International projects

CISCO Systems IPv6 renumbering and transition

In a first phase of the project we have designed a set of novel monitoring, self-configuration and self-protection schemes to secure the renumbering phase within an IPv6 network. In a second phase, we do revisit and investigate the self-management capabilities in the root scenario of IPv6 deployment, namely transition.

Alcatel-Lucent Bellabs/INRIA joint laboratory

This joint lab brings together research teams from INRIA and Alcatel Lucent Bell Labs for addressing the key challenges of autonomous networking in three critical areas: semantic networking, high manageability and self-organized networks.

Our activity is part of the joint initiative dedicated to high manageability, and focuses on security management aspects with the Alcatel-Lucent Bell Labs teams on network security. Our work in this joint lab concerns the automation of security management. It includes a first activity related to fuzzing, which includes the improvement of the KiF framework as well as the design of novel fuzzing models for Alcatel-Lucent specific protocols. A second activity of the joint lab aims at investigating to what extent risk management strategies can be applied to VoIP infrastructures. The objective is to design and experiment dynamic risk management methods and techniques for voice oriented critical services.

European projects

FP7 PPP Fi-ware

The Fi-ware project is a european public private partnership project which aims at delivering a novel service infrastructure, building upon elements (called Generic Enablers) which offer reusable and commonly shared functions making it easier to develop Future Internet Applications in multiple sectors.

The team contributes to the fi-ware architecture with the 3 following assets: (1) a 6lowpan fuzzer, (2) an Oval vulnerability management engine and (3) a smart-phone level flow monitoring probe.

FP7 Univerself

This FP7 european integrated project aims at consolidating the autonomic methods and techniques supporting the management of the future Internet, and at integrating these methods into a unified management framework. Our contribution to this framework is to address the management issues of the evolving Internet through the self-organisation of the control plane and the empowerment of the management plane with cognition.

Our work in the Univerself project mainly concerns the security and safety challenges posed by the unified management framework, in particular the prevention of configuration vulnerabilities. We are particularly interested in the recent standardization efforts done for specifying the description of configuration vulnerabilities (Open Vulnerability Assessment Language). We do also consider the large variety of techniques already proposed in the area of change management, such as techniques for evaluating the impact of a change or for assessing the risks associated to that change.

FP7 SCAMSTOP

In traditional telecommunication, various experts estimate that fraud accounts for annual losses at an average of 5\% of the operators revenue and still increasing at a rate of more than 10 percent yearly. Hence, with the openness and low cost structure of voice over IP (VoIP) service one can expect an even higher threat of fraud and higher losses of revenue making fraud and misuse of services one of the main challenges to VoIP providers. Fraud detection has been an active research and development area in the world of banking and credit card industry. In the VoIP area, there is still hardly any research or products that can assist providers in detecting anomalous behaviour. To fill in this gap, SCAMSTOP will provide a complete framework/solution for automatic fraud detection that alarms providers when suspicious behaviour is detected. The design of the SCAMSTOP fraud detection tools will be based on two aspects. On the one side, SCAMSTOP will use well known methods for statistical behavioural modelling and anomaly detection that have proven their efficiency in the area of credit card, banking and telecommunication and apply them to Internet telephony services. Of special interest here is characterizing the normal usage behaviour while taking into consideration the offered service plans and service structure. On the other side, innovative approaches based on multi-protocol event correlation that takes into account the specific nature of VoIP protocols and components will be developed. This solution will not only be designed to achieve a high detection rate but it will also be optimized to be resource efficient as well. To assess the efficiency and usability of the developed tools and mechanisms, the SCAMSTOP fraud detection system will be intensively tested and probed throughout the project. The consortium is a healthy mixture of SMEs including VoIP service provider, VoIP security and signalling products manufacturers as well as reputed research organizations.

FP6 EMANICS Network of Excellence

EMANICS is an FP6 Network of Excellence which brings together most of the best european research teams on management. It is built around 13 research teams and one financial coordination entity and led by Olivier Festor. The network aims at shaping the European research in the area of device, network and service management to provide the necessary coordination and integration so as to enable the participants, while maintaining and enhancing their excellence in their respective field, to contribute in a unified way to the design of management solutions covering all of the challenges arising in this field.

EMANICS has been running for four and a half years and has reached many great successes in the area of researchers and community integration, joint research results, outstanding publications quality and score, standard contributions, operational testbeds, visibility and recognition. Details on the networks and its achievements can be found on the network  Web site. The final evaluation took place in april 2010. For the fourth time in a row, the network received the highest mark a project can get in an evaluation stating that it did fully achieve its objectives and technical goals for the period and that it has largely exceeded expectations.

National projects

ANR VAMPIRE

VAMPIRE is a research project funded by the French Research Agency (ANR, VERSO ANR-08-VERS-017) coordinated by the team. The goal of the project to investigate new vulnerability issues induced by Voice Over IP (VoIP) protocols and web2.0. Madynes has the lead on this project.

In this project work on the deising of a framework for protocol fuzzing (test by fault injection) with a better feedback than the simple ping usually used in the domain. A grey-box approach is proposed which uses tainted data analysis to observe the impact on memory of an injection of one or several protocol message. More informations are extracted to build graph where node a tainted memory states and edges sequences of system calls that leads to the states. On these informations some metrics can be calculated and they allows comparisons of sequences of injections generated by several fuzzers (sequences generators). These informations also give feedback to the generation process in order to get a better test coverage for a given quantity of injections.

ANR MAPE

MAPE (Measurement and Analysis of Peer-to-peer Exchanges for pedocriminality fighting and traffic profiling) is a research project funded by the French Research Agency (ANR). The goal of the project is to measure and analyze peer-to-peer exchanges for paedocriminality fighting and traffic profiling.

The main MADYNES contributions to this project are related to the active measurements and the analysis at the application level. The active measurement requires the design of a distributed measurement infrastructure, in order to achieve the best complementarity among the different measurement clients.

ACDA P2P (GIS 3S project)

ACDA P2P (Approche collaborative pour la détection d'attaques dans les réseaux pair à pair) is a research project funded by the GIS 3SGS which aims at strengthening and developing a multidisciplinary community in the field of the surveillance, of the safety and of the safety(security) of the big systems.

The goal of this project is to propose a new monitoring architecture, which is able to observe the peers behavior and to collect measurements relevant to detect attacks while not being intrusive and detectable. KAD and BitTorrent will be studied as target P2P networks. We focus more specifically on collaboration between distributed probes in charge of directly detecting attacks if possible, or collecting data for a further analyzis. This collaboration induces new challenges:

  • coordination of collected measurements in order to have a global view of the network;
  • design of indicators revealing a malicious behavior;
  • optimization of data collection through learning methods;
  • security issues to avoid vulnerabilities and weaknesses.

RTLS Fireflies

As part of our effort in Pervasive Computing research, we've started to work with Firelies RTLS, a French startup specialized in advanced geolocation services. They aim at providing long-term and resilient location service for high value assets using active RFID tags.

Our contributions to this project are an improved localization engine for one hop distant tags (distance from an anchor) and an SNMP compliant management framework for monitoring Fireflies tags.