Sommaire

  • Cet exposé a été présenté le 20 mai 2025 (11:00 - 12:00).

Description

  • Orateur

    Manuel Maarek - Heriot-Watt University

Creating secure software code requires software engineers to elicit and 
follow the security requirements of the system they are building. 
Software engineer teams might not have the security expertise to 
approach this angle of software development confidently. With the 
democratisation of access to software development and deployment, 
software are often built by developers with neither software engineering 
expertise nor security knowledge, a situation that could make systems 
vulnerable. We present approaches based on short games, knowledge cards 
and serious game jams designed to help these non-experts gain the 
knowledge and ability to communicate on code security. These are some of 
the outputs of the Secrious project published recently in the IEEE 
Security & Privacy magazine, and in the ACM Games and Computer Standards 
& Interfaces journals. The project was supported by the Engineering and 
Physical Research Council (Grant EP/T017511/1 "Serious Coding: A Game 
Approach To Security For The New Code-Citizens"). 

Manuel Maarek from Heriot-Watt University is visiting the Université de 
Rennes/IRISA as part of the MLSEAN Machine Learning based software 
systems SEcurity ANalysis project supported by the UK-France Science, 
Innovation, and Technology Researcher Mobility Scheme.

Infos pratiques

Prochains exposés

  • What you never wanted to know about vulnerability databases

    • 21 novembre 2025 (10:00 - 11:00)

    • Inria Center of the University of Rennes - Room Métivier

    Orateur : Henrik Plate - Endor Labs

    Vulnerability databases play a crucial role in modern software security, serving as the backbone for Application Security (AppSec) and Software Composition Analysis (SCA) tools. However, the accuracy and reliability of these databases vary significantly, often leading to misinformed security decisions. This talk explores the challenges associated with vulnerability databases, including incomplete[…]

    • Risk Assessment

    • SoSysec

    • Vulnerability management

  • CHERIoT RTOS: An OS for Fine-Grained Memory-Safe Compartments on Low-Cost Embedded Devices

    • 21 novembre 2025 (11:00 - 12:00)

    • Inria Center of the University of Rennes - Room Métivier

    Orateur : Hugo Lefeuvre - The University of British Columbia

    Embedded systems do not benefit from strong memory protection, because they are designed to minimize cost. At the same time, there is increasing pressure to connect embedded devices to the internet, where their vulnerable nature makes them routinely subject to compromise. This fundamental tension leads to the current status-quo where exploitable devices put individuals and critical infrastructure[…]

    • SoSysec

    • Compartmentalization

    • Operating system and virtualization

    • Hardware/software co-design

    • Hardware architecture

Voir les exposés passés
Haut de page