Institut Polytechnique de Paris
Ecole Polytechnique ENSTA ENSAE Télécom Paris Télécom SudParis

International Winter School on Microarchitectural Security 2022

The International Winter School on Microarchitectural Security (Mic-Sec) offers academic and industrial talks along with hands-on experience on attacks, software and hardware countermeasure techniques with a special focus on side-channel attacks. The Mic-Sec Winter School 2022 edition will take place at the FIAP Paris from the 5th to the 9th of December 2022 in Paris, France.
International Winter School on Microarchitectural Security 2022

Today, computing systems are going through the trough of disillusionment related to the prevailing security. The revelations of security and privacy vulnerabilities in microprocessors, both at software and hardware levels, have been appalling. These microarchitectural vulnerabilities affect almost all processors, across virtually all operating systems and architectures. One of the biggest problems in modern computing infrastructure today is that security is not regarded as a system-wide issue and, therefore, preventive measures are vulnerability-specific, limited in scope, and might even create new vulnerabilities. The primary reason behind this is the fact that almost every aspect in modern computing architectures can be subject to the discovery of new attack vector: from computational optimizations to storage elements and interfaces, from end-user applications to the operating system & hypervisors, and from the microarchitecture to the underlying hardware. This trend is getting further momentum, and worse, the complete attack surface is not yet known. The hardware is often considered as an abstract layer that delivers some computational infrastructure and is assumed to be correct. But it might leak critical information as a side effect of software implementation and execution.

Side-channel Attacks (SCAs) and defenses on the microarchitectural level, therefore, have become an important field of research. Side-channel attacks exploit existing vulnerabilities in order to extract privileged information at both physical and computational and storage levels. In order to enhance the resistance of cryptographic and security critical implementations within the design phase, countermeasures and analysis techniques are mandatory.

The MIC-SEC winter school offers academic and industrial talks along with hands-on experience on attacks, software and hardware countermeasure techniques with a special focus on side-channel attacks. The school will offer discussions with industrial and academic partners to foresee the future of computing in security. The scope of the MIC-SEC winter school is as follows:

  • Side-Channel attacks and defenses 
  • Role of Machine Learning in microarchitectural security
  • Microarchitectural security at the interfaces of hardware and software, in particular industrial perspectives

MIC-SEC offers an opportunity to young researchers such as PhD students and research engineers from academia and industry with lectures and hands-on experiences to get to know the domain of microarchitectural security. It will allow the participants to practise theoretical principles in reality. Attending students are strongly advised to actively take part in the poster session held at the MIC-SEC winter school. Furthermore, there will be an opportunity for senior PhD students and research engineers to do a short presentation of their research work.

Title of the talk


AI and Side-channel analysis: Lessons learned so far

Abstract


Abstract coming soon.

 

About the speaker


Lejla Batina is a professor in embedded systems security at the Radboud University in Nijmegen, the Netherlands. She made a Professional Doctorate in Engineering at the Eindhoven University of Technology (2001) and worked as a cryptographer for SafeNet B.V. (2001–2003). She received her Ph.D. from KU Leuven, Belgium (2005).

Her current research interests include implementations of cryptography and hardware security. Her research group at Radboud consists of 12 researchers, and 9 Ph.D. students have graduated under her supervision. She has authored or coauthored more than 140 referred articles.

Lejla Batina a senior member of IEEE and an Editorial board member of top journals in security, such as IEEE Transactions on Information Forensics and Security and ACM Transactions on Embedded Computing Systems. She was program co-chair of CHES 2014, ACM WiSec 2021 and she served as a track chair of DATE 2022 (Track D: Design Methods and Tools).

 

Title of the talk


Requirements and Security Challenges for Resource-Constrained IoT End-Devices Baseband Processor

 

Abstract


Internet of Things (IoT) implementations span all sectors around the world and face an exponential increase in the number of IoT devices. Attacks against these devices represent a significant threat and one of the potential entry points relies on their communication capabilities where many vulnerabilities and attacks exist.

In that context, this presentation deals with baseband processor requirements and challenges for resource-constrained IoT end-devices using low-data-rate Sub-Ghz protocols. Several architectures for baseband processors will be discussed as well as existing attacks. Furthermore, a solution based on a multi-layer (network, execution and hardware) data tracing approach to detect logical attacks such as network availability (e.g., DoS, jamming) and data integrity (i.e., packet injection) in the network and in the baseband processor from the network entry point will also be discussed.

 

About the speakers


Guy Gogniat is a Full Professor in electrical and computer engineering (ECE) at the Université Bretagne Sud, Lorient, France, where he has been since 1998. He obtained his MSEE degree at the University of Paris Sud, Orsay, France, in 1995, and his PhD in ECE at the University of Nice-Sophia, Antipolis, France, in 1997. In 2005, he spent one year at the University of Massachusetts, Amherst, USA, as an invited researcher, where he worked on embedded system security using Reconfigurable technologies. His work focuses on embedded system security.

Title of the talk


The standards of embedded security

 

Abstract


With the considerable growth of the IoT market, embedded secure elements are increasingly being deployed in a variety of devices. At the same time, operators expect liability from IoT devices, as the entire system’s security collapses if the devices are compromised. In addition, the market needs a way to ensure a consistent measurement of the security level. Hence the need for standards that define the requirements and certification schemes which assess, through tests and validations, that the requirements are met.

In this course, Sylvain Guilley will introduce the different standards applicable to IoTs (CC, FIPS, OSCCA, Global Platform, EN ETSI 303 645) and make a specific focus on the automotive market, with ISO/SAE 21434:2021 standard. He will detail how these standards can be implemented in integrated Secure Elements (iSE) and explain in particular how to derive the relevant security functionalities. The security target is crucial in this respect, as it is important to design enough security while avoiding over-designing security. Finally, he will explain that, nowadays, device connectivity can be leveraged to effectively manage their security throughout their lifecycle. Such a capability requires both an uplink (the channel through which incidents are reported) and a downlink (the channel through which firmware is updated).

 

About the speaker


Sylvain Guilley is General Manager and CTO at Secure-IC, a French company offering security for embedded systems. Secure-IC's flagship product is the multi-certified Securyzr integrated Secure Element (iSE). He is also professor at Télécom-Paris and research associate at the École normale supérieure (ENS).

His research interests are trusted computing, cyber-physical security, secure prototyping in FPGA and ASIC, and formal / mathematical methods. Since 2012, he organizes the PROOFS workshop, which brings together researchers whose objective is to increase the trust in the security of embedded systems.

Sylvain Guilley is also lead editor of international standards, such as ISO/IEC 20897 (Physically Unclonable Functions), ISO/IEC 20085 (Calibration of non-invasive testing tools), and ISO/IEC 24485 (White Box Cryptography). He is associate editor of the Springer Journal of Cryptography Engineering (JCEN), has co-authored 250+ research papers and filed 40+ invention patents. He is member of the IACR, senior member of the IEEE and the CryptArchi club, and is an alumnus from the École Polytechnique and Télécom-Paris

Title of the talk


Security Implications of Power Management Mechanisms in Modern Processors: Current Studies and Future Trends

 

Abstract


Despite the failure of Dennard scaling, the slow-down in Moore’s Law, and the high power density of modern processors, power management mechanisms have enabled significant advances in modern microprocessor performance and energy efficiency. Yet, current power management architectures also pose serious security implications. This is mainly because functionality rather than security has been the main consideration in designing power management mechanisms in commodity microprocessors.

This talk will provide an overview of state-of-the-art power management mechanisms used in modern microprocessors. Based on this background, some of the recent-revealed new power management vulnerabilities in modern processors and their security implications will be presented. Finally, will be discussed practical mitigation mechanisms to protect a system against known vulnerabilities resulting from power management mechanisms.

 

About the speaker


Jawad Haj-Yahya is a Principal Researcher at Huawei Research Center in Zurich received his Ph.D. degree in Computer Science from Haifa University, Israel. He was a processor architect for many years at Intel. His awards and honors include the Intel Achievement Award (the highest award at Intel) for his significant contribution to Intel processors.

Jawad Haj-Yahya worked at Nanyang Technological University (NTU), Singapore, as a hardware security Research Scientist, where he led the architecture and design of a secure-processor project based on RISC-V architecture. He then moved to the Institute of Microelectronics (IME) at A*STAR Singapore, where he was a Scientist III and worked on hardware security and an AI accelerator.

He finally worked as a Senior Researcher in the SAFARI Research Group at ETH Zurich, where he led multiple projects on Energy-Efficient Computing and Hardware Security, before moving to his current position at Huawei.

More info available soon

More info available soon

Title of the talk


Transient execution attacks and defenses

 

Abstract


Microarchitectural security is one of the most challenging and exciting problems in system security today. With the discovery of transient execution attacks, it has become clear that microarchitectural attacks have significant impact on the security properties of software running on a processor that runs code from various stakeholders (such as, for instance, in the cloud).

During this lecture, Frank Piessens will provide an introduction to transient execution attacks and defenses using formal models for processors.

First, he will introduce a simple formal instructions set architecture (ISA), and show how to model a speculative and out-of-order processor implementing this ISA. Then he will discuss how to model microarchitectural attackers, and, by means of examples, how the powerful class of transient execution attacks is captured by this model.

The lecture will finish with formal statements of security objectives for defenses against these attacks, and to illustrate the usefulness of the introduced models, the design and implementation of one provably secure countermeasure will be discussed.

 

About the speaker


Frank Piessens is a full professor in the Department of Computer Science at the Katholieke Universiteit Leuven, Belgium. His research field is software and systems security. He has worked both on attack techniques, as well as on defenses.

On the defense side, he has contributed to verification techniques for C-like languages, the enforcement of information flow security, countermeasures for memory safety related vulnerabilities, and the design and implementation of embedded security architectures.

On the attack side, he has contributed to the discovery of several transient execution attacks, and to the development of exploitation techniques for memory safety vulnerabilities.

Frank Piessens has served on the program committee of numerous security and software conferences including ACM CCS, Usenix Security, IEEE Security & Privacy, and ACM POPL. He acted as program chair for the International Conference on Principles of Security and Trust (POST 2016), for the IEEE European Symposium on Security & Privacy (Euro S&P 2018 & 2019), and for the IEEE Secure Development Conference (SecDev 2021 & 2022).

Title of the talk


From Random Observations to Automated Leakage Discovery

 

Abstract


Microarchitectural security is still a relatively young research area. There are still many discoveries to be made, even for beginners in the field. Simple experiments with seemingly random, weird observations later turn out to be side channels or even processor vulnerabilities. However, even for domain experts, designing experiments to discover new side-channel leakage can be a tedious and time-consuming process that also requires a non-negligible amount of luck.

This talk will show how automation can help in this discovery process. It will cover recent advances in tooling and automation for microarchitectural leakage discovery, drawing parallels to the field of software testing. Although automation is still in an early stage when compared to software testing, it will show that the current approaches can already discover previously unknown side channels and transient-execution attacks.

 

Title of the hands-on session


Turning Timing Differences into Data Leakage

 

Abstract


In 2018, a new field of microarchitectural emerged with the publication of Meltdown and Spectre: Transient execution attacks. In contrast to traditional side-channel attacks, which leak metadata, transient execution attacks directly leak sensitive data. Such transient executions result from control- and data-flow mispredictions, as well as out-of-order execution after exceptions.

This 3-hour training will start with simple timing measurements and finally leak data via a transient-execution attack. It will start with the basics of measuring cache effects, an essential building block of transient execution attacks. Together with the speaker will be developped a Flush+Reload covert channel used as the encoding part in the transient-execution attack. Using this encoding will be implemented a Spectre attack to leak data from an application containing secrets.

 

About the speaker


Michael Schwarz is Faculty at the CISPA Helmholtz Center for Information Security in Saarbruecken, Germany, with a focus on microarchitectural side-channel attacks and system security. He obtained his PhD with the title "Software-based Side-Channel Attacks and Defenses in Restricted Environments" in 2019 from Graz University of Technology. He holds two master's degrees, one in computer science and one in software engineering with a strong focus on security.

He is a regular speaker at both academic and hacker conferences (10 times Black Hat, CCC, Blue Hat, etc.). He was part of one of the research teams that found the Meltdown, Spectre, Fallout, ZombieLoad, LVI, and PLATYPUS vulnerabilities. He was also part of the KAISER patch, the basis for Meltdown countermeasures now deployed in every modern operating system under names such as KPTI or KVA Shadow.

 

Title of the hands-on session


How to quickly deploy a SoC on FPGA to evaluate security solutions for communicating embedded systems?

 

Abstract


The evaluation of security countermeasures is essential. Experimentation on real use cases and reproducibility are also important. In the field of embedded systems security we often face a technological barrier and we have to master a multitude of software and hardware tools. Moreover, our contributions often target a specific point and therefore we are not necessarily experts of all the components of a system on chip (SoC). The technical task then usually takes a lot of time when creating an experimental test bench.

This practical work proposes to discover some tools allowing to deploy a SoC (with associated software) and to evaluate it on FPGA board for a use case of security of communicating embedded systems.

 

About the speaker


Philippe Tanguy is Associate professor at the Université de Bretagne Sud (UBS), in the UFR SSI. He is the study director of the Master of Cybersecurity of Embedded Systems (CSSE) at UBS. He performs his research activities at Lab-STICC in the ARCAD team. He has a PhD in Electronics and digital communication at IETR. Currently, his research activities are dedicated to IoT system with a focus on the Cyber Security issues.

More info available soon

During the MIC-SEC winter school, one afternoon will be reserved for a poster session. All participants are invited to prepare a poster in A0 format, presenting their current research. Students are advised to bring their printed posters to display in the Poster Hall. Candidates who are willing to bring a poster should mention it in their registration.

There will also be some time for student’s presentations. Please understand that we will not have enough time to allow everybody to step on the stage. In order to maximize the number of presentations (without having to stay awake until midnight), senior PhD students are invited to submit a short presentation, showcasing their PhD in 180 seconds. In case of many submissions, there will be a selection of the best presentations. If you are interested to participate in this experience, please contact us by mail.

  Monday 5th
10:00-12:00 PM Registration, Breakfast & Orientation Presentation
12:00-2:30 PM Lunch
2:30-4:00 PM Talk 1
4:00-4:30 PM Coffee Break
4:30-5:30 PM Student Presentations
5:30-7:00 PM Cocktail
  Tuesday 6th
8:30-10:00 AM Talk 2
10:00-10:30 AM Coffee Break
10:30-12:00 PM Talk 3
12:00-2:00 PM Lunch
2:00-3:30 PM Talk 4
3:30-4:00 PM Coffee Break
4:00-5:30 PM Student Presentations
  Wednesday 7th
8:30-10:00 AM Talk 5
10:00-10:30 AM Coffee Break
10:30-12:00 PM Talk 6
12:00-2:00 PM Lunch
2:00-4:00 PM Poster Session
4:00-4:30 PM Coffee Break
4:30-6:00 PM Talk 7
  Thursday 8th
8:30-10:00 AM Talk 8
10:00-10:30 AM Coffee Break
10:30-12:00 PM Stjepan Picek, Talk 9
12:00-2:00 PM Lunch
2:00-4:00 PM Talk 10
4:00-4:30 PM Coffee Break
4:30-7:00 PM Free time
7:00-9:00 PM Gala Dinner
  Friday 9th
8:30-10:00 AM Talk 11
10:00-10:30 AM Coffee Break
10:30-12:00 PM Talk 12
12:30-2:00 PM Lunch

Registration for the Winter School is in two distinct steps: Registration and Payment. 

The School offers 40 places for attendees to register. To narrate cultural diversity, organising committee will balance the representation of attendees from different countries. Women are underrepresented in the field of Science and Technology. To fulfill corporate social responsibility, we encourage women to participate in this event and balance the gathering with their presence.

Step 1: Registration [OPEN]

Participants are requested to submit the Application form completed by email. Shortlisted candidates will be informed to proceed to step 2 (Payment).

Registration Deadline: 15th July 2022

 Step 2: Payment [COMING SOON]

The short-listed participants will receive a link to the payment platform. The payment is the step that guarantees the access to the winter school.

Participants who have not paid before the deadline will automatically lose their reservation. 

Registration cost:

  • Students (Masters, PhD, Postdoc): 500€
  • Others (Research Engineers, Industrials, Faculty): 600€

The fee covers 5 days school sessions, coffee breaks, lunches, social events, and the social dinner.

Registration Deadline: 30th August 2022

The Mic-Sec Winter School 2022 will take place at the FIAP Paris from the 5th to the 9th of December 2022 in Paris, France.

FIAP has accomodation service available on "first come, first serve" basis. It allows students to reserve rooms on sharing also. More information here.
 

IMPORTANT: Health advisory

The format of the School will be presential, so we are expecting to meet you in real life!

All attendees must observe the health advisory of France if travelling from abroad or within France i.e. vaccination, rapid tests, PCR tests etc. Here you can find the health regulations that apply.

Our primary goal is the safety of all organizers, speakers, candidates and staff working at the FIAP. For this reason, we will be prepared to ensure that the School takes place in the best conditions, following the instructions of the authorities.

1) Proof of vaccination
2) Venue hygiene
3) Physical distance and accesses
4) Personal shielding
5) Adapted services
6) F&B (Food and Beverage)

FIAP has drawn up an extensive protocol with all the sanitary procedures, available here (FR). This protocol is constantly updated.

Please keep monitoring this health advisory page regularly to be updated in case of evolution of situation.

We are looking forward to seeing you in Paris!

This content will be available once the speakers deliver their presentations.

This content will be available after the Winter School. Come with your best smile!

Organizers

Maria Mushtaq

Associate Professor, Telecom Paris, France 

Maria MUSHTAQ is an Associate Professor at Telecom Paris in Safe and Secure Hardware group (SSH) of COMELEC Department. She received her PhD in Information Security from the University of South Brittany (UBS), France, in 2019. She has worked as a CNRS Postdoctoral Researcher at LIRMM, University of Montpellier (UM), France. She possesses expertise in microarchitectural vulnerability assessment and design & development of runtime mitigation solutions against side- and covert-channel information leakage in modern computing systems. Her research interests mainly focus on cryptanalysis, constructing and validating software security components, and constructing OS-based security primitives against various hardware vulnerabilities.

 

Ulrich Kühne

Associate Professor, Telecom Paris, France

He is an Associate Professor in the physical security of embedded systems in the Communications and Electronics Department at Télécom Paris. His doctoral thesis, which he obtained from Bremen University in Germany in 2009, was on the formal verification of embedded processors. He then spent two years as a postdoctoral researcher at the ENS Cachan LSV before joining the Digital Electronic Systems (SEN) Department at Télécom Paris in 2016. His areas of research are physical security, formal methods and hybrid systems.

 

 

Collaborators

            

 

Karine Heydemann

Associate Professor, LIP6, Sorbonne University, France 

Karine Heydemann is an Associate Professor at Sorbonne University since 2006. She is a member of the Architecture and Software for System on Chip group of the LIP6 laboratory. She received a PhD in Computer Science from the University of Rennes 1 in 2004.  Her areas of expertise encompass hardware micro-architecture, compilation, code optimization, and physical attacks, including modelling of hardware fault injection effects, automated code hardening and robustness analysis.

 

 

Quentin L. Meunier

Associate Professor, LIP6, Sorbonne University, France 

Quentin L. Meunier received an engineering diploma and a M.Sc. from Ensimag (Grenoble, France) in 2007 and a PhD degree in Computer Science from Université de Grenoble (France) in 2010. Since 2011, he has been Associate Professor at Sorbonne University, in the LIP6 laboratory. His research interests include micro-architecture, code security against faults and side-channel attacks, and masking verification.

Description

Today, computing systems are going through the trough of disillusionment related to the prevailing security. The revelations of security and privacy vulnerabilities in microprocessors, both at software and hardware levels, have been appalling. These microarchitectural vulnerabilities affect almost all processors, across virtually all operating systems and architectures. One of the biggest problems in modern computing infrastructure today is that security is not regarded as a system-wide issue and, therefore, preventive measures are vulnerability-specific, limited in scope, and might even create new vulnerabilities. The primary reason behind this is the fact that almost every aspect in modern computing architectures can be subject to the discovery of new attack vector: from computational optimizations to storage elements and interfaces, from end-user applications to the operating system & hypervisors, and from the microarchitecture to the underlying hardware. This trend is getting further momentum, and worse, the complete attack surface is not yet known. The hardware is often considered as an abstract layer that delivers some computational infrastructure and is assumed to be correct. But it might leak critical information as a side effect of software implementation and execution.

Side-channel Attacks (SCAs) and defenses on the microarchitectural level, therefore, have become an important field of research. Side-channel attacks exploit existing vulnerabilities in order to extract privileged information at both physical and computational and storage levels. In order to enhance the resistance of cryptographic and security critical implementations within the design phase, countermeasures and analysis techniques are mandatory.

The MIC-SEC winter school offers academic and industrial talks along with hands-on experience on attacks, software and hardware countermeasure techniques with a special focus on side-channel attacks. The school will offer discussions with industrial and academic partners to foresee the future of computing in security. The scope of the MIC-SEC winter school is as follows:

  • Side-Channel attacks and defenses 
  • Role of Machine Learning in microarchitectural security
  • Microarchitectural security at the interfaces of hardware and software, in particular industrial perspectives

MIC-SEC offers an opportunity to young researchers such as PhD students and research engineers from academia and industry with lectures and hands-on experiences to get to know the domain of microarchitectural security. It will allow the participants to practise theoretical principles in reality. Attending students are strongly advised to actively take part in the poster session held at the MIC-SEC winter school. Furthermore, there will be an opportunity for senior PhD students and research engineers to do a short presentation of their research work.

Title of the talk


AI and Side-channel analysis: Lessons learned so far

Abstract


Abstract coming soon.

 

About the speaker


Lejla Batina is a professor in embedded systems security at the Radboud University in Nijmegen, the Netherlands. She made a Professional Doctorate in Engineering at the Eindhoven University of Technology (2001) and worked as a cryptographer for SafeNet B.V. (2001–2003). She received her Ph.D. from KU Leuven, Belgium (2005).

Her current research interests include implementations of cryptography and hardware security. Her research group at Radboud consists of 12 researchers, and 9 Ph.D. students have graduated under her supervision. She has authored or coauthored more than 140 referred articles.

Lejla Batina a senior member of IEEE and an Editorial board member of top journals in security, such as IEEE Transactions on Information Forensics and Security and ACM Transactions on Embedded Computing Systems. She was program co-chair of CHES 2014, ACM WiSec 2021 and she served as a track chair of DATE 2022 (Track D: Design Methods and Tools).

 

Title of the talk


Requirements and Security Challenges for Resource-Constrained IoT End-Devices Baseband Processor

 

Abstract


Internet of Things (IoT) implementations span all sectors around the world and face an exponential increase in the number of IoT devices. Attacks against these devices represent a significant threat and one of the potential entry points relies on their communication capabilities where many vulnerabilities and attacks exist.

In that context, this presentation deals with baseband processor requirements and challenges for resource-constrained IoT end-devices using low-data-rate Sub-Ghz protocols. Several architectures for baseband processors will be discussed as well as existing attacks. Furthermore, a solution based on a multi-layer (network, execution and hardware) data tracing approach to detect logical attacks such as network availability (e.g., DoS, jamming) and data integrity (i.e., packet injection) in the network and in the baseband processor from the network entry point will also be discussed.

 

About the speakers


Guy Gogniat is a Full Professor in electrical and computer engineering (ECE) at the Université Bretagne Sud, Lorient, France, where he has been since 1998. He obtained his MSEE degree at the University of Paris Sud, Orsay, France, in 1995, and his PhD in ECE at the University of Nice-Sophia, Antipolis, France, in 1997. In 2005, he spent one year at the University of Massachusetts, Amherst, USA, as an invited researcher, where he worked on embedded system security using Reconfigurable technologies. His work focuses on embedded system security.

Title of the talk


The standards of embedded security

 

Abstract


With the considerable growth of the IoT market, embedded secure elements are increasingly being deployed in a variety of devices. At the same time, operators expect liability from IoT devices, as the entire system’s security collapses if the devices are compromised. In addition, the market needs a way to ensure a consistent measurement of the security level. Hence the need for standards that define the requirements and certification schemes which assess, through tests and validations, that the requirements are met.

In this course, Sylvain Guilley will introduce the different standards applicable to IoTs (CC, FIPS, OSCCA, Global Platform, EN ETSI 303 645) and make a specific focus on the automotive market, with ISO/SAE 21434:2021 standard. He will detail how these standards can be implemented in integrated Secure Elements (iSE) and explain in particular how to derive the relevant security functionalities. The security target is crucial in this respect, as it is important to design enough security while avoiding over-designing security. Finally, he will explain that, nowadays, device connectivity can be leveraged to effectively manage their security throughout their lifecycle. Such a capability requires both an uplink (the channel through which incidents are reported) and a downlink (the channel through which firmware is updated).

 

About the speaker


Sylvain Guilley is General Manager and CTO at Secure-IC, a French company offering security for embedded systems. Secure-IC's flagship product is the multi-certified Securyzr integrated Secure Element (iSE). He is also professor at Télécom-Paris and research associate at the École normale supérieure (ENS).

His research interests are trusted computing, cyber-physical security, secure prototyping in FPGA and ASIC, and formal / mathematical methods. Since 2012, he organizes the PROOFS workshop, which brings together researchers whose objective is to increase the trust in the security of embedded systems.

Sylvain Guilley is also lead editor of international standards, such as ISO/IEC 20897 (Physically Unclonable Functions), ISO/IEC 20085 (Calibration of non-invasive testing tools), and ISO/IEC 24485 (White Box Cryptography). He is associate editor of the Springer Journal of Cryptography Engineering (JCEN), has co-authored 250+ research papers and filed 40+ invention patents. He is member of the IACR, senior member of the IEEE and the CryptArchi club, and is an alumnus from the École Polytechnique and Télécom-Paris

Title of the talk


Security Implications of Power Management Mechanisms in Modern Processors: Current Studies and Future Trends

 

Abstract


Despite the failure of Dennard scaling, the slow-down in Moore’s Law, and the high power density of modern processors, power management mechanisms have enabled significant advances in modern microprocessor performance and energy efficiency. Yet, current power management architectures also pose serious security implications. This is mainly because functionality rather than security has been the main consideration in designing power management mechanisms in commodity microprocessors.

This talk will provide an overview of state-of-the-art power management mechanisms used in modern microprocessors. Based on this background, some of the recent-revealed new power management vulnerabilities in modern processors and their security implications will be presented. Finally, will be discussed practical mitigation mechanisms to protect a system against known vulnerabilities resulting from power management mechanisms.

 

About the speaker


Jawad Haj-Yahya is a Principal Researcher at Huawei Research Center in Zurich received his Ph.D. degree in Computer Science from Haifa University, Israel. He was a processor architect for many years at Intel. His awards and honors include the Intel Achievement Award (the highest award at Intel) for his significant contribution to Intel processors.

Jawad Haj-Yahya worked at Nanyang Technological University (NTU), Singapore, as a hardware security Research Scientist, where he led the architecture and design of a secure-processor project based on RISC-V architecture. He then moved to the Institute of Microelectronics (IME) at A*STAR Singapore, where he was a Scientist III and worked on hardware security and an AI accelerator.

He finally worked as a Senior Researcher in the SAFARI Research Group at ETH Zurich, where he led multiple projects on Energy-Efficient Computing and Hardware Security, before moving to his current position at Huawei.

More info available soon

More info available soon

Title of the talk


Transient execution attacks and defenses

 

Abstract


Microarchitectural security is one of the most challenging and exciting problems in system security today. With the discovery of transient execution attacks, it has become clear that microarchitectural attacks have significant impact on the security properties of software running on a processor that runs code from various stakeholders (such as, for instance, in the cloud).

During this lecture, Frank Piessens will provide an introduction to transient execution attacks and defenses using formal models for processors.

First, he will introduce a simple formal instructions set architecture (ISA), and show how to model a speculative and out-of-order processor implementing this ISA. Then he will discuss how to model microarchitectural attackers, and, by means of examples, how the powerful class of transient execution attacks is captured by this model.

The lecture will finish with formal statements of security objectives for defenses against these attacks, and to illustrate the usefulness of the introduced models, the design and implementation of one provably secure countermeasure will be discussed.

 

About the speaker


Frank Piessens is a full professor in the Department of Computer Science at the Katholieke Universiteit Leuven, Belgium. His research field is software and systems security. He has worked both on attack techniques, as well as on defenses.

On the defense side, he has contributed to verification techniques for C-like languages, the enforcement of information flow security, countermeasures for memory safety related vulnerabilities, and the design and implementation of embedded security architectures.

On the attack side, he has contributed to the discovery of several transient execution attacks, and to the development of exploitation techniques for memory safety vulnerabilities.

Frank Piessens has served on the program committee of numerous security and software conferences including ACM CCS, Usenix Security, IEEE Security & Privacy, and ACM POPL. He acted as program chair for the International Conference on Principles of Security and Trust (POST 2016), for the IEEE European Symposium on Security & Privacy (Euro S&P 2018 & 2019), and for the IEEE Secure Development Conference (SecDev 2021 & 2022).

Title of the talk


From Random Observations to Automated Leakage Discovery

 

Abstract


Microarchitectural security is still a relatively young research area. There are still many discoveries to be made, even for beginners in the field. Simple experiments with seemingly random, weird observations later turn out to be side channels or even processor vulnerabilities. However, even for domain experts, designing experiments to discover new side-channel leakage can be a tedious and time-consuming process that also requires a non-negligible amount of luck.

This talk will show how automation can help in this discovery process. It will cover recent advances in tooling and automation for microarchitectural leakage discovery, drawing parallels to the field of software testing. Although automation is still in an early stage when compared to software testing, it will show that the current approaches can already discover previously unknown side channels and transient-execution attacks.

 

Title of the hands-on session


Turning Timing Differences into Data Leakage

 

Abstract


In 2018, a new field of microarchitectural emerged with the publication of Meltdown and Spectre: Transient execution attacks. In contrast to traditional side-channel attacks, which leak metadata, transient execution attacks directly leak sensitive data. Such transient executions result from control- and data-flow mispredictions, as well as out-of-order execution after exceptions.

This 3-hour training will start with simple timing measurements and finally leak data via a transient-execution attack. It will start with the basics of measuring cache effects, an essential building block of transient execution attacks. Together with the speaker will be developped a Flush+Reload covert channel used as the encoding part in the transient-execution attack. Using this encoding will be implemented a Spectre attack to leak data from an application containing secrets.

 

About the speaker


Michael Schwarz is Faculty at the CISPA Helmholtz Center for Information Security in Saarbruecken, Germany, with a focus on microarchitectural side-channel attacks and system security. He obtained his PhD with the title "Software-based Side-Channel Attacks and Defenses in Restricted Environments" in 2019 from Graz University of Technology. He holds two master's degrees, one in computer science and one in software engineering with a strong focus on security.

He is a regular speaker at both academic and hacker conferences (10 times Black Hat, CCC, Blue Hat, etc.). He was part of one of the research teams that found the Meltdown, Spectre, Fallout, ZombieLoad, LVI, and PLATYPUS vulnerabilities. He was also part of the KAISER patch, the basis for Meltdown countermeasures now deployed in every modern operating system under names such as KPTI or KVA Shadow.

 

Title of the hands-on session


How to quickly deploy a SoC on FPGA to evaluate security solutions for communicating embedded systems?

 

Abstract


The evaluation of security countermeasures is essential. Experimentation on real use cases and reproducibility are also important. In the field of embedded systems security we often face a technological barrier and we have to master a multitude of software and hardware tools. Moreover, our contributions often target a specific point and therefore we are not necessarily experts of all the components of a system on chip (SoC). The technical task then usually takes a lot of time when creating an experimental test bench.

This practical work proposes to discover some tools allowing to deploy a SoC (with associated software) and to evaluate it on FPGA board for a use case of security of communicating embedded systems.

 

About the speaker


Philippe Tanguy is Associate professor at the Université de Bretagne Sud (UBS), in the UFR SSI. He is the study director of the Master of Cybersecurity of Embedded Systems (CSSE) at UBS. He performs his research activities at Lab-STICC in the ARCAD team. He has a PhD in Electronics and digital communication at IETR. Currently, his research activities are dedicated to IoT system with a focus on the Cyber Security issues.

More info available soon

During the MIC-SEC winter school, one afternoon will be reserved for a poster session. All participants are invited to prepare a poster in A0 format, presenting their current research. Students are advised to bring their printed posters to display in the Poster Hall. Candidates who are willing to bring a poster should mention it in their registration.

There will also be some time for student’s presentations. Please understand that we will not have enough time to allow everybody to step on the stage. In order to maximize the number of presentations (without having to stay awake until midnight), senior PhD students are invited to submit a short presentation, showcasing their PhD in 180 seconds. In case of many submissions, there will be a selection of the best presentations. If you are interested to participate in this experience, please contact us by mail.

  Monday 5th
10:00-12:00 PM Registration, Breakfast & Orientation Presentation
12:00-2:30 PM Lunch
2:30-4:00 PM Talk 1
4:00-4:30 PM Coffee Break
4:30-5:30 PM Student Presentations
5:30-7:00 PM Cocktail
  Tuesday 6th
8:30-10:00 AM Talk 2
10:00-10:30 AM Coffee Break
10:30-12:00 PM Talk 3
12:00-2:00 PM Lunch
2:00-3:30 PM Talk 4
3:30-4:00 PM Coffee Break
4:00-5:30 PM Student Presentations
  Wednesday 7th
8:30-10:00 AM Talk 5
10:00-10:30 AM Coffee Break
10:30-12:00 PM Talk 6
12:00-2:00 PM Lunch
2:00-4:00 PM Poster Session
4:00-4:30 PM Coffee Break
4:30-6:00 PM Talk 7
  Thursday 8th
8:30-10:00 AM Talk 8
10:00-10:30 AM Coffee Break
10:30-12:00 PM Stjepan Picek, Talk 9
12:00-2:00 PM Lunch
2:00-4:00 PM Talk 10
4:00-4:30 PM Coffee Break
4:30-7:00 PM Free time
7:00-9:00 PM Gala Dinner
  Friday 9th
8:30-10:00 AM Talk 11
10:00-10:30 AM Coffee Break
10:30-12:00 PM Talk 12
12:30-2:00 PM Lunch

Registration for the Winter School is in two distinct steps: Registration and Payment. 

The School offers 40 places for attendees to register. To narrate cultural diversity, organising committee will balance the representation of attendees from different countries. Women are underrepresented in the field of Science and Technology. To fulfill corporate social responsibility, we encourage women to participate in this event and balance the gathering with their presence.

Step 1: Registration [OPEN]

Participants are requested to submit the Application form completed by email. Shortlisted candidates will be informed to proceed to step 2 (Payment).

Registration Deadline: 15th July 2022

 Step 2: Payment [COMING SOON]

The short-listed participants will receive a link to the payment platform. The payment is the step that guarantees the access to the winter school.

Participants who have not paid before the deadline will automatically lose their reservation. 

Registration cost:

  • Students (Masters, PhD, Postdoc): 500€
  • Others (Research Engineers, Industrials, Faculty): 600€

The fee covers 5 days school sessions, coffee breaks, lunches, social events, and the social dinner.

Registration Deadline: 30th August 2022

The Mic-Sec Winter School 2022 will take place at the FIAP Paris from the 5th to the 9th of December 2022 in Paris, France.

FIAP has accomodation service available on "first come, first serve" basis. It allows students to reserve rooms on sharing also. More information here.
 

IMPORTANT: Health advisory

The format of the School will be presential, so we are expecting to meet you in real life!

All attendees must observe the health advisory of France if travelling from abroad or within France i.e. vaccination, rapid tests, PCR tests etc. Here you can find the health regulations that apply.

Our primary goal is the safety of all organizers, speakers, candidates and staff working at the FIAP. For this reason, we will be prepared to ensure that the School takes place in the best conditions, following the instructions of the authorities.

1) Proof of vaccination
2) Venue hygiene
3) Physical distance and accesses
4) Personal shielding
5) Adapted services
6) F&B (Food and Beverage)

FIAP has drawn up an extensive protocol with all the sanitary procedures, available here (FR). This protocol is constantly updated.

Please keep monitoring this health advisory page regularly to be updated in case of evolution of situation.

We are looking forward to seeing you in Paris!

This content will be available once the speakers deliver their presentations.

This content will be available after the Winter School. Come with your best smile!

Organizers

Maria Mushtaq

Associate Professor, Telecom Paris, France 

Maria MUSHTAQ is an Associate Professor at Telecom Paris in Safe and Secure Hardware group (SSH) of COMELEC Department. She received her PhD in Information Security from the University of South Brittany (UBS), France, in 2019. She has worked as a CNRS Postdoctoral Researcher at LIRMM, University of Montpellier (UM), France. She possesses expertise in microarchitectural vulnerability assessment and design & development of runtime mitigation solutions against side- and covert-channel information leakage in modern computing systems. Her research interests mainly focus on cryptanalysis, constructing and validating software security components, and constructing OS-based security primitives against various hardware vulnerabilities.

 

Ulrich Kühne

Associate Professor, Telecom Paris, France

He is an Associate Professor in the physical security of embedded systems in the Communications and Electronics Department at Télécom Paris. His doctoral thesis, which he obtained from Bremen University in Germany in 2009, was on the formal verification of embedded processors. He then spent two years as a postdoctoral researcher at the ENS Cachan LSV before joining the Digital Electronic Systems (SEN) Department at Télécom Paris in 2016. His areas of research are physical security, formal methods and hybrid systems.

 

 

Collaborators

            

 

Karine Heydemann

Associate Professor, LIP6, Sorbonne University, France 

Karine Heydemann is an Associate Professor at Sorbonne University since 2006. She is a member of the Architecture and Software for System on Chip group of the LIP6 laboratory. She received a PhD in Computer Science from the University of Rennes 1 in 2004.  Her areas of expertise encompass hardware micro-architecture, compilation, code optimization, and physical attacks, including modelling of hardware fault injection effects, automated code hardening and robustness analysis.

 

 

Quentin L. Meunier

Associate Professor, LIP6, Sorbonne University, France 

Quentin L. Meunier received an engineering diploma and a M.Sc. from Ensimag (Grenoble, France) in 2007 and a PhD degree in Computer Science from Université de Grenoble (France) in 2010. Since 2011, he has been Associate Professor at Sorbonne University, in the LIP6 laboratory. His research interests include micro-architecture, code security against faults and side-channel attacks, and masking verification.