffee Break & Group Photo (Space Jean Monnet, 1st floor)
4:00-7:30 PM Free time
7:30-11:00 PM Gala Dinner (more info the "Venue" tab)
  Friday 9th - ROOM OSLO
9:30-10:00 AM Coffee Break (Space Jean Monnet, 1st floor)
10:00-12:00 PM Posters session**
12:00-2:00 PM Lunch (at the Self, Ground floor)
2:00 PM Goodbye

 

 

 

Before attending this hands-on session, you need to check the pre-requisites in the  "Lecture Material tab"

** Info on posters in the "Lecture Material tab"

The School offers 40 places for attendees to register. To narrate cultural diversity, organising committee encourages balanced representation of attendees from different countries. Women are underrepresented in the field of Science and Technology. To fulfill corporate social responsibility, we encourage women to participate in this event and balance the gathering with their presence.

Registration [CLOSED]

Participants are requested to process the registrations (first come first serve basis) by visiting the following website:
https://ipwinterschool2022.dakini-pco.com

The Mic-Sec Winter School 2022 will take place at the FIAP Paris from the 5th to the 9th of December 2022 in Paris, France.

FIAP has accomodation service available on "first come, first serve" basis. It allows students to reserve rooms on sharing also. More information here.

How to come to the FIAP

The adress is 30 Rue Cabanis, 75014 Paris.

> By public transport

From CDG Airport: Take the RER B, direction "Sud", until "Denfert Rochereau" station, then the Metro, line 6 (the green one), direction "Nation", until "Glacière" station.

From Orly Airport: Take the Orly Val until last stop "Antony", then RER B, direction "Nord", until "Denfert Rochereau" station OR Take the Orly Bus directly to last stop "Denfert Rochereau", then the Metro, line 6 (the green one), direction "Nation", until "Glacière" station.

> By taxi:

Cabs are easily available from the airports. Or you can book them in advance with one of the following cab companies. Taxis G7 : +33(0)1 47 39 47 39. Alpha Taxis: +33(0)1 45 85 85 85. Taxis Bleus : 3609.

> Other services:

If you have the right app, the following alternatives are available in Paris: Uber, Heetch or Bolt, to drive you from the airports.


Information about the gala dinner

On Thursday, December 8, we are pleased to invite you to a gala dinner on the famous Parisian "Bateaux Mouches" !

The departure will be from Port de la Conférence 75008 Paris

Boat La Patache

Metro 1 or 13, stop Champs-Elysées Clémenceau

Metro 9, stop Pont de l'Alma 

 

 

 

 

Time of arrival expected: 7.30 PM

Cruise departure: 8.30 PM

Return to the quay: 10.45 PM

Disembarkation: 11.00 PM

 

IMPORTANT: Health advisory

The format of the School will be presential, so we are expecting to meet you in real life!

All attendees must observe the health advisory of France if travelling from abroad or within France i.e. vaccination, rapid tests, PCR tests etc. Here you can find the health regulations that apply.

Our primary goal is the safety of all organizers, speakers, candidates and staff working at the FIAP. For this reason, we will be prepared to ensure that the School takes place in the best conditions, following the instructions of the authorities.

1) Proof of vaccination
2) Venue hygiene
3) Physical distance and accesses
4) Personal shielding
5) Adapted services
6) F&B (Food and Beverage)

FIAP has drawn up an extensive protocol with all the sanitary procedures, available here (FR). This protocol is constantly updated.

Please keep monitoring this health advisory page regularly to be updated in case of evolution of situation.

We are looking forward to seeing you in Paris!

This content will be available once the speakers deliver their presentations.

Please note that before attending the following hands-on sessionsyou need to check the pre-requisites

> For Philippe TANGUY's hands-on session on "How to quickly deploy a SoC on FPGA to evaluate security solutions for communicating embedded systems?" , pre-requisites are available here: https://sourcesup.renater.fr/www/mic-sec-2022/index.html

The content will be updated soon.

> For Michael SCHWARZ' hands-on session on "Turning Timing Differences into Data Leakage", a Linux installation with gcc, make, and matplotlib" is necessary.

"The Gates of Time: Improving Cache Attacks with Transient Execution"

  • Binary code analysis for security in the BINSEC team, Michaël Marcozzi
    • Université Paris-Saclay, CEA, List
  • Cross-Layer Fault Analysis for Microprocessor Architectures, Ihab ALSHAER¹², Brice COLOMBIER²³, Christophe DELEUZE¹, Vincent BEROULLE¹ , Paolo MAISTRI²
    • 1 Univ. Grenoble Alpes, Grenoble INP, LCIS, Valence 26000, France,
    • 2 Univ. Grenoble Alpes, CNRS, Grenoble INP, TIMA, Grenoble 38000, France,
    • 3 Univ. Lyon, UJM-Saint-Etienne, CNRS Laboratoire Hubert Curien UMR 5516, Saint-Etienne, France
  • Hardware-based security analysis, optimised solutions for attack detection, Lucas Georget, Vincent Migliore, Youssef Laarouchi, Vincent Nicomette
    • EDF R&D / LAAS-CNRS
  • Hardware/Software co-design of a RISC-V processor and its compiler toolchain to ensure constant-time execution, Nicolas Gaudin¹, Jean-Loup Hatchikian-Houdot², Frédéric Besson², Pascal Cotret¹, Guy Gogniat¹, Guillaume Hiet³, Vianney Lapôtre¹ and Pierre Wilke³
    • ¹ Lab-STICC, Université de Bretagne Sud, Lorient, France / ENSTA Bretagne, Brest, France
    • ² EPICURE / IRISA / INRIA, Rennes, France
    • ³ CIDRE / IRISA / INRIA, CentraleSupélec, Cesson-Sévigné, France
  • Indirect Eviction [IE] Cache Counteracting Eviction Based Cache Side Channel Attacks Through Indirect Eviction, M. Asim Mukhtar, Khurram Bhatti, Guy Gogniat
    • Information Technology University (ITU), Lahore, Pakistan; University of South Brittany (UBS), Lorient, France
  • PHYLOG 2: Certifiability of hybrid architectures wrt cyber-security, safety and real-time, Kevin Delmas and Julien Brunel
    • ONERA
  • Protection of a processor with DIFT against physical attacks, William PENSEC. Supervisors : Vianney LAPÔTRE and Guy GOGNIAT
    • Lab-STICC, Université Bretagne Sud, Lorient
  • To overfit or not to overfit, improving the performance of deep learning-based side-channel analysis, Azade Rezaeezade
    • Delft University of Technology, The Netherlands

Organizers

Maria Mushtaq

Associate Professor, Telecom Paris, France 

Maria MUSHTAQ is an Associate Professor at Telecom Paris in Safe and Secure Hardware group (SSH) of COMELEC Department. She received her PhD in Information Security from the University of South Brittany (UBS), France, in 2019. She has worked as a CNRS Postdoctoral Researcher at LIRMM, University of Montpellier (UM), France. She possesses expertise in microarchitectural vulnerability assessment and design & development of runtime mitigation solutions against side- and covert-channel information leakage in modern computing systems. Her research interests mainly focus on cryptanalysis, constructing and validating software security components, and constructing OS-based security primitives against various hardware vulnerabilities.

 

Ulrich Kühne

Associate Professor, Telecom Paris, France

He is an Associate Professor in the physical security of embedded systems in the Communications and Electronics Department at Télécom Paris. His doctoral thesis, which he obtained from Bremen University in Germany in 2009, was on the formal verification of embedded processors. He then spent two years as a postdoctoral researcher at the ENS Cachan LSV before joining the Digital Electronic Systems (SEN) Department at Télécom Paris in 2016. His areas of research are physical security, formal methods and hybrid systems.

 

 

Collaborators

            

 

Karine Heydemann

Associate Professor, LIP6, Sorbonne University, France 

Karine Heydemann is an Associate Professor at Sorbonne University since 2006. She is a member of the Architecture and Software for System on Chip group of the LIP6 laboratory. She received a PhD in Computer Science from the University of Rennes 1 in 2004.  Her areas of expertise encompass hardware micro-architecture, compilation, code optimization, and physical attacks, including modelling of hardware fault injection effects, automated code hardening and robustness analysis.

 

 

Quentin L. Meunier

Associate Professor, LIP6, Sorbonne University, France 

Quentin L. Meunier received an engineering diploma and a M.Sc. from Ensimag (Grenoble, France) in 2007 and a PhD degree in Computer Science from Université de Grenoble (France) in 2010. Since 2011, he has been Associate Professor at Sorbonne University, in the LIP6 laboratory. His research interests include micro-architecture, code security against faults and side-channel attacks, and masking verification.

Description

Today, computing systems are going through the trough of disillusionment related to the prevailing security. The revelations of security and privacy vulnerabilities in microprocessors, both at software and hardware levels, have been appalling. These microarchitectural vulnerabilities affect almost all processors, across virtually all operating systems and architectures.

One of the biggest problems in modern computing infrastructure today is that security is not regarded as a system-wide issue and, therefore, preventive measures are vulnerability-specific, limited in scope, and might even create new vulnerabilities. The primary reason behind this is the fact that almost every aspect in modern computing architectures can be subject to the discovery of new attack vector: from computational optimizations to storage elements and interfaces, from end-user applications to the operating system & hypervisors, and from the microarchitecture to the underlying hardware. This trend is getting further momentum, and worse, the complete attack surface is not yet known. The hardware is often considered as an abstract layer that delivers some computational infrastructure and is assumed to be correct. But it might leak critical information as a side effect of software implementation and execution.

Side-channel Attacks (SCAs) and defenses on the microarchitectural level, therefore, have become an important field of research. Side-channel attacks exploit existing vulnerabilities in order to extract privileged information at both physical and computational and storage levels. In order to enhance the resistance of cryptographic and security critical implementations within the design phase, countermeasures and analysis techniques are mandatory.

The MIC-SEC winter school offers academic and industrial talks along with hands-on experience on attacks, software and hardware countermeasure techniques with a special focus on side-channel attacks. The school offers discussions with industrial and academic partners to foresee the future of computing in security. The scope of the MIC-SEC winter school is as follows:

  • Side-Channel attacks and defenses 
  • Role of Machine Learning in microarchitectural security
  • Microarchitectural security at the interfaces of hardware and software, in particular industrial perspectives

MIC-SEC offers an opportunity to young researchers such as PhD students and research engineers from academia and industry with lectures and hands-on experiences to get to know the domain of microarchitectural security. It allows the participants to practise theoretical principles in reality. Attending students are strongly advised to actively take part in the poster session held at the MIC-SEC winter school. Furthermore, there is an opportunity for senior PhD students and research engineers to do a short presentation of their research work.

Title of the talk


AI and Side-channel analysis: Lessons learned so far

Abstract


In this talk we give an overview of the AI methods and techniques used in the field of hardware security and side-channel analysis in particular. We first discuss the ways in which Machine learning and AI changed the side-channel analysis landscape and attackers’ capabilities in particular. We survey several examples of AI assisting with leakage evaluation and discuss the impact of it. Finally, we also consider the way side-channel analysis and deep learning could be used for a new tempest-like attack called screen gleaning.

 

About the speaker


Lejla Batina is a professor in embedded systems security at the Radboud University in Nijmegen, the Netherlands. She made a Professional Doctorate in Engineering at the Eindhoven University of Technology (2001) and worked as a cryptographer for SafeNet B.V. (2001–2003). She received her Ph.D. from KU Leuven, Belgium (2005).

Her current research interests include implementations of cryptography and hardware security. Her research group at Radboud consists of 12 researchers, and 9 Ph.D. students have graduated under her supervision. She has authored or coauthored more than 140 referred articles.

Lejla Batina a senior member of IEEE and an Editorial board member of top journals in security, such as IEEE Transactions on Information Forensics and Security and ACM Transactions on Embedded Computing Systems. She was program co-chair of CHES 2014, ACM WiSec 2021 and she served as a track chair of DATE 2022 (Track D: Design Methods and Tools).

Title of the talk


Trustworthy Machine Learning... for Systems Security

 

Abstract


No day goes by without reading machine learning (ML) success stories across different application domains. Systems security is no exception, where ML's tantalizing results leave one to wonder whether there are any unsolved problems left. However, machine learning has no clairvoyant abilities and once the magic wears off, we're left in uncharted territory.

We, as a community, need to understand and improve the effectiveness of machine learning methods for systems security in the presence of adversaries. One of the core challenges is related to the representation of problem space objects (e.g., program binaries) in a numerical feature space, as the semantic gap makes it harder to reason about attacks and defences and often leaves room for adversarial manipulation. Inevitably, the effectiveness of machine learning methods for systems security are intertwined with the underlying abstractions, e.g., program analyses, used to represent the objects. In this context, is trustworthy machine learning possible?

In this lecture, I will first illustrate the challenges in the context of adversarial ML evasion attacks against malware classifiers. The classic formulation of evasion attacks is ill-suited for reasoning about how to generate realizable evasive malware in the problem space. I'll provide a deep dive into recent work that provides a theoretical reformulation of the problem and enables more principled attack designs. Implications are interesting, as the framework facilitates reasoning around end-to-end attacks that can generate real-world adversarial malware, at scale, that evades both vanilla and hardened classifiers, thus calling for novel defenses.

Next, I'll broaden our conversation to include not just robustness against specialized attacks, but also adversarial drifting, in which threats evolve and change over time. Prior work suggests adversarial ML evasion attacks are intrinsically linked with concept drift and we will discuss how drift affects the performance of malware classifiers, hinting at the role the underlying feature space abstraction has in the whole process.

Ultimately, these threats would not exist if the abstraction could capture the 'Platonic ideal' of interesting behaviour (e.g., maliciousness), however, such a solution is still out of reach. I'll conclude by outlining current research efforts to make this goal a reality, including robust feature development, assessing vulnerability to universal perturbations, and forecasting of future drift, which illustrate what trustworthy machine learning for systems security may eventually look like.

 

About the speaker


Lorenzo Cavallaro is a Full Professor of Computer Science in the Department of Computer Science at UCL, where he leads the Systems Security Research Lab. His research focuses on understanding and improving the effectiveness of machine learning methods for systems security in the presence of adversaries. In particular, Lorenzo Cavallaro and his lab investigate the intertwined relationships of program analysis and machine learning and the implications they have towards realizing Trustworthy ML for Systems Security. He publishes at and sits in the PC of top-tier conferences in computer security and received the Outstanding Paper Award at USENIX Security 2022.

 

Title of the talk


Requirements and Security Challenges for Resource-Constrained IoT End-Devices Baseband Processor

 

Abstract


Internet of Things (IoT) implementations span all sectors around the world and face an exponential increase in the number of IoT devices. Attacks against these devices represent a significant threat and one of the potential entry points relies on their communication capabilities where many vulnerabilities and attacks exist.

In that context, this presentation deals with baseband processor requirements and challenges for resource-constrained IoT end-devices using low-data-rate Sub-Ghz protocols. Several architectures for baseband processors will be discussed as well as existing attacks. Furthermore, a solution based on a multi-layer (network, execution and hardware) data tracing approach to detect logical attacks such as network availability (e.g., DoS, jamming) and data integrity (i.e., packet injection) in the network and in the baseband processor from the network entry point will also be discussed.

 

About the speakers


Guy Gogniat is a Full Professor in electrical and computer engineering (ECE) at the Université Bretagne Sud, Lorient, France, where he has been since 1998. He obtained his MSEE degree at the University of Paris Sud, Orsay, France, in 1995, and his PhD in ECE at the University of Nice-Sophia, Antipolis, France, in 1997. In 2005, he spent one year at the University of Massachusetts, Amherst, USA, as an invited researcher, where he worked on embedded system security using Reconfigurable technologies. His work focuses on embedded system security.

Title of the talk


The standards of embedded security

 

Abstract


With the considerable growth of the IoT market, embedded secure elements are increasingly being deployed in a variety of devices. At the same time, operators expect liability from IoT devices, as the entire system’s security collapses if the devices are compromised. In addition, the market needs a way to ensure a consistent measurement of the security level. Hence the need for standards that define the requirements and certification schemes which assess, through tests and validations, that the requirements are met.

In this course, Sylvain Guilley will introduce the different standards applicable to IoTs (CC, FIPS, OSCCA, Global Platform, EN ETSI 303 645) and make a specific focus on the automotive market, with ISO/SAE 21434:2021 standard. He will detail how these standards can be implemented in integrated Secure Elements (iSE) and explain in particular how to derive the relevant security functionalities. The security target is crucial in this respect, as it is important to design enough security while avoiding over-designing security. Finally, he will explain that, nowadays, device connectivity can be leveraged to effectively manage their security throughout their lifecycle. Such a capability requires both an uplink (the channel through which incidents are reported) and a downlink (the channel through which firmware is updated).

 

About the speaker


Sylvain Guilley is General Manager and CTO at Secure-IC, a French company offering security for embedded systems. Secure-IC's flagship product is the multi-certified Securyzr integrated Secure Element (iSE). He is also professor at Télécom-Paris and research associate at the École normale supérieure (ENS).

His research interests are trusted computing, cyber-physical security, secure prototyping in FPGA and ASIC, and formal / mathematical methods. Since 2012, he organizes the PROOFS workshop, which brings together researchers whose objective is to increase the trust in the security of embedded systems.

Sylvain Guilley is also lead editor of international standards, such as ISO/IEC 20897 (Physically Unclonable Functions), ISO/IEC 20085 (Calibration of non-invasive testing tools), and ISO/IEC 24485 (White Box Cryptography). He is associate editor of the Springer Journal of Cryptography Engineering (JCEN), has co-authored 250+ research papers and filed 40+ invention patents. He is member of the IACR, senior member of the IEEE and the CryptArchi club, and is an alumnus from the École Polytechnique and Télécom-Paris

Title of the talk


Security Implications of Power Management Mechanisms in Modern Processors: Current Studies and Future Trends

 

Abstract


Despite the failure of Dennard scaling, the slow-down in Moore’s Law, and the high power density of modern processors, power management mechanisms have enabled significant advances in modern microprocessor performance and energy efficiency. Yet, current power management architectures also pose serious security implications. This is mainly because functionality rather than security has been the main consideration in designing power management mechanisms in commodity microprocessors.

This talk will provide an overview of state-of-the-art power management mechanisms used in modern microprocessors. Based on this background, some of the recent-revealed new power management vulnerabilities in modern processors and their security implications will be presented. Finally, will be discussed practical mitigation mechanisms to protect a system against known vulnerabilities resulting from power management mechanisms.

 

About the speaker


Dr. Jawad Haj-Yahya received his Ph.D. in Computer Science from Haifa University, Israel. Jawad was a processor architect for many years at Intel. His awards and honors include the Intel Achievement Award (the highest award at Intel) for his significant contribution to Intel processors.

Jawad worked as a Senior Scientist in multiple universities at research centers, including Nanyang Technological University (NTU) Singapore, Institute of Microelectronics (IME) at A*STAR Singapore, ETH Zurich, and Huawei Zurich Research Center. Jawad led multiple research projects, including designing and architecting a RISC-V-based secure processor, an energy-efficient AI accelerator, and multiple power management architectures to improve the energy efficiency of modern client and server processors. Jawad recently joined Rivos inc. as a Principal Architect working on power management.

Title of the talk


Security challenges and opportunities in emerging device technologies

 

Abstract


While traditional chips in bulk silicon technology are widely used for reliable and highly efficient systems, there are applications that call for devices in other technologies. On the one hand, novel device technologies need to be re-evaluated with respect to potential threats and attacks, and how these can be faced with existing and novel security solutions and methods. On the other hand, emerging device technologies bring opportunities for building the secure systems of the future.

This talk will give an overview of the minimal hardware resources that are needed to build secure systems and discusses the state-of-the-art in the design of these hardware resources in emerging device technologies.

 

About the speaker


Nele Mentens is a professor at Leiden University in the Netherlands and KU Leuven in Belgium. Her research interests are in the field of configurable computing and hardware security. She was/is the PI in around 25 finished and ongoing research projects with national and international funding.

She serves/served as a program committee member of renowned international conferences on security and hardware design. She was the general co-chair of FPL'17 and she was/is the program chair of FPL'20, CARDIS'20, RAW'21, VLSID'22 and DDECS'23. She is (co-)author in around 150 publications in international journals, conferences and books. She received best paper awards and nominations at CHES'19, AsianHOST'17 and DATE'16. Nele Mentens serves as an associate editor for IEEE TIFS, IEEE CAS Magazine, IEEE S&P, and IEEE TCAD.

Title of the talk


Securing AI: On the Intentional Failures and How to Prevent Them

 

Abstract

This talk covers various attacks on deep learning and how to prevent them. We start with a general introduction to the security and privacy of deep learning, and afterward, we concentrate on several specific threats. More precisely, we discuss poisoning attacks and model stealing attacks. We also discuss how to defend against such attacks and novel challenges emerging when moving from a centralized to a federated learning setup.

 

About the speaker


Stjepan Picek is an associate professor at Radboud University, The Netherlands. His research interests are security/cryptography, machine learning, and evolutionary computation. Prior to the associate professor position, he was an assistant professor at TU Delft, and a postdoctoral researcher at MIT, USA and KU Leuven, Belgium. He finished his PhD in 2015 with a topic on cryptology and evolutionary computation techniques.

Stjepan Picek also has several years of experience working in industry and government. Up to now, he has given more than 25 invited talks at conferences and summer schools and published more than 130 referred papers. He was a general co-chair for Eurocrypt 2021, program committee member and reviewer for a number of conferences and journals, and a member of several professional societies.

Title of the talk


Transient execution attacks and defenses

 

Abstract


Microarchitectural security is one of the most challenging and exciting problems in system security today. With the discovery of transient execution attacks, it has become clear that microarchitectural attacks have significant impact on the security properties of software running on a processor that runs code from various stakeholders (such as, for instance, in the cloud).

During this lecture, Frank Piessens will provide an introduction to transient execution attacks and defenses using formal models for processors.

First, he will introduce a simple formal instructions set architecture (ISA), and show how to model a speculative and out-of-order processor implementing this ISA. Then he will discuss how to model microarchitectural attackers, and, by means of examples, how the powerful class of transient execution attacks is captured by this model.

The lecture will finish with formal statements of security objectives for defenses against these attacks, and to illustrate the usefulness of the introduced models, the design and implementation of one provably secure countermeasure will be discussed.

 

About the speaker


Frank Piessens is a full professor in the Department of Computer Science at the Katholieke Universiteit Leuven, Belgium. His research field is software and systems security. He has worked both on attack techniques, as well as on defenses.

On the defense side, he has contributed to verification techniques for C-like languages, the enforcement of information flow security, countermeasures for memory safety related vulnerabilities, and the design and implementation of embedded security architectures.

On the attack side, he has contributed to the discovery of several transient execution attacks, and to the development of exploitation techniques for memory safety vulnerabilities.

Frank Piessens has served on the program committee of numerous security and software conferences including ACM CCS, Usenix Security, IEEE Security & Privacy, and ACM POPL. He acted as program chair for the International Conference on Principles of Security and Trust (POST 2016), for the IEEE European Symposium on Security & Privacy (Euro S&P 2018 & 2019), and for the IEEE Secure Development Conference (SecDev 2021 & 2022).

Title of the talk


From Random Observations to Automated Leakage Discovery

 

Abstract


Microarchitectural security is still a relatively young research area. There are still many discoveries to be made, even for beginners in the field. Simple experiments with seemingly random, weird observations later turn out to be side channels or even processor vulnerabilities. However, even for domain experts, designing experiments to discover new side-channel leakage can be a tedious and time-consuming process that also requires a non-negligible amount of luck.

This talk will show how automation can help in this discovery process. It will cover recent advances in tooling and automation for microarchitectural leakage discovery, drawing parallels to the field of software testing. Although automation is still in an early stage when compared to software testing, it will show that the current approaches can already discover previously unknown side channels and transient-execution attacks.

 

Title of the hands-on session


Turning Timing Differences into Data Leakage

 

Abstract


In 2018, a new field of microarchitectural emerged with the publication of Meltdown and Spectre: Transient execution attacks. In contrast to traditional side-channel attacks, which leak metadata, transient execution attacks directly leak sensitive data. Such transient executions result from control- and data-flow mispredictions, as well as out-of-order execution after exceptions.

This 3-hour training will start with simple timing measurements and finally leak data via a transient-execution attack. It will start with the basics of measuring cache effects, an essential building block of transient execution attacks. Together with the speaker will be developped a Flush+Reload covert channel used as the encoding part in the transient-execution attack. Using this encoding will be implemented a Spectre attack to leak data from an application containing secrets.

 

About the speaker


Michael Schwarz is Faculty at the CISPA Helmholtz Center for Information Security in Saarbruecken, Germany, with a focus on microarchitectural side-channel attacks and system security. He obtained his PhD with the title "Software-based Side-Channel Attacks and Defenses in Restricted Environments" in 2019 from Graz University of Technology. He holds two master's degrees, one in computer science and one in software engineering with a strong focus on security.

He is a regular speaker at both academic and hacker conferences (10 times Black Hat, CCC, Blue Hat, etc.). He was part of one of the research teams that found the Meltdown, Spectre, Fallout, ZombieLoad, LVI, and PLATYPUS vulnerabilities. He was also part of the KAISER patch, the basis for Meltdown countermeasures now deployed in every modern operating system under names such as KPTI or KVA Shadow.

 

Title of the hands-on session


How to quickly deploy a SoC on FPGA to evaluate security solutions for communicating embedded systems?

 

Abstract


The evaluation of security countermeasures is essential. Experimentation on real use cases and reproducibility are also important. In the field of embedded systems security we often face a technological barrier and we have to master a multitude of software and hardware tools. Moreover, our contributions often target a specific point and therefore we are not necessarily experts of all the components of a system on chip (SoC). The technical task then usually takes a lot of time when creating an experimental test bench.

This practical work proposes to discover some tools allowing to deploy a SoC (with associated software) and to evaluate it on FPGA board for a use case of security of communicating embedded systems.

 

About the speaker


Philippe Tanguy is Associate professor at the Université de Bretagne Sud (UBS), in the UFR SSI. He is the study director of the Master of Cybersecurity of Embedded Systems (CSSE) at UBS. He performs his research activities at Lab-STICC in the ARCAD team. He has a PhD in Electronics and digital communication at IETR. Currently, his research activities are dedicated to IoT system with a focus on the Cyber Security issues.

Title of the talk


The Gates of Time: Improving Cache Attacks with Transient Execution

 

Abstract


More info coming soon.

 

Title of the tutorial


A Primer on Cache Attacks

 

Abstract


More info coming soon.

 

About the speaker


Yuval Yarom is an Associate Professor at the School of Computer Science at the University of Adelaide. He earned his Ph.D. in Computer Science from the University of Adelaide in 2014, and an M.Sc. in Computer Science and a B.Sc. in Mathematics and Computer Science from the Hebrew University of Jerusalem in 1993 and 1990, respectively. In between, he has been the Vice President of Research in Memco Software and a co-founder and Chief Technology Officer of Girafa.com.

Yuval Yarom's research explores the security of the interface between the software and the hardware. In particular, He is interested in the discrepancy between the way that programmers think about software execution and the concrete execution in modern processors. He works on identifying micro-architectural vulnerabilities, and on exploitation and mitigation techniques.

During the MIC-SEC winter school, one afternoon will be reserved for a poster session. All participants are invited to prepare a poster in A0 format, presenting their current research. Students are advised to bring their printed posters to display in the Poster Hall. Candidates who are willing to bring a poster should mention it in their registration.

There will also be some time for student’s presentations. Please understand that we will not have enough time to allow everybody to step on the stage. In order to maximize the number of presentations (without having to stay awake until midnight), senior PhD students are invited to submit a short presentation, showcasing their PhD in 180 seconds. In case of many submissions, there will be a selection of the best presentations. If you are interested to participate in this experience, please contact us by mail.

  Monday 5th - ROOM PARIS
8:30-10:10 AM Registration & Breakfast
10:10-10:30 AM Orientation
10:30-12:00 PM Jawad HAJ YAHYA, "Security Implications of Power Management Mechanisms in Modern Processors: Current Studies and Future Trends"
12:00-2:00 PM Lunch (at the Self, Ground floor)
2:00-3:30 PM Frank PIESSENS, "Transient execution attacks and defenses"
3:30-4:00 PM Coffee Break
4:00-5:30 PM Lorenzo CAVALLARO, "Trustworthy Machine Learning...for Systems Security"
5:30-7:00 PM Cocktail (Space Jean Monnet, 1st floor)
  Tuesday 6th - ROOM PARIS
8:30-10:00 AM Michael SCHWARZ, "From Random Observations to Automated Leakage Discovery"
10:00-10:30 AM Coffee Break
10:30-12:00 PM Michael SCHWARZ, "Turning Timing Differences into Data Leakage" (hands-on session)*
12:00-2:00 PM Lunch (at the Self, Ground floor)
2:00-3:30 PM Guy GOGNIAT, "Requirements and Security Challenges for Resource-Constrained IoT End-Devices Baseband Processor"
3:30-4:00 PM Coffee Break
4:00-5:30 PM Philippe TANGUY, "How to quickly deploy a SoC on FPGA to evaluate security solutions for communicating embedded systems?" (hands-on session)*
  Wednesday 7th - ROOM OSLO
10:00-10:30 AM Welcome Coffee (Space Jean Monnet, 1st floor)
10:30-12:00 PM Yuval YAROM, "A Primer on Cache Attacks" (tutorial)
12:00-2:00 PM Lunch (at the Self, Ground floor)
2:00-3:30 PM Yuval YAROM, "The Gates of Time: Improving Cache Attacks with Transient Execution" (talk)
3:30-5:00 PM Sylvain GUILLEY, "The standards of embedded security"
5:00-5:30 PM Coffee - End of the day (Space Jean Monnet, 1st floor)
  Thursday 8th - ROOM OSLO
8:30-10:00 AM Lejla BATINA, "AI and Side-channel analysis: Lessons learned so far"
10:00-10:30 AM Coffee Break (Space Jean Monnet, 1st floor)
10:30-12:00 PM Stjepan PICEK, "Securing AI: On the Intentional Failures and How to Prevent Them"
12:00-2:00 PM Lunch (at the Self, Ground floor)
2:00-3:30 PM Nele MENTENS, "Security challenges and opportunities in emerging device technologies"
3:30-4:00 PM Coffee Break & Group Photo (Space Jean Monnet, 1st floor)
4:00-7:30 PM Free time
7:30-11:00 PM Gala Dinner (more info the "Venue" tab)
  Friday 9th - ROOM OSLO
9:30-10:00 AM Coffee Break (Space Jean Monnet, 1st floor)
10:00-12:00 PM Posters session**
12:00-2:00 PM Lunch (at the Self, Ground floor)
2:00 PM Goodbye

 

 

 

Before attending this hands-on session, you need to check the pre-requisites in the  "Lecture Material tab"

** Info on posters in the "Lecture Material tab"

The School offers 40 places for attendees to register. To narrate cultural diversity, organising committee encourages balanced representation of attendees from different countries. Women are underrepresented in the field of Science and Technology. To fulfill corporate social responsibility, we encourage women to participate in this event and balance the gathering with their presence.

Registration [CLOSED]

Participants are requested to process the registrations (first come first serve basis) by visiting the following website:
https://ipwinterschool2022.dakini-pco.com

The Mic-Sec Winter School 2022 will take place at the FIAP Paris from the 5th to the 9th of December 2022 in Paris, France.

FIAP has accomodation service available on "first come, first serve" basis. It allows students to reserve rooms on sharing also. More information here.

How to come to the FIAP

The adress is 30 Rue Cabanis, 75014 Paris.

> By public transport

From CDG Airport: Take the RER B, direction "Sud", until "Denfert Rochereau" station, then the Metro, line 6 (the green one), direction "Nation", until "Glacière" station.

From Orly Airport: Take the Orly Val until last stop "Antony", then RER B, direction "Nord", until "Denfert Rochereau" station OR Take the Orly Bus directly to last stop "Denfert Rochereau", then the Metro, line 6 (the green one), direction "Nation", until "Glacière" station.

> By taxi:

Cabs are easily available from the airports. Or you can book them in advance with one of the following cab companies. Taxis G7 : +33(0)1 47 39 47 39. Alpha Taxis: +33(0)1 45 85 85 85. Taxis Bleus : 3609.

> Other services:

If you have the right app, the following alternatives are available in Paris: Uber, Heetch or Bolt, to drive you from the airports.


Information about the gala dinner

On Thursday, December 8, we are pleased to invite you to a gala dinner on the famous Parisian "Bateaux Mouches" !

The departure will be from Port de la Conférence 75008 Paris

Boat La Patache

Metro 1 or 13, stop Champs-Elysées Clémenceau

Metro 9, stop Pont de l'Alma 

 

 

 

 

Time of arrival expected: 7.30 PM

Cruise departure: 8.30 PM

Return to the quay: 10.45 PM

Disembarkation: 11.00 PM

 

IMPORTANT: Health advisory

The format of the School will be presential, so we are expecting to meet you in real life!

All attendees must observe the health advisory of France if travelling from abroad or within France i.e. vaccination, rapid tests, PCR tests etc. Here you can find the health regulations that apply.

Our primary goal is the safety of all organizers, speakers, candidates and staff working at the FIAP. For this reason, we will be prepared to ensure that the School takes place in the best conditions, following the instructions of the authorities.

1) Proof of vaccination
2) Venue hygiene
3) Physical distance and accesses
4) Personal shielding
5) Adapted services
6) F&B (Food and Beverage)

FIAP has drawn up an extensive protocol with all the sanitary procedures, available here (FR). This protocol is constantly updated.

Please keep monitoring this health advisory page regularly to be updated in case of evolution of situation.

We are looking forward to seeing you in Paris!

This content will be available once the speakers deliver their presentations.

Please note that before attending the following hands-on sessionsyou need to check the pre-requisites

> For Philippe TANGUY's hands-on session on "How to quickly deploy a SoC on FPGA to evaluate security solutions for communicating embedded systems?" , pre-requisites are available here: https://sourcesup.renater.fr/www/mic-sec-2022/index.html

The content will be updated soon.

> For Michael SCHWARZ' hands-on session on "Turning Timing Differences into Data Leakage", a Linux installation with gcc, make, and matplotlib" is necessary.

"The Gates of Time: Improving Cache Attacks with Transient Execution"

  • Binary code analysis for security in the BINSEC team, Michaël Marcozzi
    • Université Paris-Saclay, CEA, List
  • Cross-Layer Fault Analysis for Microprocessor Architectures, Ihab ALSHAER¹², Brice COLOMBIER²³, Christophe DELEUZE¹, Vincent BEROULLE¹ , Paolo MAISTRI²
    • 1 Univ. Grenoble Alpes, Grenoble INP, LCIS, Valence 26000, France,
    • 2 Univ. Grenoble Alpes, CNRS, Grenoble INP, TIMA, Grenoble 38000, France,
    • 3 Univ. Lyon, UJM-Saint-Etienne, CNRS Laboratoire Hubert Curien UMR 5516, Saint-Etienne, France
  • Hardware-based security analysis, optimised solutions for attack detection, Lucas Georget, Vincent Migliore, Youssef Laarouchi, Vincent Nicomette
    • EDF R&D / LAAS-CNRS
  • Hardware/Software co-design of a RISC-V processor and its compiler toolchain to ensure constant-time execution, Nicolas Gaudin¹, Jean-Loup Hatchikian-Houdot², Frédéric Besson², Pascal Cotret¹, Guy Gogniat¹, Guillaume Hiet³, Vianney Lapôtre¹ and Pierre Wilke³
    • ¹ Lab-STICC, Université de Bretagne Sud, Lorient, France / ENSTA Bretagne, Brest, France
    • ² EPICURE / IRISA / INRIA, Rennes, France
    • ³ CIDRE / IRISA / INRIA, CentraleSupélec, Cesson-Sévigné, France
  • Indirect Eviction [IE] Cache Counteracting Eviction Based Cache Side Channel Attacks Through Indirect Eviction, M. Asim Mukhtar, Khurram Bhatti, Guy Gogniat
    • Information Technology University (ITU), Lahore, Pakistan; University of South Brittany (UBS), Lorient, France
  • PHYLOG 2: Certifiability of hybrid architectures wrt cyber-security, safety and real-time, Kevin Delmas and Julien Brunel
    • ONERA
  • Protection of a processor with DIFT against physical attacks, William PENSEC. Supervisors : Vianney LAPÔTRE and Guy GOGNIAT
    • Lab-STICC, Université Bretagne Sud, Lorient
  • To overfit or not to overfit, improving the performance of deep learning-based side-channel analysis, Azade Rezaeezade
    • Delft University of Technology, The Netherlands

Organizers

Maria Mushtaq

Associate Professor, Telecom Paris, France 

Maria MUSHTAQ is an Associate Professor at Telecom Paris in Safe and Secure Hardware group (SSH) of COMELEC Department. She received her PhD in Information Security from the University of South Brittany (UBS), France, in 2019. She has worked as a CNRS Postdoctoral Researcher at LIRMM, University of Montpellier (UM), France. She possesses expertise in microarchitectural vulnerability assessment and design & development of runtime mitigation solutions against side- and covert-channel information leakage in modern computing systems. Her research interests mainly focus on cryptanalysis, constructing and validating software security components, and constructing OS-based security primitives against various hardware vulnerabilities.

 

Ulrich Kühne

Associate Professor, Telecom Paris, France

He is an Associate Professor in the physical security of embedded systems in the Communications and Electronics Department at Télécom Paris. His doctoral thesis, which he obtained from Bremen University in Germany in 2009, was on the formal verification of embedded processors. He then spent two years as a postdoctoral researcher at the ENS Cachan LSV before joining the Digital Electronic Systems (SEN) Department at Télécom Paris in 2016. His areas of research are physical security, formal methods and hybrid systems.

 

 

Collaborators

            

 

Karine Heydemann

Associate Professor, LIP6, Sorbonne University, France 

Karine Heydemann is an Associate Professor at Sorbonne University since 2006. She is a member of the Architecture and Software for System on Chip group of the LIP6 laboratory. She received a PhD in Computer Science from the University of Rennes 1 in 2004.  Her areas of expertise encompass hardware micro-architecture, compilation, code optimization, and physical attacks, including modelling of hardware fault injection effects, automated code hardening and robustness analysis.

 

 

Quentin L. Meunier

Associate Professor, LIP6, Sorbonne University, France 

Quentin L. Meunier received an engineering diploma and a M.Sc. from Ensimag (Grenoble, France) in 2007 and a PhD degree in Computer Science from Université de Grenoble (France) in 2010. Since 2011, he has been Associate Professor at Sorbonne University, in the LIP6 laboratory. His research interests include micro-architecture, code security against faults and side-channel attacks, and masking verification.