Guillaume Bouffard
Researcher in Embedded System Security
(Contributions to the Security of Embedded Software in the Chain of Trust)
I defended my Habilitation to Direct Research (HDR) on September 23, 2025, at Amphithéâtre Gosse, Grenoble INP (46 Av. Félix Viallet, 38000 Grenoble).
The defense was held in French, starting at 14:00, and was open to the public. A recording of the presentation is available on YouTube.
| Role | Name | Affiliation |
|---|---|---|
| President | Marie-Laure Potet | Professor, Grenoble-Alpes University |
| Reviewer | Jean-Max Dutertre | Professor, École des Mines de Saint-Étienne |
| Reviewer | Aurélien Francillon | Professor, EURECOM |
| Reviewer | Patrick Schaumont | Professor, Worcester Polytechnic Institute |
| Examiner | Jessy Clédière | Director of Research, CEA / Grenoble-Alpes University |
| Examiner | Karine Heydemann | Senior Expert, HDR, Thales CDI and LIP6 / Sorbonne University |
| Examiner | Sébastien Varrette | Head of Hardware and Software Architectures Lab, ANSSI |
This HDR thesis, entitled “Contributions to the Security of Embedded Software in the Chain of Trust”, focuses on securing software in embedded systems through the concept of a Chain of Trust (CoT).
When I began my research in 2011, the protection of sensitive operations mainly relied on smart cards; early examples of hardware Roots of Trust (RoTs). These minimalist devices offered strong security and very low power consumption, at the cost of limited performance. Their core principles were later extended to Secure Elements (SEs), which have become standard hardware RoTs.
From 2016 onward, the increasing complexity and performance demands of embedded systems led to a shift: critical operations started migrating to Trusted Execution Environments (TEEs) running on application processors. These newer architectures rely on a CoT rooted in the hardware RoT.
This manuscript presents my contributions to the analysis and hardening of embedded software across the CoT: from the hardware RoT to the TEE and the Rich Execution Environment (REE). I began by studying SEs (especially Java Card platforms) as well as the security of their communication interfaces and underlying hardware.
I then extended this work to TEEs, typically implemented by sharing the application processor with the REE to balance performance and energy efficiency. As with SEs, hardware robustness remains critical. I analyzed the impact of fault injection attacks on deployed TEE architectures.
Finally, in modern systems, access to TEE or SE functionality is often restricted for third-party developers. As a result, sensitive applications must sometimes run directly in the REE, an untrusted environment. I investigated their vulnerability to white-box attacks and explored software-level countermeasures, such as code obfuscation, to enhance resilience and improve overall CoT security.