Consortium

The consortium is composed of three partners: CEA, XLIM and ENSMSE, and exhibits a good level of complementarity: CEA brings the technology deGoal, which is the core technological base of the project, and its expertise in runtime code generation and embedded software. XLIM has a strong experience in secure elements, in particular in smart cards, and ENSMSE will provide its expertise in experimental validation and facilities devised for security analyses purposes.

A brief description of the foremost contributions of each partner follows:

CEA

CEA logo

brings in COGITO the core engine of deGoal, its expertise in runtime code generation and in the technical related aspects, such as the optimisation of algorithms, their mapping on computing architectures, software development at the system (kernel) and userspace levels. It is interested in broadening the use of the deGoal technology to new application fields and new usages. Its main contribution is focused on the adaptation of deGoal to target secured applications. It will contribute to the analysis of the opportunities brought by runtime code generation in secure applications, and to the specification of requirements.

INRIA

INRIA logo

is involved in COGITO project for evaluating the ability of this technology to implement generic countermeasure for Internet of Thing devices. Such applications are running on tiny boards with few resources and using cryptographic primitives for ensuring the security of the communications. Often written in native language they can also use a virtual machine for abstracting the real processor. We will evaluate the performance of the run time instances generation in terms of memory footprint for all kind of memories (RAM, ROM, EEPROM), but also in terms of CPU overhead. We will participate in the security evaluation of this run time counter measures in evaluating its resistance against new attacks against such a device.

ENSMSE

ENSMSE logo

mainly brings its expertise in the experimental security characterization of the prototype developped in the project. In particular ENSMSE will compare the security level of the chosen use cases with and without the technology provided by the CEA named deGoal. As the other partners, ENSMSE will also analyze the potential brought by this technology in terms of security and performances, and will contribute to the specification of requirements. Thanks to the project the ENMSE plan to developp its competences in the reverse engineering with fault and side channel equipements. COGITO will also help the ENSME to acquire competences in the developpement of secure low level software.

XLIM

XLIM logo

is mainly interested in COGITO in the use of deGoal as a generic countermeasure against the reverse engineering of the applications. Applications can be either Java Card applications and in this case the main component will be the interpreter loop. But this can be generalized to any part of a Java Card Virtual Machine. XLIM has adapted a Virtual Machine on an ARM 7 evaluation board, and they will incorporate deGoal into their platform. Then they will evaluate the performance of this mechanism both in terms of memory footprint for all kind of memories (RAM, ROM, EEPROM), but also in terms of CPU overhead. XLIM will participate in the security evaluation of this new component. XLIM will evaluate the possibility to formalize the code generator in order to open the possibility to obtain high level of security certification (Common Criteria).