Embedded Rust & Secure Software Updates for Low-Power Open Source Distributed System Software

The Inria Saclay-Île-de-France Research Centre was established in 2008. It has developed as part of the Saclay site in partnership with Paris-Saclay University and with the Institut Polytechnique de Paris .

The centre has 39 project teams , 27 of which operate jointly with Paris-Saclay University and the Institut Polytechnique de Paris; Its activities occupy over 600 people, scientists and research and innovation support staff, including 44 different nationalities.

In the context of the RIOT-rs project (as well as RIOT) and in partnership with Continental on secure IoT software updates, this position will focus on designing and leading the development of cybersercure open source buidling blocks for an embedded software platform : a Rust-based, general-purpose OS running on heterogeneous low-power 32-bit microcontrollers (Arm Cortex-M, RISC-V, ESP32...).

Low-power devices embarking such microcontrollers are typically connected to the network via various low-power wireless techniques (BLE, 802.15.4, LoRa...) and low-power IPv6 secure protocol stacks. Recently, new standards have been specified in this domain, including the protocols necessary for SUIT-compliance, the new state-of-the-art regarding IoT software update security. In parallel, the development and integration of various relevant or upcoming cryptographic libraries (in particular NIST contenders) has become necessary to prepare for next-generation, post-quantum attacks.

For further reading, see the output of RIOT-fp, a cybersecurity research project w.r.t. which the work envisionned here will be a follow-up.

Several positions are available! They will remain open until they are filled.

Collaboration :
The recruited person will be in connection with, RIOT-rs developers, the RIOT open source community, as well as Inria researchers in the domain of secure low-power IoT, cryptography and formal verification.

Responsibilities :
Depending on the profile, the recruited person will either be responsible for core embedded OS development, for the necessary protocols SUIT software update security, or for the integration of various relevant cryptographic libraries and primitives.

Steering/Management :
The person recruited will be in charge of steering the developer community snowballing around the open source code base.

Main activities:
- propose architecturesfor Rust rewrites for RIOT building blocks, as well as novel building blocks
- implementation, documentation and CI of embedded Rust modules
- interact with cryptography experts and formal verification experts
- interact with secure low-power IoT network protocols experts
- upstreaming and steering of open source communities

Technical Skills
  - embedded C/Rust
  - git
  - make
  - open source software workflows
  - RTOS or bare-metal experience on 32-bit microcontrollers such as ARM Cortex-M, RISC-V, ESP32
  - cybersecurity basics (communication protocols, cryptography)

Non-Technical / Soft skills
  - distributed team work
  - good english skills (written, spoken, read)
  - consensus building

• Subsidized meals
• Partial reimbursement of public transport costs
• Leave: 7 weeks of annual leave + 10 extra days off due to RTT (statutory reduction in working hours) + possibility of exceptional leave (sick children, moving home, etc.)
• Possibility of teleworking and flexible organization of working hours
• Professional equipment available (videoconferencing, loan of computer equipment, etc.)
• Social, cultural and sports events and activities
• Access to vocational training
• Social security coverage

According to experience