Curriculum Vitæ
Fields of Expertise
Cybersecurity |
|
Machine Learning |
|
Teaching and Scientific Supervision |
|
Professional Experience
Since 2023 |
Assistant Professor Univ. Clermont Auvergne, France Critical IoT Security, ML-based attack detection:
|
2018 - 2023 |
Research Engineer CEA-LETI, Grenoble, France Smart-Home and Industrial IoT Security:
|
2014 - 2018 |
Ph.D Student Vérimag, St Martin d'Hères, France Industrial Systems Cybersecurity:
|
Computer Science Skills
Cybersecurity | SSH, Wireshark, Scapy, NMap, OpenSSL, Burp, John, Snort, Ettercap |
Programming |
Python 100%
C 100% Ocaml 60% ASM 40% |
Linux | Admin (Debian, Alpine, Arch) |
Windows | Advanced user |
DevOps | Vim, Git, Jenkins, Virtualenv, Gitlab CI, Docker, VirtualBox, Ansible |
Reports | LaTeX, Office and alternatives |
Languages |
French 100%
English 80% Japanese 30% |
Scholar Formation
2014 - 2018 |
Ph.D in Cybersecurity Univ. Grenoble Alpes |
2012 - 2014 |
Master in Cybersecurity Univ. Grenoble Alpes Magna Cum Laude |
2009 - 2014 |
Magister in Computer Science Univ. Grenoble Alpes Summa Cum Laude |
2009 - 2012 |
Bachelor in Computer Science Univ. Grenoble Alpes Cum Laude |
Publications
Ph.D. Thesis
[1] | M. Puys. Sécurité des systèmes industriels : filtrage applicatif et recherche de scénarios d'attaques. PhD thesis, Communauté Université Grenoble-Alpes, Feb. 2018. [pdf] [bib] [slides] |
International Peer-Reviewed Journals
[5] | P.-H. Thevenon, S. Riou, D.-M. Tran, M. Puys, N. F. Polychronou, M. El Majihi, and C. Sivelle. iMRC: integrated monitoring & recovery component, a solution to guarantee the security of embedded systems. Journal of Internet Services and Information Security (JISIS) (Rank Scimago Q3), 13(1):4--32, 2022. [pdf] [bib] |
[4] | M. Puys, P.-H. Thevenon, S. M. Mocanu, M. Gallissot, and C. Sivelle. SCADA cybersecurity awareness and teaching with hardware-in-the-loop platforms. Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications (JoWUA) (Rank Scimago Q2), 13(1):4--32, 2022. [pdf] [bib] |
[3] | N.-F. Polychronou, P.-H. Thevenon, M. Puys, and V. Beroulle. A comprehensive survey of attacks without physical access targeting hardware vulnerabilities in IoT/IIoT devices, and their detection mechanisms. ACM Transactions on Design Automation of Electronic Systems (Rank Sciamago Q2), 27(1):1--35, 2021. [pdf] [bib] |
[2] | J. Dreier, M. Puys, M.-L. Potet, P. Lafourcade, and J.-L. Roch. Formally and practically verifying flow properties in industrial systems. Computers & Security, Elsevier (Rank Sciamago Q1), 86(1):453--470, 2019. [pdf] [bib] |
[1] | J.-G. Dumas, P. Lafourcade, J.-B. Orfila, and M. Puys. Dual protocols for private multi-party matrix multiplication and trust computations. Computers & Security, Elsevier (Rank Sciamago Q1), 71(1):51--70, 2017. [pdf] [bib] |
International Peer-Reviewed Conferences with Proceedings
[20] | S. Kaneko, P. Lafourcade, L.-B. Mallordy, D. Miyahara, M. Puys, and K. Sakiyama. Balance-based zkp protocols for pencil-and-paper puzzles. In Information Security Conference, 2024. [pdf] [bib] |
[19] | M. Da Silva, M. Puys, P.-H. Thevenon, and S. Mocanu. Plc logic-based cybersecurity risks identification for ics. In The 18th International Conference on Availability, Reliability and Security, ARES 2023, Benevento, Italy, Aug. 29 – Sept. 1, 2023 (Rank Core B), 2023. [pdf] [bib] |
[18] | M. Da Silva, M. Puys, P.-H. Thevenon, S. Mocanu, and N. Nkawa. Automated ics template for stride microsoft threat modeling tool. In The 18th International Conference on Availability, Reliability and Security, ARES 2023, Benevento, Italy, Aug. 29 – Sept. 1, 2023 (Rank Core B), 2023. [pdf] [bib] |
[17] | N. F. Polychronou, P.-H. Thevenon, M. Puys, and V. Beroulle. A hybrid solution for constraint devices to detect microarchitectural attacks. In IEEE European Symposium on Security and Privacy (EuroS&P 2023) - Workshops, Delft, Netherlands, July 3-7, 2023, 2023. [pdf] [bib] |
[16] | C. Sivelle, L. Debbah, M. Puys, P. Lafourcade, and T. Franco-Rondisson. Automatic implementations synthesis of secure protocols and attacks from abstract models. In 27th Nordic Conference on Secure IT Systems (NordSec), Reykjavik, Iceland, Nov. 30 -- Dec. 2, 2022 (Rank ERA C), 2022. [pdf] [bib] |
[15] | N. F. Polychronou, P.-H. Thevenon, M. Puys, and V. Beroulle. MaDMAN: Detection of software attacks targeting hardware vulnerabilities. In 24th IEEE Euromicro Conference on Digital System Design (DSD), Palermo, Italy, Sept, 1-3, 2021 (Rank Qualis B1), pages 355--362, 2021. [pdf] [bib] |
[14] | N. F. Polychronou, P.-H. Thevenon, M. Puys, and V. Beroulle. Securing IoI/IIoT from software attacks targeting hardware vulnerabilities. In 2021 19th IEEE International New Circuits and Systems Conference (NEWCAS), Toulon, France, June 13-16, 2021 (Rank Qualis B4), pages 1--4, 2021. [pdf] [bib] |
[13] | M. Puys, P.-H. Thevenon, and S. Mocanu. Hardware-in-the-loop labs for scada cybersecurity awareness and training. In The 16th International Conference on Availability, Reliability and Security, ARES 2021, Vienna, Austria, August 17-20, 2021 (Rank Core B), pages 1--10, 2021. [pdf] [bib] |
[12] | M. Puys, J.-P. Krimm, and R. Collado. Towards cybersecurity act: A survey on iot evaluation frameworks. In SECURWARE 2020-The Fourteenth International Conference on Emerging Security Information, Systems and Technologies (Rank Qualis B3), pages 69--74, 2020. [pdf] [bib] |
[11] | J. Dumas, P. Lafourcade, J. López Fenner, D. Lucas, J. Orfila, C. Pernet, and M. Puys. Secure multiparty matrix multiplication based on strassen-winograd algorithm. In Advances in Information and Computer Security - 14th International Workshop on Security, IWSEC 2019, Tokyo, Japan, August 28-30, 2019, Proceedings (Rank Core B), pages 67--88, 2019. [pdf] [bib] |
[10] | B. Badrignans, V. Danjean, J. Dumas, P. Elbaz-Vincent, S. Machenaud, J. Orfila, F. Pebay-Peyroula, F. Pebay-Peyroula, M. Potet, M. Puys, J. Richier, and R. Jean-Louis. Security Architecture for Embedded Point-to-Points Splitting Protocols. In WCICSS 2017 - IEEE World Congress on Industrial Control Systems Security, 2017. [pdf] [bib] |
[9] | M. Puys, M. Potet, and A. Khaled. Generation of applicative attacks scenarios against industrial systems. In Foundations and Practice of Security - 10th International Symposium, FPS 2017, Nancy, France, October 23-25, 2017, Revised Selected Papers, pages 127--143, 2017. [pdf] [bib] |
[8] | J. Dreier, M. Puys, M. Potet, P. Lafourcade, and J. Roch. Formally verifying flow integrity properties in industrial systems. In Proceedings of the 14th International Joint Conference on e-Business and Telecommunications (ICETE) 2017) - Volume 4: SECRYPT, Madrid, Spain, July 24-26, 2017 (Rank Core B), pages 55--66, 2017. Best Student Paper Award. [pdf] [bib] |
[7] | M. Puys, J. Roch, and M. Potet. Domain specific stateful filtering with worst-case bandwidth. In Critical Information Infrastructures Security - 11th International Conference, CRITIS 2016, Paris, France, October 10-12, 2016, Revised Selected Papers (Rank Core C), pages 321--327, 2016. [pdf] [bib] |
[6] | M. Puys, M. Potet, and P. Lafourcade. Formal analysis of security properties on the OPC-UA SCADA protocol. In Computer Safety, Reliability, and Security - 35th International Conference, SAFECOMP 2016, Trondheim, Norway, September 21-23, 2016, Proceedings (Rank Core B), pages 67--75, 2016. [pdf] [bib] |
[5] | J. Dumas, P. Lafourcade, J. Orfila, and M. Puys. Private multi-party matrix multiplication and trust computations. In Proceedings of the 13th International Joint Conference on e-Business and Telecommunications (ICETE 2016) - Volume 4: SECRYPT, Lisbon, Portugal, July 26-28, 2016 (Rank Core B), pages 61--72, 2016. Best Paper Award. [pdf] [bib] |
[4] | P. Lafourcade and M. Puys. Performance evaluations of cryptographic protocols verification tools dealing with algebraic properties. In Foundations and Practice of Security - 8th International Symposium, FPS 2015, Clermont-Ferrand, France, October 26-28, 2015, Revised Selected Papers, pages 137--155, 2015. [pdf] [bib] |
[3] | L. Rivière, M. Potet, T. Le, J. Bringer, H. Chabanne, and M. Puys. Combining high-level and low-level approaches to evaluate software implementations robustness against multiple fault injection attacks. In Foundations and Practice of Security - 7th International Symposium, FPS 2014, Montreal, QC, Canada, November 3-5, 2014. Revised Selected Papers, pages 92--111, 2014. [pdf] [bib] |
[2] | M. Puys, L. Rivière, J. Bringer, and T. Le. High-level simulation for multiple fault injection evaluation. In Data Privacy Management, Autonomous Spontaneous Security, and Security Assurance - 9th International Workshop, DPM 2014, 7th International Workshop, SETOP 2014, and 3rd International Workshop, QASA 2014, Wroclaw, Poland, September 10-11, 2014. Revised Selected Papers, pages 293--308, 2014. [pdf] [bib] |
[1] | M. Potet, L. Mounier, M. Puys, and L. Dureuil. Lazart: A symbolic approach for evaluation the robustness of secured codes against control flow injections. In Seventh IEEE International Conference on Software Testing, Verification and Validation, ICST 2014, March 31 2014-April 4, 2014, Cleveland, Ohio, USA (Core Rank A), pages 213--222, 2014. [pdf] [bib] |
French Peer-Reviewed Conferences with Proceedings
[8] | M. Puys and P.-H. Thevenon. PULSE - cybersécurité des systèmes industriels. In Rendez-Vous de la Recherche et de l'Enseignement de la Sécurité des Systèmes d'Information, RESSI 2022, Chambon-sur-Lac, France, 2022. [pdf] [bib] |
[7] | M. Gallissot, M. Puys, and P.-H. Thevenon. Wonder-Cloud, une plateforme pour l’analyse et l’émulation de micrologiciels ainsi que la composition de pots de miels. In C&esar 2020 - Deceptive Security, Rennes, France, pages 1--8, 2020. [pdf] [bib] |
[6] | S. Mocanu, M. Puys, and P.-H. Thevenon. An Open-Source Hardware-In-The-Loop Virtualization System for Cybersecurity Studies of SCADA Systems. In C&esar 2019 - Virtualization and Cybersecurity, Rennes, France, pages 1--16, 2019. [pdf] [bib] |
[5] | M. Puys and P.-H. Thevenon. Les défis posés par la sécurisation de l'iot industriel. In Rendez-Vous de la Recherche et de l'Enseignement de la Sécurité des Systèmes d'Information, RESSI 2019, Erquy, France, 2019. [pdf] [bib] |
[4] | M. Puys, M. Potet, and J. Roch. Filtrage et vérification de flux métiers dans les systèmes industriels. In Rendez-Vous de la Recherche et de l'Enseignement de la Sécurité des Systèmes d'Information, RESSI 2016, Toulouse, France, 2016. [pdf] [bib] |
[3] | M. Puys, M. Potet, and J. Roch. Génération systématique de scénarios d'attaques contre des systèmes industriels. In Approches Formelles dans l'Assistance au Développement de Logiciels, AFADL 2016, Besançon, France, 2016. [pdf] [bib] |
[2] | M. Potet, L. Mounier, M. Puys, and L. Dureuil. Lazart: A symbolic approach for evaluation the robustness of secured codes against control flow injections. In 1er Colloque sur la Confiance Numérique en Auvergne, Clermont-Ferrand, France, 2014. [pdf] [bib] |
[1] | M. Potet, L. Mounier, M. Puys, and L. Dureuil. Lazart: A symbolic approach for evaluation the robustness of secured codes against control flow injections. In Approches Formelles dans l'Assistance au Développement de Logiciels, AFADL 2014, Paris, France, 2014. [pdf] [bib] |
Links
Research
- [Core] Core Conference ranking engine.
- [Sherpa/Romeo] Publisher copyright policies & self-archiving.
- [VERIMAG Secu] Code analysis for security evaluation in VERIMAG.
- [G@el] Access to UJF library (restricted access).
Free Software Contributions
- [FreeOpcUa] OpcUa (industrial protocol) Python module.
- [FeatherDuster] Cryptanalysis Python module.
LaTeX
Vim
- [Vim] Vim tutorial.
Scholar
- [MIG] Magistère en Informatique de Grenoble.
- [M2 SAFE] Master of cybersecurity in Grenoble (formerly SAFE master).
Really Miscellaneous
- [CDF] Comité des fêtes de la ville d'Albertville.
- [AKWTG] Académie de Kung fu Wushu et Taichi chuan de Grenoble.