Pause
Lecture
Moteur de recherche d'offres d'emploi CEA

Software research engineer for cybersecurity H/F


Vacancy details

General information

Organisation

The French Alternative Energies and Atomic Energy Commission (CEA) is a key player in research, development and innovation in four main areas :
• defence and security,
• nuclear energy (fission and fusion),
• technological research for industry,
• fundamental research in the physical sciences and life sciences.

Drawing on its widely acknowledged expertise, and thanks to its 16000 technicians, engineers, researchers and staff, the CEA actively participates in collaborative projects with a large number of academic and industrial partners.

The CEA is established in ten centers spread throughout France
  

Reference

2022-22917  

Position description

Category

Mathematics, information, scientific, software

Contract

Fixed-term contract

Job title

Software research engineer for cybersecurity H/F

Socio-professional category

Executive

Contract duration (months)

18

Job description

Description

This position will focus on the development of countermeasures against side-channel attacks on embedded systems. These attacks are considered among the most effective against embedded systems, and in particular against implementation of cryptographic primitives.

The term side-channel attacks describes a large panel of attacks that all have in common the exploitation of implementation characteristics of the attack target.  Many of those implementation characteristics can be inferred from physical observations of the target computations (power consumption, electromagnetic emissions, computation time, etc.), but other attacks are possible if the attacker is able to step in the target, or nearby (cache-based timing attacks, Spectre, Meltdown, etc.).  Side-channel attacks have gained momentum with the increased use of cryptography, because they represent the most effective way to break unprotected implementations of cryptography.  For example, the symmetric block cipher AES, which is considered secure by the traditional cryptanalysis, is highly vulnerable in presence of side-channel attacks.

Our team has developed software countermeasures applied by a specialised compiler, Cogito [1].  Our compiler is based on LLVM, and we currently support the ARM architecture, with on-going ports for the RISC-V architecture.

 [1] N. Belleville, D. Couroussé, K. Heydemann, H.-P. Charles “Automated software protection for the masses against side-channel attacks”, in ACM Transactions on Architecture and Code Optimization (TACO) Volume 15 Issue 4, January 2019, Article No. 47. pp. 1-27

 

Objectives


In the context of a research project, we want to extend Cogito to support new countermeasures and strengthen the already supported countermeasures. You will contribute to this work.

More precisely, you will have the opportunity to:
-          integrate a random walk countermeasure inside our compiler,

-          extend the code polymorphism countermeasure,

-          combine both countermeasures,

-          evaluate the obtained security with side-channel measurements,

-          participate to the research publications.
 
You will work within a team of CEA research engineers and in collaboration with several expert teams in cyber-security from the CEA, industrial and/or academic partners, in France or in Europe.

The position includes a few travels for attending exhibits, conferences, or project meetings, mainly in Europe.

Applicant Profile

Education: Master’s or PhD degree, in computer science.

  • Embedded software development.  The knowledge of ARM embedded processors and STM32 products, is a plus but not mandatory.

  •  Proficiency in C (especially embedded), and C++ programming languages

  •  Experience with software tool development methodologies: testing, version management, documentation and software quality.

  •  You know how to organize your work.

  •  

    You have the ability to work in a multidisciplinary and complex environment. 

     

The knowledge of side-channel attacks is not required but is a plus for the application.

Position location

Site

Grenoble

Job location

France, Auvergne-Rhône-Alpes, Isère (38)

Location

  Grenoble

Candidate criteria

Recommended training

Master or PhD

Requester

Position start date

12/09/2022