Me

Photo
Maxime Puys
Ph.D Student
University of Grenoble Alpes and VERIMAG Laboratory (PACSS group)
E-mail: Maxime (dot) Puys (at) univ-grenoble-alpes (dot) fr
Office: 280 - PIL 013-E2-01
Bâtiment IMAG
700 Avenue Centrale
38401 ST MARTIN D'HÈRES
France
Phone: +33 4 57 42 22 46
Links: Linkedin   ResearchGate   Google Scholar   Github   DBLP

Curriclum Vitae

Skills

  • Cybersecurity – Cryptology (OpenSSL, Featherduster), Network Security (Wireshark, Scapy, NMap), Reverse engineering (GDB, IDA Pro), Shell code, Web Breaches, Metasploit
  • Programming – Professional Skills: Python, C, C++, Java, Php/MySQL, Basic Knowledge: Asm x86/ARM, Go, Rust, Ruby, Ada, Ocaml
  • Operating systems – Linux (Ubuntu, Debian, ArchLinux), Windows (98 to 10), BSD (FreeBSD, OpenBSD, NetBSD)
  • Office suites – LaTeX, Microsoft Office and derived

Experience

  • 2014 –, Ph.D Student, Verimag, University of Grenoble Alpes, Grenoble, France
  • 2013 – 2014, Smart-Card Security Apprentice Engineer, Morpho, Osny, France
  • 2013, Master 1 Intern, Verimag, University of Grenoble Alpes, Grenoble, France

Education

  • 2012 – 2014, Master’s Degree, Magna Cum Laude (Mention “Bien”), University of Grenoble Alpes, Grenoble, France
  • 2009 – 2012, Licentiate Degree, Cum Laude (Mention “Assez Bien”), University of Grenoble Alpes, Grenoble, France

Summary

After graduating from bachelor’s degree in Albertville, I applied to the University of Grenoble Alpes in Grenoble. I obtained my licence’s degree in computer science and graduated from my second year of master in computer science security. This master was named SAFE (now Cybersecurity), standing for Sécurité, Audit et Informatique Légal, cybercriminality orientated and this year of study was combined with an apprenticeship in the R&D center of SAFRAN Morpho on the security of smartcards against fault attacks. This apprenticeship lead to the publication of two articles at FPS 2014 and QASA 2014. Within this position, I ensured technology intelligence, provided intern white-papers and proposed new ideas including:

  • A detailed state-of-the-art on fault attacks against RSA cryptographic scheme;
  • A set of macro to automatically embed security against fault attacks in smart-cards applications;
  • A simulator working at C level to automatically assess the security of smart-cards applications against fault attacks.

I also hold a magister degree with an internship in the Verimag laboratory under the supervision of Laurent Mounier and Marie-Laure Potet. This internship was also dealing with faults attacks and has lead to the publiction of an article at ICST 2014.

 

I am currently in the third year of my Ph.D in the field of industrial systems cybersecurity at the Verimag laboratory under the supervision of Marie-Laure Potet and Jean-Louis Roch. Within the projet PIA Sécurité Numérique ARAMIS, my subject aims to propose a language in order to filter industrial communication using deep packet analysis. I am also interested in automated generation of attack scenarios against industrial systems and formal verification of industrial protocols. In the future, I would like to keep working as an R&D engineer while having the possibility to give some teaching.

Students Supervision

  • 2017: Abdelaziz KHALED, Computer Science Master 2 Internship, University of Troyes - Automatated Translation of Specifications for Research of Attack Scenarios (in co-supervision with Marie-Laure Potet)
  • 2017: Florian MARCO, Computer Science Licentiate 3 Internship, University of Grenoble Alpes - Modular modelization of intruder in ProVerif (in co-supervision with Cristian Ene)
  • 2016: Joris CHAFFARD, Computer Science Master 1 Internship, University of Grenoble Alpes - Modélisation de comportements d’attaques contres des systèmes de contrôle-commande (in co-supervision with Emmanuel Perrier and Marie-Laure Potet)
  • 2016: Francesco FURFARO, Computer Science Master 1 Internship, University of Grenoble Alpes - Génération de traffic d’attaque pour les protocoles contrôle-commande (in co-supervision with Emmanuel Perrier and Marie-Laure Potet)

Scientific Activities

  • [RESSI 2017] 3ème Rendez-Vous de la Recherche et de l’Enseignement de la Sécurité des Systèmes d’Information (Ph.D students track’s chair)
  • [RESSI 2016] 2ème Rendez-Vous de la Recherche et de l’Enseignement de la Sécurité des Systèmes d’Information (Ph.D students track’s PC member)
  • [FPS 2016] 9th International Symposium on Foundations & Practice of Security (subreview)

Honors & Awards

  • Best Student Paper Award, Jul 2017, SECRYPT 2017, For paper “Formally Verifying Flow Integrity Properties in Industrial Systems”.
  • Best Paper Award, Jul 2016, SECRYPT 2016, For paper “Private Multi-party Matrix Multiplication and Trust Computations”.

Publications

International Peer-Reviewed Journals

[1] J.-G. Dumas, P. Lafourcade, J.-B. Orfila, and M. Puys. Dual protocols for private multi-party matrix multiplication and trust computations. Computers & Security, 2017. [pdf] [bib]

International Peer-Reviewed Conferences with Proceedings

[8] J. Dreier, M. Puys, M. Potet, P. Lafourcade, and J. Roch. Formally verifying flow integrity properties in industrial systems. In SECRYPT'17, Madrid, Spain, 2017. Best Student Paper Award. [pdf] [bib]
[7] M. Puys, J. Roch, and M. Potet. Domain specific stateful filtering with worst-case bandwidth. In CRITIS'16, Paris, France, 2016. [pdf] [bib]
[6] M. Puys, M. Potet, and P. Lafourcade. Formal analysis of security properties on the OPC-UA SCADA protocol. In Computer Safety, Reliability, and Security - 35th International Conference, SAFECOMP 2016, Trondheim, Norway, September 21-23, 2016, Proceedings, pages 67-75, 2016. [pdf] [bib]
[5] J. Dumas, P. Lafourcade, J. Orfila, and M. Puys. Private multi-party matrix multiplication and trust computations. In Proceedings of the 13th International Joint Conference on e-Business and Telecommunications (ICETE 2016) - Volume 4: SECRYPT, Lisbon, Portugal, July 26-28, 2016., pages 61-72, 2016. Best Paper Award. [pdf] [bib]
[4] P. Lafourcade and M. Puys. Performance evaluations of cryptographic protocols verification tools dealing with algebraic properties. In Foundations and Practice of Security - 8th International Symposium, FPS 2015, Clermont-Ferrand, France, October 26-28, 2015, Revised Selected Papers, pages 137-155, 2015. [pdf] [bib]
[3] L. Rivière, M. Potet, T. Le, J. Bringer, H. Chabanne, and M. Puys. Combining high-level and low-level approaches to evaluate software implementations robustness against multiple fault injection attacks. In Foundations and Practice of Security - 7th International Symposium, FPS 2014, Montreal, QC, Canada, November 3-5, 2014. Revised Selected Papers, pages 92-111, 2014. [pdf] [bib]
[2] M. Puys, L. Rivière, J. Bringer, and T. Le. High-level simulation for multiple fault injection evaluation. In Data Privacy Management, Autonomous Spontaneous Security, and Security Assurance - 9th International Workshop, DPM 2014, 7th International Workshop, SETOP 2014, and 3rd International Workshop, QASA 2014, Wroclaw, Poland, September 10-11, 2014. Revised Selected Papers, pages 293-308, 2014. [pdf] [bib]
[1] M. Potet, L. Mounier, M. Puys, and L. Dureuil. Lazart: A symbolic approach for evaluation the robustness of secured codes against control flow injections. In Seventh IEEE International Conference on Software Testing, Verification and Validation, ICST 2014, March 31 2014-April 4, 2014, Cleveland, Ohio, USA, pages 213-222, 2014. [pdf] [bib]

French Peer-Reviewed Conferences with Proceedings

[4] M. Puys, M. Potet, and J. Roch. Filtrage et vérification de flux métiers dans les systèmes industriels. In Rendez-Vous de la Recherche et de l'Enseignement de la Sécurité des Systèmes d'Information, RESSI 2016, Toulouse, France, 2016. [pdf] [bib]
[3] M. Puys, M. Potet, and J. Roch. Génération systématique de scénarios d'attaques contre des systèmes industriels. In Approches Formelles dans l'Assistance au Développement de Logiciels, AFADL 2016, Besançon, France, 2016. [pdf] [bib]
[2] M. Potet, L. Mounier, M. Puys, and L. Dureuil. Lazart: A symbolic approach for evaluation the robustness of secured codes against control flow injections. In 1er Colloque sur la Confiance Numérique en Auvergne, Clermont-Ferrand, France. [pdf] [bib]
[1] M. Potet, L. Mounier, M. Puys, and L. Dureuil. Lazart: A symbolic approach for evaluation the robustness of secured codes against control flow injections. In Approches Formelles dans l'Assistance au Développement de Logiciels, AFADL 2014, Paris, France, 2014. [pdf] [bib]