Table of contents

  • This session has been presented October 29, 2021.

Description

  • Speaker

    Sébastien Bardin (CEA LIST)

While digital security concerns increase, we face both a urging demand for more and more code-level security analysis and a shortage of security experts. Hence the need for techniques and tools able to automate part of these code-level security analyses. As source-level program analysis and formal methods for safety-critical applications have made tremendous progress in the past decades, it is extremely tempting to adapt them from safety to security. Yet, security is not safety and, while still useful, a direct adaptation of safety-oriented program analysis to security scenarios remains limited in its scope. In this talk, we will argue for the need of security-oriented program analysis. Especially, we will first present some of the challenges faced by formal methods and program analysis in the context of code-level security scenarios. For example, security-oriented code analysis is better performed at the binary level, the attacker must be taken into account and practical security properties deviate from standard reachability / invariance properties. Second, we will discuss some early results and achievements carried out within the BINSEC group at CEA LIST. Especially, we will show how techniques such as symbolic execution and SMT constraint solving can be tailored to a number of practical code-level security scenarios.

Practical infos

Next sessions

  • Les jeux vidéo de l’écran au réel : enjeux juridiques et (géo)politiques au prisme de la cybersécurité

    • February 11, 2026 (14:00 - 15:30)

    • Pôle Numérique Rennes Beaulieu (PNRB)

    Speaker : Léandre Lebon, Sandrine Turgis - Univ Rennes, IODE

    Protection des droits d’auteur, lutte contre les techniques de triche, interactions avec la guerre et les conflits hybrides, enjeux de démocratie ... Sous l’angle de la cybersécurité les enjeux juridiques et (géo)politiques des jeux video sont nombreux. Cette présentation du groupe de travail sur les jeux video (GTJV) permettra d’alimenter la réflexion sur l’articulation entre jeux video et[…]

    • Law

  • The Quest for my Perfect MATE. Investigate MATE: Man-at-the-End attacker (followed by a hands-on application). 

    • February 11, 2026 (16:00 - 17:30)

    • Pôle Numérique Rennes Beaulieu (PNRB)

    Speaker : Mohamed Sabt, Etienne Nedjaï - Univ Rennes, IRISA

    Shannon sought security against an attacker with unlimited computational powers: if an information source conveys some information, then Shannon’s attacker will surely extract that information. Diffie and Hellman refined Shannon’s attacker model by taking into account the fact that the real attackers are computationally limited. This idea became one of the greatest new paradigms in computer[…]
Show previous sessions
Page top