Laboratoire d’analyse et d’architecture des systèmes
Y.A.PIGNOLET, S.SCHMID, G.TREDAN
ABB CRC, Switzerland, AAU, TSF
Manifestation avec acte : ACM Sigmetrics 2018 du 18 juin au 22 juin 2018, Irvine (USA), Juin 2018, 28p. , N° 18057
Fault-tolerant computer networks rely on mechanisms supporting the fast detection of link failures. Tomo-graphic techniques can be used to implement such mechanisms at low cost: it is often sufficient to deploy a small number of tomography nodes exchanging probe messages along paths between them and detect link failures based on these messages. Our paper studies a practically relevant aspect of network tomography: the impact of the routing model. While the relevance of the routing model on path diversity and hence tomog-raphy cost is obvious and well-known on an anecdotal level, we lack an analytical framework to quantify the influence of different routing models (such as destination-based routing) exists. This paper fills this gap and introduces a formal model for asymmetric network tomography and a taxonomy of path routing models. This facilitates algorithmic reasoning about tomographic placement problems and quantifying the difference between routing models. In particular, we provide optimal and near-optimal algorithms to deploy a minimal number of asymmetric and symmetric tomography nodes for basic network topologies (modelled as graphs) under different routing model classes. Interestingly, we find that in many cases routing according to a more restrictive routing model gives better results: compared to a more general routing model, computing a good placement is algorithmically more tractable and does not entail high monitoring costs, a desirable trade-off in practice.
U.M.AIVODJI, K.HUGUENIN, M.J.HUGUET, M.O.KILLIJIAN
TSF, HEC Lausanne, ROC
Manifestation avec acte : ACM Conference on Security and Privacy in Wireless and Mobile Networks ( WiSec ) 2018 du 18 juin au 20 juin 2018, Stockholm (Suède), Juin 2018 , N° 18094
C.SAUVANAUD, M.KAANICHE, K.KANOUN, K.LAZRI, G.DA SILVA SILVESTRE
TSF, Orange Labs, , ENAC
Revue Scientifique : Journal of Systems and Software, Vol.139, pp.84-106, Mai 2018 , N° 18058
The dependability of cloud computing services is a major concern of cloud providers. In particular, anomaly detection techniques are crucial to detect anomalous service behaviors that may lead to the violation of service level agreements (SLAs) drawn with users. This paper describes an anomaly detec- tion system (ADS) designed to detect errors related to the erroneous behavior of the service, and SLA violations in cloud services. One major objective is to help providers to diagnose the anomalous virtual machines (VMs) on which a service is deployed as well as the type of error associated to the anomaly. Our ADS includes a system monitoring entity that collects software counters characterizing the cloud service, as well as a detection entity based on machine learning models. Additionally, a fault injection entity is integrated into the ADS for the training the machine learning models. This entity is also used to validate the ADS and to assess its anomaly detection and diagnosis performance. We validated our ADS with two case studies deployments: a NoSQL database, and a virtual IP Multimedia Subsystem developed implementing a virtual network function. Experimental results show that our ADS can achieve a high detection and diagnosis performance
Y.BACHY, V.NICOMETTE, M.KAANICHE, E.ALATA
Rapport LAAS N°18092, DOI 10.1007/s11416-018-0320-3, Avril 2018, 16p.
This paper focuses on the security threats related to smart-TV communication channels. A risk analysis is carried out to have a global view of potential risks that need to be addressed in the context of Smart-TV communication links. The feasibility of several identified risks is investigated experimentally. The experiments show some relevant security-related vulnerabili-ties on Smart-TV communications channels. Countermeasures to address these vulnerabilities are also investigated .
L.MASSON, J.GUIOCHET, H.WAESELYNCK, K.CABRERA CASTILLOS, S.CASSEL, M.TORNGREN
TSF, Uppsala, KTH
Manifestation avec acte : Nasa Formal Methods ( NFM ) 2018 du 17 avril au 19 avril 2018, Newport News (USA), Avril 2018, 8p. , N° 17416
Robots and autonomous system have become a part of our everyday life, therefore guaranteeing their safety is a crucial issue. Among the possible methods for guaranteeing safety, monitoring is widely used, but few methods exist to generate safety rules to implement such monitors. Particularly, building safety monitors that do not constrain excessively the system's ability to perform its tasks is necessary as those systems operate with few human interventions. We propose in this paper a method to take into account the system's desired tasks in the specification of strategies for monitors and apply it to a case study. We show that we can synthesize a more important number of strategies and we facilitate the reasoning about the trade-off between safety and function-alities.
M.LAUER, M.AMY, J.C.FABRE, M.ROY, W.EXCOFFON, M.STOICESCU
Revue Scientifique : Journal of Software: Evolution and Process, 18p., Mars 2018 , N° 17555
Computer-based systems are now expected to evolve during their service life in order to cope with changes of various nature, ranging from evolution of user needs, e.g., additional features requested by users, to system configuration changes, e.g., modifications in available hardware resources. When considering resilient embedded systems that must comply with stringent dependability requirements, the challenge is even greater, as evolution must not impair dependability attributes. Maintaining dependability properties when facing changes is, indeed, the exact definition of resilient computing. In this paper, we consider the evolution of systems with respect to their dependability mechanisms, and show how such mechanisms can evolve with the system evolution, in the case of ROS, the Robot Operating System. We provide a synthesis of the concepts required for resilient computing using a component-based approach. We particularly emphasize the process and the techniques needed in order to implement an adaptation layer for fault tolerance mechanisms. In the light of this analysis, we address the implementation of Adaptive Fault Tolerance (AFT) on ROS (Robot Operating System) in two steps: firstly, we provide an architecture to implement fault tolerance mechanisms in ROS, and secondly, we describe the actual adaptation of fault tolerance mechanisms in ROS. Beyond the implementation details given in the paper, we draw the lessons learned from this work and discuss the limits of this run-time support to implement AFT features in embedded systems.
B.CUAN, A.DAMIEN, C.DELAPLACE, M.VALOIS
INSA Lyon, TSF, CRIStAL, GREYC
Rapport LAAS N°18030, Mars 2018, 16p.
In this report we present how we used machine learning techniques to detect malicious behaviours in PDF files. At this aim, we first set up a SVM (Support Machine Vector) classifier that was able to detect 99.7% of malware. However, this classifier was easy to lure with malicious PDF, we forged to make them look like clean ones. We first proposed a very naive attack, that was easily stopped by the establishment of a threshold. We also implemented a gradientdescent attack to evade this SVM. This attack was almost 100% successful. In order to fix this problem, we provided counter-measures to the latter attack. A more elaborated features selection, and the use of a threshold, allowed us to stop up to 99.99% of these attacks. Finally, using adversarial learning techniques, we were able to prevent gradient descent attacks by iteratively feeding the SVM with malicious forged PDF. We found that after 3 iterations, every gradient-descent forged PDF were detected, completely preventing the attack.
M.MACHIN, J.GUIOCHET, H.WAESELYNCK, J.P.BLANQUART, M.ROY, L.MASSON
Revue Scientifique : IEEE Transactions on Systems, Man, and Cybernetics: Systems, 14p., Février 2018, doi 10.1109/TSMC.2016.2633291 , N° 17013
Safety critical systems with decisional abilities, such as autonomous robots, are about to enter our everyday life. Nevertheless, confidence in their behavior is still limited, particularly regarding safety. Considering the variety of hazards that can affect these systems, many techniques might be used to increase their safety. Among them, active safety monitors are a means to maintain the system safety in spite of faults or adverse situations. The specification of the safety rules implemented in such devices is of crucial importance, but has been hardly explored so far. In this paper, we propose a complete framework for the generation of these safety rules based on the concept of safety margin. The approach starts from a hazard analysis, and uses formal verification techniques to automatically synthesize the safety rules. It has been successfully applied to an industrial use case, a mobile manipulator robot for co-working.
W.EXCOFFON, J.C.FABRE, M.LAUER
Manifestation avec acte : Embedded Real Time Software and Systems ( ERTS² ) 2018 du 31 janvier au 02 février 2018, Toulouse (France), Février 2018, 8p. , N° 18044
A system that remains dependable when facing changes (new threats, failures, updates) is called resilient. The fast evolution of systems, including embedded systems, implies modifications of applications and system configuration, in particular at software level. Such changes may have an impact on the dependability of the system. A system is resilient when such changes do not invalidate its dependability mechanisms, said in a different way, current dependability mechanisms remain appropriate despite changes. In this paper we introduce some measures to quantify the capability of a system to remain dependable despite changes, i.e. how resilient it is!
J.DUCHENE, C.LE GUERNIC, E.ALATA, V.NICOMETTE, M.KAANICHE
TSF, INRIA Rennes
Revue Scientifique : Journal of Computer Virology and Hacking Techniques, Vol.14, N°1, pp.53-68, Février 2018, doi 10.1007/s11416-016-0289-8 , N° 17109
Communication protocols enable structured information exchanges between different entities. A description, at different levels of detail, is necessary for many applications, such as interoperability or security audits. When such a description is not available, one can resort to protocol reverse engineering to infer the format of exchanged messages or a model of the protocol. During the past 12 years, several tools have been developed in order to automate, entirely or partially, the protocol inference process. Each of those tools has been developed with a specific application goal for the inferred model, leading to specific needs, and thus different strengths and limitations. After identifying key challenges, the paper presents a survey of protocol reverse engineering tools developed in the last decade. We consider tools focusing on the inference of the format of individual messages or of the grammar of sequences of messages. Finally, we propose a classification of these tools according to different criteria, that is aimed at providing relevant insights about the techniques used by each of these tools and comparatively to other tools, for the classification of messages, the inference of their format or of the grammar of the protocol. This classification also permits to identify technical areas that are not sufficiently explored so far and that require further development in the future.