<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>Journal on Pascal Cotret</title><link>https://pcotret.gitlab.io/pubtypes/journal/</link><description>Recent content in Journal on Pascal Cotret</description><generator>Hugo</generator><language>en</language><lastBuildDate>Wed, 01 Jul 2026 00:00:00 +0000</lastBuildDate><atom:link href="https://pcotret.gitlab.io/pubtypes/journal/index.xml" rel="self" type="application/rss+xml"/><item><title>JITDomain: Instruction-level JIT code isolation</title><link>https://pcotret.gitlab.io/publications/2026-ducasse-jsa/</link><pubDate>Wed, 01 Jul 2026 00:00:00 +0000</pubDate><guid>https://pcotret.gitlab.io/publications/2026-ducasse-jsa/</guid><description>&lt;p&gt;Language Virtual Machines (VMs) are the execution engine of high-level languages, present in virtually all computing systems. Their components are complex and a vulnerability in any part of the execution makes the underlying victim computer open to arbitrary code execution. The Just-In-Time (JIT) compilation process is used in VMs for performance purposes by generating optimized code at run time. Taking advantage of the dynamic nature of this code, we present JITDomain, an instruction-level domain isolation solution. It duplicates memory access instructions and ties them to a specific domain to enforce three main guarantees on the JIT code, a critical part of the VM memory: call stack isolation, data access separation, and system call filtering. As new instructions come as drop-in replacement for existing ones, the instrumentation cost and code size overhead is minimized. We implemented the JITDomain solution by extending the RISC-V instruction set architecture and the CVA6 open-source processor at negligible overhead (+ 0.5%). The evaluation performed using Gigue, a JIT code workload generator, shows a performance overhead of less than 2.5%, making it suitable for real-world usage. The implementation does not slow down classical core utilization and is validated by a dedicated functional test suite.&lt;/p&gt;</description></item><item><title>A Survey on Versatile Embedded Machine Learning Hardware Acceleration</title><link>https://pcotret.gitlab.io/publications/2025-garreau-jsa/</link><pubDate>Wed, 01 Oct 2025 00:00:00 +0000</pubDate><guid>https://pcotret.gitlab.io/publications/2025-garreau-jsa/</guid><description>&lt;p&gt;This survey investigates recent developments in versatile embedded ML hardware acceleration. Various architectural approaches for efficient implementation of ML algorithms on resource-constrained devices are analyzed, focusing on three key aspects: performance optimization, embedded system considerations (throughput, latency, energy efficiency) and multi-application support. Nevertheless, it does not take into account attacks and defenses of ML architectures themselves. The survey then explores different hardware acceleration strategies, from custom RISC-V instructions to specialized PE, PiM architectures and co-design approaches. Notable innovations include flexible bit-precision support, reconfigurable PE, and optimal memory management techniques for reducing weights and (hyper)-parameters movements overhead. Subsequently, these architectures are evaluated based on the aforementioned key aspects. Our analysis shows that relevant and robust embedded ML acceleration requires careful consideration of the trade-offs between computational capability, power consumption, and architecture flexibility, depending on the application.&lt;/p&gt;</description></item><item><title>War on JITs: Software-Based Attacks and Hybrid Defenses for JIT Compilers - A Comprehensive Survey</title><link>https://pcotret.gitlab.io/publications/2025-ducasse-acm/</link><pubDate>Tue, 15 Apr 2025 00:00:00 +0000</pubDate><guid>https://pcotret.gitlab.io/publications/2025-ducasse-acm/</guid><description>&lt;p&gt;Programming Language Virtual Machines (VMs) are composed of several components that together execute and manage languages efficiently. They are deployed in virtually all computing systems through modern web browsers. However, vulnerabilities in any VM component pose a significant threat to security and privacy. In this article, we present a survey of software attacks on Just-In-Time (JIT) compilers, which dynamically produce optimized code at run time. We first present an overview and categorization of software attacks and their vectors as presented in the literature, identifying three main attack classes: code injection, code-reuse, and data-only attacks. We show how each can lead to arbitrary code execution. Next, we present a comprehensive taxonomy of defenses, including diversification, strict memory permissions and capability containment. While some were integrated in modern VMs, we draw recommendations for future protections. Securing JIT compilers remains challenging due to inherent conflicts with security principles, such as W^X (Writable XOR eXecutable), and the complexity of JIT optimizations. Finally, we examine how newer architectures, like ARMv8 and RISC-V, face similar threats. With RISC-V’s open architecture offering a promising platform for prototyping VM-specific protections and custom security instructions, we discuss hardware-assisted runtime protections and RISC-V extensions that could enhance VM security.&lt;/p&gt;</description></item><item><title>Protection of heterogeneous architectures on FPGAs: an approach based on hardware firewalls</title><link>https://pcotret.gitlab.io/publications/2016-cotret-micpro/</link><pubDate>Fri, 01 Jul 2016 00:00:00 +0000</pubDate><guid>https://pcotret.gitlab.io/publications/2016-cotret-micpro/</guid><description>&lt;p&gt;Embedded systems are parts of our daily life and used in many fields. They can be found in smartphones or in modern cars including GPS, light/rain sensors and other electronic assistance mechanisms. These systems may handle sensitive data (such as credit card numbers, critical information about the host system and so on) which must be protected against external attacks as these data may be transmitted through a communication link where attackers can connect to extract sensitive information or inject malicious code within the system. This work presents an approach to protect communications in multiprocessor architectures. This approach is based on hardware security enhancements acting as firewalls. These firewalls filter all data going through the system communication bus and an additional flexible cryptographic block aims to protect external memory from attacks. Benefits of our approach are demonstrated using a case study and some custom software applications implemented in a Field-Programmable Gate Array (FPGA). Firewalls implemented in the target architecture allow getting a low-latency security layer with flexible cryptographic features. To illustrate the benefit of such a solution, implementations are discussed for different MPSoCs implemented on Xilinx Virtex-6 FPGAs. Results demonstrate a reduction up to 33% in terms of latency overhead compared to existing efforts.&lt;/p&gt;</description></item><item><title>Protection des architectures hétérogènes sur FPGA : une approche par pare-feux matériels</title><link>https://pcotret.gitlab.io/publications/2014-cotret-ti/</link><pubDate>Sat, 01 Feb 2014 00:00:00 +0000</pubDate><guid>https://pcotret.gitlab.io/publications/2014-cotret-ti/</guid><description>&lt;p&gt;Les systèmes embarqués font désormais partie intégrante de la vie quotidienne. Ces systèmes peuvent occasionnellement manipuler des données sensibles liées à l&amp;rsquo;utilisateur ou au système lui-même : la sécurité des données devient un paramètre important du cycle de développement. Dans le cadre de cet article, nous proposons d&amp;rsquo;illustrer une solution sécurisée d&amp;rsquo;une architecture simplifiée implémentée sur un composant reconfigurable FPGA. Les techniques proposées peuvent être utilisées dans différentes applications.&lt;/p&gt;</description></item></channel></rss>