Reconciling predictability and performance in processor architectures for critical systems
Critical systems have both functional and timing requirements, the latter ensuring that deadlines are always met during operation; failure to do so may lead to catastrophic consequences. The critical nature of such systems demands specialized hardware and software solutions. This PhD thesis topic focuses on the development of computer architecture designs for critical systems, known as predictable architectures, capable of providing the necessary timing guarantees. Several such architectures exist, typically based on in-order pipelines and incorporating behavioral restrictions (e.g., disabling complex speculation mechanisms) or structural specializations (e.g., redesigned caches or deterministic arbitration for shared resources). These restrictions and specializations inevitably impact performance, and the design of predictable architectures must therefore address the predictability–performance tradeoff directly. This PhD thesis aims to explore this tradeoff in a novel way, by adapting a high-performance variant of an in-order processor (CVA6) and developing top-down techniques to make it predictable. Performance in such processors is usually achieved through mechanisms like branch prediction, prefetching, and value prediction, implemented via specialized storage elements (e.g., buffers) and supported by control mechanisms such as rollback on misprediction. Within this context, the goal of the thesis is to define a general predictability scheme for speculative execution, covering both storage organization and rollback behavior.
Learning Mechanisms for Detecting Abnormal Behaviors in Embedded Systems
Embedded systems are increasingly used in critical infrastructures (e.g., energy production networks) and are therefore prime targets for malicious actors. The use of intrusion detection systems (IDS) that dynamically analyze the system's state is becoming necessary to detect an attack before its impacts become harmful.
The IDS that interest us are based on machine learning anomaly detection methods and allow learning the normal behavior of a system and raising an alert at the slightest deviation. However, the learning of normal behavior by the model is done only once beforehand on a static dataset, even though the embedded systems considered can evolve over time with updates affecting their nominal behavior or the addition of new behaviors deemed legitimate.
The subject of this thesis therefore focuses on studying re-learning mechanisms for anomaly detection models to update the model's knowledge of normal behavior without losing information about its prior knowledge. Other learning paradigms, such as reinforcement learning or federated learning, may also be studied to improve the performance of IDS and enable learning from the behavior of multiple systems.
Side-Channel based Reverse-Engineering
The characterization of the security of embedded systems in "black box" or "gray box" against Side-Channel attacks often requires a preparatory phase of Reverse-Engineering, which can be particularly time-consuming, especially on a complex System-on-Chip that can be found in smartphones or in the automotive industry. This phase can, for example, consist of detecting a cryptographic primitive within Side-Channel measurements for a future observation attack, or a target routine for a fault injection attack. The objective of this thesis is to develop a methodology and non-profiled tools that allow the automation of this detection phase, while enabling the exploitation of prior knowledge of a potential attacker.
Vulnerability analysis of protocols on hardware devices
The Information Technology Security Evaluation Facility (ITSEF) conducts activities in the field of security evaluation of electronic systems, embedded software components, either within the framework of certification schemes, for example the one led by the l’Agence Nationale de la Sécurité des Systèmes d’information (ANSSI), or at the direct request of developers.
In the context of security evaluations conducted by the ITSEF, evaluators are required, among other things, to test the resistance of cryptographic mechanisms embedded on smart cards against physical attacks, such as chip tampering attacks or attacks by observing compromising signals. In an application context (banking, healthcare, identity), these mechanisms are used within cryptographic protocols, such as key exchanges or authentications. When a vulnerability is detected in a product, the evaluator must analyze its impact on the protocol. Currently, this analysis relies on the evaluator's expertise, but the use of formal methods would be advantageous for tracing attack paths or for providing greater assurance that the vulnerability will not be exploited.
Initially, this thesis will focus on studying existing verification tools (e.g., Tamarin [1]) in order to test them on the protocols used in commonly evaluated applications. The thesis will then aim to examine the different ways in which a vulnerability can be expressed within the protocol, and to evaluate the tool's ability to formally analyze its impacts by identifying attack paths. Finally, the PhD student will be required to enhance the tool with new components to address the identified needs.
References
[1] Tamarin : https://github.com/tamarin-prover/tamarin-prover
Implementation of TFHE on RISC-V based embedded systems
Fully Homomorphic Encryption (FHE) is a technology that allows computations to be performed directly on encrypted data, meaning that we can process information without ever knowing its actual content. For example, it could enable online searches where the server never sees what you are looking for, or AI inference tasks on private data that remain fully confidential. Despite its potential, current FHE implementations remain computationally intensive and require substantial processing power, typically relying on high-end CPUs or GPUs with significant energy consumption. In particular, the bootstrapping operation represents a major performance bottleneck that prevents large-scale adoption. Existing CPU-based FHE implementations can take over 20 seconds on standard x86 architectures, while custom ASIC solutions, although faster, are prohibitively expensive, often exceeding 150 mm² in silicon area. This PhD project aims to accelerate the TFHE scheme, a more lightweight and efficient variant of FHE. The objective is to design and prototype innovative implementations of TFHE on RISC-V–based systems, targeting a significant reduction in bootstrapping latency. The research will explore synergies between hardware acceleration techniques developed for post-quantum cryptography and those applicable to TFHE, as well as tightly coupled acceleration approaches between RISC-V cores and dedicated accelerators. Finally, the project will investigate the potential for integrating a fully homomorphic computation domain directly within the processor’s instruction set architecture (ISA).
Physical-attack-assisted cryptanalysis for error-correcting code-based schemes
The security assessment of post-quantum cryptography, from the perspective of physical attacks, has been extensively studied in the literature, particularly with regard to the ML-KEM and ML-DSA standards, which are based on Euclidean lattices. Furthermore, in March 2025, the HQC scheme, based on error-correcting codes, was standardized as an alternative key encapsulation mechanism to ML-KEM. Recently, Soft-Analytical Side-Channel Attacks (SASCA) have been used on a wide variety of algorithms to combine information related to intermediate variables in order to trace back to the secret, providing a form of “correction” to the uncertainty associated with profiled attacks. SASCA is based on probabilistic models called “factor graphs,” to which a “belief propagation” algorithm is applied. In the case of attacks on post-quantum cryptosystems, it is theoretically possible to use the underlying mathematical structure to process the output of a SASCA attack in the form of cryptanalysis. This has been demonstrated, for example, on ML-KEM. The objective of this thesis is to develop a methodology and the necessary tools for cryptanalysis and residual complexity calculation for cryptography based on error-correcting codes. These tools will need to take into account information (“hints”) obtained from a physical attack. A second part of the thesis will be to study the impact that this type of tool can have on the design of countermeasures.
Electron beam probing of integrated circuits
The security of numerical systems relies on cryptographic chains of trust starting from the hardware up to end-user applications. The root of chain of trust is called a “root of trust” and takes the form a dedicated Integrated Circuit (IC), which stores and manipulates secrets. Thanks to countermeasures, those secrets are kept safe from extraction and tampering from attackers.
Scanning Electron Microscope (SEM) probing is a well-known technique in failure analysis that allows extracting such sensitive information. Indeed, thanks to a phenomenon known as voltage contrast, SEM probing allows reading levels of transistors or metal lines. This technique was widely used in the 90s on ICs frontside, but progressively became impractical with the advance of manufacturing technologies, in particular the increasing number of metal layers. Recent research work (2023) showed that SEM-based probing was possible from the backside of the IC instead of frontside. The experiments were carried-out on a quite old manufacturing technology (135 µm). Therefore, it is now essential to characterize this threat on recent technologies, as it could compromise future root of trusts and the whole chains of trust build on top of them.
The first challenge of this PhD is to build a reliable sample preparation process allowing backside access to active regions while maintaining the device functional. The second challenge is to characterize the voltage contrast phenomenon and instrument the SEM for probing active areas. Once the technique will be mature, we will compare the effect of the manufacturing technology against those threats. The FD-SOI will be specifically analyzed for potential intrinsic benefits against SEM probing.
Adaptive Orchestration for Proactive Security in Distributed Systems
Modern distributed architectures are becoming increasingly heterogeneous and dynamic, expanding the attack surface and challenging traditional, static security mechanisms. To address these challenges, proactive defense approaches, and particularly Moving Target Defense (MTD), have been introduced to disrupt attackers by regularly modifying the system configuration — for instance, by randomizing network addresses, reallocating containers, or deploying decoy services. However, most existing strategies remain static, rely on a single defense mechanism, and ignore the underlying hardware state. In parallel, hardware-level countermeasures such as cache partitioning, randomization, and scheduling have been proposed against side-channel attacks, yet they are seldom integrated into the decision logic of orchestration frameworks.
The objective of this PhD is to design an adaptive MTD orchestration framework that is aware of the underlying hardware state, capable of dynamically adjusting defense strategies according to system load, performance, and observed vulnerability. The central idea is to feed a reinforcement learning (RL) agent with information derived from hardware performance counters and local security metrics linked to shared cache dynamics, enabling it to select the optimal combination of MTD strategies based on the current system context.
The expected contributions include the definition of a hardware-informed local security metric capturing cache behavior, the graph-based modeling of dependencies between services, resources, and attack surfaces, the design of a unified RL-based decision agent for adaptive MTD selection, and a multi-criteria evaluation (security, performance, energy) on a realistic automotive use case.
This thesis aims to bridge system-level and hardware-level perspectives to build trustworthy orchestrators capable of anticipating and adapting defenses against evolving threats, paving the way toward intelligent and hardware-aware proactive security in distributed systems.