<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>Other on Pascal Cotret</title><link>https://pcotret.gitlab.io/pubtypes/other/</link><description>Recent content in Other on Pascal Cotret</description><generator>Hugo</generator><language>en</language><lastBuildDate>Thu, 05 Feb 2026 00:00:00 +0000</lastBuildDate><atom:link href="https://pcotret.gitlab.io/pubtypes/other/index.xml" rel="self" type="application/rss+xml"/><item><title>Enclave-Aware Cache Replacement for Trusted Execution Environments</title><link>https://pcotret.gitlab.io/publications/2026-cotret-fetch/</link><pubDate>Thu, 05 Feb 2026 00:00:00 +0000</pubDate><guid>https://pcotret.gitlab.io/publications/2026-cotret-fetch/</guid><description>&lt;p&gt;Presentation at this workshop.&lt;/p&gt;</description></item><item><title>ARMOR : Accelerator Runtime Monitoring and cOntrolled identity enfoRcement</title><link>https://pcotret.gitlab.io/publications/2026-jendoubi-dasip/</link><pubDate>Wed, 28 Jan 2026 00:00:00 +0000</pubDate><guid>https://pcotret.gitlab.io/publications/2026-jendoubi-dasip/</guid><description>&lt;p&gt;Dynamically reconfigurable hardware offers significant adaptability and performance advantages for modern System-on-Chip (SoC) architectures, but also enlarges the system’s attack surface. Previous work has shown that reconfigurable accelerators can exploit weaknesses in Input Output Memory Management Unit (IOMMU) to perform unauthorized Direct Memory Accesss (DMAs), revealing limitations in current I/O protection mechanisms. This paper presents ARMOR, a hardware mechanism designed to ensure the trustworthy integration of reconfigurable accelerators within IOMMU-enabled SoCs. ARMOR enforces secure device identity verification and provides runtime supervision of accelerator activity to detect and prevent abnormal or malicious behavior. Implemented in a RISC-V environment and validated through simulation, it effectively prevents I/O-based attacks while maintaining system compatibility and low performance overhead.&lt;/p&gt;</description></item><item><title>Enforcing RISC-V TEE Security Against Cache Timing Attacks</title><link>https://pcotret.gitlab.io/publications/2025-elmnaouri-cryptarchi/</link><pubDate>Sun, 15 Jun 2025 00:00:00 +0000</pubDate><guid>https://pcotret.gitlab.io/publications/2025-elmnaouri-cryptarchi/</guid><description>&lt;p&gt;Confidential computing includes various methods to enhance data security, notably by processing sensitive information within TEE. However, TEE remain vulnerable to SCA, such as cache timing attacks, which exploit timing variations to extract confidential data. Existing TEE designs do not provide sufficient protection against these threats, highlighting the need for stronger security measures. This study focuses on integrating countermeasures specifically targeting timing and cache vulnerabilities within a TEE. The implementation will leverage the RISC-V architecture to explore its potential in mitigating SCA within TEE.&lt;/p&gt;</description></item><item><title>Security of Dynamically Reconfigurable RISC-V Systems: I/O Attack Focus</title><link>https://pcotret.gitlab.io/publications/2025-jendoubi-raw/</link><pubDate>Tue, 03 Jun 2025 00:00:00 +0000</pubDate><guid>https://pcotret.gitlab.io/publications/2025-jendoubi-raw/</guid><description>&lt;p&gt;Dynamic Partial Reconfiguration (DPR) enhances flexibility in modern hardware but introduces security risks. This work demonstrates how a Malicious Hardware Accelerator (MHA) can exploit Direct Memory Access (DMA) to bypass Input Output Memory Management Unit (IOMMU) protections through device ID manipulation, enabling unauthorized memory access. This vulnerability exposes a fundamental security gap in the management of dynamically reconfigurable systems. By highlighting this issue and proposing mitigation strategies, we provide a conceptual framework to guide the development of security mechanisms for dynamically adaptable architectures.&lt;/p&gt;</description></item><item><title>Support matériel pour la distribution de moteurs IA embarqués</title><link>https://pcotret.gitlab.io/publications/2025-lagadec-cob/</link><pubDate>Tue, 13 May 2025 00:00:00 +0000</pubDate><guid>https://pcotret.gitlab.io/publications/2025-lagadec-cob/</guid><description>&lt;p&gt;Presentation at this workshop.&lt;/p&gt;</description></item><item><title>Verrouillage des lignes de cache pour la lutte contre les attaques par canaux auxiliaires exploitant les mémoires cache</title><link>https://pcotret.gitlab.io/publications/2024-gaudin-cob/</link><pubDate>Tue, 05 Mar 2024 00:00:00 +0000</pubDate><guid>https://pcotret.gitlab.io/publications/2024-gaudin-cob/</guid><description>&lt;p&gt;Presentation at this workshop.&lt;/p&gt;</description></item><item><title>Cache locking against cache-based side-channel attacks</title><link>https://pcotret.gitlab.io/publications/2024-gaudin-fetch/</link><pubDate>Thu, 08 Feb 2024 00:00:00 +0000</pubDate><guid>https://pcotret.gitlab.io/publications/2024-gaudin-fetch/</guid><description>&lt;p&gt;Presentation at this workshop.&lt;/p&gt;</description></item><item><title>JIT Compiler Security through Low-Cost RISC-V Extension</title><link>https://pcotret.gitlab.io/publications/2023-ducasse-raw/</link><pubDate>Mon, 03 Jul 2023 00:00:00 +0000</pubDate><guid>https://pcotret.gitlab.io/publications/2023-ducasse-raw/</guid><description>&lt;p&gt;Language Virtual Machines (VM) need to be extremely efficient and hence use complex engines such as a JIT compiler to speed up the usual bytecode interpretation loop. Their usage of low-level and security-critical tasks make them targets of choice. Enforcing low-cost fine-grained memory isolation has been an important research focus as a countermeasure to the most advanced JIT attacks. Memory isolation splits the components of an application with controlled communication and verified access to other resources. We present how custom instructions linked to hardware-enforced domain-checking could protect JIT code and data. We present incremental solutions and their corresponding custom instructions. The generated machine code and extended RISC-V Rocket come at a low-cost both in performance and intrusiveness.&lt;/p&gt;</description></item><item><title>Work in Progress: Thwarting Timing Attacks in Microcontrollers using Fine-grained Hardware Protections</title><link>https://pcotret.gitlab.io/publications/2023-gaudin-silm/</link><pubDate>Mon, 03 Jul 2023 00:00:00 +0000</pubDate><guid>https://pcotret.gitlab.io/publications/2023-gaudin-silm/</guid><description>&lt;p&gt;Timing side-channels are an identified threat for security critical software. Existing countermeasures have a cost either on the hardware requirements or execution time. We focus on low-cost microcontrollers that have a very low computational capacity. Although these processors do not feature out-of-order execution or speculation, they remain vulnerable to timing attacks exploiting the varying latencies of ALU operations or memory accesses.We propose to augment the RISC-V ISA with security primitives that have a guaranteed timing behavior. These primitives allow constant time ALU operations and memory accesses that do not alter the state of the cache. Our approach has a low overhead in terms of hardware cost, binary code size, and execution time both for the constant time secure program and other programs running concurrently on the same hardware.&lt;/p&gt;</description></item><item><title>Remarkable Challenges of High-Performance Language Virtual Machines</title><link>https://pcotret.gitlab.io/publications/2022-polito-report/</link><pubDate>Tue, 01 Feb 2022 00:00:00 +0000</pubDate><guid>https://pcotret.gitlab.io/publications/2022-polito-report/</guid><description>&lt;p&gt;Language Virtual Machines (VMs) are pervasive in every laptop, server, and smartphone, as is the case with Java or Javascript. They allow application portability between different platforms and better usage of resources. They are used in critical applications such as stock exchange, banking, insurance, and health [25]. Virtual machines are an important asset in companies because they allow the efficient execution of high-level programming languages. Nowadays, they even attract investments from large non-system companies, e.g., Netflix 1 , Meta 2 , Shopify 3 and Amazon 4. VMs achieve high-performance thanks to aggressive optimization techniques that observe and adapt the execution dynamically, either by doing just-in-time compilation [5] or by adapting the memory management strategies at runtime [90, 91]. For all these reasons Virtual Machines are highly-complex engineering pieces, often handcrafted by experts, that mix state-of-the-art compilation techniques with complex memory management that collaborate with the underlying operating systems and hardware. However, besides some well-known techniques that are published in research venues, most knowledge and technology around virtual machines are highly concentrated in large companies such as Microsoft, Google, and Oracle, making Virtual Machine construction difficult, and experiments difficult to reproduce and replicate. Language VMs present many multidisciplinary scientific challenges that appear at the intersection of fields such as hardware, system software, compiler, and software language engineering. This document aims to give a brief overview of the current challenges the VM community faces. To keep this document short, we selected remarkable challenges in managed execution, managed memory, performance evaluation, software engineering and security.&lt;/p&gt;</description></item><item><title>Dis, c’est quoi là haut dans le ciel ? C’est un Linux, mon petit</title><link>https://pcotret.gitlab.io/publications/2019-viet-misc/</link><pubDate>Mon, 01 Jul 2019 00:00:00 +0000</pubDate><guid>https://pcotret.gitlab.io/publications/2019-viet-misc/</guid><description>&lt;p&gt;Les drones sont de plus en plus présents dans notre quotidien, passant du gadget technologique à l’outil de travail. Ils font désormais partie intégrante de la famille des objets connectés et constituent donc une nouvelle surface d’attaque.&lt;/p&gt;</description></item><item><title>Monitoring program execution (and more) on ARM processors</title><link>https://pcotret.gitlab.io/publications/2018-cotret-thc/</link><pubDate>Fri, 09 Mar 2018 00:00:00 +0000</pubDate><guid>https://pcotret.gitlab.io/publications/2018-cotret-thc/</guid><description>&lt;p&gt;No abstract yet.&lt;/p&gt;</description></item><item><title>A hardware coprocessor for Zynq-based Dynamic Information Flow Tracking</title><link>https://pcotret.gitlab.io/publications/2016-wahab-cryptarchi/</link><pubDate>Wed, 22 Jun 2016 00:00:00 +0000</pubDate><guid>https://pcotret.gitlab.io/publications/2016-wahab-cryptarchi/</guid><description>&lt;p&gt;This talk introduces an efficient and portable approach for DIFT (Dynamic Information
Flow Tracking) implementations on reconfigurable chips. DIFT aims to track the application
control flow by adding metadata (also known as tags) to information containers (e.g. registers,
memory addresses, &amp;hellip;), propagating and checking it at runtime. These approaches have been
successfully used against a wide range of attacks including buffer overflow, SQL injections and
so on.&lt;/p&gt;</description></item><item><title>Protection des architectures hétérogènes multiprocesseurs dans les systèmes embarqués. Une approche décentralisée basée sur des pare-feux matériels</title><link>https://pcotret.gitlab.io/publications/2012-cotret-phd/</link><pubDate>Tue, 11 Dec 2012 00:00:00 +0000</pubDate><guid>https://pcotret.gitlab.io/publications/2012-cotret-phd/</guid><description>&lt;p&gt;Les systèmes embarqués sont présents dans de nombreux domaines et font même partie de notre quotidien à travers les smartphones ou l&amp;rsquo;électronique embarquée dans les voitures par exemple. Ces systèmes manipulent des données sensibles (codes de carte bleue, informations techniques sur le système hôte. . . ) qui doivent être protégées contre les attaques extérieures d&amp;rsquo;autant plus que ces données sont transmises sur un canal de communication sur lequel l&amp;rsquo;attaquant peut se greffer pour extraire des données ou injecter du code malveillant. Le fait que ces systèmes contiennent de plus en plus de composants dans une seule et même puce augmente le nombre de failles qui peuvent être exploitées pour provoquer des attaques. Les travaux menés dans cemanuscrit s&amp;rsquo;attachent à proposer une méthode de sécurisation des communications et des mémoires dans une architecture multiprocesseur embarquée dans un composant reconfigurable FPGA par l&amp;rsquo;implantation de mécanismes matériels qui proposent des fonctions de surveillance et de cryptographie afin de protéger le système contre un modèle de menaces prédéfini tout en minimisant l&amp;rsquo;impact en latence pour éviter de perturber le trafic des données dans le système. Afin de répondre au mieux aux tentatives d&amp;rsquo;attaques, le protocole demise à jour est également défini. Après une analyse des résultats obtenus par différentes implémentations, deux extensions sont proposées : un flot de sécurité complet dédié à la mise en route et la maintenance d&amp;rsquo;un système multiprocesseur sur FPGA ainsi qu&amp;rsquo;une amélioration des techniques de détection afin de prendre en compte des paramètres logiciels dans les applications multi-tâches.&lt;/p&gt;</description></item><item><title>Self-reconfigurable security-enhanced communications in FPGA-based MPSoCs</title><link>https://pcotret.gitlab.io/publications/2012-cotret-cryptarchi/</link><pubDate>Wed, 20 Jun 2012 00:00:00 +0000</pubDate><guid>https://pcotret.gitlab.io/publications/2012-cotret-cryptarchi/</guid><description>&lt;p&gt;Nowadays, security is a key constraint in MPSoC development lifecycle as many critical and secret information can be stored and manipulated in these systems. Monitoring and controlling communications is a method to protect an embedded system from classic attacks such as malicious accesses to restricted components. This work proposes security enhancements based on Block RAMs and AES-GCM ciphering to provide the designer an AXI-compliant design where no user intervention is required for reconfiguration of security services. A Virtex-6 FPGA implementation (with a set of miBench and custom applications) demonstrates a reduction up to 33% in terms latency overhead compared to an unprotected multiprocessor architecture and an area overhead around 10% for the reconfiguration logic.&lt;/p&gt;</description></item><item><title>Protecting communications in bus-based MPSoCs using hardware firewalls</title><link>https://pcotret.gitlab.io/publications/2011-cotret-cryptarchi/</link><pubDate>Sat, 18 Jun 2011 00:00:00 +0000</pubDate><guid>https://pcotret.gitlab.io/publications/2011-cotret-cryptarchi/</guid><description>&lt;p&gt;The need for security in embedded systems has strongly increased since several years. Nowadays, it is possible to integrate several processors in a single chip. The design of such multiprocessor systems-on-chip (MPSoC) must be done with a lot of care as the execution of applications may lead to potential vulnerabilities such as revelation of critical data and private information. Among the critical points, protection of the communications is very sensible as most of the data are exchanged through the communication architecture of the system. This paper targets this point and proposes an efficient (in terms of latency-area trade-off) and distributed solution based on full hardware interfaces to protect AXI-based MPSoC architectures. This solution does not require software modifications and should be portable to other technologies using ARM communication standard. A case study implemented on Virtex-6 FPGAs is given in this work. The reliability of our solution is studied on larger-scale architectures using a set of benchmarks and a comparison with existing solutions.&lt;/p&gt;</description></item></channel></rss>