Présentations

Attacker Control and Bug Prioritization (Guilhem Lacombe, Sébastien Bardin)
As bug-finding methods improve, bug-fixing capabilities are exceeded, resulting in an accumulation of potential vulnerabilities. There is thus a need for efficient and precise bug prioritization based on exploitability. In this work, we explore the notion of control of an attacker over a vulnerability's parameters, which is an often overlooked factor of exploitability. We show that taint as well as straightforward qualitative and quantitative notions of control are not enough to effectively differentiate vulnerabilities. Instead, we propose to focus analysis on feasible value sets, which we call domains of control, in order to better take into account threat models and expert insight. Our new Shrink and Split algorithm efficiently extracts domains of control from path constraints obtained with symbolic execution and renders them in an easily processed, human-readable form. This in turn allows to automatically compute more complex control metrics, such as weighted Quantitative Control, which factors in the varying threat levels of different values. Experiments show that our method is both efficient and precise. In particular, it is the only one able to distinguish between vulnerabilities such as cve-2019-14192 and cve-2022-30552, while revealing a mistake in the human evaluation of cve-2022-30790. The high degree of automation of our tool also brings us closer to a fully-automated evaluation pipeline.
TinyML as a Service on Multi-Tenant Microcontrollers (Bastien Buil, Chrystel Gaber, Emmanuel Baccelli, Samia Bouzefrane)
Tiny Machine Learning (TinyML) allows the execution of small machine learning models on low-power devices like microcontrollers. TinyML-as-a-Service (TinyMLaaS) is an architecture to make the usage of TinyML models easier by having a platform that optimizes and compiles machine learning models according to the constraints of target devices, and then deploys the model code on microcontrollers. Within the Cloud-to-IoT continuum, both TinyML and multi-tenant microcontrollers focus on empowering microcontrollers and enabling on-device computing. Multi-tenant microcontrollers are designed to securely execute codes from mutually distrusting actors through the usage of lightweight software containerization solutions, like WebAssembly. We propose to integrate TinyMLaaS with multi-tenant microcontrollers by using lightweight containerization, and we implement a proof-of-concept of the TinyMLaaS architecture based on WebAssembly Micro Runtime (WAMR) and RIOT-ML to securely run inference of TinyML model through WebAssembly-based containerization. In the second part, to improve the usage of containerized TinyML on microcontrollers, we propose CS4WAMR, a framework to enhance WAMR usage by enabling running simultaneously multiple instances of WAMR to allow better permission and memory consumption control.
Détection d'intrusion fédérée, semi-supervisée et incrémentale pour l'IoMT «État de l'art» (Ahlem Harhad, Cyril Drocourt, David Durand, Gil Utard)
Les dispositifs médicaux connectés améliorent le suivi en temps réel, mais introduisent des risques de sécurité, d'où la nécessité d'un système de détection d'intrusions (IDS) respectueux de la vie privée. L'apprentissage automatique centralisé posant des problèmes de confidentialité et de latence, nous privilégions l'apprentissage fédéré (FL) déployé sur les passerelles de l'Internet des objets médicaux (IoMT) et proposons : (1) une synthèse des IDS fondés sur le FL pour l'IoMT, mettant en évidence la prédominance des approches supervisées dans la littérature, les contraintes de ressources, l'hétérogénéité, la négligence fréquente des métriques spécifiques au FL, les risques d'empoisonnement et d'inversion de modèle, ainsi que l'existence d'un point de défaillance unique (SPOF) ; (2) des premiers résultats prometteurs obtenus en remplaçant l'autoencodeur (AE) par un β-VAE dans un cadre semi-supervisé ; (3) l'exploration de l'apprentissage incrémental pour intégrer de nouvelles attaques sans réentraînement complet du modèle, tout en limitant l'oubli catastrophique.
Parallelized Derivation Algorithm for Anomaly Detection in Internet of Things Environments (Abdul Qadir Khan, Nouredine Tamani, Saad El Jaouhari)
The widespread adoption of the Internet of Things (IoT) has revolutionized user experiences, but it has also raised significant concerns about security and privacy. To effectively safeguard against such cyber threats, there is a need for approaches that can efficiently understand the usage of users' IoT devices, applications, and data to detect suspicious activities better and protect users' sensitive information within specific contexts. The semantic modeling capabilities of Knowledge-Based Systems (KBS) make them particularly well-suited to addressing these challenges. From a semantic perspective, an anomaly in KBS can be modeled by a fragment of rules that can lead to inconsistencies within the logical framework. Thus, the problem of anomaly detection can be mapped to the problem of inconsistency checking in KBS. Since consistency checking is computationally hard, this work introduces a new approach that reduces the complexity of the reasoning process by taking into account the main characteristics of the application domain in the logical modeling. In this talk, I will first show how we can semantically represent an IoT environment as logical formulas, then I will present an algorithm for rewriting a rule-based Knowledge Base (KB) into a context-based KB, which will lead to the introduction of two derivation algorithms: Lightweight Contextual Derivation Algorithm (LCDA) and Parallelized LCDA (PLCDA), for inconsistency checking, and demonstrate their application in a smart home use case.
Typebased Security Assurance In Operating Systems (Zakaria Belkadi, Louis Rilling, Frédéric Tronel, Guillaume Hiet)
This thesis investigates how modern type systems, particularly that of Rust, can be used to enforce security properties within operating system (OS) source code. While memory-safe languages like Rust have already proven effective for ensuring functional correctness through type-based techniques, applying these methods to enforce security introduces new challenges — especially as security properties often depend on reasoning about system-wide behavior rather than isolated modules. The research pursues three primary objectives: first, to identify foundational low-level security properties essential for maintaining global OS security; second, to develop strategies for encoding and enforcing these properties within the type system; and third, to ensure these guarantees are preserved when interfacing with legacy components written in memory-unsafe languages like C. This thesis will involve incremental integration of these techniques into existing OS codebases, beginning with Rust-based systems such as Redox OS, and progressively extending to hybrid systems like Linux. By embedding security invariants directly into the type system, this work aims to reduce the costs of development, debugging, and formal verification, while improving practical security outcomes. Ultimately, the thesis seeks to advance type-driven methodologies as a scalable and cost-effective foundation for strengthening OS security without compromising performance.
Tulip: Finding Backdoors with Protocol-Aware Fuzzing (Alexandre Doyen, Michaël Marcozzi, Sébastien Bardin, Jean-Yves Marion)
Code-level backdoors are hidden functionalities embedded in source code that enable unauthorized access or privilege escalation when triggered by specific, secret inputs. A typical example is the injection of hard-coded credentials into a file server's codebase, allowing attackers to compromise all deployed instances globally. Such backdoors have been observed in real-world supply-chain attacks targeting open-source software and embedded network daemons. Greybox fuzzing—an automated testing technique that combines randomized input generation with lightweight instrumentation—has proven effective for discovering memory-safety vulnerabilities. However, its application to backdoor detection remained largely unexplored until the recent emergence of the Rosa tool, which demonstrated that general-purpose fuzzers like AFL++ can be repurposed for this task. While Rosa significantly advanced automation compared to earlier approaches, the current state of the art still suffers from a critical limitation: the generation of false alarms that require manual vetting. To address this, we present Tulip, a protocol-aware greybox fuzzing framework specifically designed to detect backdoors in implementations of application-layer network protocols, such as web and file server programs. By specializing in such programs—where most known backdoors reside—Tulip can leverage dedicated protocol models to identify backdoor-triggering behaviors without producing false alarms. These models can also guide the fuzzer towards input sequences more likely to expose backdoor logic. We evaluate Tulip across 14 backdoors affecting 4 widely used protocols (HTTP, FTP, POP, and IMAP), including 7 authentic samples from real-world attacks, four of which are CVEs. Our results show that Tulip consistently avoids false alarms and, in most cases, detects backdoors faster than Rosa.
Fun with flags: How Compilers Break and Fix Constant-Time Code (Antoine Geimer, Clémentine Maurice)
Developers rely on constant-time programming to prevent timing side-channel attacks. But these efforts can be undone by compilers, whose optimizations may silently reintroduce leaks. While recent works have measured the extent of such leakage, they leave developers without actionable insights: which optimization passes are responsible, and how to disable them without modifying the compiler remains unclear.
We conducted a qualitative analysis of how compiler optimizations break constant-time code. We constructed a dataset of compiler-introduced constant-time violations and analyze the internals of two widely used compilers, GCC and LLVM, to identify the specific optimization passes responsible. Our key insight is that a small set of passes are at the root of most leaks. To the best of our knowledge, we are also the first to characterize how the interactions between these passes contribute to leakage. Based on this analysis, we propose an original and practical mitigation that requires no source code modification or custom compiler: disabling selected optimization passes via compiler flags. We show that this approach significantly reduces leakage with minimal performance overhead, offering an immediately deployable defense for developers.
Architecture innovante de sécurité basée sur des éléments sécurisés en ligne (Pascal Urien)
Cette communication présente un état de l'art du projet Internet of Secure Element (IoSE), qui a pour objectif de développer une technologie logicielle et matérielle ouverte, dédiée à la sécurisation des informations numériques, et basée sur des éléments sécurisés (SE) En janvier 2025, ce projet le "Trophée de l'Embarqué IOT Grand Public" décerné par l'association Embbeded France.
SPlorer: A Framework and GUI for Assembly File Analysis (Jack Royer, Frédéric Tronel, Yaëlle Vinçont)
We present SPlorer, a tool for analyzing and manipulating assembly (.s) files. To our knowledge, this is the first dedicated framework for this purpose. SPlorer provides researchers with a graphical interface that enables quick navigation of assembly code, including symbols, directives, Control Flow Graphs (CFGs), and Call Graphs (CGs). By sharing the tool at its current stage, we aim to gather feedback from the community on potential use cases and directions for further development.
Work In Progress: Bots, Bots Everywhere (Iliana Fayolle, Sihem Bouhenniche, Samuel Pélissier, Clémentine Maurice, Walter Rudametkin)
We present ongoing work on detecting both traditional and LLM-based bots using network- and browser-level features. Data collection began on August 1, 2025, and the analysis is currently underway. Preliminary findings will be shared during the October presentation, with first results available for feedback and discussion.
State Machine Issues in Network Stacks and Application to SSH (Olivier Levillain)
Network protocol implementations ("stacks") are pervasive in our modern systems. Indeed, we rely on various protocols on a daily basis, the most proeminent thereof being TLS. One of the problem with network stacks is that they can exhibit wrong transitions in their state machines, which can lead to security issues. In this presentation, we propose to explain the problem with flawed state machines, and present on-going research of our methodology applied on SSH stacks.
Post-quantum DNSSEC (Marc Espie, Ludovic Perret, Hugo Mayer)
The Internet infrastructure fundamentally relies on the Domain Name System (DNS), a service that translates human-readable domain names into machine-usable IP addresses. Due to its initial design prioritizing functionality rather than security, DNS presents significant vulnerabilities that can be exploited by attackers to hijack traffic or spread disinformation. To address these security gaps, Domain Name System Security Extensions (DNSSEC) were developed to authenticate the origin of DNS data and ensure its integrity during transit. DNSSEC currently relies on cryptographic digital signatures, such as RSA, ECDSA, and EdDSA, for authentication. With the anticipated emergence of quantum computers capable of breaking number-theoretic based algorithms, the search for post-quantum cryptographic alternatives has become a priority. Unfortunately, the adoption of post-quantum signature standards introduces a significant challenge: these algorithms require larger public keys and signatures compared to classical methods. This characteristic imposes substantial constraints for protocols such as DNSSEC, where efficiency concerns are critical. The goal of this talk is to present the results of extensive experiments to assess the impact of integrating a large variety of post-quantum algorithms into DNSSEC. Experimental tests have been conducted on eight post-quantum algorithms, using a realistic zone generator based on the structural characteristics of AFNIC's .fr zone (4.2 million domains).
Augmenting Search-based Program Synthesis with Local Inference Rules to Improve Black-box Deobfuscation (Vidal Attias, Grégoire Menguy, Nicolas Bellec, Sébastien Bardin, Jean-Yves Marion)
In this paper we show how to combine automated reasoning with randomized search to augment expressiveness in black-box deobfuscation synthesis. This will help reverse engineer malware that are heavily obfuscated with techniques such as Mixed-Bool Arithmetic (MBA) or virtualization.
Side Channels and Deep Neural Network Weights: Attacks, Defences and the Future to Come (Casalino Lorenzo)
Deep Neural Networks (DNNs) are underpinning an unanticipated technological revolution in several fields, such as healthcare or automotive industry. Time-consuming and resource-intensive procedures are required to train each DNN to accomplish the task they are designed for. In practice, the training of a DNN consists in the tuning of a set of parameters – the weights of the network. The tuned weights represent a sensitive intellectual property for any provider who bases its product or service on DNNs, but they can also facilitate other attacks (for instance, adversarial attacks), putting in danger the safety and privacy of end users or the security of the system itself. Such concerns urgently demand effective means to protect the tuned weights of a DNN. In recent years, the literature has witnessed an increasing body of work investigating the application of Side-Channel Attacks (SCAs) as a practical strategy to recover the weights from a DNN implementation.
The related state of the art exhibits several side-channel-driven attacks covering a large spectrum of DNN models – from simple Multi-Layer Perceptrons, state-of-the-art Convolutional Neural Networks up to Spiking Neural Networks – implemented in both hardware and software. At the same time, we have witnessed the appearance of works putting forward strategies – heavily inspired by state-of-the-art side-channel countermeasures applied to cryptographic implementations – to counteract the recovery of the weights from DNN implementations. As a post-doctoral researcher in the ANR JCJC attila project (Addressing securiTy Threats to artIficiaL intelligence in Approximate computing systems), I am currently exploring the susceptibility of DNN implementations – in particular, software implementations – to SCA attacks, and I am investigating what defence mechanisms we may fruitfully put in practice. In the first part of this presentation, we will overview existing attacks and dig into some of the technical challenges that one may face when attempting the extraction of DNN weights deployed on microcontrollers: from the choice of the leakage model up to the discrepancies encountered when deploying the same model on different microcontrollers. In the second part, we will overview the state-of-the-art countermeasures to protect DNN implementations, both for software and hardware implementations, and we will discuss the challenges and limitations underlying their application to DNN implementations. We will conclude this presentation with a discussion on potential future directions to improve the security evaluation and defence methodologies. In particular, we will pinpoint Approximate Computing, a performance-oriented computing paradigm already employed as a countermeasure against several classes of DNN-focused attacks, as a potential tool to enable efficient, DNN-tailored side-channel countermeasures.
Adversarial Agents: LLM-Powered Attacks and Defenses for Android Malware Detectors (Tianwei Lan, Farid Nait-Abdesselam)
The growing sophistication and scale of Android malware have accelerated the use of Machine Learning (ML) for effective threat detection. Yet, these ML-based detectors remain susceptible to adversarial attacks designed to subtly alter malware features, evading accurate classification. In this presentation, I will introduce LAMLAD, a novel adversarial attack framework leveraging the generative and reasoning abilities of Large Language Models (LLMs) to undermine ML-based Android malware detection. LAMLAD features a two-agent architecture: an LLM manipulator, which creates realistic, stealthy feature perturbations without compromising the malware's essential malicious behaviors, and an LLM analyzer, guiding the perturbation process to ensure successful evasion. Additionally, the framework incorporates Retrieval-Augmented Generation (RAG) to enhance context-awareness and efficiency. Our experimental evaluation, conducted against three prominent Android malware classifiers, demonstrates LAMLAD's superior performance, achieving a 97% attack success rate (ASR) within an average of just three attempts per adversarial example, significantly outperforming existing state-of-the-art adversarial techniques in both potency and adaptability. Additionally, we propose an adversarial training defense that reduces ASR by over 30% on average, demonstrating its effectiveness in enhancing model robustness against LAMLAD attacks.
GReAT-BeD: Graph Rewriting for Activity Tracking and (Malicious) Behaviour Detection (Antonin Verdier, Romain Laborde, Abdelmalek Benzekri)
Living-off-the-Land is a cyberattack technique where cybercriminals exploit legitimate pre-installed tools within the victims' system. These attacks are particularly challenging to detect due to their subtle and legitimate appearance, allowing threat actors to "hide in plain sight." This paper introduces a novel framework for identifying potentially malicious high-level behaviours using graph rewriting techniques. Our approach employs a three-layered methodology: the low-level layer captures system events and command-line data, the system behaviour graph layer aggregates this data into meaningful behaviours, and the Indicators of Attack graph layer identifies high-level attack patterns through graph rewriting rules. We developed a general approach to generate a system behaviour graph from lower-layer as well as 27 rewriting rules to automatically transform this graph into Indicators of Attack representations, capturing complex behaviours and information flows. We implemented the transformation rules in the Attributed Graph Grammar System program and applied them to two use cases to demonstrate the effectiveness of our method in identifying potentially malicious behaviours across various attack scenarios.
Improving Code Understanding by Mixing Backward Bounded Symbolic Execution with Lattice-based Property(Nicolas Bellec)
Reversing binary code is of paramount importance in low-level security tasks such as vulnerability analysis or malware comprehension. In practice, the reversers often face tedious and repetitive binary-level reasoning tasks such as detecting infeasible branches (''opaque predicates''), reducing the sets of potential targets for dynamic jumps/calls (''CFG recovery''), or verifying local invariants (e.g., the value range of a variable), and would greatly benefit from automation. Backward bounded symbolic execution (BBSE) is a local but precise code analysis that have been proposed to detect opaque predicates and to check other infeasibility queries in binary-level code analysis. Yet, BBSE is limited to predicate-based properties, thus lacking genericity, and has difficulty scaling up to large backward bounds, making it easy to fool. In this paper, we propose \lambdaBBSSE, a significant generalization of BBSE to richer local properties defined as lattices over concrete sets of states. This generalization allows answering characterization queries that are out of reach for \lambdaBBSSE, such as CFG recovery or the possible values of a variable. Together with dedicated optimizations, this new method helps the approach scale to larger backward bounds. This opens the way to use this analysis not only one query at a time, but also as a whole program multi-query analysis to preprocess the program before the manual analysis.
We evaluate our new method on realistic obfuscated codes and a malware, for problems such as opaque predicate detection, dynamic targets recovery and fixed-bit inference. In our experiments, our approach provides a x5 speedup compared to state-of-the-art, reaching backward bounds that are impractical for other methods.

Vie privée | Accessibilité