Me

Photo
Maxime Puys
Ph.D. in Computer Science Security
Maître de conférences / Assistant Professor
E-mail: Maxime (dot) Puys (at) uca (dot) fr
Office: Département Informatique
Université Clermont Auvergne - IUT de Clermont-Ferrand
5 avenue Blaise-Pascal
TSA 90110 - 63178 Aubière
France
Links: Linkedin   ResearchGate   Google Scholar   Github   DBLP   ORCID

Curriculum Vitæ

Fields of Expertise

Cybersecurity
  • Industrial Control Systems / SCADA
  • IoT and Network Cybersecurity
  • Cryptography / Security Protocols
  • Formal Methods for Cybersecurity
  • Certification Standards
Machine Learning
  • ML-based attack detection
  • Supervised and unsupervised ML
  • Embedded ML
Teaching and Scientific Supervision
  • 1 defended Ph.D and 2 on-going
  • 5 articles in international jourals
  • 19 articles in international conferences
  • 4 defendd MSc
  • Teaching Cybersecurity, UNIX and Web

Professional Experience

Since 2023 Assistant Professor
Univ. Clermont Auvergne, France
Critical IoT Security, ML-based attack detection:
  • Industrial Control Systems / SCADA
  • IoT and Network Cybersecurity
  • ML-based attack detection
  • Supervised and unsupervised ML
  • Embedded ML
2018 - 2023 Research Engineer
CEA-LETI, Grenoble, France
Smart-Home and Industrial IoT Security:
  • IoT/SCADA device security assessment
  • Design of lightweight security solutions
  • CI/CD for developed product
  • Cybersecurity Consulting
2014 - 2018 Ph.D Student
Vérimag, St Martin d'Hères, France
Industrial Systems Cybersecurity:
  • Applicative Filtering
  • Industrial Protocols Verification
  • Research of Applicative Attack Scenarios

Computer Science Skills

Cybersecurity SSH, Wireshark, Scapy, NMap, OpenSSL, Burp, John, Snort, Ettercap
Programming Python 100%
C 100%
Ocaml 60%
ASM 40%
Linux Admin (Debian, Alpine, Arch)
Windows Advanced user
DevOps Vim, Git, Jenkins, Virtualenv, Gitlab CI, Docker, VirtualBox, Ansible
Reports LaTeX, Office and alternatives
Languages French 100%
English 80%
Japanese 30%

Scholar Formation

2014 - 2018 Ph.D in Cybersecurity
Univ. Grenoble Alpes
2012 - 2014 Master in Cybersecurity
Univ. Grenoble Alpes
Magna Cum Laude
2009 - 2014 Magister in Computer Science
Univ. Grenoble Alpes
Summa Cum Laude
2009 - 2012 Bachelor in Computer Science
Univ. Grenoble Alpes
Cum Laude

Publications

Ph.D. Thesis

[1] M. Puys. Sécurité des systèmes industriels : filtrage applicatif et recherche de scénarios d'attaques. PhD thesis, Communauté Université Grenoble-Alpes, Feb. 2018. [pdf] [bib] [slides]

International Peer-Reviewed Journals

[5] P.-H. Thevenon, S. Riou, D.-M. Tran, M. Puys, N. F. Polychronou, M. El Majihi, and C. Sivelle. iMRC: integrated monitoring & recovery component, a solution to guarantee the security of embedded systems. Journal of Internet Services and Information Security (JISIS) (Rank Scimago Q3), 13(1):4--32, 2022. [pdf] [bib]
[4] M. Puys, P.-H. Thevenon, S. M. Mocanu, M. Gallissot, and C. Sivelle. SCADA cybersecurity awareness and teaching with hardware-in-the-loop platforms. Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications (JoWUA) (Rank Scimago Q2), 13(1):4--32, 2022. [pdf] [bib]
[3] N.-F. Polychronou, P.-H. Thevenon, M. Puys, and V. Beroulle. A comprehensive survey of attacks without physical access targeting hardware vulnerabilities in IoT/IIoT devices, and their detection mechanisms. ACM Transactions on Design Automation of Electronic Systems (Rank Sciamago Q2), 27(1):1--35, 2021. [pdf] [bib]
[2] J. Dreier, M. Puys, M.-L. Potet, P. Lafourcade, and J.-L. Roch. Formally and practically verifying flow properties in industrial systems. Computers & Security, Elsevier (Rank Sciamago Q1), 86(1):453--470, 2019. [pdf] [bib]
[1] J.-G. Dumas, P. Lafourcade, J.-B. Orfila, and M. Puys. Dual protocols for private multi-party matrix multiplication and trust computations. Computers & Security, Elsevier (Rank Sciamago Q1), 71(1):51--70, 2017. [pdf] [bib]

International Peer-Reviewed Conferences with Proceedings

[19] M. Da Silva, M. Puys, P.-H. Thevenon, and S. Mocanu. Plc logic-based cybersecurity risks identification for ics. In The 18th International Conference on Availability, Reliability and Security, ARES 2023, Benevento, Italy, Aug. 29 – Sept. 1, 2023 (Rank Core B), 2023. [pdf] [bib]
[18] M. Da Silva, M. Puys, P.-H. Thevenon, S. Mocanu, and N. Nkawa. Automated ics template for stride microsoft threat modeling tool. In The 18th International Conference on Availability, Reliability and Security, ARES 2023, Benevento, Italy, Aug. 29 – Sept. 1, 2023 (Rank Core B), 2023. [pdf] [bib]
[17] N. F. Polychronou, P.-H. Thevenon, M. Puys, and V. Beroulle. A hybrid solution for constraint devices to detect microarchitectural attacks. In IEEE European Symposium on Security and Privacy (EuroS&P 2023) - Workshops, Delft, Netherlands, July 3-7, 2023, 2023. [pdf] [bib]
[16] C. Sivelle, L. Debbah, M. Puys, P. Lafourcade, and T. Franco-Rondisson. Automatic implementations synthesis of secure protocols and attacks from abstract models. In 27th Nordic Conference on Secure IT Systems (NordSec), Reykjavik, Iceland, Nov. 30 -- Dec. 2, 2022 (Rank ERA C), 2022. [pdf] [bib]
[15] N. F. Polychronou, P.-H. Thevenon, M. Puys, and V. Beroulle. MaDMAN: Detection of software attacks targeting hardware vulnerabilities. In 24th IEEE Euromicro Conference on Digital System Design (DSD), Palermo, Italy, Sept, 1-3, 2021 (Rank Qualis B1), pages 355--362, 2021. [pdf] [bib]
[14] N. F. Polychronou, P.-H. Thevenon, M. Puys, and V. Beroulle. Securing IoI/IIoT from software attacks targeting hardware vulnerabilities. In 2021 19th IEEE International New Circuits and Systems Conference (NEWCAS), Toulon, France, June 13-16, 2021 (Rank Qualis B4), pages 1--4, 2021. [pdf] [bib]
[13] M. Puys, P.-H. Thevenon, and S. Mocanu. Hardware-in-the-loop labs for scada cybersecurity awareness and training. In The 16th International Conference on Availability, Reliability and Security, ARES 2021, Vienna, Austria, August 17-20, 2021 (Rank Core B), pages 1--10, 2021. [pdf] [bib]
[12] M. Puys, J.-P. Krimm, and R. Collado. Towards cybersecurity act: A survey on iot evaluation frameworks. In SECURWARE 2020-The Fourteenth International Conference on Emerging Security Information, Systems and Technologies (Rank Qualis B3), pages 69--74, 2020. [pdf] [bib]
[11] J. Dumas, P. Lafourcade, J. López Fenner, D. Lucas, J. Orfila, C. Pernet, and M. Puys. Secure multiparty matrix multiplication based on strassen-winograd algorithm. In Advances in Information and Computer Security - 14th International Workshop on Security, IWSEC 2019, Tokyo, Japan, August 28-30, 2019, Proceedings (Rank Core B), pages 67--88, 2019. [pdf] [bib]
[10] B. Badrignans, V. Danjean, J. Dumas, P. Elbaz-Vincent, S. Machenaud, J. Orfila, F. Pebay-Peyroula, F. Pebay-Peyroula, M. Potet, M. Puys, J. Richier, and R. Jean-Louis. Security Architecture for Embedded Point-to-Points Splitting Protocols. In WCICSS 2017 - IEEE World Congress on Industrial Control Systems Security, 2017. [pdf] [bib]
[9] M. Puys, M. Potet, and A. Khaled. Generation of applicative attacks scenarios against industrial systems. In Foundations and Practice of Security - 10th International Symposium, FPS 2017, Nancy, France, October 23-25, 2017, Revised Selected Papers, pages 127--143, 2017. [pdf] [bib]
[8] J. Dreier, M. Puys, M. Potet, P. Lafourcade, and J. Roch. Formally verifying flow integrity properties in industrial systems. In Proceedings of the 14th International Joint Conference on e-Business and Telecommunications (ICETE) 2017) - Volume 4: SECRYPT, Madrid, Spain, July 24-26, 2017 (Rank Core B), pages 55--66, 2017. Best Student Paper Award. [pdf] [bib]
[7] M. Puys, J. Roch, and M. Potet. Domain specific stateful filtering with worst-case bandwidth. In Critical Information Infrastructures Security - 11th International Conference, CRITIS 2016, Paris, France, October 10-12, 2016, Revised Selected Papers (Rank Core C), pages 321--327, 2016. [pdf] [bib]
[6] M. Puys, M. Potet, and P. Lafourcade. Formal analysis of security properties on the OPC-UA SCADA protocol. In Computer Safety, Reliability, and Security - 35th International Conference, SAFECOMP 2016, Trondheim, Norway, September 21-23, 2016, Proceedings (Rank Core B), pages 67--75, 2016. [pdf] [bib]
[5] J. Dumas, P. Lafourcade, J. Orfila, and M. Puys. Private multi-party matrix multiplication and trust computations. In Proceedings of the 13th International Joint Conference on e-Business and Telecommunications (ICETE 2016) - Volume 4: SECRYPT, Lisbon, Portugal, July 26-28, 2016 (Rank Core B), pages 61--72, 2016. Best Paper Award. [pdf] [bib]
[4] P. Lafourcade and M. Puys. Performance evaluations of cryptographic protocols verification tools dealing with algebraic properties. In Foundations and Practice of Security - 8th International Symposium, FPS 2015, Clermont-Ferrand, France, October 26-28, 2015, Revised Selected Papers, pages 137--155, 2015. [pdf] [bib]
[3] L. Rivière, M. Potet, T. Le, J. Bringer, H. Chabanne, and M. Puys. Combining high-level and low-level approaches to evaluate software implementations robustness against multiple fault injection attacks. In Foundations and Practice of Security - 7th International Symposium, FPS 2014, Montreal, QC, Canada, November 3-5, 2014. Revised Selected Papers, pages 92--111, 2014. [pdf] [bib]
[2] M. Puys, L. Rivière, J. Bringer, and T. Le. High-level simulation for multiple fault injection evaluation. In Data Privacy Management, Autonomous Spontaneous Security, and Security Assurance - 9th International Workshop, DPM 2014, 7th International Workshop, SETOP 2014, and 3rd International Workshop, QASA 2014, Wroclaw, Poland, September 10-11, 2014. Revised Selected Papers, pages 293--308, 2014. [pdf] [bib]
[1] M. Potet, L. Mounier, M. Puys, and L. Dureuil. Lazart: A symbolic approach for evaluation the robustness of secured codes against control flow injections. In Seventh IEEE International Conference on Software Testing, Verification and Validation, ICST 2014, March 31 2014-April 4, 2014, Cleveland, Ohio, USA (Core Rank A), pages 213--222, 2014. [pdf] [bib]

French Peer-Reviewed Conferences with Proceedings

[8] M. Puys and P.-H. Thevenon. PULSE - cybersécurité des systèmes industriels. In Rendez-Vous de la Recherche et de l'Enseignement de la Sécurité des Systèmes d'Information, RESSI 2022, Chambon-sur-Lac, France, 2022. [pdf] [bib]
[7] M. Gallissot, M. Puys, and P.-H. Thevenon. Wonder-Cloud, une plateforme pour l’analyse et l’émulation de micrologiciels ainsi que la composition de pots de miels. In C&esar 2020 - Deceptive Security, Rennes, France, pages 1--8, 2020. [pdf] [bib]
[6] S. Mocanu, M. Puys, and P.-H. Thevenon. An Open-Source Hardware-In-The-Loop Virtualization System for Cybersecurity Studies of SCADA Systems. In C&esar 2019 - Virtualization and Cybersecurity, Rennes, France, pages 1--16, 2019. [pdf] [bib]
[5] M. Puys and P.-H. Thevenon. Les défis posés par la sécurisation de l'iot industriel. In Rendez-Vous de la Recherche et de l'Enseignement de la Sécurité des Systèmes d'Information, RESSI 2019, Erquy, France, 2019. [pdf] [bib]
[4] M. Puys, M. Potet, and J. Roch. Filtrage et vérification de flux métiers dans les systèmes industriels. In Rendez-Vous de la Recherche et de l'Enseignement de la Sécurité des Systèmes d'Information, RESSI 2016, Toulouse, France, 2016. [pdf] [bib]
[3] M. Puys, M. Potet, and J. Roch. Génération systématique de scénarios d'attaques contre des systèmes industriels. In Approches Formelles dans l'Assistance au Développement de Logiciels, AFADL 2016, Besançon, France, 2016. [pdf] [bib]
[2] M. Potet, L. Mounier, M. Puys, and L. Dureuil. Lazart: A symbolic approach for evaluation the robustness of secured codes against control flow injections. In 1er Colloque sur la Confiance Numérique en Auvergne, Clermont-Ferrand, France, 2014. [pdf] [bib]
[1] M. Potet, L. Mounier, M. Puys, and L. Dureuil. Lazart: A symbolic approach for evaluation the robustness of secured codes against control flow injections. In Approches Formelles dans l'Assistance au Développement de Logiciels, AFADL 2014, Paris, France, 2014. [pdf] [bib]

Research

  • [Core] Core Conference ranking engine.
  • [Sherpa/Romeo] Publisher copyright policies & self-archiving.
  • [VERIMAG Secu] Code analysis for security evaluation in VERIMAG.
  • [G@el] Access to UJF library (restricted access).

Free Software Contributions

LaTeX

  • [LaTeX] LaTeX Wikibook.
  • [Detexify] LaTeX symbol recognition.
  • [JabRef] BibTeX reference manager.

Vim

  • [Vim] Vim tutorial.

Scholar

  • [MIG] Magistère en Informatique de Grenoble.
  • [M2 SAFE] Master of cybersecurity in Grenoble (formerly SAFE master).

Really Miscellaneous

  • [CDF] Comité des fêtes de la ville d'Albertville.
  • [AKWTG] Académie de Kung fu Wushu et Taichi chuan de Grenoble.