About Me

I am a french Cybersecurity researcher.

My research focuses on microarchitectural side channels, especially based on cache. I am particularly interested in JavaScript-based timing attacks and providing more and automatic approaches to microarchitectural security.

I was a PhD student between 2019 and 2022, under the supervision of Clémentine Maurice and Gildas Avoine, in the SPICY team (formely EMSEC) at IRISA in Rennes. The goal of my thesis was to detect and exploit side-channel vulnerabilities.

I graduated in cybersecurity engineering at IMT Atlantique (formerly Telecom Bretagne) in 2019.

I defended on November 28 2022, with Lilian Bossuet as jury president, Jan Reineke and Billy Bob Brumley as reviewers, and Veelasha Moonsamy, Walter Rudametkin, Clémentine Maurice and Gildas Avoine as jury members.

Publications

The Finger in the Power: How to Fingerprint PCs by Monitoring their Power Consumptions

Marina Botvinnik, Tomer Laor, Thomas Rokicki, Clémentine Maurice, Michael Schwarz
Accepted at the Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA) 2023, received Best Paper Award - Runner Up

CPU Port Contention Without SMT

Thomas Rokicki, Clémentine Maurice, Michael Schwarz
Accepted at the European Symposium on Research in Computer Security (ESORICS) 2022

Port Contention Goes Portable: Port Contention Side Channels in Web Browsers

Thomas Rokicki, Clémentine Maurice, Marina Botvinnik, Yossi Oren
Accepted at the Asia Conference on Computer and Communications Security (AsiaCCS) 2022

SoK: In Search of Lost Time: A Review of JavaScript Timers in Browsers

Thomas Rokicki, Clémentine Maurice, Pierre Laperdrix
Accepted at the European Symposium on Security and Privacy (EuroS&P) 2021

Teaching

2021-2022

  • Network Security
    Cyberschool (Université Rennes 1) - M1
    Lab sessions (TP) - 14 hours
  • Micro-architectural Side-Channels
    INSA Rennes - M2 Cybersecurity
    Lab sessions (TP) and project - 12 hours

2020-2021

  • Introduction to Programming
    ISTIC (Université Rennes 1) - L1
    Lab sessions (TP) - 20 hours
  • Micro-architectural Side-Channels
    INSA Rennes - M2 Cybersecurity
    Lab sessions (TP) and project - 10 hours

2019-2020

  • Introduction to Programming
    ISTIC (Université Rennes 1) - L1
    Lab sessions (TP) - 20 hours
  • Software engineering
    ISTIC (Université Rennes 1) - L2
    Lab sessions (TP) and project - 40 hours

Talks and presentations

2022

  • PhD Defense : Side channels in web browsers: application to security and privacy
    Rennes, France

2022

  • ESORICS 2022 : Port contention without SMT
    Copenhagen, Denmark

2022

  • AsiaCCS22 : Port contention in the browsers
    Nagasaki, Japan

2022

  • SOSYSEC seminar : Port contention in the browsers
    Cybersecurity seminar organized by the french General Direction of Armaments (DGA) and INRIA, more information here
    Rennes, France

2021

  • EuroS&P 2021: In Search of Lost Time: A Review of JavaScript Timers in Browsers
    Vienna, Austria Virtual event

2021

  • Pass The Salt 2021: In Search of Lost Time: A Review of JavaScript Timers in Browsers
    Free software and security conference, more information here
    Lille, France Virtual event

2021

  • SPIRALS seminar: In Search of Lost Time: A Review of JavaScript Timers in Browsers
    Team seminar of the SPIRALS team
    Lille, France Virtual event