Le CEA est un acteur majeur de la recherche, au service des citoyens, de l'économie et de l'Etat.
Il apporte des solutions concrètes à leurs besoins dans quatre domaines principaux : transition énergétique, transition numérique, technologies pour la médecine du futur, défense et sécurité sur un socle de recherche fondamentale. Le CEA s'engage depuis plus de 75 ans au service de la souveraineté scientifique, technologique et industrielle de la France et de l'Europe pour un présent et un avenir mieux maîtrisés et plus sûrs.
Implanté au coeur des territoires équipés de très grandes infrastructures de recherche, le CEA dispose d'un large éventail de partenaires académiques et industriels en France, en Europe et à l'international.
Les 20 000 collaboratrices et collaborateurs du CEA partagent trois valeurs fondamentales :
- La conscience des responsabilités
- La coopération
- La curiosité
Context : Fault injection allows an attacker to move the target processor out of its expected functioning bounds. A hardware perturbation, by means of a fault injection, aims at inducing logical changes either at the hardware or software levels, such that the target system reaches unexpected states or follows unexpected execution paths. Reaching such unexpected states is then leveraged in attacks for leaking secrets, escalating privileges, etc. Recent research has highlighted the need to consider the consequences of fault injection in the processor micro-architecture.
In this area, pre-silicon tools developed by our team [1,2] are able to : 1) identify exploitable vulnerabilities at the software level based on these interactions between a software and a microarchitecture, or 2) formally prove the security, for a given attacker model, of a system embedding hardware/software countermeasures against fault injections. Gobally, these tools implement a methodology that have shown to BE successful to find microarchitectural vulnerabilities and/or prove the robustness, for a given fault model, of various RISC-V based processors [3]. For instance, we apply this methodology to the OpenTitan secure element and formally prove the security of its processor's HW countermeasure to single bit-flip injections [4].
Objectives : Within a national research project promoting the use of pre-silicon tools to validate countermeasures against fault-injection attacks, your main missions will BE :
Design and extend our pre-silicon methodology and associated tools to support different secured processors. In particular, leverage the specificities of the countermeasures embedded by such secured processors to speedup analysis techniques, but also integrate in our methodology and tools post-synthesis netlist level analyses of hardware architectures.
Participate in the comparison between the use of pre-silicon tools and post-silicon security evaluations on different RISC-V based systems (flavors of CV32E40 processors) using different injection means (clock glitching and/or laser beams). You will take advantage of a rich national and european eco-system and expertise around security evaluations of embedded systems
To carry out your mission, you will benefit from a first-class environment at CEA LIST with access to a large number of reference tools and a strong experience in design and analysis of secure systems, in particular against fault-injection attacks and applied formal methods for microarchitectural analyses.
References
[1] µArchiFI : https://github.com/CEA-LIST/uArchiFI
[2] k-FRP : https://github.com/CEA-LIST/Fault-Resistant-Partitioning
[3] S. Tollec et al. ArchiIFI : Formal Modeling and Verification Strategies for Microarchitectural Fault Injections. FMCAD 2023 : 101-109
[4] S. Tollec et al Fault-Resistant Partitioning of Secure CPUs for System Co-Verification against Faults. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2024(4) : 179-204 (2024)
#CEA-List ; #CDD
You have a PhD or a Engineer's degree in the field of electronics or embedded systems. You have experience in computer architecture and/or hardware synthesis and/or formal methods for hardware verification. You enjoy working in an applied research environment at the state of the art and proposing innovations and various application areas.
You have acquired the following technical skills
Knowledge in : computer architecture, programming languages, formal methods, cyber-security;
Hardware description languages (e.g., Verilog) programming languages (C, C++ and ASM), scripting;
Excellent written and spoken English;
Communication and writing skills;
Teamwork and autonomy.
Location : Saclay (near Paris) or Grenoble
To apply for this position, please send the following documents to the individuals listed above :
Your CV
A letter of motivation (in French or English)
A copy of your Master's transcript (M1 and M2)
You have a PhD or a Engineer's degree in the field of electronics or embedded systems. You have experience in computer architecture and/or hardware synthesis and/or formal methods for hardware verification. You enjoy working in an applied research environment at the state of the art and proposing innovations and various application areas.
You have acquired the following technical skills
Knowledge in : computer architecture, programming languages, formal methods, cyber-security;
Hardware description languages (e.g., Verilog) programming languages (C, C++ and ASM), scripting;
Excellent written and spoken English;
Communication and writing skills;
Teamwork and autonomy.
Location : Saclay (near Paris) or Grenoble
To apply for this position, please send the following documents to the individuals listed above :
Your CV
A letter of motivation (in French or English)
A copy of your Master's transcript (M1 and M2)