What are the challenges for the security of software/hardware interfaces? Focus on the first session of the Cyber Semesters

Cybersecurity has long comprised two distinct research communities: one dedicated to the hardware and the other one dealing with the software. But the border between both worlds also deserves close scrutiny. A sober reminder of that came in January 2018 with the disclosure of Meltdown and Spectre, two vulnerabilities which, in certain conditions, could allow a program to steal data from the processor.

Studying the software/hardware interface is precisely the purpose of SILM, the first in a series of three semesters that will bring in Rennes some of the world top-notch scientists with insights on the latest research in the field. These semesters are initiated and funded by the DGA, the French defense procurement agency, the purpose being to invite world leading scientists to help single out specific domains of research that would deserve further funding. They are operated by Inria on behalf of the partners of PEC, the Cyber-Excellence Cluster created in Brittany by the French Ministry of Armed Forces back in 2015.

“SILM was supposed to be a six-month matter but it will eventually span over a year, ending in July 2020,” says Guillaume Hiet, an Assistant Professor with CentraleSupelec and a member of the Cidre research team, common with Inria, CentraleSupelec, Université Rennes 1 and CNRS,  who volunteered to head the event with the help of four colleagues : Clémentine Maurice (CNRS) Frédéric Tronel (CentraleSupélec), Jean-Louis Lanet (Inria) and Ronan Lashermes, (Inria).

From September 2019 to July 2020, the SILM semester is holding a string of seminars in Inria's conference facility in Rennes, each of them featuring two presentations in a row. But actually, the semester was started a bit earlier with a summer school at Inria as well as at the neighboring CentraleSupélec. “Every year, the cybersecurity research network (GDR) of the French CNRS scientific institute sets up a summer school somewhere in France. The 2019 edition was due to take place in Rennes and we were offered the opportunity to take charge of its organization with a topic of our choosing. In addition to Master and PhD students as well as academics, this one-week summer school was attended by security experts from the industry. For instance, we had people from Serma Technologies, a company which happens to be a CESTI, in other words a service provider sanctioned by French Cybersecurity Agency ANSSI.”

Another serendipitous opportunity cropped up during the 2019 edition of the European Cyber Week, a cybersecurity forum held every November in Rennes. “In the context of this event, we were given the possibility to organize a workshop dedicated to security at the software/hardware interface. We had various presentations, including from people at HP Labs Bristol with whom I have an ongoing collaboration and Sylvain Guilley, CTO of Secure-IC,” a French company specialized in embedded cybersecurity solutions.

In late January, Guillaume Hiet and Clémentine Maurice ran a one-hour master class during the International Cybersecurity Forum (FIC) that took place in the city of Lille. “The topic was: How much can we trust the hardware platforms running our applications? It was meant to be a general introduction to the problem followed by a focus on our specific research in that regard. On top of that, we had a demo on the Inria-Allistene's booth and we were available for discussions on the Ministry of Armed Forces' booth.”

“We will also hop to Genoa, Italy, where we will be holding yet another workshop during the European Symposium on Security and Privacy (EuroS&P) scheduled for June 16-18, 2020.”

Last but not least, the semester will lead to “the publication of a white book meant to carry out a strategic reflection and help DGA get a better view of current research challenges before allocating funding to certain topics. Through the seminar presentations, we are currently gathering a lot of material. The members of the organizing committee ―with help of the speakers― will then take upon themselves to summarize and edit this body of work. It is also worth mentioning that this white book will be made public and available for everyone to read. By the way, thanks to Inria, all these events are also recorded on video. As of now, some are already available on-line.”