NOTE! This site uses cookies and similar technologies.

If you not change browser settings, you agree to it. Learn more

I understand

Learn more about cookies at :

October 05, 2021 | Safeguarding the data used to train artificial neural networks

reseaux neurones 250
Adobestock _Skórzewiak.

Artificial neural networks, a form of artificial intelligence, can be trained efficiently using collaborative learning, where the training data comes from multiple private sources. Exchanging the data does raise privacy concerns, however. CEA-List has come up with a secure method for the collaborative construction of deep neural networks.

It takes vast amounts of data, sometimes from multiple sources, to train artificial neural networks. During the learning and operating, or inference, phases, the privacy of the training data (which can include sensitive material like patient medical files) is potentially at risk.

CEA-List researchers developed SPEED (Secure PrivatE and Efficient Deep learning), a privacy-by-construction learning method that could protect sensitive data during both phases. SPEED’s three pillars are:

Share as little data as possible. With SPEED, only encrypted labels are exchanged between the contributors. This ensures that the data is secure during distributed learning on training data from a variety of contributors.

Make the network impossible to reverse engineer. The constructed network must be impossible for users to reverse engineer. SPEED’s differential privacy process limits the risk of users being able to reconstruct the original data by observing the network, at a negligible computational cost.

Shield the network from server-level threats. To keep the risk of exposing training data to a minimum, server-level threats have to be reduced. Even better is to eliminate using a trusted third party. Using homomorphic encryption (HE), the aggregation server can “blind” process the encrypted labels only, without ever “seeing” the data.

This research was published in top journal Machine Learning and has been accepted by the European Conference on Machine Learning and Principles and Practice of Knowledge Discovery in Databases (ECML-PKDD'21), a major machine learning event.

Read article at



September 28, 2021 | Tiempo Secure, in collaboration with CEA, makes the Internet of Things more resilient with French Government support

iMRC 1 250Tiempo Secure, a secure semiconductor design company, has been selected, in a partnership with the CEA, as a winner of the Grand Cybersecurity Challenge (“Grand Défi Cyber”), a project launched by the French government in 2020. The announced objective of the Grand Cybersecurity Challenge is to make our systems sustainably resilient to cyberattacks. Participating in the Challenge brings a valuable support to Tiempo Secure for the development of the iMRC project, which makes IoT connected objects resistant to known and yet unknown attacks.

The iMRC project secures connected objects in a resilient way

The weak security of connected electronic objects has become the Achilles' heel of networks. In a world where the Internet of Things (IoT) is under constant attacks, the integrated Monitoring & Recovery Component (iMRC) greatly improves the resilience of connected electronic objects. The iMRC project improves the robustness of connected objects not only to known attacks but also to those that are still unknown.

An attack by a virus, ransomware or spyware on a connected object modifies the behavior of this object. Typically, it can lose connection with the remote server or start behaving erratically, with undesired effects. The integrated Monitoring and Recovery Component (iMRC) can detect these behaviors, regain control over the connected object and repair it.

The principle of iMRC (integrated Monitoring & Recovery Component) is as follows:

  • iMRC, a new-generation Secure Element (SE), is on board on all connected objects;
  • Its role is to regularly monitor the correct execution of the application program of the connected object on the main processor, typically a System-on-Chip (SoC);
  • The Secure Element communicates regularly with a secure server in the Cloud, in the form of a Hardware Security Module (HSM), so that the latter always has complete records for each object behavior in the field;
  • If the Secure Element detects an abnormal behavior of the application processor, this is a sign of a malware-induced corruption; in this case, the Secure Element takes control of the application processor;
  • The Secure Element communicates with the secure server in the Cloud, which, thanks to Artificial Intelligence processes, decides on what to do to settle the malware issue. The server has records including the characteristics and full history of each object, and also a knowledge base of attacks which allows it to define the most suitable response;
  • Even if communications are cut, the secure component can still reset the application processor on its own and reinstall a certified image of the application software; this way, the secure component destroys the malware, thus returning the application processor to its initial state.

The iMRC solution ensures that a fleet of malware-infected objects can always be reset/reinstalled remotely, without the need for manual and local intervention on each object, which can be very expensive or even impossible in some operating contexts.

An additional advantage of this approach is that it makes it possible to resist not only the malware programs known as of today, but also future attacks, since their detection is not dependent on the type of attack. The robustness of the solution is due to its architecture including both a Secure Element per object and a secure server accessible in the Cloud, which makes it possible to execute Artificial Intelligence processes and constantly improve the malware knowledge base. Thus, responses are always more adapted to new attacks.

With the Grand Cybersecurity Challenge, innovation on cybersecurity takes a big leap forward

The Grand Cybersecurity Challenge aims at making systems more resilient to cyberattacks in the long term. The iMRC project stands at the very heart of this objective. Tiempo Secure was selected as a winner of the Grand Cybersecurity Challenge in February 2021. This allowed the company to accelerate its developments and always remain at the forefront of semiconductor security for the IoT. In particular, within the framework of the iMRC project, Tiempo Secure collaborates with two CEA laboratories, CEA-Leti and CEA-List, for the best combination of expertise in the areas of secure design of electronic hardware and embedded software, knowledge of cyberattacks/malware as well as the use of Artificial Intelligence.

As part of the Grand Cybersecurity Challenge, Tiempo benefits from a EUR 814,000 grant for the 15 months of the project, which will allow to go from the principle description to a full functional prototype implementing the iMRC functionalities. Thanks to the Grand Cybersecurity Challenge, a high technological content SME like Tiempo Secure has the means to finance extremely innovative developments: the design of integrated circuits and the development of embedded software for iMRC. Concretely, since the start of the iMRC project, three engineers specializing in integrated circuit design and embedded software development have been hired by Tiempo Secure. The second stage of the project will allow to evolve from a functional prototype to an industrialized product that will meet the expectations of developers of connected objects. Commercial operations will take place by stages in the second half of 2022. It will allow large manufacturers who develop components for connected objects to benefit from Tiempo Secure's technology and integrate it into their own products.

imrc logos

Serge Maginot, CEO and co-founder of Tiempo Secure, declares: "We are extremely happy and proud to have been selected by the French Government in the Grand Cybersecurity Challenge. This way, we can accelerate our development of innovative solutions and strengthen our partnerships with leading industry players. The Grand Cybersecurity Challenge also has another effect: as the selection was very rigorous, the fact we participate in the Challenge is a guarantee of expertise and quality recognized by all our contacts in France and abroad."



September 22, 2021 | Game-based learning comes to modeling software

papygame 250CEA-List recently worked with two partners to develop PapyGame, a gamified version of its Papyrus modeling software. The idea is to boost user acceptance of modeling and modeling software by making learning fun and—literally—rewarding.

Gamification is not new to learning. Until now, however, it had never been integrated into modeling software. While some engineers are successfully using modeling to understand and design physical systems and software, modeling is still seen as complex by many. Making learning modeling software more entertaining could help overcome this hurdle. PapyGame aims to do just that and, in the process, broaden modeling's appeal among engineers.

Papyrus, the institute's open-source model-driven engineering platform, has been given an improved UX and fun new learning capabilities hatched in partnership with the Fondazione Bruno Kessler in Trento, Italy, and the University of Lille, France. Its new and gamified incarnation, PapyGame, makes it easier to learn the Papyrus suite. Users play their way through levels similar to an online game, completing challenges and winning prizes as they go, gradually mastering the software's Unified Modeling Language (UML).

PapyGame is designed for anyone seeking to add model-driven engineering to their development toolkit! It is also ideal for educators—who can design model-driven software design games to use in the classroom.

The 2020 game was so well received that its masterminds decided to follow up with Challenge 2021, which will take place inside a new version of the game. (

Are you a software or systems engineer or developer? Come play!

Read article at



September 21, 2021 | Automated software analysis for secure IoT devices with LEIA

LEIA postRS 250As the number and variety of IoT devices increases, so does the size of IoT-related software. And more software means considerably more vulnerabilities to contend with. CEA and Systerel are working together to develop a powerful and original smart analysis platform to guarantee the security of the code that powers with these devices. The research is taking place under the LEIA project, which was awarded funding through the French government’s Grand Défi instrument for technology projects.

Systems that include IoT devices are particularly difficult to protect against security threats. Each connection point can create opportunities for hackers to attack. In critical infrastructures, the consequences can be disastrous. To make matters worse, these complex systems include more and more software with a whole new set of unknowns—like who developed the software and how—that make it very difficult to guarantee security with any degree of assurance. And, because IoT systems are modular, every time software is added, new vulnerabilities are potentially introduced into the system.

The LEIA project, winner of a French government Grand Défi grant for technology projects, is providing an opportunity for smart digital systems specialist CEA-List and Systerel to pool their knowledge of formal methods, language analysis, and artificial intelligence. The partners have come up with an original approach that will leverage their powerful software analysis tools and learning algorithms to hone in on pertinent security targets. The Grand Défi offers a unique framework to identify and exploit breakthrough opportunities in the combination of formal methods and AI techniques.

The cost-effective IoT security platform they are developing will be capable of automatically and incrementally analyzing IoT software and software updates. It will also speed up the time-consuming software validation process.

The future platform will bring key tools and capacities in support of France’s digital sovereignty and the EU’s strategic autonomy. The first versions will be marketed in the second half of year 2022, thanks to the experience of CEA in technological transfer and Systerel in the industrialization of formal verification solutions.


The main objective of the LEIA project is to develop a highly automated software security validation platform that can be integrated into agile development cycles. At a time when demand for software security is growing faster than ever, this project will deliver analysis tools capable of providing exhaustive security guarantees, at scale.

To effectively address this challenge and, specifically, provide formal verification of the security of a wide range of software applications at a competitive cost, the project will focus on two main issues. First, state-of-the-art parsers will be extended to improve scalability and enable incremental analysis of software. Second, the use of artificial intelligence in the implementation of analysis tools will be investigated for purposes such as translating requirements expressed in natural language into formal specifications so as to ensure that security aspects are more effectively addressed from the very earliest stages of the development process.

The partners’ respective areas of expertise round each other out particularly well on this project, allowing them to address the full range of topics involved. Systerel brings deep knowledge of artificial intelligence and will harness learning algorithms to home in on pertinent security targets with a high degree of precision. The scientists at CEA-List will contribute software analysis tools like Frama-C (C/C++) and Binsec (binary code). Their research also includes technologies to describe and understand multimedia (image, text, speech) and multilingual content, including at large scales. Finally, CEA-List scientists design and develop artificial intelligence software solutions. These tools are part of CEA-List’s long-standing toolkit and play a vital role in the institute’s mission of transferring new technologies to businesses.



13 septembre | Stipple : De la visualisation des nuages de données à l’interaction en 3D

Crédit : Light & Shadows

Avec l’émergence et la démocratisation des scanners 3D, outils d’acquisition et de numérisation tridimensionnels, de nouveaux défis scientifiques et techniques ont émergé : comment gérer la sauvegarde, la visualisation et le traitement de ces données massives, souvent plus d’un milliard de points (!), voire les coupler à la CAO ?

Dans le cadre du partenariat avec la startup Light & Shadows, nos chercheurs ont développé toute l’algorithmie de leur dernier outil, le plugin Stipple.

Une structuration et un parcours extrêmement performants des données (i.e. l’ensemble du nuage 3D) stockées sur disque dur, reposant sur des arbres hiérarchiques et des niveaux de détails (notion de « Nested Octree »), permettent désormais :

  • un rendu visuel du nuage massif en RV ou RE (possible même sur un serveur distant, dans le contexte d’une collaboration à distance autour de résultats),
  • la comparaison, entre CAO et nuages de points : recalage automatique global et local, calculs de distances nuage/nuage et nuage/maillage (…),
  • une interaction avec le nuage de points (calcul d’interférences),
  • ou encore la génération automatique de nuages synthétiques, par la simulation d’acquisition de nuage de points par Lidar et caméra de profondeur en prenant en compte leurs caractéristiques matérielles et le bruit associé.

Ces fonctionnalités propulsent Stipple au meilleur niveau de l’état de l’art et ouvrent la porte à une vaste gamme d’usages industriels : visite virtuelle de chantier en collaboration et à distance, avancement de chantier objectivé par des mesures 3D sur sites, ou encore suivi des non-conformités de construction, pour en accélérer leurs résolutions.

Jordane Richter, Chief Sales and Marketing Officer de Light & Shadows, le constate: « Après un trimestre sur le marché, Stipple, notre solution dédiée aux nuages de points développée en collaboration avec le CEA-List s'envole déjà pour l'autre bout du monde. En effet, nous avons conclu une de nos premières ventes au Vietnam et cela montre que les solutions de traitement de nuages de points sont une demande internationale à laquelle nous répondons avec un outil unique et performant. Et nous continuerons d’y répondre avec de futures améliorations ! »

« Les interfaces intuitives de Stipple permettent au plus grand nombre de s’approprier facilement les outils logiciels que nous avons développés » ajoute Gilles Rougeron, ingénieur-chercheur au CEA List. « La qualité du rendu dont l’aspect visuel est quasi surfacique (équivalent à un modèle texturé) aide beaucoup à se repérer dans un nuage, par nature discret. De plus la capacité à appliquer des algorithmes est très rapide et l’intégration de l’outil dans Unity favorise sa diffusion auprès d’un très large public. »

Prochains enjeux pour les équipes du CEA-List : améliorer le rendu du nuage de points, et travailler à son idéalisation et à sa segmentation par des approches de machine learning.

Crédit : Light & Shadows