1. Scientific Context
This PostDoc is in the frame of the ANR JCJC Project CoPhyTEE, and will join the Junior Professor Chair
environment on Trusted and Autonomous Swarm of Maritime Drones. The Chair aims at providing trust and
security on maritime swarms of drones, a strategic and major issue in the current socio-political context. This
PostDoc project will build upon previous work on the teams and will collaborate with a current PhD student
within the project.
The usage of drones, aerial or maritime (surface or underwater) is becoming increasingly widespread
in various domains, including recreational and critical. Increasingly more intelligent and autonomous
for their missions and navigation, drones embed more and more a certain form of Artificial Intelligence (AI), whose accuracy, depending on the task, might be critical.
Complex systems such as drones, often integrate third party Intellectual Property, than can be potentially malicious or infected with trojans, a malicious code or hardware that can be activated under certain specific conditions. Insider trojans could intent to jeopardize the accuracy and function of critical tasks such as AI-based functions, to push towards malfunction and miss-classification, eventually leading to failure of the mission or even collateral damage in the case of drones.
In previous work we have studied energy-based attacks through energy optimisation mechanisms such as
Dynamic Voltage and Frequency Scaling in processors [LGBPMR25], as well as through the design of specific
energy-waster circuits capable of inducing voltage drop-based glitches into the system [LGBPR26]. These
attacks have proven successful to induce timing faults in different applications such as encryption tasks. First
efforts have started to consider this type of attacks against machine learning models showing significant accuracy drops [SQL+23]. However, the real conditions of the attack, the inherent robustness of the machine learning models to fault injection, and the impact on a real system are still not clear. In this project, we will consider energy-based attacks on a CNN-based application on real drones.
Objectives and Work Program: In this PostDoc project the main objective is to build upon our previous
work on these attacks (on software or hardware) according to the candidate skills to understand the extent and
impact on a realistic machine learning application on drones. Expected outcomes include:
• Analysis of the real impact of attacks in a realistic drone application. Considered applications, as developed
within the team, can include object detection and avoidance, or autonomous navigation.
• Development of an attack demonstrator on real maritime drones available in the team. We will consider
the use of platforms including heterogeneous system-on-chips (SoC) that feature a CPU coupled with
some accelerator like an FPGA, GPU, or more specific AI accelerators.
• Design of countermeasures respecting embedded systems constraints.
2. Candidate Profile
The candidate must hold, or be close to defend, a PhD degree in Computer/Hardware Security, Computer/Elec-
trical Engineering, Computer Science, Embedded Systems, or related domains. French speaking is not required.
The required skills are:
• Interest in, familiarity with and/or good knowledge of artificial intelligence, model generation tools and
deployment on processors, FPGAs and/or GPUs.
• Good knowledge of C/C++/Python
• Good knowledge in Embedded Systems and Computer Architecture
• Cybersecurity knowledge, skills or interest
3. Date and place
• Applications are open until a successful candidate is selected.
• Although flexible, this Postdoc will ideally start before the end of 2026, with a duration of up to 2 years
• The PostDoc candidate will be based and work within the SHAKER team of the Lab-STICC laboratory
in Lorient, France and will benefit of SHAKER team drone expertise and platforms. This work is in
collaboration with the SUSHI team of IRISA/Inria in Rennes.
4. How to apply
Please send your CV with your list of publications, open-source projects if any, and if possible a recommendation
letter to:
• Maria Méndez Real - maria.mendez-real@univ-ubs.fr
• Rubén Salvador - ruben.salvador@inria.fr
References
[LGBPMR25] Gwenn Le Gonidec, Guillaume Bouffard, Jean-Christophe Prevotet, and Maria Méndez Real. Do not trust power management: A survey on internal energy-based attacks circumventing trusted execution
environments security properties. ACM Transactions on Embedded Computing Systems, 24(4):1–35, 2025.
[LGBPR26] Gwenn Le Gonidec, Guillaume Bouffard, Jean-Chirstophe Prévotet, and Maria Méndez Real. A
lightweight embedded detection system against voltage drop fault attacks in multi-tenant fpgas. In CASCADE (Constructive Approaches for SeCurity Analysis and Design of Embedded systems), 2026.
[SQL+23] Rihui Sun, Pengfei Qiu, Yongqiang Lyu, Jian Dong, Haixia Wang, Dongsheng Wang, and Gang Qu.
Lightning: Leveraging dvfs-induced transient fault injection to attack deep learning accelerator of gpus. ACM Transactions on Design Automation of Electronic Systems, 29(1):1–22, 2023.