Scientific foundations

Vulnerability management

Tags:,,,

Vulnerabilities are flaws exposed by a system that can be potentially exploited to alter the normal operation of the exposed system. Vulnerabilities are part of most of today's deployed systems. They have different roots: errors in the specification of a service, bugs in an implementation or mistakes in the configuration. We are interested in building novel algorithms to find vulnerabilities. We do also investigate methods to protect exposed systems against the exploitation of vulnerabilities linked to Internet related communication protocols.

In the vulnerability discovery process we design advanced fuzzing methods able to reveal vulnerabilities in deep states of protocol engines. To protect systems against malicious exploitation we investigate near real-time risk management approaches to dynamically adapt the exposure of systems to an evaluated threat level so as to minimize the the risk. We are also interested in the design of advanced protection schemes including firewalls and attacker costly counter-measures.

Large scale monitoring

Tags:,,

Monitoring is concerned with collecting data over time from/about a target system so as to be aware of its state and/or operation. Monitoring challenges range from the design of probes to the design of algorithms able to exploit the collected data for a given purpose (security, troubleshooting, ...). We are interested in the design of distributed monitoring architectures and algorithms able to dynamically monitor large scale highly dynamic environments.

The design of appropriate monitoring approaches highly depends on the target system. In massively distributed environments like for example P2P networks or large sensor networks, we design distributed monitoring approaches able to efficiently collect the necessary information with a minimal cost. We do also design monitoring solutions able to identify malicious behavior. This includes the use of machine learning techniques for anomaly detection as well as for automated fingerprinting.

Network-wide configuration

Tags:Netconf?,,

Configuration deals with the setting of writable parameters of a system to bring it into a specific state. Configuration is a core function in any network and can take multiple forms ranging from fully autonomic distributed self-configuration of devices to planned, large scale d-day synchronized configuration of multiple entities.

Our research deals with both ends of the configuration range. We are investigating both configuration protocols (Netconf) and configuration data models (YANG) that represent in a structured way the configuration parameters of a system. Most studies on system failures show that most problems occur due to errors in the setting of the configuration parameters of the target systems. We are especially interested in providing the necessary models to build safe configurations.

Tags:,, In highly dynamic networks, we are interested in studying the properties and improving the performance of configuration protocols. Adaptation to the environment and piggybacking running protocols of major interest in our studies.

Dynamic networks co-simulation

Tags:

Validating communication protocols in environments where the behavior of human beings and the environment greatly influences the structure of the system under study is a complex task. Models and efficient simulation environments exist in both worlds : network protocols simulation (ns-2, ns-3) and behavioral simulators (human mobility simulators, crowds behaviors, ...).

We are interested in the design of rich simulation environments that can benefit from the coupling of multiple specific simulation environments each dedicated to a precise and efficient simulation of a subset of the overall addressed problem. Of particular interest to the team are co-simulation environments integrating network simulation and Multi-agent systems based environment and actors behavior simulators.

Publications

2011

2010 , 2009 , 2008 , 2007