Personal page

Work experience

 
 
 
 
 

PhD student

ANSSI - National Cybersecurity Agency of France

October 2018 – April 2019 Paris

Thesis subject: software countermeasures against vulnerable hardware platforms.

Study of formal methods and countermeasures applicable for secure execution on vulnerable hardware platforms (e.g. Spectre & Meltdown vulnerabilities):

  • State of the art of existing countermeasures (LFENCE, Speculative Load Hardening, …)
  • Impacts study: generated code size, performances overhead, residual risk, …
  • Proof-of-Concept of a detection and remediation plug-in using static analysis for the Frama-C platform: Spectre v1 vulnerables branches detection and automatic insertion of countermeasures
  • Literature monitoring on software and side channels security.
 
 
 
 
 

Computer security engineer

Bureau Veritas

September 2015 – September 2018 La Défense, Paris

Working in the Safety department of our European Technical Center (R&D center) on various security-related activities, such as:

  • Connected vehicles and autonomous vehicles security:

    • Co-writer of the BV-CARCYBERSEC-001 guidelines: “Cybersecurity for connected cars: best practices”
    • Bureau Veritas’ representative at ISO 21434 (“Automotive Cybersecurity Engineering”) Joint Working Group
    • Cybersecurity and safety common process design for automotive manufacturer (based on SAE J3061 & ISO 26262)
    • Security audit of an autonomous shuttle, deployed in a sensitive production environment
    • Developped a set of security requirements and audit methodology for autonomous vehicle security (SESNA Project)
  • Embedded systems (IoT) and industrial systems (SCADA/ICS) security

    • IEC 62443 audits & certifications
    • IoT products security assessment
  • Software security

    • Static code analysis (with Frama-C)
    • Co-writer of the BV-SW200 guidelines: “Cybersecurity Guidelines for Development & Assessment of Software”
 
 
 
 
 

Internship - Embedded systems

Luxembourg Institute of Science and Technology (LIST)

May 2014 – August 2014 Luxembourg

Internship subject: multi-sensors ad-hoc network use to improve indoor positioning of mobile users.

Embedded system (LEGO Mindstorms EV3) programming in Java (Lejos framework). The goal was to build and program the robot to navigate inside a previously unknown room, in order to map its Wi-Fi and Bluetooth coverage.

The data would later be used to perform indoor positionning on a smartphone (using Wi-Fi RSSI, see HORUS system). The robot had to avoid obstacles and report them. I implemented the following parts:

  • Navigation and guidance systems
  • Infrared and ultrasonic sensors data acquisition

Publications

With the emerging concerns about industrial cybersecurity and the ever-growing importance of software development for innovative fields …

This technical guide emphasizes a set of security objectives addressed to software developers and highlights good practices to be …

Following the publication of our work regarding the security of connected vehicles, I was sollicited by Sentryo, a French company …

Recent news-breaking attacks demonstrated a lack of readiness and foresight of the cybersecurity threat in the automotive industry. New …

Recent news-breaking attacks demonstrated a lack of readiness and foresight of the cybersecurity threat in the automotive industry. New …

Miscellaneous

Certifications

MOOCs

I try to always learn something new, fun and/or useful ! I rely a lot on MOOCs to do so, and I had the opportunity to follow these one so far: