Me

Cybersecurity |
|
Machine Learning |
|
Teaching and Scientific Supervision |
|
Since 2023 |
Associate Professor Univ. Clermont Auvergne, France Critical IoT Security, ML-based attack detection:
|
2018 - 2023 |
Research Engineer CEA-LETI, Grenoble, France Smart-Home and Industrial IoT Security:
|
2014 - 2018 |
Ph.D Student Vérimag, St Martin d'Hères, France Industrial Systems Cybersecurity:
|
Cybersecurity | SSH, Wireshark, Scapy, NMap, OpenSSL, Burp, John, Snort, Ettercap |
Development |
Python 100%
PHP 70% C 70% LUA 30% |
Linux | Admin (Debian, Alpine, Arch) |
Windows | Advanced user |
DevOps | Vim, Git, Jenkins, Virtualenv, Gitlab CI, Docker, VirtualBox, Ansible |
Reports | LaTeX, Office and alternatives |
Languages |
French 100%
English 80% Japanese 30% |
2014 - 2018 |
Ph.D in Cybersecurity Univ. Grenoble Alpes |
2012 - 2014 |
Master in Cybersecurity Univ. Grenoble Alpes Magna Cum Laude |
2009 - 2014 |
Magister in Computer Science Univ. Grenoble Alpes Summa Cum Laude |
2009 - 2012 |
Bachelor in Computer Science Univ. Grenoble Alpes Cum Laude |
[1] | M. Puys. Sécurité des systèmes industriels : filtrage applicatif et recherche de scénarios d'attaques. PhD thesis, Communauté Université Grenoble-Alpes, Feb. 2018. [bib] [pdf] [slides] |
[6] | M. Da Silva, S. Mocanu, M. Puys, and P.-H. Thevenon. Safety-security convergence: Automation of iec 62443-3-2. Computers & Security, Elsevier (Rank Sciamago Q1), 156:104477, 2025. [bib] [pdf] |
[5] | P.-H. Thevenon, S. Riou, D.-M. Tran, M. Puys, N. F. Polychronou, M. El Majihi, and C. Sivelle. iMRC: integrated monitoring & recovery component, a solution to guarantee the security of embedded systems. Journal of Internet Services and Information Security (JISIS) (Rank Scimago Q3), 13(1):4--32, 2022. [bib] [pdf] |
[4] | M. Puys, P.-H. Thevenon, S. M. Mocanu, M. Gallissot, and C. Sivelle. SCADA cybersecurity awareness and teaching with hardware-in-the-loop platforms. Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications (JoWUA) (Rank Scimago Q2), 13(1):4--32, 2022. [bib] [pdf] |
[3] | N.-F. Polychronou, P.-H. Thevenon, M. Puys, and V. Beroulle. A comprehensive survey of attacks without physical access targeting hardware vulnerabilities in IoT/IIoT devices, and their detection mechanisms. ACM Transactions on Design Automation of Electronic Systems (Rank Sciamago Q2), 27(1):1--35, 2021. [bib] [pdf] |
[2] | J. Dreier, M. Puys, M.-L. Potet, P. Lafourcade, and J.-L. Roch. Formally and practically verifying flow properties in industrial systems. Computers & Security, Elsevier (Rank Sciamago Q1), 86(1):453--470, 2019. [bib] [pdf] |
[1] | J.-G. Dumas, P. Lafourcade, J.-B. Orfila, and M. Puys. Dual protocols for private multi-party matrix multiplication and trust computations. Computers & Security, Elsevier (Rank Sciamago Q1), 71(1):51--70, 2017. [bib] [pdf] |
[22] | A. Ben Hassen, P. Lafourcade, D. Mahmoud, and M. Puys. Formal analysis of sdnsec: Attacks and corrections for payload, route integrity and accountability. To appear in: 20th ACM ASIA Conference on Computer and Communications Security (ACM ASIACCS 2025, Rank Core A), Hanoi, Vietnam [bib] [pdf] |
[21] | S. Kaneko, P. Lafourcade, L.-B. Mallordy, D. Miyahara, M. Puys, and K. Sakiyama. Secure voting protocol using balance scale. Foundations and Practice of Security - 17th International Symposium, FPS 2024, Montreal, Canada, December 9-11, 2024, Revised Selected Papers, Montreal, Canada [bib] [pdf] |
[20] | S. Kaneko, P. Lafourcade, L.-B. Mallordy, D. Miyahara, M. Puys, and K. Sakiyama. Balance-based zkp protocols for pencil-and-paper puzzles. Information Security Conference, Washington DC, United States, Oct 2024, 2024 [bib] [pdf] |
[19] | M. Da Silva, M. Puys, P.-H. Thevenon, and S. Mocanu. Plc logic-based cybersecurity risks identification for ics. The 18th International Conference on Availability, Reliability and Security, ARES 2023 (Rank Core B) - Workshop on Cybersecurity in Industry 4.0 (SecIndustry 2023), Benevento, Italy, Aug. 29 – Sept. 1, 2023, 2023 [bib] [pdf] |
[18] | M. Da Silva, M. Puys, P.-H. Thevenon, S. Mocanu, and N. Nkawa. Automated ics template for stride microsoft threat modeling tool. The 18th International Conference on Availability, Reliability and Security, ARES 2023 (Rank Core B) - Workshop on Cybersecurity in Industry 4.0 (SecIndustry 2023), Benevento, Italy, Aug. 29 – Sept. 1, 2023, 2023 [bib] [pdf] |
[17] | N. F. Polychronou, P.-H. Thevenon, M. Puys, and V. Beroulle. A hybrid solution for constraint devices to detect microarchitectural attacks. IEEE European Symposium on Security and Privacy (EuroS&P 2023) - Workshops, Delft, Netherlands, July 3-7, 2023, 2023 [bib] [pdf] |
[16] | C. Sivelle, L. Debbah, M. Puys, P. Lafourcade, and T. Franco-Rondisson. Automatic implementations synthesis of secure protocols and attacks from abstract models. 27th Nordic Conference on Secure IT Systems (NordSec), Reykjavik, Iceland, Nov. 30 -- Dec. 2, 2022 (Rank ERA C), 2022 [bib] [pdf] |
[15] | N. F. Polychronou, P.-H. Thevenon, M. Puys, and V. Beroulle. MaDMAN: Detection of software attacks targeting hardware vulnerabilities. 24th IEEE Euromicro Conference on Digital System Design (DSD), Palermo, Italy, Sept, 1-3, 2021 (Rank Qualis B1), pages 355--362, 2021 [bib] [pdf] |
[14] | N. F. Polychronou, P.-H. Thevenon, M. Puys, and V. Beroulle. Securing IoI/IIoT from software attacks targeting hardware vulnerabilities. 2021 19th IEEE International New Circuits and Systems Conference (NEWCAS), Toulon, France, June 13-16, 2021 (Rank Qualis B4), pages 1--4, 2021 [bib] [pdf] |
[13] | M. Puys, P.-H. Thevenon, and S. Mocanu. Hardware-in-the-loop labs for scada cybersecurity awareness and training. The 16th International Conference on Availability, Reliability and Security, ARES 2021 (Rank Core B) - Workshop on Education, Training and Awareness in Cybersecurity (ETACS 2021), Vienna, Austria, August 17-20, 2021, pages 1--10, 2021 [bib] [pdf] |
[12] | M. Puys, J.-P. Krimm, and R. Collado. Towards cybersecurity act: A survey on iot evaluation frameworks. SECURWARE 2020-The Fourteenth International Conference on Emerging Security Information, Systems and Technologies (Rank Qualis B3), pages 69--74, 2020 [bib] [pdf] |
[11] | J. Dumas, P. Lafourcade, J. López Fenner, D. Lucas, J. Orfila, C. Pernet, and M. Puys. Secure multiparty matrix multiplication based on strassen-winograd algorithm. Advances in Information and Computer Security - 14th International Workshop on Security, IWSEC 2019, Tokyo, Japan, August 28-30, 2019, Proceedings (Rank Core B), pages 67--88, 2019 [bib] [pdf] |
[10] | B. Badrignans, V. Danjean, J. Dumas, P. Elbaz-Vincent, S. Machenaud, J. Orfila, F. Pebay-Peyroula, F. Pebay-Peyroula, M. Potet, M. Puys, J. Richier, and R. Jean-Louis. Security Architecture for Embedded Point-to-Points Splitting Protocols. WCICSS 2017 - IEEE World Congress on Industrial Control Systems Security, 2017 [bib] [pdf] |
[9] | M. Puys, M. Potet, and A. Khaled. Generation of applicative attacks scenarios against industrial systems. Foundations and Practice of Security - 10th International Symposium, FPS 2017, Nancy, France, October 23-25, 2017, Revised Selected Papers, pages 127--143, 2017 [bib] [pdf] |
[8] | J. Dreier, M. Puys, M. Potet, P. Lafourcade, and J. Roch. Formally verifying flow integrity properties in industrial systems. Proceedings of the 14th International Joint Conference on e-Business and Telecommunications (ICETE) 2017) - Volume 4: SECRYPT, Madrid, Spain, July 24-26, 2017 (Rank Core B), pages 55--66, Best Student Paper Award, 2017 [bib] [pdf] |
[7] | M. Puys, J. Roch, and M. Potet. Domain specific stateful filtering with worst-case bandwidth. Critical Information Infrastructures Security - 11th International Conference, CRITIS 2016, Paris, France, October 10-12, 2016, Revised Selected Papers (Rank Core C), pages 321--327, 2016 [bib] [pdf] |
[6] | M. Puys, M. Potet, and P. Lafourcade. Formal analysis of security properties on the OPC-UA SCADA protocol. Computer Safety, Reliability, and Security - 35th International Conference, SAFECOMP 2016, Trondheim, Norway, September 21-23, 2016, Proceedings (Rank Core B), pages 67--75, 2016 [bib] [pdf] |
[5] | J. Dumas, P. Lafourcade, J. Orfila, and M. Puys. Private multi-party matrix multiplication and trust computations. Proceedings of the 13th International Joint Conference on e-Business and Telecommunications (ICETE 2016) - Volume 4: SECRYPT, Lisbon, Portugal, July 26-28, 2016 (Rank Core B), pages 61--72, Best Paper Award, 2016 [bib] [pdf] |
[4] | P. Lafourcade and M. Puys. Performance evaluations of cryptographic protocols verification tools dealing with algebraic properties. Foundations and Practice of Security - 8th International Symposium, FPS 2015, Clermont-Ferrand, France, October 26-28, 2015, Revised Selected Papers, pages 137--155, 2015 [bib] [pdf] |
[3] | L. Rivière, M. Potet, T. Le, J. Bringer, H. Chabanne, and M. Puys. Combining high-level and low-level approaches to evaluate software implementations robustness against multiple fault injection attacks. Foundations and Practice of Security - 7th International Symposium, FPS 2014, Montreal, QC, Canada, November 3-5, 2014. Revised Selected Papers, pages 92--111, 2014 [bib] [pdf] |
[2] | M. Puys, L. Rivière, J. Bringer, and T. Le. High-level simulation for multiple fault injection evaluation. Data Privacy Management, Autonomous Spontaneous Security, and Security Assurance - 9th International Workshop, DPM 2014, 7th International Workshop, SETOP 2014, and 3rd International Workshop, QASA 2014, Wroclaw, Poland, September 10-11, 2014. Revised Selected Papers, pages 293--308, 2014 [bib] [pdf] |
[1] | M. Potet, L. Mounier, M. Puys, and L. Dureuil. Lazart: A symbolic approach for evaluation the robustness of secured codes against control flow injections. Seventh IEEE International Conference on Software Testing, Verification and Validation, ICST 2014, March 31 2014-April 4, 2014, Cleveland, Ohio, USA (Core Rank A), pages 213--222, 2014 [bib] [pdf] |
[8] | M. Puys and P.-H. Thevenon. PULSE - cybersécurité des systèmes industriels. Rendez-Vous de la Recherche et de l'Enseignement de la Sécurité des Systèmes d'Information, RESSI 2022, Chambon-sur-Lac, France, 2022 [bib] [pdf] |
[7] | M. Gallissot, M. Puys, and P.-H. Thevenon. Wonder-Cloud, une plateforme pour l’analyse et l’émulation de micrologiciels ainsi que la composition de pots de miels. C&esar 2020 - Deceptive Security, Rennes, France, pages 1--8, 2020 [bib] [pdf] |
[6] | S. Mocanu, M. Puys, and P.-H. Thevenon. An Open-Source Hardware-In-The-Loop Virtualization System for Cybersecurity Studies of SCADA Systems. C&esar 2019 - Virtualization and Cybersecurity, Rennes, France, pages 1--16, 2019 [bib] [pdf] |
[5] | M. Puys and P.-H. Thevenon. Les défis posés par la sécurisation de l'iot industriel. Rendez-Vous de la Recherche et de l'Enseignement de la Sécurité des Systèmes d'Information, RESSI 2019, Erquy, France, 2019 [bib] [pdf] |
[4] | M. Puys, M. Potet, and J. Roch. Filtrage et vérification de flux métiers dans les systèmes industriels. Rendez-Vous de la Recherche et de l'Enseignement de la Sécurité des Systèmes d'Information, RESSI 2016, Toulouse, France, 2016 [bib] [pdf] |
[3] | M. Puys, M. Potet, and J. Roch. Génération systématique de scénarios d'attaques contre des systèmes industriels. Approches Formelles dans l'Assistance au Développement de Logiciels, AFADL 2016, Besançon, France, 2016 [bib] [pdf] |
[2] | M. Potet, L. Mounier, M. Puys, and L. Dureuil. Lazart: A symbolic approach for evaluation the robustness of secured codes against control flow injections. 1er Colloque sur la Confiance Numérique en Auvergne, Clermont-Ferrand, France, 2014 [bib] [pdf] |
[1] | M. Potet, L. Mounier, M. Puys, and L. Dureuil. Lazart: A symbolic approach for evaluation the robustness of secured codes against control flow injections. Approches Formelles dans l'Assistance au Développement de Logiciels, AFADL 2014, Paris, France, 2014 [bib] [pdf] |
[2] | M. Da Silva, P.-H. Thevenon, M. Puys, and S. Mocanu. Method and device for identifying risks of cyberattacks, Jun 2024 [bib] |
[1] | N. Polychronou, P.-H. Thevenon, M. Puys, and V. Beroulle. System for detecting malwares in a resources constrained device, Aug 2023 [bib] |
My research focuses on the cybersecurity of industrial and critical Internet of Things (IoT) (ICS, medical devices, connected vehicles, smart cities). The goal is to analyze how cyberattacks compromise the safety of these systems, meaning their reliable and safe operation.
With the rise of Industry 4.0, IoT is expanding into critical domains, increasing cyberattacks (e.g., Stuxnet, Mirai). These systems, unlike classical IT systems, prioritize process availability and safety. The major challenge is the joint study of safety and and security, often interconnected and potentially antagonistic, especially since current tools rarely manage them together due to combinatorial complexity.
My research areas are:
Jury: | Guy Gogniat, Prof. Université Bretagne Sud, Reviewer |
Lilian Bossuet, Prof. Université Jean Monnet, Reviewer | |
Laure Gonnord, Prof. Grenoble INP, Examiner | |
Gilles Sassatelli, DR CNRS/Université of Montpellier, President | |
Vincent Beroulle, Prof. Grenoble INP, Supervisor | |
Pierre-Henri Thevenon, CEA-LETI, Advisor | |
Maxime Puys, CEA-LETI, Advisor |
Jury: | Vincent Nicomette, Prof. INSA de Toulouse, Reviewer |
Nga Nguyen, Associate Prof. ESILV, Reviewer | |
Pascal Lafourcade, Prof. University Clermont Auvergne, Examiner | |
Marie-Laure Potet, Prof. University Grenoble Alpes, President | |
Stéphane Mocanu, Associate Prof. Grenoble INP, Supervisor | |
Pierre-Henri Thevenon, CEA-LETI, Advisor | |
Maxime Puys, Associate Prof. University Clermont Auvergne, Advisor |
I mainly teach at IUT Clermont Auvergne and ISIMA, mostly in French.
All my teaching material is available here, licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License. Permission is explicitly granted to copy, distribute and/or modify these document for educational purposes under the terms of the CC BY-NC-SA license.