Review of the Third Edition of the Winter Research School

The Winter Research School, organised by CyberSchool, took place from 4 to 6 February 2025, bringing together students, PhD students, and cybersecurity researchers.

This third edition aimed to provide participants with an overview of recent advances in cybersecurity research. It brought together several research teams and laboratories, ensuring a rich diversity of topics covered.

A First Day Focused on Software Security and Electromagnetic Security

The event began in a warm atmosphere, with Pierre-Alain Fouque, Scientific Director of CyberSchool, launching the proceedings. The day quickly gained momentum thanks to David Pichardie, a researcher at Meta, who delivered a captivating talk: “Finding Real Bugs in Hundreds of Millions of Lines of Code.” He introduced Infer, an open-source static analyser developed at Meta to detect errors in massive codebases (C, C++, Java, Kotlin, etc.). This presentation was a striking example of progress in static analysis and its impact on the software industry.

The first day continued with fascinating discussions on electromagnetic security, starting with Jordane Lorandel, Senior Lecturer at the University of Rennes and the IETR laboratory, alongside Marie-Aïnhoa Nicolas, a doctoral researcher in hardware cybersecurity at IETR. They presented an attack exploiting electromagnetic (EM) leaks resulting from communications between an SoC-FPGA and its DDR memory. Laurent Le Brizoual, Professor at the University of Rennes, then detailed the impact of laser injection attacks on electronic components. Finally, Philipp Del Hougne, a CNRS researcher affiliated with the University of Rennes, explored TEMPEST and DEW attacks through wave propagation models.

Cryptography and System Security at the Heart of the Second Day

The second day immersed participants in the world of cryptography and its challenges. Sonia Belaïd and Victor Normand, a cryptographer and a doctoral researcher at CryptoExperts, shared their research on side-channel attacks, a method that exploits physical leaks to extract secret keys from cryptographic implementations. The discussions shed light on current challenges in securing cryptographic protocols against such attacks and the countermeasures required to mitigate them.

The afternoon was marked by a focus on advanced threat detection, with the talk “Defending Against the Undetectable” delivered by Frédéric Tronel, Senior Lecturer at CentraleSupélec, Lionel Hemmerlé, a doctoral researcher, and Louis Rilling, a research engineer at DGA MI, all three members of the Sushi project team (Inria–IRISA). They explored the detection of Linux kernel vulnerabilities (such as CVE-2022-0847, Dirty Pipe) using eBPF and demonstrated how hypervisors can provide an additional layer of detection against a compromised kernel.

An Overview of Protocol Security and AI & Cybersecurity on the Final Day

The third and final day began with Joseph Lallemand, CNRS Research Fellow at IRISA, and Clément Hérouard, a doctoral researcher at the University of Rennes within the SPICY team, offering an overview of formal protocol verification. They introduced various existing modelling tools and techniques before demonstrating Proverif in a hands-on session, which sparked numerous discussions between speakers and participants.

The final half-day of the Winter Research School took a slightly different turn, as it was held in the format of a Cyber Thursday. At the intersection of cybersecurity and artificial intelligence, this session featured a series of talks where researchers and professionals shared their expertise on key challenges. Marie Paindavoine, a cryptography expert and founder of Skyld, opened the session with a presentation on the risks of AI model theft and protection techniques. She was followed by Elie Chedemail, a postdoctoral researcher at the Cyber CNI Chair at IMT Atlantique, who explored differential privacy and its application to mobility data. Later, Pierre-Adrien Fons, R&D Engineer, and Sylvio Hoarau, CTI Malware Analyst at GLIMPS, discussed detecting PowerShell scripts using an LLM trained on code completion and characterisation. Finally, Anne-Laure Wozniak, a research engineer at Kereval, addressed AI system vulnerabilities and cybersecurity requirements linked to the European AI Act. The event concluded with a talk by Hugo Loiseau, Full Professor at the École de Politique Appliquée at the University of Sherbrooke, on the geopolitics of cybersecurity and the impact of generative AI on disinformation.

A Rich and Insightful Event

The 2025 edition of the Winter Research School was a great success, bringing together researchers, professionals, and students to tackle today’s cybersecurity challenges. A huge thank you to all the speakers for their insightful presentations and stimulating discussions. These three days provided a valuable opportunity to share cutting-edge knowledge, reflect on the challenges of tomorrow, and strengthen ties within the cybersecurity community.

We look forward to seeing you at future events organised by CyberSchool as we continue exploring the latest developments in the field together.