Publications

We design new encryption mechanisms that enable the design of the first universally verifiable voting schemes, supporting both receipt-freeness and everlasting privacy without assuming the existence of an anonymous channel.

Our schemes support the two most traditional election tallying… Read more

Concurrency theory has received considerable attention, but mostly in the scope of synchronous
process algebras such as CCS, CSP, and ACP. As another way of handling concurrency, data-based
coordination languages aim to provide a clear separation between interaction and computation by… Read more

Part of the Embedded Cryptography Textbook

The proliferation of cybercrime and the escalating threat of malware attacks necessitate more effective and efficient analysis techniques. Traditional methods, such as static and dynamic analysis, have limitations that hinder their effectiveness against sophisticated and evasive malware.… Read more

 This document specifies a multipath extension for the QUIC protocol to enable the simultaneous usage of multiple paths for a single connection.

Shaping first-year students’ minds to solve problems
at different levels of abstraction is both important and challeng-
ing. Although abstraction is a crucial skill in problem-solving,
especially in STEM subjects, students often struggle with abstract
thinking. They tend to focus… Read more

This paper addresses the difficulties students face when learning
and practicing pointers (i.e., variables storing the memory address
of another variable as its value) in a computer programming class.
To improve their understanding and practice, we have developed
Tartare, an… Read more

This paper focuses on a programming methodology relying
on an informal and graphical version of the Loop Invariant for building
the code. This methodology is applied in the context of a CS1 course in
which students are exposed to several C programming language concepts
and… Read more

This Docker image is an experimental toolkit gathering analyzers, detectors, packers, tools and machine learning mechanics for making datasets of packed executables and training machine learning models for the static detection of packing. It aims to support PE, ELF and Mach-O executables and to… Read more

This thesis presents an integrated approach to strengthen software security of Odoo, a popular open-source ERP and CRM system. The approach employs a comprehensive methodology that integrates risk analysis based on the CIA triad, static code analysis using the open-source tool Semgrep, rule… Read more

Executable packing is a well-known problematic especially in the field of malware analysis. It often consists in applying compression or encryption to a binary file and embedding a stub for reversing these transformations at runtime. This way, the packed executable is more difficult to reverse-… Read more

New malware are created every day. However, some are just previously known ones, altered to make them invisible to classifiers. But how can a classifier defend itself against them? Malware mutation tools are developed to help classifiers and to prevent potential malware from accessing a computer… Read more

Tools and techniques for assessing the possibilities and impacts of attacks on IT systems are necessary to ensure the IT systems upon which society depends on continue to operate despite targeted attacks. This reality compels the development of intuitive brainstorming formalisms like attack-… Read more

Software systems are incorporated into various aspects of human society. However, their integration brings a set of challenges, especially when software operates on personal data. The systems must be correct and provide the desired functionality while maintaining privacy and security of personal… Read more

This article presents new contributions for Remote Access Trojan (RAT) analysis using symbolic execution techniques. The first part of the article identifies the challenges in the application of such an analysis, as well as the procedures put in place to address these challenges. The second part… Read more

We design new encryption mechanisms that enable the design of the first universally verifiable voting schemes, supporting both receipt-freeness and everlasting privacy without assuming the existence
of an anonymous channel.
Our schemes support the two most traditional election tallying… Read more

Cyber ranges (CR) have gained attention from researchers and trainees for their virtualization and replication capabilities. The growing focus on improving the user experience~(UX)… Read more

Rule-based systems such as Semgrep are important to detect security breaches by using static code analysis. Taking inspiration from research identifying relationships in energy consumption rules we present a tool (RIT) to enhance rule set development. Our tool allows Semgrep users to check rule… Read more

Mapping behaviors to the features they relate to is a prerequisite for variability-intensive systems (VIS) reverse engineering. Manually providing this whole mapping is labor-intensive. In black-box scenarios, only execution traces are available (e.g., process mining). In our previous work, we… Read more

Basic Block Coverage (BBC) is a secondary objective for search-based unit test generation techniques relying on the approach level and branch distance to drive the search process. Unlike the approach level and branch distance, which considers only information related to the coverage of explicit… Read more

Researchers and practitioners have designed and implemented various automated test case generators to support effective software testing. Such generators exist for various languages (e.g., Java, C#, or Python) and various platforms (e.g., desktop, web, or mobile applications). The generators… Read more

Automated feedback and grading platforms can require substantial effort when encoding new programming exercises for first-year students. Such exercises are usually simple but require defining several test cases to ensure their functional correctness. This paper describes our initial effort to… Read more

Operational Technology has gotten a growing place in our daily lives. With the increasing number of devices (connected or not), the need for a clean environment that allows effective and efficient testing is also increasing. Furthermore, some devices are connected to the physical world with the… Read more

Risk assessment is a key part of all cyber security frameworks, standards and related certification schemes. It is a complex process involving both the business domain to assess impact and the technical domain to measure feasibility. It requires to produce a realistic risk matrix based on… Read more

Coping with cybercrime in the scope of increasingly open and interconnected systems is a difficult challenge. DevSecOps provide an adequate framework to keep in control of this perpetual race. We show here how it can be efficiently supported by an internal model-based analysis and automation… Read more