Invités

Les journées nationales du GDR GPL proposeront cinq présentations d'invités passionnantes.

Deux sont en collaboration avec la conférence ICT4S https://conf.researchr.org/track/ict4s-2023/ict4s-2023-keynotes?#About

• Hugues Ferreboeuf (The Shift Project) : Sustainable digitalization: Why we need to shift away from Big Tech business models
• Prof. Jean Jouzel : Global Warming: The need for a new model of development and the key role of higher education

Les deux invités ci-dessus sont au Diapason

Lien Google Maps : https://goo.gl/maps/thaZr9zbjXpHY2KVA

Trois autres invités seront au programme du GDR GPL cette année, au PNRB.

Benoit Baudry

Titre: Software Supply Chain

Résumé: Once an idealistic concept, software reuse is now a major success! Open source software, package managers, build systems all contribute to fueling large-scale reuse to develop robust applications.  They are so successful that application binaries are now essentially composed of third-party code. This observation and a few high-profile attacks have let to the emergence of a new concept: the software supply chain.
This talk explores this new concept as well as the research opportunities that it opens, at the intersection of software engineering and software security. Code integrity and specialization, software composition analysis and reproducible builds are great challenges for suture software research.

Bio: Benoit Baudry is a Professor in Software Technology, in the computer science department at the KTH Royal Institute of Technology in Stockholm, Sweden, with a chair from WASP. His research focuses on software testing and software diversity. In 2022, He started the CHAINS project that focuses on research for the software supply chain supported by SSF. He teaches software engineering and DevOps. He disseminates software research through art and posts about extraordinary software. Until August 2017 Benoit was a research scientist at INRIA in Rennes, France, where he led the DiverSE research group.

Sébastien Bardin

Titre: Revisiting Program Analysis through the Security Lens

Résumé: Symbolic Execution emerged in the mid-2000 and was rapidly adopted by the research community as a tool of choice for bug hunting. In this talk, we consider security concerns and binary-level vulnerability issues. We will show some challenges symbolic execution faces in this field of application, and report on several results and achievements carried out within the BINSEC group to adapt Symbolic Execution to these challenges. We will especially focus on the problems of robust reachability (trying to define and find meaningful bugs) and adversarial reachability (considering an active code-level attacker). 

Bio: Sébastien Bardin is a senior researcher at CEA LIST, where he has initiated and now leads the binary-level security analysis group. His research interests lay at the crossroad of formal methods, automated reasoning, software engineering and security. For several years now, Sébastien has been interested in automating binary-level security analysis by lifting formal methods developed for the safety-critical industry. More especially, he focuses on binary-level formal methods, vulnerability detection & assessment and malware analysis. He is the main designer of the (open-source) BINSEC platform for binary-level code analysis. He regularly publishes articles in top-ranked international academic conferences in Security, Formal Methods, Software Engineering and Automated Reasoning. Sébastien holds a PhD from Ecole Normale Supérieure de Cachan (2005).

Sandrine Blazy

Titre: How to provide proof that software is bug-free? Verified compilation to the rescue   

Résumé: Deductive verification provides very strong guarantees that software is bug-free. Since the verification is usually done at the source level, the compiler becomes a weak link in the production of software. Verifying the compiler itself provides guarantees that no errors are introduced during compilation. This talk will illustrate this approach through CompCert, the first fully verified compiler for C that is actually usable on real source code and that produces decent target code on real-world architectures. More generally, this approach opens the way to the verification of software tools involved in the production and verification of software.

Bio: Sandrine Blazy is a professor at the University of Rennes and deputy director of the IRISA laboratory. Her research works focus on the development of trustworthy software using deductive verification. Since 2003, she has developed with Xavier Leroy CompCert. Together with their colleagues, they received several awards for CompCert: the 2011 La Recherche award in information sciences, the 2021 ACM Software System award in 2021, the 2022 ACM SIGPLAN Programming Languages Software award, and the 2023 Lucas award for a highly influential paper published at the FM 2006 conference. She is pursuing her work to provide CompCert with more compilation features, and to offer additional guarantees in terms of software security.