cv.org (6059B)
1 I strive to develop reliable and maintainable software, 2 with an eye toward improving the tools of our craft. 3 4 * Experience 5 ** 2021 – present: software engineer at AdaCore 6 ** 2014 – 2021: software engineer at Airbus CyberSecurity 7 *** Research 8 I took part in the [[https://paclido.fr][PACLIDO project]], a French government-funded project 9 gathering industrial and academic partners in order to design and 10 implement *lightweight authenticated encryption algorithms* and 11 protocols. 12 13 During the course of this project, 14 15 - I implemented the reference version of Lilliput-AE, our submission 16 to the [[https://csrc.nist.gov/projects/lightweight-cryptography][NIST Lightweight Cryptography Standardization Process]]. 17 18 - I described this implementation in [[https://csrc.nist.gov/CSRC/media/Projects/Lightweight-Cryptography/documents/round-1/spec-doc/LILLIPUT-AE-spec.pdf][the algorithm's specification 19 document]], comparing its performance to that of Ascon and ACORN, the 20 lightweight winners of the [[https://competitions.cr.yp.to/caesar-submissions.html][CAESAR competition]]. 21 22 - I extended the [[https://www.cryptolux.org/index.php/FELICS][FELICS]] benchmarking framework to support AEAD 23 algorithms; we [[https://gitlab.inria.fr/minier/felics-ae/][published this fork]] and presented these improvements 24 at the [[https://csrc.nist.gov/CSRC/media/Presentations/felics-ae-a-framework-to-benchmark-lightweight/images-media/session3-huynh-felics-ae.pdf][NIST LWC Workshop 2019]]. 25 26 - I developed optimized software implementations for Lilliput-AE on 27 the 16-bit MSP430 platform. 28 *** Industrial development 29 I helped develop a network monitoring appliance for four years among a 30 team of roughly twenty people. My main role was *maintaining the 31 codebase* for an in-house rule-matching engine: designing and 32 implementing features, fixing bugs… Over the course of the project, I 33 took part in many other activities: 34 35 - I helped our project transition from manual software packaging to 36 full-blown continuous integration. 37 38 - I contributed extensively to our integration test suite. 39 40 - I studied some mechanisms to improve the system's security (Secure 41 Boot, TPMs) and helped implement others (LXC containers). 42 43 - I reviewed all uses of cryptography in the system as part of our 44 security certification process; this allowed me to get a good grasp 45 of how filesystem encryption, VPNs, webservers, and repository 46 authentication are configured in a free software distribution. 47 48 - I supported our license team in assessing our use of free and open 49 source software. 50 ** 2014 (6 months): internship at Airbus CyberSecurity 51 I extended an *Intrusion Detection System to authenticate and decrypt 52 its ruleset using a Hardware Security Module*. This was a very 53 informative foray into the world of cryptographic APIs, such as: 54 55 - the [[https://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/os/pkcs11-base-v2.40-os.html][PKCS#11]] standard to communicate with hardware tokens, 56 - the [[https://tools.ietf.org/html/rfc2315][PKCS#7]] format, and its successor [[https://tools.ietf.org/html/rfc5652][CMS]], to serialize encrypted and 57 authenticated messages, 58 - the [[https://tools.ietf.org/html/rfc5280][X.509]] standard to understand how PKIs work and how to process 59 certificates, 60 - the [[http://luca.ntop.org/Teaching/Appunti/asn1.html][ASN.1]] format to reverse-engineer cryptic HSM errors, such as 61 ECDSA signatures lacking the [[https://www.cryptsoft.com/pkcs11doc/v220/group__SEC__12__3__1__EC__SIGNATURES.html][zero-padding expected in PKCS#11]], 62 - [[https://www.openssl.org/][OpenSSL]], to setup PKIs, [[https://stackoverflow.com/a/23422301/1503371][encrypt and sign rulesets, and generate CSRs 63 for keys stored securely on a hardware token]]. 64 65 I also got to learn [[https://security.stackexchange.com/q/58131][a thing or two]] about network security. 66 67 As far as software development goes, I dug into many aspects of C 68 programming: debugging with gdb and valgrind, profiling with 69 gperftools, the best practices for [[https://www.akkadia.org/drepper/dsohowto.pdf][shared libraries development]]… I 70 also got a feel for Python by way of [[https://scapy.net/][Scapy]]. 71 ** 2013 (4 months): internship at LIRIS laboratory 72 I studied two protocols for anonymous communication: 73 74 - [[https://dedis.cs.yale.edu/dissent/][Dissent]] :: "accountable anonymous group communication", 75 - [[https://hal.inria.fr/hal-00945795][RAC]] :: "freerider-resilent, scalable, anonymous communication" 76 ([[https://web.archive.org/web/20131018000154/http://www.temple.edu/cis/icdcs2013/data/5000a520.pdf][paper]]). 77 78 The goal was to instrument Dissent's implementation to assess its 79 performance, then to implement and benchmark RAC in order to validate 80 the theoretical results presented in its specification. 81 82 While four months proved too short for me to obtain comparable figures 83 for both protocols, I appreciated this opportunity to dive into the 84 guts of these secure communication protocols. Technically, I also 85 enjoyed sharpening my knowledge of C++, the Boost framework, and 86 working with the [[https://www.grid5000.fr/w/Grid5000:Home][Grid5000 environment]]. 87 ** 2012 (2 months): internship at Vescape 🇩🇪 88 I helped this innovative startup expand its game repertoire by 89 studying a free software game engine and adapting the gameplay to 90 their unique use-case. 91 92 This was my first deep-dive into a considerable codebase, and thus my 93 first opportunity to practise various aspects of software development 94 (version control, debugging) on a non-trivial C++ project. 95 ** 2009 – 2014: school projects at INSA de Lyon 96 Thanks to INSA's generalist syllabus, as well as [[http://gamerush.free.fr/debriefing2.html][some extra-curricular 97 activies]], I touched on a wide array of problem domains and 98 technologies: 99 100 - drivers for segmented LCD displays on MSP430 microcontrollers, in C, 101 - image recognition based on [[https://en.wikipedia.org/wiki/Image_moment#Rotation_invariants][Hu moment invariants]], in C, 102 - game engines, in C++ and Java, 103 - GUIs in Java, 104 - webservers, in Java and Go.