Laboratoire d’analyse et d’architecture des systèmes
Y.A.PIGNOLET, S.SCHMID, G.TREDAN
ABB CRC, Switzerland, AAU, TSF
Manifestation avec acte : ACM Sigmetrics 2018 du 18 juin au 22 juin 2018, Irvine (USA), Juin 2018, 28p. , N° 18057
Fault-tolerant computer networks rely on mechanisms supporting the fast detection of link failures. Tomo-graphic techniques can be used to implement such mechanisms at low cost: it is often sufficient to deploy a small number of tomography nodes exchanging probe messages along paths between them and detect link failures based on these messages. Our paper studies a practically relevant aspect of network tomography: the impact of the routing model. While the relevance of the routing model on path diversity and hence tomog-raphy cost is obvious and well-known on an anecdotal level, we lack an analytical framework to quantify the influence of different routing models (such as destination-based routing) exists. This paper fills this gap and introduces a formal model for asymmetric network tomography and a taxonomy of path routing models. This facilitates algorithmic reasoning about tomographic placement problems and quantifying the difference between routing models. In particular, we provide optimal and near-optimal algorithms to deploy a minimal number of asymmetric and symmetric tomography nodes for basic network topologies (modelled as graphs) under different routing model classes. Interestingly, we find that in many cases routing according to a more restrictive routing model gives better results: compared to a more general routing model, computing a good placement is algorithmically more tractable and does not entail high monitoring costs, a desirable trade-off in practice.
C.SAUVANAUD, M.KAANICHE, K.KANOUN, K.LAZRI, G.DA SILVA SILVESTRE
TSF, Orange Labs, , ENAC
Revue Scientifique : Journal of Systems and Software, Vol.139, pp.84-106, Mai 2018 , N° 18058
The dependability of cloud computing services is a major concern of cloud providers. In particular, anomaly detection techniques are crucial to detect anomalous service behaviors that may lead to the violation of service level agreements (SLAs) drawn with users. This paper describes an anomaly detec- tion system (ADS) designed to detect errors related to the erroneous behavior of the service, and SLA violations in cloud services. One major objective is to help providers to diagnose the anomalous virtual machines (VMs) on which a service is deployed as well as the type of error associated to the anomaly. Our ADS includes a system monitoring entity that collects software counters characterizing the cloud service, as well as a detection entity based on machine learning models. Additionally, a fault injection entity is integrated into the ADS for the training the machine learning models. This entity is also used to validate the ADS and to assess its anomaly detection and diagnosis performance. We validated our ADS with two case studies deployments: a NoSQL database, and a virtual IP Multimedia Subsystem developed implementing a virtual network function. Experimental results show that our ADS can achieve a high detection and diagnosis performance
Manifestation avec acte : Les journées DEVS francophones ( JDF ) 2018 du 29 avril au 05 mai 2018, Cargèse (France), Avril 2018 , N° 18062
L.MASSON, J.GUIOCHET, H.WAESELYNCK, K.CABRERA CASTILLOS, S.CASSEL, M.TORNGREN
TSF, Uppsala, KTH
Manifestation avec acte : Nasa Formal Methods ( NFM ) 2018 du 17 avril au 19 avril 2018, Newport News (USA), Avril 2018, 8p. , N° 17416
Robots and autonomous system have become a part of our everyday life, therefore guaranteeing their safety is a crucial issue. Among the possible methods for guaranteeing safety, monitoring is widely used, but few methods exist to generate safety rules to implement such monitors. Particularly, building safety monitors that do not constrain excessively the system's ability to perform its tasks is necessary as those systems operate with few human interventions. We propose in this paper a method to take into account the system's desired tasks in the specification of strategies for monitors and apply it to a case study. We show that we can synthesize a more important number of strategies and we facilitate the reasoning about the trade-off between safety and function-alities.
Manifestation avec acte : Annual ACM Symposium on Applied Computing ( ACM-SAC ) 2018 du 09 avril au 13 avril 2018, Pau (France), Avril 2018, 13p. , N° 18053
This article presents a schedulability analysis for real-time systems designed under the Logical Execution Time (LET) assumption. This assumption increases the predictability of real-time systems by separating time events from scheduling events. A toolchain based on the formal language Fiacre combined with the LET assumption is designed to organize a set of tools to model, verify, and generate code. In this context, an exact brute-force schedulability analysis based on a simulation is proposed. The tools and algorithms to manage the computation are described and a speedup is proposed. An experiment on a synthetic system shows the efficiency of this approach.
B.CUAN, A.DAMIEN, C.DELAPLACE, M.VALOIS
INSA Lyon, TSF, CRIStAL, GREYC
Rapport LAAS N°18030, Mars 2018, 16p.
In this report we present how we used machine learning techniques to detect malicious behaviours in PDF files. At this aim, we first set up a SVM (Support Machine Vector) classifier that was able to detect 99.7% of malware. However, this classifier was easy to lure with malicious PDF, we forged to make them look like clean ones. We first proposed a very naive attack, that was easily stopped by the establishment of a threshold. We also implemented a gradientdescent attack to evade this SVM. This attack was almost 100% successful. In order to fix this problem, we provided counter-measures to the latter attack. A more elaborated features selection, and the use of a threshold, allowed us to stop up to 99.99% of these attacks. Finally, using adversarial learning techniques, we were able to prevent gradient descent attacks by iteratively feeding the SVM with malicious forged PDF. We found that after 3 iterations, every gradient-descent forged PDF were detected, completely preventing the attack.
M.LAUER, M.AMY, J.C.FABRE, M.ROY, W.EXCOFFON, M.STOICESCU
Revue Scientifique : Journal of Software: Evolution and Process, 18p., Mars 2018 , N° 17555
Computer-based systems are now expected to evolve during their service life in order to cope with changes of various nature, ranging from evolution of user needs, e.g., additional features requested by users, to system configuration changes, e.g., modifications in available hardware resources. When considering resilient embedded systems that must comply with stringent dependability requirements, the challenge is even greater, as evolution must not impair dependability attributes. Maintaining dependability properties when facing changes is, indeed, the exact definition of resilient computing. In this paper, we consider the evolution of systems with respect to their dependability mechanisms, and show how such mechanisms can evolve with the system evolution, in the case of ROS, the Robot Operating System. We provide a synthesis of the concepts required for resilient computing using a component-based approach. We particularly emphasize the process and the techniques needed in order to implement an adaptation layer for fault tolerance mechanisms. In the light of this analysis, we address the implementation of Adaptive Fault Tolerance (AFT) on ROS (Robot Operating System) in two steps: firstly, we provide an architecture to implement fault tolerance mechanisms in ROS, and secondly, we describe the actual adaptation of fault tolerance mechanisms in ROS. Beyond the implementation details given in the paper, we draw the lessons learned from this work and discuss the limits of this run-time support to implement AFT features in embedded systems.
M.MACHIN, J.GUIOCHET, H.WAESELYNCK, J.P.BLANQUART, M.ROY, L.MASSON
Revue Scientifique : IEEE Transactions on Systems, Man, and Cybernetics: Systems, 14p., Février 2018, doi 10.1109/TSMC.2016.2633291 , N° 17013
Safety critical systems with decisional abilities, such as autonomous robots, are about to enter our everyday life. Nevertheless, confidence in their behavior is still limited, particularly regarding safety. Considering the variety of hazards that can affect these systems, many techniques might be used to increase their safety. Among them, active safety monitors are a means to maintain the system safety in spite of faults or adverse situations. The specification of the safety rules implemented in such devices is of crucial importance, but has been hardly explored so far. In this paper, we propose a complete framework for the generation of these safety rules based on the concept of safety margin. The approach starts from a hazard analysis, and uses formal verification techniques to automatically synthesize the safety rules. It has been successfully applied to an industrial use case, a mobile manipulator robot for co-working.
Doctorat : INSA de Toulouse, 13 Février 2018, 135p., Président: E.BONJOUR, Rapporteurs: C.MERLO, B.ROSE, Examinateurs: M.ZOLGHADRI, Directeurs de thèse: C.BARON, P.ESTEBAN , N° 18079
La mesure de la performance est l’une des nombreuses activités de la gestion de projet, elle contribue à assurer le succès du projet. Pour atteindre ce but, les entreprises ont besoin de déterminer un système de mesures de la performance. Ces mesures fournissent au chef de projet l’état de santé du projet et l’aide à évaluer s’il a atteint ou va atteindre ses objectifs. Néanmoins, avec la complexité croissante des projets et la nécessité économique absolue d’atteindre les objectifs, les chefs de projets ne peuvent plus se contenter de superviser les coûts et le planning pour évaluer la performance du projet. Ils ont besoin de considérer par exemple d’autres indicateurs comme la satisfaction des exigences du client, la maturité de la technologie, etc. De plus, ils ont besoin d’avoir une évaluation précise des valeurs de ces indicateurs tout au long du projet et pas uniquement à la fin, pour monitorer au mieux le projet afin qu’il atteigne ses objectifs. Pour satisfaire ces nouveaux besoins, les objectifs de cette thèse sont d’étendre le nombre d’indicateurs génériques et de diversifier le type des indicateurs, ainsi que de proposer une méthode pour concevoir des indicateurs spécifiques à un projet. Pour cela, nous procédons par l’intégration de bonnes pratiques pour la mesure de performance issues de plusieurs domaines de l’ingénierie, et illustrons nos propositions sur des cas pratiques. Ce rapport introduit la notion de performance et caractérise les systèmes de mesure de performance, en mettant notamment en évidence un emploi non cohérent de la terminologie selon les sources. Il identifie plusieurs limitations des systèmes de mesure de performance actuels et souligne notamment le besoin d’étendre le nombre et le type des indicateurs, et de construire des indicateurs de performance spécifiques et pertinents pour chaque projet. Une étude bibliographique sur la mesure de la performance dans les domaines de l’ingénierie, notamment en ingénierie système, montre que la mesure de performance est particulièrement bien développée dans cette dernière discipline, avec une offre de 18 indicateurs génériques avancés permettant une grande proactivité. La thèse propose de ce fait d’adapter ces indicateurs au management de projets, résultant en la définition d’un ensemble d’indicateurs étendu et diversifié pour la mesure de performance. Par ailleurs, l’étude des normes et guides en ingénierie système et logicielle (Practical Software and System Measurement, ISO/IEC 15939) nous amène à identifier d’autres besoins, comme la création dynamique d’indicateurs ad hoc qu’il est nécessaire de définir en cours de projet afin évaluer certains risques spécifiques, et soulève de nouvelles difficultés, comme la collecte et la manipulation des données pour la construction des indicateurs. Pour y répondre, ce rapport propose donc également une méthode guidant la construction dynamique d’indicateurs spécifiques. Celle-ci, illustrée dans le mémoire sur un cas concret de projet, a été validée par un panel d’experts.
Performance measurement is essential to ensure the success of a project. To this goal, companies need to determine a system of performance measures, classically including cost and schedule measures, which provide the project manager with the project health status and help her or him to evaluate the project successes and failures. However, with the increasing complexity of projects and the absolute necessity to reach the project objectives, project managers cannot only rely on such information about cost and schedule to evaluate the project performance; they need to consider, for instance, other indicators such as the satisfaction of customer requirements, the technology maturity, etc. Moreover, they need to have a precise evaluation of these indicators values while the project is in progress, in order to monitor it at best so that it reaches its goals, and not only after the project ends, to only conclude on the project success or failure without any mean to react. Considering these two issues, the objectives of the thesis thus are to extend the number, scope and type of current project performance indicators with a proposal of complementary indicators, and to propose a method for designing project-specific indicators, in order to improve project performance measurement. To define supplementary indicators and elaborate such a method, we proceed by integrating good measurement practices from different engineering disciplines and illustrate our proposal on use cases. The thesis first introduces the notion of performance and characterizes performance measurement systems (PMSs); such systems offer a wide panel of models for organizational performance measurement. Focusing on PMSs, we provide some insights for project performance measurement. More precisely, we identify several issues highlighted in literature, relative to the limitations of current project performance measurement such as the need to balance lagging indicators (to control) with leading indicators (to monitor), and the need to construct performance indicators that are relevant to project-specific information needs. We then focus on project performance measurement and reviews literature in this domain. It highlights the issue of the unbalanced use of leading and lagging indicators. To bring a solution to the issue, we review literature of performance measurement in engineering disciplines, with a focus on systems engineering practices, especially a panel of 18 generic leading indicators that are currently engineered in guidance. A method has been proposed to adapt the set of systems engineering leading indicators to project management, thus resulting in developing the set of indicators to measure project performance. Moreover, focusing on standards and guides on measurement in systems and software engineering led us to identify other issues in project performance measurement, such as the difficulties to define indicators dynamically for a project, and how to collect and combine data in order to construct these indicators. We finally consider the methodological difficulties about designing relevant performance indicators. More precisely, we identify 3 issues: different opinions among researchers about the sources from where the indicators will be derived; the problem in relation to the transformation from data to indicators; and the association of data collection, analysis and report with project management processes. To solve these issues, we analyze good practices from the Practical Software and Systems Measurement, the ISO/IEC 15939 norm and the Project Management Body of Knowledge that proved to be able to address the identified issues respectively. This work results in a method integrating these practices to address the 3 identified issues in project performance measurement. The method is illustrated on a real project context. Evaluation of the method has been conducted in workshop of project managers, which confirmed the interest for the proposal.
W.EXCOFFON, J.C.FABRE, M.LAUER
Manifestation avec acte : Embedded Real Time Software and Systems ( ERTS² ) 2018 du 31 janvier au 02 février 2018, Toulouse (France), Février 2018, 8p. , N° 18044
A system that remains dependable when facing changes (new threats, failures, updates) is called resilient. The fast evolution of systems, including embedded systems, implies modifications of applications and system configuration, in particular at software level. Such changes may have an impact on the dependability of the system. A system is resilient when such changes do not invalidate its dependability mechanisms, said in a different way, current dependability mechanisms remain appropriate despite changes. In this paper we introduce some measures to quantify the capability of a system to remain dependable despite changes, i.e. how resilient it is!