Scalable Reliability Assessment Under Natural Faults and Adversarial Perturbations

Context.

Modern embedded systems deployed in safety-critical domains—automotive, aerospace, robotics, drones, and industrial control—must simultaneously satisfy functional safety, reliability, and security constraints. As hardware architectures become more complex, assessing their reliability under realistic fault conditions becomes increasingly challenging. Traditional fault models and evaluation methods do not scale to modern architectures, and they often overlook interactions with reliability and security. Thus, there is a pressing need for scalable and accurate reliability assessment methodologies that cover both environmental/natural faults and intentional attacks (i.e. adversarial perturbations), given their similar underlying physical effects.

A hardware perturbation induces logical changes either at the hardware or software levels, such that the target system reaches unexpected states or follows unexpected execution paths. From a security perspective, intentional fault injections allow an attacker to move the target processor out of its expected functioning bounds. Reaching such unexpected states is then leveraged in attacks for leaking secrets, escalating privileges, etc. From a reliability perspective, hardware perturbations, typically caused by environmental conditions (e.g., radiation), are analyzed in terms of their probability of leading to system failures. The analysis objective is to quantify the likelihood that faults propagate to observable errors violating safety requirements, such as incorrect outputs, missed deadlines, loss of control, or system crashes.

Security- and safety-oriented fault analysis are still facing open exciting research opportunities at the intersection of computer architecture, hardware security, and system reliability, participating to the societal challenge of building trustworthy computing systems. The project will allow the candidate to work on cutting-edge open hardware platforms and develop advanced methodologies for analyzing complex architectures. The resulting expertise is highly valued in both academic research and the semiconductor and cybersecurity industries.

Background.

Recently, formal methods have been applied to analyze the robustness of systems against fault injection attacks [TAC+23]. This methodology offers a rigorous approach to formally analyze the impact of faults at the processor microarchitecture level and their consequences on software execution. By construction, formal methods guarantee exhaustive coverage of all possible states of the system, thereby meeting the completeness requirements of security analyses. Nevertheless, this approach suffers from scalability limitations due to the complexity of processor microarchitecture models, the depth of software execution required in the formal analysis, and the state explosion induced by fault injections. Initial efforts to mitigate this state-space explosion have been successfully undertaken by exploiting redundancy-based hardware countermeasures in the formulation of properties to be proven [THN+24].

On the other hand, fault injection through simulation is typically used for vulnerability analysis. However, exhaustively applying fault injection is not feasible; thus, methods are needed to reduce the time required for vulnerability analysis while maintaining high accuracy. These methods include i) fault injection frameworks based on Statistical Fault Injection (SFI) [GKH+25], which mathematically estimates the number of faults to be injected in order to obtain statistically confident results, ii) combining different system abstraction layers during simulation [TTdSK26a], where the majority of the application execution is done at higher abstraction layer and only the fault injection occurs at low abstraction layer, such as RTL, and iii) parallel fault injection, where several fault are injected concurrently to reduce the number of required fault injections [TTdSK26b].

PhD Topic.

The goal of the PhD is to provide a unified framework for analyzing the impact of fault injection on microarchitectural security and reliability, with a focus on RISC-V processors and domainspecific accelerators. To achieve that, it is expected to create realistic models for the environmental faults and attacks under study, taking into account as much as possible the microarchitecture. Then, methodologies needed to evaluate system security and reliability will be proposed, along with postanalysis techniques to identify the most vulnerable components. In particular, a hybrid approach will be investigated, combining the strengths of formal methods and multilevel fault-injection simulation to address scalability challenges in complex systems when verifying these non-functional properties. An implementation of this methodology will be developed and used to guide the exploration of the architectural state space with respect to reliability and security metrics over a set of hardware blocks (such as Comet processor [SR22] for instance). Post-analysis techniques will also support the development of potential countermeasures.

References

[GKH+25] Wilfread Guillemé, Angeliki Kritikakou, Youri Helen, Cédric Killian, and Daniel Chillet. Fault tolerance in quantized and pruned convolutional neural networks. In 2025 IEEE 31st International Symposium on On-Line Testing and Robust System Design (IOLTS), pages 1–7, 2025.

[SR22] Olivier Sentieys Simon Rokicki, Joseph Paturel. Comet: a RISC-V Core Synthesized from C++ Specifications. In Spring RISC-V Week, 2022. 2

[TAC+23] Simon Tollec, Mihail Asavoae, Damien Couroussé, Karine Heydemann, and Mathieu Jan. µArchiFI: Formal Modeling and Verification Strategies for Microarchitetural Fault Injections. In FMCAD. 23-Formal Methods in Computer-Aided Design 2023, pages 101– 109. TU Wien Academic Press, 2023.

[THN+24] Simon Tollec, Vedad Hadzic, Pascal Nasahl, Mihail Asavoae, Roderick Bloem, Damien Couroussé, Karine Heydemann, Mathieu Jan, and Stefan Mangard. Fault-resistant partitioning of secure cpus for system co-verification against faults. IACR Trans. Cryptogr. Hardw. Embed. Syst., 2024(4):179–204, 2024.

[TTdSK26a] Rafael Billig Tonetto, Marcello Traiola, Fernando Fernandes dos Santos, and Angeliki Kritikakou. Enfor-sa: End-to-end cross-layer transient fault injector for efficient and accurate dnn reliability assessment on systolic arrays. In 2026 IEEE VLSI Test Symposium, 2026.

[TTdSK26b] Rafael Billig Tonetto, Marcello Traiola, Fernando Fernandes dos Santos, and Angeliki Kritikakou. Scalable reliability assessment of dnns through simultaneous fault injection. In 2026 IEEE/ACM Design Automatoon Conference (DAC), 2026.

The Inria Centre at Rennes University was established in 1980. Its growth is part of the development of the Rennes and Lannion site, with Rennes University, University of Rennes 2, CentraleSupelec, INSA Rennes and ENS Rennes. It has a branch in Nantes, which is developing alongside the Nantes University.

The centre has 28 joint project teams in Rennes (including 24 with the IRISA mixed research unit) and 1 in Lannion. Its activities occupy over 600 people, scientists and research and innovation support staff, including 50 different nationalities. The Centre also operates 2 joint project teams in Nantes with LS22N (Nantes Digital Sciences Laboratory).

The PhD will take place at Inria in Rennes, France, in the TARAN Inria team. This team is part of the IRISA laboratory. The PhD will be co-advised by Angeliki Kritikakou (Inria), Fernando Fernades dos Santos (Inria), Marcello Traiola (Inria), Mathieu Jan (CEA list) and Damien Couroussé (CEA list).

Practical aspects. This PhD will last 3 years. Additional teaching activities are not mandatory, but possible. Such complementary activities give rise to an additional salary. 

Candidate Profile. This topic is ideal for candidates who enjoy hardware design and computer architecture. While formal methods are part of the approach, prior knowledge is not required—curiosity and motivation to learn are far more important. The PhD offers the opportunity to work on cuttingedge open hardware platforms such as RISC-V, develop advanced analysis tools, and build a strong skill set in hardware security and reliability that is highly valued in both academia and industry.

The candidate should be familiar with the following:

• Hardware design languages (e.g. Verilog/VHDL), FPGA and computer architecture;
• Cybersecurity or reliability topics;
• RISC-V experience is a plus.

Previous experience with formal methods is a plus