Hi there! My name is Sébastien Vaucher, I’m currently pursuing a PhD degree at the Institute of Computer Science of the University of Neuchâtel, Switzerland. If you’re here, it’s probably because you want to know more about me. I hope that you will find what you are looking for on this website.
Below, you will find an up-to-date list of the scientific articles that I (co-)authored. Underneath follows a list of less formal projects that I realized.
Finally, you will find a contact form at the bottom of the page.
- Trust Management as a Service: Enabling Trusted Execution in the Face of Byzantine Stakeholders
Franz Gregor, Wojciech Ozga, Sébastien Vaucher, Rafael Pires, Do Le Quoc, Sergei Arnautov, André Martin, Valerio Schiavoni, Pascal Felber, Christof FetzerDSN 2020
Trust is arguably the most important challenge for critical services both deployed as well as accessed remotely over the network. These systems are exposed to a wide diversity of threats, ranging from bugs to exploits, active attacks, rogue operators, or simply careless administrators. To protect such applications, one needs to guarantee that they are properly configured and securely provisioned with the “secrets” (e.g. encryption keys) necessary to preserve not only the confidentiality, integrity and freshness of their data but also their code. Furthermore, these secrets should not be kept under the control of a single stakeholder—which might be compromised and would represent a single point of failure—and they must be protected across software versions in the sense that attackers cannot get access to them via malicious updates. Traditional approaches for solving these challenges often use ad hoc techniques and ultimately rely on a hardware security module (HSM) as root of trust. We propose a more powerful and generic approach to trust management that instead relies on trusted execution environments (TEEs) and a set of stakeholders as root of trust. Our system, PALÆMON, can operate as a managed service deployed in an untrusted environment, i.e., one can delegate its operations to an untrusted cloud provider with the guarantee that data will remain confidential despite not trusting any individual human (even with root access) nor system software. PALÆMON addresses in a secure, efficient and cost-effective way five main challenges faced when developing trusted networked applications and services. Our evaluation on a range of benchmarks and real applications shows that PALÆMON performs efficiently and can protect secrets of services without any change to their source code.
- Anonymous and Confidential File Sharing over Untrusted Clouds
Stefan Contiu, Sébastien Vaucher, Rafael Pires, Marcelo Pasin, Pascal Felber, Laurent RéveillèreSRDS 2019
Using public cloud services for storing and sharing confidential data requires end users to cryptographically protect both the data and the access to the data. In some cases, the identity of end users needs to remain confidential against the cloud provider and fellow users accessing the data. As such, the underlying cryptographic access control mechanism needs to ensure the anonymity of both data producers and consumers.
We introduce A-Sky, a cryptographic access control extension capable of providing confidentiality and anonymity guarantees, all while efficiently scaling to large organizations. A-Sky leverages trusted execution environments (TEEs) to address the impracticality of anonymous broadcast encryption (ANOBE) schemes, achieving faster execution times and shorter ciphertexts. The innovative design of A-Sky limits the usage of the TEE to the narrow set of data producing operations, and thus optimizes the dominant data consumption actions by not requiring a TEE. Furthermore, we propose a scalable implementation for A-Sky leveraging micro-services that preserves strong security guarantees while being able to efficiently manage realistic large user bases. Results highlight that the A-Sky cryptographic scheme is 3 orders of magnitude better than state of the art ANOBE, and an end-to-end system encapsulating A-Sky can elastically scale to support groups of 10 000 users while maintaining processing costs below 1 second.
- Security, Performance and Energy Trade-offs of Hardware-assisted Memory Protection Mechanisms
Christian Göttel, Rafael Pires, Isabelly Rocha, Sébastien Vaucher, Pascal Felber, Marcelo Pasin, Valerio SchiavoniSRDS 2018
The deployment of large-scale distributed systems, e.g., publish-subscribe platforms, that operate over sensitive data using the infrastructure of public cloud providers, is nowadays heavily hindered by the surging lack of trust toward the cloud operators. Although purely software-based solutions exist to protect the confidentiality of data and the processing itself, such as homomorphic encryption schemes, their performance is far from being practical under real-world workloads. The performance trade-offs of two novel hardware-assisted memory protection mechanisms, namely AMD SEV and Intel SGX—currently available on the market to tackle this problem, are described in this practical experience. Specifically, we implement and evaluate a publish/subscribe use-case and evaluate the impact of the memory protection mechanisms and the resulting performance. This paper reports on the experience gained while building this system, in particular when having to cope with the technical limitations imposed by SEV and SGX. Several trade-offs that provide valuable insights in terms of latency, throughput, processing time and energy requirements are exhibited by means of micro- and macro-benchmarks.
- SGX-Aware Container Orchestration for Heterogeneous Clusters
Sébastien Vaucher, Rafael Pires, Pascal Felber, Marcelo Pasin, Valerio Schiavoni, Christof FetzerICDCS 2018
Containers are becoming the de facto standard to package and deploy applications and micro-services in the cloud. Several cloud providers (Amazon, Google, Microsoft) begin to offer native support on their infrastructure by integrating container orchestration tools within their cloud offering. At the same time, the security guarantees that containers offer to applications remain questionable. The customers still need to trust their cloud provider with respect to data and code integrity. The recent introduction by Intel of Software Guard Extensions (SGX) into the mass market offers an alternative to developers, who can now execute their code in a hardware-secured environment without trusting the cloud provider.
This paper provides insights regarding the support of SGX inside Kubernetes, an industry-standard container orchestrator. We present our contributions across the whole stack supporting execution of SGX-enabled containers. We provide details regarding the architecture of the scheduler and its monitoring framework, the underlying operating system support and the required kernel driver extensions. We evaluate our complete implementation on a private cluster using the real-world Google Borg traces. Our experiments highlight the performance trade-offs that will be encountered when deploying SGX-enabled micro-services in the cloud.
- EndBox: Scalable Middlebox Functions Using Client-Side Trusted Execution
David Goltzsche, Signe Rüsch, Manuel Nieke, Sébastien Vaucher, Nico Weichbrodt, Valerio Schiavoni, Pierre-Louis Aublin, Paolo Costa, Christof Fetzer, Pascal Felber, Peter Pietzuch, Rüdiger KapitzaDSN 2018
Many organisations enhance the performance, security, and functionality of their managed networks by deploying middleboxes centrally as part of their core network. While this simplifies maintenance, it also increases cost because middlebox hardware must scale with the number of clients. A promising alternative is to outsource middlebox functions to the clients themselves, thus leveraging their CPU resources. Such an approach, however, raises security challenges for critical middlebox functions such as firewalls and intrusion detection systems.
We describe EndBox, a system that securely executes middlebox functions on client machines at the network edge. Its design combines a virtual private network (VPN) with middlebox functions that are hardware-protected by a trusted execution environment (TEE), as offered by Intel’s Software Guard Extensions (SGX). By maintaining VPN connection endpoints inside SGX enclaves, EndBox ensures that all client traffic, including encrypted communication, is processed by the middlebox. Despite its decentralised model, EndBox’s middlebox functions remain maintainable: they are centrally controlled and can be updated efficiently. We demonstrate EndBox with two scenarios involving (i) a large company; and (ii) an Internet service provider that both need to protect their network and connected clients. We evaluate EndBox by comparing it to centralised deployments of common middlebox functions, such as load balancing, intrusion detection, firewalling, and DDoS prevention. We show that EndBox achieves up to 3.8x higher throughput and scales linearly with the number of clients.
- IBBE-SGX: Cryptographic Group Access Control using Trusted Execution Environments
Stefan Contiu, Rafael Pires, Sébastien Vaucher, Marcelo Pasin, Pascal Felber, Laurent RéveillèreDSN 2018
While many cloud storage systems allow users to protect their data by making use of encryption, only few support collaborative editing on that data. A major challenge for enabling such collaboration is the need to enforce cryptographic access control policies in a secure and efficient manner. In this paper, we introduce IBBE-SGX, a new cryptographic access control extension that is efficient both in terms of computation and storage even when processing large and dynamic workloads of membership operations, while at the same time offering zero knowledge guarantees.
IBBE-SGX builds upon Identity-Based Broadcasting Encryption (IBBE). We address IBBE’s impracticality for cloud deployments by exploiting Intel Software Guard Extensions to derive cuts in the computational complexity. Moreover, we propose a group partitioning mechanism such that the computational cost of membership update is bound to a fixed constant partition size rather than the size of the whole group. We have implemented and evaluated our new access control extension. Results highlight that IBBE-SGX performs membership changes 1.2 orders of magnitude faster than the traditional approach of Hybrid Encryption (HE), producing group metadata that are 6 orders of magnitude smaller than HE, while at the same time offering zero knowledge guarantees.
- Stress-SGX: Load and Stress your Enclaves for Fun and Profit
Sébastien Vaucher, Valerio Schiavoni, Pascal FelberNETYS 2018
The latest generation of Intel processors supports Software Guard Extensions (SGX), a set of instructions that implements a Trusted Execution Environment (TEE) right inside the CPU, by means of so-called enclaves. This paper presents Stress-SGX, an easy-to-use stress-test tool to evaluate the performance of SGX-enabled nodes. We build on top of the popular stress-ng tool, while only keeping the workload injectors (stressors) that are meaningful in the SGX context. We report on several insights and lessons learned about porting legacy code to run inside an SGX enclave, as well as the limitations introduced by this process. Finally, we use Stress-SGX to conduct a study comparing the performance of different SGX-enabled machines.
- Have a Seat on the ErasureBench: Easy Evaluation of Erasure Coding Libraries for Distributed Storage Systems
Sébastien Vaucher, Hugues Mercier, Valerio SchiavoniW-PSDS 2016
We present ErasureBench, an open-source framework to test and benchmark erasure coding implementations for distributed storage systems under realistic conditions. ErasureBench automatically instantiates and scales a cluster of storage nodes, and can seamlessly leverage existing failure traces. As a first example, we use ErasureBench to compare three coding implementations: a (10,4) Reed-Solomon (RS) code, a (10,6,5) locally repairable code (LRC), and a partition of the data source in ten pieces without error-correction. Our experiments show that LRC and RS codes require the same repair throughput when used with small storage nodes, since cluster and network management traffic dominate at this regime. With large storage nodes, read and write traffic increases and our experiments confirm the theoretical and practical tradeoffs between the storage overhead and repair bandwidth of RS and LRC codes.
Université de Neuchâtel
Université de Neuchâtel, Universität Bern, Université de Fribourg
Haute École Arc Ingénierie
Centre Professionnel du Littoral Neuchâtelois
Below is a list of some projects I realized since 2010.
You can read a summary for any project by using the Show details action. Some projects are open-source and available on Github.
Ascendo (ex-ClimbinGym) is a management tool for climbing gyms. It is a useful tool for both gym staff and climbers. A web application is used to manage the different routes built in the gym.
My work is to develop and maintain a brand new Android application usable by climbers and staff. Climbers can follow their progression of the different routes provided by the gym. Staff members can use the application to manage the routes comfortably from their smartphones.
The list of features includes:
- Scan the barcode of a route to open its associated page
- Climbing history
- Subscription card
- Routes filtering
- Push notifications when routes are added or removed
- Rating of routes
- General information about each climbing gym
The highlights as far as Android development is concerned are:
- Programmed exclusively in Kotlin
- Material Design compliant
- Completely usable offline thanks to the use of SyncAdapter
- Close to zero boilerplate code for the data storage and synchronization thanks to the conjoint use of Retrofit and DBFlow
Interested by this application? You can download it freely from the Google Play Store.
Adv. Software Engineering
The project was realized as part of the Advanced Software Engineering master course taught at the University of Fribourg. The team consisted of Thibaut Mauron, Ehsan Fahradi, Alexandre Nikodemski, Younos Cherkaoui, Numa de Montmollin and myself.
We implemented a Ruby on Rails application that communicates with the CyberCoach REST API. The work was managed using the Scrum methodology. We developed the project in a test-driven manner. We enforced good programming practices by defining different procedures. Certain practices were enforced by technical means, such as Git hooks.
We chose to build a gambling site where users can bet on boxing fights. As of the time of writing, a live demo is hosted on Heroku.
R&D Workshop project
The Universal Digital Camera Interface Application (UDCI) was mandated by the Space Exploration Institute based in Neuchâtel, Switzerland. The project takes place as part of the development of the CLUPI camera, scheduled to be sent to Mars with the ESA’s ExoMars mission. The goal of the project is to develop an application for Windows 8.1 tablets to help engineers in the development of digital camera interfaces.
The application’s main functionality consists in allowing an engineer working on digital camera interfaces to quickly craft or decode binary frames exchanged with a camera ongoing testing. It is also capable of decoding images coming from the camera. It can then display them on an interactive graphical interface. The user can query individual pixels of the image and know about their color and position.
The project is realized as part of the R&D Workshop Master’s course taught at the University of Neuchâtel.
The E-Repair project provides benefits for citizen of swiss municipalities regarding the repair of broken public objects. Using this application, a citizen may simply notify the municipality about a non-critical issue. For instance, a citizen may report a dead animal, a broken street lamp or bench, or malfunctioning traffic lights.
Using an application on their smartphone, citizens can notify the correct municipality (using GPS positioning) about a problem. The municipality can then treat the problem and notify the citizen about progression.
As part of this project, I developed the administrator’s panel used by municipality employees.
The aim of the “Outil d’aide au déminage” project is to develop an Android application to help minesweepers in doing their job. It has to provide them with relevant data in a fast and well-thought way. Digger DTR, for the needs of a new project in collaboration with the Geneva International Centre for Humanitarian Demining (GICHD), has commissioned the project. Its goal is to adapt the existing system commercialised by Digger DTR that uses demining tanks to dog-assisted demining.
A demining dog handler needs the most current information delivered reliably in order to get the job done. The system that has been created is able to show a live map of the land mine, useful statistics and a number of simultaneous live streams coming from embedded cameras. The user is notified whenever the sensors on the dog warn about it being sited, meaning it has smelled the presence of a mine. The dog handler can transmit orders to his dog with the help of an audio connection between his handset and a speaker mounted on the dog.
The application that was developed satisfies the ergonomic exigency imposed by the client, which is a one-hand usable user interface. The user interface is designed so that the most frequently consulted information is accessible through the smallest amount of interaction.
As part of the project, an original graphical component has been created: the PieMenu. Its role is to provide a set of actions that can be triggered with only a single one-finger touch on the touchscreen.
The complete set of data shown on the Android application comes from the pre-existing Digger MSO application. The service as well as the network protocol capable of retrieving and delivering the information to the mobile tool were carried out for this specific project.
What has been achieved through this project complies with Digger’s requirements and will soon be used in real conditions in minefields of Bosnia and Cambodia.
CarCounter is an application capable of counting how many cars pass in front of a highway security camera. It can process a video stream up to 1080p30 in real-time.
The application is developed using the CUDA GPGPU technology, enabling massively parallel computations on graphics cards.
The project was developed in collaboration with Jason Racine.
Chibre is a traditional swiss card game played with 4 players around a table. C#ibre is essentially the same game, albeit we virtualized the cards and the scores board. A Windows 8.1 tablet lies at the center of the table and displays cards played and the score board. Each player uses a phone or a small tablet in place of a hand of cards. To play a card, a player simply taps on the card it wants.
A WiFi connection is used to transmit instructions from/to the server (tablet)/clients (phones). The game gets simplified as only valid actions can be performed by players. Moreover, scores are automatically computed.
Web applications 2 project #2
ArcWork is a homework manager written in Ruby on Rails. It possesses all classical features of a homework manager. Teachers can assign homework to students, who can submit multiple versions and receive comments on them.
ProFitMap is a personal training companion that can track and compute statistics about sport performances. Every data is stored and seamlessly synchronized with the Dropbox cloud.
The application offers some unique features:
- Ghost mode: Shows a real-time comparison of the current run versus an earlier run set by the athlete or a friend.
- Android beam sharing: Enables easy sharing of runs by approaching phones (NFC communication).
- Take pictures: Picture can be taken during a run and then used as a thumbnail of it.
ProFitMap was developed jointly with Danick Fort.
Sucle is a social network based on the location of users. Message can be shared with audio or video files attached. Message sent from a specific radius from the current user’s location are shown. Each message can be commented by other users. The login process is done with a Facebook or a Google account.
Web applications 2 project #1
The Figure Skating club in Yverdon needed a web platform to organize the distribution of courses over the available hours. We provided a system where people ask what they want, and the system figures out the best way to cope with everyone’s needs.
Starfighter 4K is a rendition of the Starfighter video game that we developed a year earlier. It is a Shoot-em-up game where two spaceships fight against each other in space.
With S4K, we added virtual reality by enabling control of the game with Kinect and Wiimotes at the same time. The game is best played projected to a wall. During development, the game proved to be very fun to play!
Further improvements were made in the menus (now controllable with Kinect and nicer) and in the gameplay.
Web applications 1 project
Battle for Atlantis is a two-player game played on two computers. It is a derivative of the Battleship board game. Battle for Atlantis adds a story: both players compete to get first to the Atlantis. The game is played on three levels: surface, submarine and the Atlantis.
The game was developed in Java. Players computers communicate via TCP/IP using a custom protocol based on JSON.
The project was developed in collaboration with Jason Racine and Johan Chavaillaz.
Freshman's year project
Star² is a planetarium software. It shows a current view of the sky at the current location. While is can be used with a keyboard and a mouse, full functionality needs a separate embedded system to point at stars. A simulator was developed for Android, for people who don’t have the separate pointer.
CFC diploma project
Messle for iPhone is an application enabling people to send and receive geo-localized messages. In traditional social network, like Facebook or Twitter, the criteria to show messages of other people is a following or friendship link. With Messle, the criteria is proximity and age of messages.
When a user sends a message, every other user located in a configurable range can see it. Multimedia content can be attached to text messages.
The iPhone application was developed by myself. The server component and the showcase website were developed by Diego Antognini and Malik Lechekhab, respectively. The project consisted in our CFC diploma project and got distinguished as one of the best 10 throughout Switzerland.
You can drop me an e-mail using the form below. I'll get back to you as soon as possible.