Join the CYBERUS summer school 2023

Remote access is open to the public but please register beforehand by following this link

The programme is available here 2023 CYBERUS SUMMER SCHOOL PROGRAM

MONDAY, JULY 3: SESSION 1

Fault attacks and countermeasures

Moderator: Vianney LAPÔTRE, UBS

TEAMS link to follow the session here 

14:00 – 14:15 Jean PEETERS and Guy GOGNIAT

Opening Session

14:15 – 15:00 DE PAUW Cédrick, ULB

How to evaluate your countermeasures against fault injections with Unicorn

Faults may be injected in a system either by an attacker or from a stressful environment. In both cases, the introduction of these faults may lead to a change in the control flow of a program, e.g. skipping a branching. Countermeasures against fault injections may be implemented, however testing them may require a certain expertise, expensive materials or a lot of time. This part will introduce Unicorn, a CPU emulator based on QEMU, and how it may be used to easily emulate fault injections for specific CPU architectures.

15:00 – 15:45 PENSEC William, UBS

Fault Injection Attacks Against an In-Core DIFT Mechanism

Internet of Things (IoT) devices manipulate sensitive data leading to strict security needs. They face both software and physical attacks due to their network connectivity and their proximity to attackers. These devices are usually built around low-cost and low-power processors. In this paper, we study the impact of Fault Injection Attacks (FIA) on the D-RI5CY processor integrating a Dynamic Information Flow Tracking (DIFT) mechanism against software threats. Our results highlight the high sensitivity of the target to multiple fault types at multiple spatial and temporal locations.

TUESDAY, JULY 4: SESSION 2

Wireless and software security
Moderator: Jacques KLEIN, UL

TEAMS link to follow the session here

14:00 – 15:00 EL-BOUAZZATI Mohamed and LI Tianxu, UBS

Wireless security and hardware assisted Intrusion Detection System

In this presentation we will first give an overview of attacks on wireless communications LoRa/LoRaWAN, BLE and IEEE 82.15.4. Secondly, we will detail a solution we are developing to detect attacks on an IoT node and a gateway.

15:00 – 16:00 REBATCHI Hocine, UL

Dependabot and Security pull requests: a large empirical study

Modern software development is a complex engineering process where developer code cohabits with an increasingly larger number of external open-source components. Even though these components facilitate sharing and reusing code along with other benefits related to maintenance and code quality, they are often the seeds of vulnerabilities in software supply chains leading to attacks with severe consequences. It is thus important to keep dependencies updated in a software development project. Unfortunately, several prior studies have highlighted that, to a large extent, developers struggle to keep track of dependency updates, and do not quickly incorporate security patches. Therefore, automated dependency-update bots have been proposed to mitigate the impact and the emergence of vulnerabilities in open-source projects.

In our study, we investigate the appropriateness and the limits of the current tools and security measures related to dependency updates and the management of security vulnerabilities in GitHub that lead to threatening the software supply chain. We also attempt to identify the factors and the features that motivate the adoption of such tools. In addition, our study aims to provide a better understanding of the practices used by developers and security experts with regards to mitigating the threat of security vulnerabilities, as well as discovering the dominance and lifetime of these vulnerabilities in dependencies. Our main discoveries show that bots have enabled an improvement in the monitoring of outdated dependencies, alleviating the difficulty of handling them manually. Yet, developers use different strategies to identify and fix vulnerabilities in dependencies. Besides, even though some tools enable quick reaction to vulnerable dependencies after their disclosure, threat remains unknown in GitHub for 512 days, and patches are disclosed after 362 days from 0-day, leading to a huge window of exposure, especially that vulnerabilities with serious severity levels are the most occurring.

WEDNESDAY, JULY 5: SESSION 3 ANTE

Embedded systems security

Moderator: Guy GOGNIAT, UBS

Zoom link to follow the session here | Meeting ID: 923 7428 0442 | Passcode: k9Qk8h

You could also download the Sylvain's presentation here 23 CYBERUS Summer school slides Sylvain Guilley

09:00 – 10:00 GUILLEY Sylvain, TELECOM-ParisTech

Embedded cyber-security: from requirements to technological solutions

Cyber-security has become ubiquitous, from IoT end points to datacenters. In such open and broad ecosystem, the protection of data is a major concern; Indeed, some business activities are at risk. In this regard, "certification" aims at controlling and reducing the extent of cyber-physical attacks. Fortunately, many technological solutions can be leveraged to mitigate all identified threats. In this talk, I'll show how the embedded cyber-security industry is working to map requirements into viable protection technologies, in order to reach the expected level of security.

WEDNESDAY, JULY 5: SESSION 3

Deep learning for software repair and systems of systems security

Moderator: Philippe TANGUY, UBS

TEAMS link to follow the session here

14:00 – 14:45 KABORÉ Abdoul Kader, UL

Learning to Automatically Repair Vulnerable Programs

We introduce NERVE, a novel deep learning-based approach for automating vulnerable software repair. Instead of tests, NERVE leverages the signal in the vulnerability detection and fix suggestions output of static analysis security testing (SAST) to learn to repair vulnerable code. NERVE’s learning architecture relies on CodeT5 pre-trained model for source code representation, augmented with a mixed learning objective.  This involves, first, the use of triplet loss to build an embedding space that brings each vulnerable code closer to good fixes while keeping it away from incorrect fixes. The second learning objective incorporates cosine similarity into its loss function to align its repair candidates with SAST fix suggestions.

14:45 – 15:30 SADOU Salah, UBS

Security of systems of systems

Modern society is critically dependent on a wide range of systems, and in particular Systems of Systems (SoS). SoS are made from a collaboration of existing systems. As any system, they are developed to meet their functional requirements while ensuring correctness as well as safety, reliability, and performance, among other -ilities, it is equally fundamental to ensure their security.

However, traditionally, security has only been considered after the design and more often the implementation and even the deployment of software-reliant systems, meaning that security is fitted into pre-existing designs or code or executable. In practice, a fit-all solution is habitually assumed where security mechanisms are inserted into the system with very little consideration of the implications of inserting such mechanisms into the existing system design. As a result, security may conflict with the system requirements and this can raise problems, which most of the times translate into security vulnerabilities.

In this presentation, I will define SoS and describe the raised challenges in security perspective. By the way, I will present some of our team's work on these challenges.

THURSDAY, JULY 6: SESSION 4

Post-quantum cryptography and statistics for big data

Moderator: Olivier MARKOWITCH, ULB

TEAMS link to follow the session here 

14:00 – 14:45 GILCHRIST Valerie, ULB

The state of post-quantum cryptography

Post-quantum cryptography has been an increasingly popular research topic due to the looming threat of quantum computers. In this talk we will review what post-quantum cryptography is and its current main branches. We will assess the main contenders for standardization, and what a post-quantum world might look like.

Valerie's presentation is available here

14:45 – 15:30 DURRIEU Gilles, UBS

Nonparametric statistics for Big Data

This talk is devoted to the estimation of the derivative of the regression function in fixed and random design nonparametric regression. We establish the almost sure convergence as well as the asymptotic normality of our estimates. We provide concentration inequalities. We also illustrate our nonparametric estimation procedure on simulated data and high-frequency real data.

FRIDAY, JULY 7: SESSION 5

New technologies and attacks on microcontrollers
Moderator: Guy GOGNIAT, UBS

TEAMS link to follow the session here

14:00 – 14:45 MILOJEVIC Dragomir, ULB

Advanced CMOS & 3D packaging technologies for future integrated circuits and systems

New transistor architectures and scaling boosters will enable CMOS technology to reach & go beyond 1nm node. Despite further enablement of scaling, 2D system integration faces limitations due to memory wall (bandwidth, energy per transferred bit, capacity, etc.), cost-effective integration of big dies (many-core SoCs), poor scaling of SRAM technology (inefficient memory hierarchy) to name a few. To overcome these limitations, 3D system integration has been proposed with various technology options to allow different die-to-die interconnect schemes. In this talk we will investigate different 3D technologies options, their properties, system integration options and how they will shape future System-on-Chip design.

14:45 – 15:30 GAUDIN Nicolas, UBS

Thwarting Timing Attacks in Microcontrollers using Fine-grained Hardware Protections

Timing side-channels are an identified threat for security critical software. Existing countermeasures have a cost either on the hardware requirements or execution time. We focus on low-cost microcontrollers that have a very low computational capacity. Although these processors do not feature out-of-order execution or speculation, they remain vulnerable to timing attacks exploiting the varying latencies of ALU operations or memory accesses. We propose to augment the RISC-V ISA with security primitives that have a guaranteed timing behavior. These primitives allow constant time ALU operations and memory accesses that do not alter the state of the cache. Our approach has a low overhead in terms of hardware cost, binary code size, and execution time both for the constant time secure program and other programs running concurrently on the same hardware.