The goal of the MADYNES research group is to design, to validate and to deploy novel management and security paradigms together with supporting software architectures and solutions that are able to cope with the growing dynamicity and the scalability issues induced by the ubiquitous Internet.
The project develops applied research activities in the following areas:
Autonomous Management:
the design of models and methods enabling self-organization and self-management of networked entities and services,
the evaluation of management architectures based on peer-to-peer and overlay principles,
the investigation of novel approaches to the representation of management information,
the modeling and performance evaluation of dynamic networks.
Functional Areas instantiate autonomous management functions:
the security plane where we focus on building closed-loop approaches to protect networking assets,
the service configuration where we aim at providing solutions covering the delivery chain from device discovery to QOS-aware delivery in dynamic networks,
monitoring where we aim at building solutions to characterize and detect unwanted service behavior.
The next generation Internet is the main application field of our research. Its architecture and the services that it is planned to support offer all dynamic and scalability features that we address in the complementary research directions of the project.
The foundation of the MADYNES research activity is the ever increasing need for automated monitoring and control within networked environments. This need is mainly due to the increasing dependency of both people and goods towards communication infrastructures as well as the growing demand towards services of higher quality. Because of its strategic importance and crucial requirements for interoperability, the management models were constructed in the context of strong standardization activities by many different organizations over the last 15 years. This has led to the design of most of the paradigms used in today's deployed approaches. These paradigms are the Manager/Agent interaction model, the Information Model paradigm and its container, together with a naming infrastructure called the Management Information Base. In addition to this structure, five functional areas known under Fault, Configuration, Accounting, Performance and Security are associated to these standards.
While these models were well suited for the specific application domains for which they were designed (telecommunication networks or dedicated protocol stacks), they all show the same limits. Especially they are unable:
to deal with any form of dynamicity in the managed environment,
to master the complexity, the operating mode and the heterogeneity of the emerging services,
to scale to new networks and service environments.
These three limits are observed in all five functional areas of the management domain (fault, configuration, accounting, performance and security) and represent the major challenges when it comes to enable effective automated management and control of devices, networks and services in the next decade.
MADYNES addresses these challenges by focusing on the design of management models that rely on inherently dynamic and evolving environments. The project is centered around two core activities. These activities are, as mentioned in the previous section, the design of an autonomous management framework and its application to three of the standard functional areas namely security, configuration and performance.
The results coming out from MADYNES can be applied to any dynamic infrastructure that contributes to the delivery of value added services. While this is a potentially huge application domain, we mainly focus at the network level on mobile devices and Internet of Things. We are investigating the provisioning, monitoring, configuration and performance management issues.
At the service level, dynamics is also increasing very fast. We apply the results of our work on autonomous management on infrastructures which support dynamic composition and for which self-instrumentation and management automation is required. The target service environments are:
sensor networks,
cyber-physical systems,
information centric networks,
distributed cloud environnements,
smart environments.
The team (Jérôme François and Lucas Nussbaum) organized the Cloud Days (GdR CNRS RSD, Virtualizaion and Cloud Action) in Loria (Nancy).
Loic Rouch demonstrated in Blackhat Europe 2017 an attack to tack over a z-wave network https://
Keywords: Large scale - Experimentation - Virtualization - Emulation
Functional Description: Distem is a distributed systems emulator. When doing research on Cloud, P2P, High Performance Computing or Grid systems, it can be used to transform an homogenenous cluster (composed of identical nodes) into an experimental platform where nodes have different performance, and are linked together through a complex network topology, making it the ideal tool to benchmark applications targetting such environments, or aiming at tolerating performance degradations or variations which are frequent in the Cloud or in other applications distributed at large scale (P2P for example).
Participants: Luc Sarzyniec, Lucas Nussbaum and Tomasz Buchert
Partners: CNRS - Université de Lorraine - Loria - Grid'5000 - Inria
Contact: Lucas Nussbaum
Functional Description: Grid'5000 is a scientific instrument designed to support experiment-driven research in all areas of computer science related to parallel, large-scale or distributed computing and networking. It gathers 10 sites, 25 clusters, 1200 nodes, for a total of 8000 cores. It provides its users with a fully reconfigurable environment (bare metal OS deployment with Kadeploy, network isolation with KaVLAN) and a strong focus on enabling high-quality, reproducible experiments.
Participants: Arthur Garnier, Clement Parisot, Émile Morel, Emmanuel Jeanvoine, Jérémie Gaidamour, Luc Sarzyniec and Lucas Nussbaum
Contact: Lucas Nussbaum
Keyword: Operating system provisioning
Functional Description: Kadeploy is a scalable, efficient and reliable deployment (provisioning) system for clusters and grids. It provides a set of tools for cloning, configuring (post installation) and managing cluster nodes. It can deploy a 300-nodes cluster in a few minutes, without intervention from the system administrator. It plays a key role on the Grid'5000 testbed, where it allows users to reconfigure the software environment on the nodes, and is also used on a dozen of production clusters both inside and outside Inria.
Participants: Emmanuel Jeanvoine, Luc Sarzyniec and Lucas Nussbaum
Partners: CNRS - Université de Lorraine - Loria - Grid'5000 - Inria
Contact: Lucas Nussbaum
en Multi-agent Environment for Complex SYstems COsimulation. Coeur C++
Keywords: Agent - Multi-agent - Multi-model - Simulator - Simulation - Modeling - Artefact
Functional Description: MECSYCO is a project aiming at the modeling and simulation of complex systems. It provides concepts and tools to describe and then simulate a system as a set of heterogeneous models (namely a multi-model). MECSYCO-RE-C++ is the C++ implementation of the central part (core) of MECSYCO. It can be complimente by mecsyco-com (a communication package for distributed exécution) and mecsyco-visu (a set of tools for vizualizaing simulations).
Participants: Benjamin Camus, Benjamin Segault, Julien Vaubourg, Laurent Ciarletta, Nicolas Kirchner, Victorien Elvinger, Vincent Chevrier and Yannick Presse
Partners: Université de Lorraine - Inria
Contact: Vincent Chevrier
Multi-agent Environment for Complex SYstems COsimulation. Coeur java
Keywords: Agent - Multi-agent - Co-simulation - Multi-model - Simulator - Simulation - Modeling - Artefact
Functional Description: MECSYCO is a project aiming at the modeling and simulation of complex systems. It provides concepts and tools to describe and then simulate a system as a set of heterogeneous models (namely a multi-model). MECSYCO-RE-java is the Java implementation of the central part (core) of MECSYCO. It can be complemented by mecsyco-com (a communication package for distributed exécution) and mecsyco-visu (a set of tools for vizualizaing simulations).
Participants: Benjamin Camus, Christine Bourjot, Julien Siebert, Julien Vaubourg, Laurent Ciarletta, Victorien Elvinger, Vincent Chevrier and Yannick Presse
Partners: Université de Lorraine - Inria
Contact: Vincent Chevrier
Keywords: Experimentation - HPC - Cloud
Functional Description: Ruby-Cute is a set of Commonly Used Tools for Experiments, or Critically Useful Tools for Experiments, depending on who you ask. It is a library aggregating various Ruby snippets useful in the context of (but not limited to) development of experiment software on distributed systems testbeds such as Grid'5000.
Contact: Lucas Nussbaum
This year, we have extended our Cyber-Physical systems security assessment platform with new hardware components including multiple types of Programmable Logic Controllers (PLS) and a small scale distribution and sorting testbed. The physical platform is also extended with several IoT devices dedicated to residential networks (heating control, lightning system, home gateways, etc). The platform will be mainly used for building security assessmenet and evaluation experimentation on the available devices to identify and validate their associated attack patterns and discover new vulnerabilities.
We have pursued our work on smartphone usage monitoring with the SPIRALS team (Inria/Université de Lille) and more specifically on proposing new methods to help measure the QoE and to protect the user’s privacy when collecting such data.
In parallel, to evaluate our methods, we need a testing framework to automate testing of WiFi P2P mobile apps at scale. In we proposed AndroFleet, a large-scale WiFi P2P testing framework. Androfleet can perform User Acceptance Testing for a fleet of emulators, by emulating the hardware behavior of the peer discovery, it gives the developers the ability to control P2P specific behaviors (peers joining and leaving).
Following the work done in 2016, we pursued our collaboration with the
regional PME TracIP (http://
During the year 2017, we have demonstrated that off-the-shelf hardware
is sufficient to take over any Z-Wave network without knowing its
topology or compromising any original devices and remaining
unnoticeable for the primary controller. Our attack consists in
building an adversary Z-Wave universal controller by reprogramming a
mainstream USB stick controller. The technique exploits two features
provided by the USB stick which allow (1) to set the network
identifier (HomeID) and (2) to learn many devices identifiers even if
they are not physically available. The attack has been demonstrated in
Blackhat Europe 2017 by Loic Rouch
(https://
We previously proposed an alternative technique to investigate HTTPS
traffic which aims to be robust, privacy-preserving and practical with
a service-level identification of HTTPS connections, i.e. to name the
services, without relying on specific header fields that can be easily
altered. We have defined dedicated features for HTTPS traffic that are
used as input for a multi-level identification framework based on
machine learning algorithms processing full TLS sessions. Our
evaluation based on real traffic shows that we can identify encrypted
web services with a high accuracy. In 2017, we finished to develop our
solution to make it fully usable in real-time
.
We now provide our prototype implementation
(https://
Software-Defined Networking brings new capabilities in operating networks including monitoring. In the state-of-the art many proposals have been made to enhance monitoring of networks using OpenFlow or other proposed programmable frameworks. In a preliminary work , we reviewed them in order to highlight what are the remaining challenges to be addressed in that area. The main issue is the trade-off to be made between the strong expressibility (especially stateful operations) and capability of monitoring techniques that are necessary for advanced operation purposes and the complexity it induces if we want to keep the pace with line-rate packet processing. Another important aspect is the security as adding programmable monitoring functions may lead to introduce security threats. Our current work is thus focused on adding monitoring capacity while guaranteeing line-rate operations and safety requirements even when programs are deployed on running network switches.
Blockchain technologies are skyrocketing and the team is interested in assessing the impact of such technologies on networking, and if necessary managing the coupling between them. Indeed, blockchain efficiency resides in an overlay network built on top of a real infrastructure which needs to properly support it. Orchestrating network ressources, i.e. adding some network capacity, might be helpful but supposes first an in-depth monitoring of blockchain interactions. In a first work, we thus evaluated the relation among smart contracts. We defined methods to discover smart contracts interactions and the different group properties. This approach relies on graph modelling and mining techniques as well as tensor modelling combined with stochastic processes. It underlines actual exchanges between smart contracts and targets the predictions of future interactions among the communities. Comparative study between graph analysis and tensor analysis is provided for predictions of smart contract interactions. Finally, virtual reality visualization based on Unity 3D game engine has been applied .
Our work on IoT security monitoring has been published in IEEE Transactions on Network and Service Management . This concerns more specifically our distributed monitoring architecture for detecting attacks against RPL networks. The RPL routing protocol has been standardized by IETF to enable a lightweight and robust routing in lower-power and lossy networks. After having compared existing IoT monitoring solutions, we have proposed a detection strategy for RPL version number attacks. This one relies on our monitoring architecture to preserve constrained node resources, in the context of AMI infrastructures. A versioning mechanism is incorporated into RPL in order to maintain an optimized topology. However, an attacker can exploit this mechanism to significantly damage the network and reduce its lifetime. We have exploited monitoring node collaboration to identify the attacker, the localization process being performed by the root after gathering detection information from all monitoring nodes. We have evaluated our solution through experiments and have analyzed the performance according to defined metrics. We have shown that the false positive rate of our solution can be reduced by a strategic monitoring node placement. We have also considered the scalability issue, by modeling this placement as an optimization problem and quantifying the number of required monitoring nodes to ensure acceptable false positive rates.
In 2017, we have continued our active cooperation with the High Security Lab (HSL) in Nancy. The latter provides the infrastructure to support two main projects in security analytics, namely the FUI HuMa project and the ATT AMICS. Thanks to darknet data of the HSL, we developped two methods based on graph-mining to extract knowledge. The first one focuses on port scanning analysis in order to profile the behaviours and patterns of attackers. By representing consecutive targeted ports in an aggregated graph format, we assess then the centrality of port number using different metrics and highlights valuable correlation among some of them. We are particularly able to identify patterns of scanning related to a specific setup (e.g. medical environment) . We then extended this method to security events analysis by constructing multiple graphs to be analyzed with an outlier technique. The rationale is to represent individual behaviors and detect those which deviate from the majority. The method has been successfully applied to botnet detection in . We are currently leveraging our graph analysis in order to provide to the community a new metric or distance to be applied when comparing port numbers. Indeed, numerical comparison is meaningless in that context and we could leverage either a semantic database (such as Wikipedia) or attacker database (darknet) to derive a meaningful metric, i.e. representing a real correlation between port numbers (TCP or UDP).
Furthermore, we continue our work on using Hidden Markov Models for analysing TCP scanning activities. We are now in a stage where individual models from different scanner tools or configurations (e.g. targeted ports) are used in order to automatically learn unique signatures then applied on non-labelled data.
Information Centric Networking (ICN) is seen as a promising solution to re-conciliate the Internet usage with its core architecture. However, to be considered as a realistic alternative to IP, ICN must evolve from a pure academic proposition deployed in test environments to an operational solution in which security is assessed from the protocol design to its running implementation. Among ICN solutions, Named Data Networking (NDN), together with its reference implementation NDN Forwarding Daemon (NFD), acts as the most mature proposal but its vulnerability against the Content Poisoning Attack (CPA) is considered as a critical threat that can jeopardize this architecture. So far, existing works in that area have fallen into the pit of coupling a biased and partial phenomenon analysis with a proposed solution, hence lacking a comprehensive understanding of the attack's feasibility and impact in a real network. In a joint work with our colleagues from UTT and in the context of the ANR DOCTOR projet, we demonstrated through an experimental measurement campaign that CPA can easily and widely affect NDN. Our contribution is threefold: (1) we propose three realistic attack scenarios relying on both protocol design and implementation weaknesses; (2) we present their implementation and evaluation in a testbed based on the latest NFD version; and (3) we analyze their impact on the different ICN nodes (clients, access and core routers, content provider) composing a realistic topology. This work was published in IM 2017 conference .
Also, still in the context of the DOCTOR project, we refined our architecture to securely deploy NDN over NFV. Indeed, combining NFV fast service deployment and SDN fine grained control of data flows allows comprehensive network security monitoring. The DOCTOR architecture allows detecting, assessing and remediating attacks. NDN is an example of application made possible by SDN and NFV coexistence, since hardware implementation would be too expensive. We showed how NDN routers can be implemented and managed as VNFs. Security monitoring of the DOCTOR architecture is performed at two levels. First, host-level monitoring, provided by CyberCAPTOR, uses an attack graph approach based on network topology knowledge. It then suggests remediations to cut attack paths. We show how our monitoring tool integrates SDN and NFV specificities and how SDN and NFV make security monitoring more efficient. Then, application-level monitoring relies on the MMT probe. It monitors NDN-specific metrics from inside the VNFs and a central component can detect attack patterns corresponding to known flaws of the NDN protocol. These attacks are fed to the CyberCAPTOR module to integrate NDN attacks in attack graphs. This work was published in a book chapter "Guide to Security in SDN and NFV" from Springer's Computer Communications and Networks collection .
Finally, in cooperation with the University of Luxembourg, we have investigated interest flooding attacks in NDN. By nature, NDN communication assumes that requesting a content leads to emit an interest and forwarding it in the network until it reaches an appropriate content provider which then sends back data through the reverse path. Interest flooding attacks forge interests (requests) which cannot be satisfied by any data to be sent back to the emitter. As such, both the network and nodes are overloaded as the interests are flooded into the network and intermediate nodes have to store them locally in the pending interest table. We observed that most of literature mechanisms have been evaluated with very simple attack models. Actually, we had a great expertise in phishing attacks and social engineering that can be used to generate realistic phishing names for the NDN naming scheme. We thus create a new stealthy attack relying on natural language processing techniques to forge interests very similar to legitimate ones making inefficient all proposed counter-measures from the state-of-the-art .
The main research challenge addressed in this work is focused on enabling configuration security automation in dynamic networks and services. In particular our objective is to support the efficient configuration and orchestration of security management operations.
The continuous growth and variety of networking significantly increases the complexity of management. It requires novel autonomic methods and techniques contributing to detection and prevention performances with respect to vulnerabilities and attacks.
We have pursued during Year 2017 the efforts on the orchestration of security functions in the context of mobile smart environments, with our joint work with Stephan Merz of the VeriDis project-team at Inria Nancy. We had already defined an automated verification technique, based on an extension of an SDN language, for checking both the control and the data planes related to security chains . Complementarily, we proposed a strategy for generating SDN policies for protecting Android environments based on automata learning. Our solution collects traces of flow interactions of their applications, aggregates them in order to build finite-state models, and then infer SDN policy rules. We have designed and implemented aggregation and automata learning algorithms that allow precise and generic models of applications to be built. These models will be then used for configuring chains of security functions specified in the Pyretic language and verified with our Synaptic checker. We have developed a prototype of our solution implementing these algorithms, and evaluated its performances through a series of experiments based on the backend process miners Synoptic and Invarimint, in addition to our own algorithm. The experiments showed the benefits and limits of these methods in terms of simplicity, precision, genericity and expressivity, while varying the level of aggregation of the input flow traces.
In addition, we have worked on our software-defined security framework, for enabling the enforcement of security policies in distributed cloud environments. This framework relies on the autonomic paradigm to dynamically configure and adjust these mechanisms to distributed cloud constraints, and exploit the software-defined logic to express and propagate security policies to the considered cloud resources . In particular, we have investigated during Year 2017 the exploitability of unikernels to support our framework. Unikernels permit to build highly-constrained configurations limited to the strict necessary with a time-limited validity. We take benefits of their properties to reduce the attack exposure of cloud resources. We have formalized and integrated into our software-defined security framework, on-the-fly generation mechanisms of unikernel images that cope with security policy requirements. In that context, security mechanisms are directly integrated to the unikernel images at building time. A proof of concept prototype based on MirageOS was developed and the performance of such a software-based security strategy was evaluated through extensive series of experiments. We have also compared them to other regular virtualization solutions. Our results show that the costs induced by security mechanisms integration are relatively limited, and unikernels are well suited to minimize risk exposure.
This section covers our work on experimentation on testbeds (mainly Grid'5000), on emulation (mainly around the Distem emulator), and on Reproducible Research.
The team was again heavily involved in the evolutions and the governance of the Grid'5000 testbed.
Since the beginning of 2017, Lucas Nussbaum serves as the Grid'5000 directeur technique (CTO), managing the global technical team (9 FTE).
We are also heavily involved in the ongoing SILECS project, that aims at creating a new infrastructure on top of the foundations of Grid'5000 and FIT in order to meet the experimental research needs of the distributed computing and networking communities.
In order to promote the testbed to the french devops and sysadmin community, we presented in an overview of the testbed's capabilities.
We contributed a new feature that will greatly help Big Data experimenters: the ability to reserve disks on nodes, in order to leave large datasets stored on nodes between nodes reservations.
In order to ensure that all services remain functional, and that experimental results remain trustworthy and reproducible, we designed an infrastructure to automatically test the testbed and detect misconfigurations, regressions, uncontrolled hardware heterogeneity, etc. This work was described in and later presented in .
We started the development of a tool to orchestrate SDN experiments on Grid'5000, combining KaVLAN and OpenVSwitch.
The ADT SDT project started in March. Initial work focused on improving the software developing infrastructure by adding automated regression tests on both correctness and performance. This should allow a new release in early 2018.
In the context of Abdulqawi Saif's CIFRE PhD (with Xilopix), we explored the relevance of an emerging instrumentation technology for the Linux kernel, eBPF, and used it to analyze I/O access patterns of two popular NoSQL databases. A publication on this topic is expected in early 2018.
We worked on clouds performance in the context of an ongoing collaboration with CloudScreener, a French startup founded in 2012 that has developed tools for cloud price and performance benchmarks and automated cloud recommendation to optimize the decision making process in the context of cloud computing. We designed methods and tools to do performance evaluation of public clouds focusing on (1) outlining performance variability over time; (2) identifying adverse strategies that might be deployed by cloud providers in order to vary the performance level over time.
The Fed4FIRE+ H2020 project started in January 2017 and will run until the end of September 2021. This project aims at consolidating the federation of testbeds in Europe of which Grid'500 is a member.
We are also active in the GEFI initiative that aims at building links between the US testbeds community (GENI) and their european (FIRE), japanese and brazilian counterparts. We participated in the annual GEFI meeting where gave two talks and chaired the session on reproducibility.
In addition to the work already mentioned on testbed testing , , we worked on a survey of testbeds and their features for reproducible research . We also gave several talks on reproducible research and testbeds at École ARCHI , École RESCOM , and Inria webinars on Reproducible Research .
As NDN relies on content names instead of host address it cannot rely on traditional Internet routing. Therefore it is essential to propose a routing scheme adapted for NDN. In we have presented SRSC, our SDN-based Routing Scheme for CCN/NDN and its implementation. SRSC relies on the SDN paradigm. A controller is responsible to forward decisions and to set up rules into NDN nodes. So we have implemented SRSC into NDNx. We have deployed an NDN testbed within a virtual environment emulating a real ISP topology in order to evaluate the performances of our proposal with real-world experiments. We have demonstrated the feasibility of SRSC and its ability to forward Interest messages in a fully deployed NDN environment while keeping low overhead and computation time and high caching performances.
The main research problems in the domain of routing data packets in a multi-hop wireless sensor network are the optimisation of the energy and the routing under multi-criteria QoS constraints (e.g., energy, reliability, delay, ...). To address these problems, we proposed, in the PhD thesis of E. Tiontsiou, two contributions. The first contribution is an optimal probabilistic energy-aware routing protocol, allowing to energy usage balancing. Comparing to the existing probabilistic routing protocols, our solution is based on the computation of the optimal probabilities by solving a linear programming problem. Our second contribution is an operator calculus algebra based multi-constrained routing protocol. It is fundamentally different from the existing solutions since it can simultaneously consider several constraints, instead of their combination.
Vincent Chevrier (former Maia team, Dep 5, LORIA) is a collaborator and the correspondant for the MS4SG/MECSYCO project, as well as Christine Bourjot (former MAIA team, Dep 5, LORIA).
Sylvain Contassot-Vivier (Dep 3, Loria) is a collaborator on the Grone project and is directing Virgile Daugé with Laurent Ciarletta.
Pierre-Etienne Moreau is a collaborator on the CEOS project and is directing Louis Viard with Laurent Ciarletta.
Virginie Galtier from CentraleSupélec is now a member of the Loria laboratory and will integrate the future Simbiot team (Systems of Interactive aMBient Intelligent ObjecTs).
In Pervasive or Ubiquitous Computing, a growing number of communicating/computing devices are collaborating to provide users with enhanced and ubiquitous services in a seamless way.
These systems, embedded in the fabric of our daily lives, are complex: numerous interconnected and heterogeneous entities are exhibiting a global behavior impossible to forecast by merely observing individual properties. Firstly, users physical interactions and behaviors have to be considered. They are influenced and influence the environment. Secondly, the potential multiplicity and heterogeneity of devices, services, communication protocols, and the constant mobility and reorganization also need to be addressed. Our research in this field is going towards both closing the loop between humans and systems, physical and computing systems, and taming the complexity, using multi-modeling (to combine the best of each domain specific model) and co-simulation (to design, develop and evaluate) as part of a global conceptual and practical toolbox.
We proposed the AA4MM meta-model that solves the core challenges of multimodeling and simulation coupling in an homogeneous perspective. In AA4MM, we chose a multi-agent point of view: a multi-model is a society of models; each model corresponds to an agent and coupling relationships correspond to interaction between agents. In the MECSYCO-NG (formerly MS4SG, Multi Simulation for Smart Grids) project which involves some members of the former MAIA team, Madynes and EDF R&D on smart-grid simulation, we developed a proof of concepts for a smart-appartment case that serves as a basis for building up use cases, and we have worked on some specific cases provided by our industrial partner. We also collaborated with researchers from the Green UL laboratory.
In 2017 we worked on the following research topics:
Overall assessment and evaluation of complex systems.
Cyber Physical Systems and Smart *.
We have continued the design and implementation of the Aetournos platform at Loria which will be part of the Creativ'Lab. The collective movements of a flock of flying communicating robots / UAVs, evolving in potentially perturbed environment constitutes a good example of a Cyber Physical System. Several projects have started during the last part of 2017. One of the emerging topic in this area is the safety of Mobile IoT/CPS with regards to their environment and users.
The Grone (Interreg) project involves partners from the 4 countries of the Grande Région (Centrale Supélec, LIST, Univ Luxembourg, Univ Liège, Fraunhofer IZFP to name a few). The main goal is to develop UAV based solution for the surveillance of industrial and agricultural sites and the exploration of GPS denied and underground environments. A PhD has been started in March 2017 (Systèmes cyber-physiques autonomes et communicants en milieux hostiles. Application à l'exploration par robots mobiles. Virgile Daugé).
and the CEOS (FUI22) project involving high profile companies (Thales C&S, EDF R&D, ENEDIS and Aéroport de Lyon) as well as academic partners (AOSTE2 Inria, ESIEE) and collaborating SMEs (RT@W, ADCIS, Alerion). This project focuses on the safety of UAV based monitoring solutions for OIV (Opérateurs d'Intéret Vital) infrastructures. A PhD has been started in November 2017 (Environnement de développement et d'analyse de propriétés pour des systèmes cyber-physiques mobiles. Louis Viard).
The work on Software Defined Real-Time Mesh networks (Florian Greff's PhD CIFRE with Thales R&T) has given many results as he plans to defend his work in march 2018 , , .
On more specific subject of innovative sensors for mobile and interactive IoT, a collaborative project with the KPI (Ukraine) university has been started with a projected PhD (Méthodes optimisées de calibration, d'alignement et algorithmes d'attitude avancés pour les systèmes de navigation inertiels fixés, Petro Aksonenko). Several papers have been published in 2017.
(Very Serious) Gaming: Starburst Gaming. During some exploratory work, we have seen the potential of these Pervasive Computing ressources in the (Very Serious) Gaming area which led us to the Starburst Computing SATT projects in 2016 and 2017. A spin off has been founded in 2017 that is getting the licences for the resulting IP (the software is under the APP process at the time of this writing). Starburst is already involved in a AMI project with the Globlinz game studio and the lab and has officially been accepted in novembre 2017 and will be operational in 2018.
Smart *: MS4SG / MECSYCO-NG has
given us the opportunity to link simulations tools with a strong
focus on FMI (Functional Mockup Interface) and network simulators
(NS3/Omnet++). We have so far successfully applied our solution to
the simulation of smart apartment complex and to combine the
electrical and networking part of a Smart Grid. The AA4MM software
is now MECSYCO and has seen constant improvements in 2017 thanks to
the ressources provided by the MECSYCO-NG project in collaboration
with EDF R&D (http://
Starting from domain specific and heterogenous models and simulators, the MECSYCO suite allows for multi systems integration at several levels: conceptual, formal and software. A couple of visualization tools have been developed as proof of concepts both at run-time and post-mortem.
The technical report has been extended into a journal paper under revision for a publication in 2018.
The diversity of IoT applications implies the requirement of reliable yet efficient MAC solutions for supporting transmissions for various traffic patterns. We have mainly contributed to enhance the implementation of the high efficient traffic self-adaptive MAC protocols. As part of RIOT ADT project, our main achievements are the development of two MAC protocols lw-MAC and GoMacH . lw-MAC is similar to X-MAC and ContikiMAC. It allows to introduce a first duty-cycled MAC into RIOT IoT protocol stack. GoMacH is a nearly optimal protocol that provides high reliability and throughput for handling various traffic loads in IoT. GoMacH seamlessly integrates several outstanding techniques. It adopts the phase-lock scheme to achieve low-power duty-cycled communication. It also utilizes a dynamic slots allocation scheme for providing accurate and instantaneous throughput boost. Furthermore, like in TSCH, GoMacH spreads its communications onto IEEE 802.15.4’s 16 channels, leading to high reliability. GoMacH has been implemented in open source on RIOT OS, and has also been seamlessly integrated into IETF’s 6LoWPAN/RPL/UDP stack as well as CCN-light. Experimental results on SAMR21-xpro test-beds and IoT-LAB verify the practicality of GoMacH and its capabilities for consistently providing high throughput, high delivery ratio, and low radio duty-cycle. They are both publically available on the RIOT open source github.
The QoS must be guaranteed when dealing with real-time distributed systems interconnected by a network. Not only task schedulability in processors, but also message schedulability in networks should be analyzed for validating the system design. Fault-tolerance is another critical issue that one must take into account.
In collaboration with Thales TRT industrial partner as part of a CIFRE PhD work, we have developed a Software-Defined Real-time Network (SDRN) framework . SDRN deals with the real-time flow allocation problem in mesh networks. The objective is to find a suitable path under delay constraint while allowing load balancing. For this purpose, combined online flow admission control and pathfinding algorithms have been developed on an SDN-like controller. At switch level, each output port is ruled by a credit-based weighted round robin, allowing isolation of flows. As a consequence, a freshly admitted flow will not influence existing flows, allowing incremental online admission of new flows. This approach has been applied to a RapidIO mesh network example and compared with the compositional performance analysis method. Numerical results clearly show the benefit of our proposal in terms of complexity and delay bound pessimism. In , Fault-tolerance issue in mesh networks has been addressed. In fact, one of the major advantages of a mesh topology is its ability to leverage the path redundancy in order to recover from link or node failures, through a flow reconfiguration process. However, one needs to ensure that hard real-time packets will keep being delivered on time during this transient reconfiguration period. Anticipating each possible fault is very complex and can result in a waste of network resource. Our contribution is the combination of an optimized content-centric source routing in nominal mode and a destination-tag flexible and scalable routing in transient recovery mode. We show the benefit of this approach in terms of flexibility and network resource utilization. Our method can ensure real-time properties enforcement even during the transient reconfiguration period. Algorithms have been developed to extend the SDRN flow allocation and routing methods in order to implement this hybrid fault-tolerant extension.
As part of Eurostars RETINA project, in the in-vehicle networking domain, we have focused on the evaluation of the worst-case response time of AVB traffic under time-aware shaper of TSN (time-sensitive networking). It is a hierarchical real-time scheduling problem, where a packet is scheduled by the credit-based shaper, priority and time-aware shaper (TDMA). We have proved that the eligible interval approach, developed for AVB, is still hold for TSN case. The worst case delay expression, as well as the feasibility condition are deduced. Our methods (analysis and simulation) are applied to an automotive use case, which is defined within the Eurostars RETINA project, and where both control data traffic and AVB traffic must be guaranteed. It has been shown that our delay bound is tight in single switch case .
Xilopix (Epinal, France):
Pay-per-use contract for the use of Grid'5000
Support contract for their use of Grid'5000 (define experimental requirements and plans)
CIFRE, Thales TRT (Paris, France):
CIFRE PhD (Florian Greff, supervised by Ye-Qiong Song and Laurent Ciarletta)
Dynamic reconfiguration and graceful degradation of distributed real-time applications over mesh networks
CIFRE, Thales (Palaiseau, France):
CIFRE PhD (Pierre-Olivier Brissaud, supervised by Isabelle Chrisment and Jérôme François)
Anomaly detection in encrypted network traffic
CIFRE, Orange Labs (Issy-Les-Moulineaux, France):
CIFRE PhD (Maxime Compastie, supervised by Olivier Festor and Rémi Badonnel)
Software-Defined Security for Distributed Cloud Infrastructures
CIFRE, Orange Labs (Issy-Les-Moulineaux, France):
CIFRE PhD (Paul Chaignon, supervised by Olivier Festor and Jérôme François)
Monitoring of Software-Defined Networks
CIFRE, Xilopix (Epinal, France):
CIFRE PhD (Abdulqawi Saif, supervised by Ye-Qiong Song and Lucas Nussbaum)
Open Science for the scalability of a new generation search technology
CIFRE, Cynapsys Technologies (Paris, France):
CIFRE PhD (Haftay Gebreslasie Abreha, supervised by Michael Rusinowitch, Adel Bouhoula and Abdelkader Lahmadi)
Compressed and Verifiable Filtering Rules in Software-defined Networking
Funded by Region Lorraine and Université de Lorraine since 2013. Adel Belkadi (CRAN & LORIA) is co-directed by L. Ciarletta and Didier Theilliol (CRAN correspondant).
6PO (“Systèmes Cyber-Physiques et Commande Coopérative Sûre de Fonctionnement pour une Flotte de Véhicules sans Pilote” ) is a joint research project between the Loria and CRAN laboratories. As a part of the Aetournos ecosystem, it also aims at researching solutions for safe formation flying of collaborative UAVs seen as part of a collection of Cyber Physical Systems mixing computer science and automation solutions.
It is reinforced by a PhD grant from this federation that started in october 2014 (Conception de méthodes de diagnostic et de tolérance aux fautes des systèmes multi-agents: Application à une flotte de véhicules autonomes, Adel Belkadi) and has been successfully defended in october 2017.
This led to common publications, notably on the subjects of the robust control of a fleet or flock of UAVs (with or without leader, using agents paradigms and particle swarm optimisation and ).
The project provides common use cases and scientific challenges that serve as catalysts for collaboration between teams from different research topics :
Cyber Physical Systems, Real Time, Quality of service, Performance and Energy in Wireless Sensors and Activator Networks
Collaborative, communicating autonomous systems and Unmanned Vehicles
Safety, Dependabilty, Reliability, Diagnosis, Fault-Tolerance
Feder funding
The Madynes team has been working on the Hydradrone project since July 2014. It started as a collaborative R&D initiative funded by Région Lorraine and is now FEDER funded. This project started as a joint work between Madynes and PEMA (Pedon Environnement et Milieux Aquatiques), an SME/VSE (small and medium size Entreprise, PME/TPE). The consortium now includes Alerion another VSE, a spinoff from Loria/UL.
It consists in developing a new solution for the surveillance of aquatic environment, the Hydradrone:
starting with an actual need for automated and remote operation of environmental sensing expressed by PEMA
based on an hybrid UxV (Unmanned Air, Surface... Vehicle),
some Cyber Physical bricks in coherence with the Alerion's concepts (ease of use, safety, autonomy)
and an integration in the Information System of the company
PEMA, as an environmental company, provides the use cases and terrain (and business) validation, while Alerion is working on the integration and engineering of the solution.
This third year has been dedicated to the development of the surface controller for the Hydradrones along with the development of a new small version, and the integration of environmental sensors. The project has been extended towards the summer 2018 in order to finish the integration and tests.
The Madynes team is involved in Satelor, a regional research and development project funded by the AME (Agence de Mobilisation Economique) of Lorraine (October 2013 – September 2017). The consortium includes academic (Univ. of Lorraine, Inria), medical (OHS) and industrial (Diatelic-Pharmagest (lead), ACS, Kapelse, Salendra, Neolinks) partners. It aims at developing innovative and easily deployable ambient assisted living solutions for their effective use in the tele-homecare systems. The Madynes team is mainly involved in the data collection system development based on wireless sensors networks and IoT technology. The first topic consists in defining the basic functions of the future SATEBOX – a gateway box for interconnecting in-home sensors to the medical datacenter, based on our previously developed MPIGate software. A beta-version prototype of the future Satebox gateway has been achieved. It now includes Zigbee wireless sensors, EnOcean battery-free sensors and Bluetooth Low Energy sensors. It provides a low-cost and easily deployable solution for the daily activity monitoring. After its first real-world deployment at a OHS hospital room, a second prototype testbed has been realized at one EHPAD including several rooms. The second topic is related to improve the data transfer reliability while still keep minimum energy consumption. This has led us to focus on the multi-hop mesh network topology with multi-constrained QoS routing problem (PhD thesis of Evangelia Tsiontsiou). The third topic is UWB-based indoor localization and its use for tracking and detecting falls of the elderlies. Experiments have shown a great benefice of multi-sensor fusion (e.g. localization + accelerometer) for increasing the detection accuracy.
The Quality of Experience (QoE) when accessing the Internet, on which more and more human activities depend on, is a key factor for today’s society. The complexity of Internet services and of user’s local connectivity has grown dramatically in the last years with the proliferation of proxies and caches at the core and access technologies at the edge (home wireless and 3G/4G access), making it difficult to diagnose the root cause of performance bottlenecks. The objective of BottleNet is to deliver methods, algorithms, and software systems to measure end-to-end Internet QoE and to diagnose the cause of experienced issues. The result can then be used by users, network and service operators or regulators to improve the QoE.
The ANR BottleNet project (https://
The DOCTOR project http://
This year, we focused on the second workpackage dedicated to security. We did a joint work with UTT investigating the impact on the Content Poisoning Attack on the NDN architecture . We also wrote a book chapter about our use of NDN and NFV technologies to deploy an NDN network while providing advanced monitoring and security functions .
We also improved our HTTP/NDN gateway that will be soon released for the community and which design and evaluation will be submitted in a journal.
The next (and last) year of the project will be dedicated to the orchestration of our virtualized NDN architecture to manage its performance and security, and to the deployment of a testbed carrying real user traffic.
The HUMA project (L’HUmain au cœur de l’analyse de données MAssives pour la sécurité) is funded under the national FUI Framework (Fonds Unique Interministeriel) jointly by the BPI (Banque Publique d'Investissement) and the Région Lorraine. It has been approved by two competitive clusters: Systematic and Imaginove. The consortium is composed of three academic (ICube, Citi, Inria) and five industrial (Airbus Defence and Space, Intrinsec, Oberthur, Wallix, Sydo) partners. The leader is Intrinsec.
This project targets the analysis of Advanced Persistent Threat. APT are long and complex attacks which thus cannot be captured with standard techniques focused on short time windows and few data sources. Indeed, APTs may last for several months and involve multiple steps with different types of attacks and approaches. The project will address such an issue by leveraging data analytics and visualization techniques to guide human experts, which are the only one able to analyze APT today, rather than targeting a fully automated approach.
In 2017, our contribution focused on defining a graph-mining technique to discover dependencies among security events clustering techniques in order to group individual events into a common one. We applied our technique to darknet data as shown in section . In addition, we also start the modeling of an attacker process by considering the first phase of APT, i.e. the reconnaissance phase by analyzing scanning activities using Hidden Markov Model (). We also technically contribute to the definition of APT scenarios by providing a very stealthy scanning approach (Wiscan described in ). Finally, from a project management point of view, Inria is in charge of leading the work-package related to data analytics technique for analyzing security probe events.
The challenges addressed by the Inria-Orange joint lab relate to the virtualization of communication networks, the convergence between cloud computing and communication networks, and the underlying software-defined infrastructures. This lab aims at specifying and developing a GlobalOS (Global Operating System) approach as a platform or a software infrastructure for all the network and computing resources required by the Orange network operator. Our work, started in November 2015, concerns in particular monitoring methods for software-defined infrastructures, and management strategies for supporting software-defined security in multi-tenant cloud environments. We have specified a management framework dedicated to cloud software-defined security. It relies on on-the-fly generation and execution of unikernels in order to build highly-constrained configurations. The solution has been evaluated through extensive series of experiments, based on a proof-of-concept prototype using MirageOS. Results show that the costs induced by security mechanisms integration are relatively limited, and unikernels are well suited to minimize risk exposure.
FLIRT (Formations Libres et Innovantes Réseaux & Télécom) is an applied research project leaded by the Institut Mines-Télécom, for a duration of 4 years. It includes 14 academic partners (engineering schools including Telecom Nancy), 3 industrial partners (Airbus, Nokia Group and Orange), 2 innovative startups (the MOOC agency, and Isograd), as well as 3 professional or scientific societies (Syntec Numérique, Unetel, SEE). The project objective is to build a collection of 10 MOOCs (Massive Open Online Courses) in the area of networks and telecommunications, 3 training programmes based on this collection, as well as several innovations related to pedagogical efficiency (such as virtualization of practical labs, management of student cohorts, and adaptative assessment). The Madynes team is leading a working group dedicated to the building of a MOOC on network and service management. This MOOC, whose first session will open end of 2018, covers the fundamental concepts, architectures and protocols of the domain, as well as their evolution in the context of future Internet, and includes practical labs and exercises using widely-used tools and technologies.
The goal of this ADT provides assistance in developing the Aetournos platform to help in the UAV Challenge Medical Express. Through this ADT, funded by Inria, Raphaël Cherfan has coordinated students work on the platform and tutored the Aetournos team for the 2016 Outback Joe Search and Rescue / Medical Express Challenge, and help in the design and buidling of a novel Hybrid UAV.
This ADT started in 2016 and will end on 2018. The Madynes project is a major partner funded at the level of 120k€. ADT VERTEX built upon the foundations of the Grid'5000 testbed aims to reinforce and extend it towards new use cases and scientific challenges. Several directions are being explored: networks and Software Defined Networking, Big Data, HPC, and production computation needs. Previously developed prototypes are also being consolidated, and the necessary improvements to user management and tracking are also being performed.
Built on the Distem emulator, that enables the creation of virtual experimental environments from clusters of homogeneous machines, this project aims at enlarging the scope of use of Distem to additional fields: Software Defined Networking, Named Data Networking, Big Data. In addition, we will explore temporal dilation as a technique to study future infrastructures.
The project started in 2017 and will end in 2019.
RIOT ADT is a multi-site project with Infine and Madynes teams, which
started in December 2016 for a duration of two years. The high-level
objective is to (1) contribute open source code, upstream, to the RIOT
code base, (2) coordinate RIOT development within Inria, with other
engineers and researchers using/developing RIOT, (3) coordinate RIOT
development outside Inria, help maintain the RIOT community at large
(see http://
This year MADYNES team has mainly contributed to the efficient MAC layer protocol implementation issues. We have built a general MAC protocol module (gnrc mac module) for providing critical development tools for MAC protocol developers in the RIOT community. Based on these generic functions, we have developed two duty-cycled MAC protocols lw-MAC and GoMacH which are above IEEE802.15.4. lw-MAC is a single channel MAC protocol that has similar principle of X-MAC and ContikiMAC. GoMacH is a traffic-adaptive multi-channel MAC protocol for IoT which exhibes low power consumption and high throughput performance. Both are integrated into the RIOT IoT protocol stack and merged into RIOT master branch. They are publically available in RIOT open source github.
The ATT AMICS is run in cooperation with the High Security Lab (HSL). The goal is to develop a customizable security analytics stack as a service. The added value of the HSL is to cross-correlate customer data with Internet probes hosted at HSL collecting tons of security data. Indeed, the basic service provided to potential customer is a VPN on top of which custom modules can be added. In 2017, we setup the VPN elements and also developed a flexible framework for security analysis. Different moddules have already been defined and implemented: blacklists aggregators to gather continuously information from third parties providing blacklists, real-time verification of traffic going through the VPN using blacklists, real-time detection of IP spoofing by correlating user traffic with HSL darknet traffic and real-time detection of customer hosts infected by a malware.
The Inria Project Lab BetterNet (https://
The Madynes team leads this IPL and in particular Isabelle Chrisment who coordinates the project.
In 2017, the main activities of the project focused on federating Inria's monitoring tools (APISENSE, Fathom, Hostview, ACQUA) and building our open measurement platform for acquiring data.
Lakhdar Meftah, a shared PhD student with the SPIRALS team (Inria/University of Lille) has worked on a privacy preservation scheme using data dissemination that introduces an a priori data anonymization and improves user privacy without compromising the overall quality of the crowdsourced dataset.
To accommodate the ever-increasing demand for Utility Computing (UC) resources, while taking into account both energy and economical issues, the current trend consists in building larger and larger Data Centers in a few strategic locations. Although such an approach enables UC providers to cope with the actual demand while continuing to operate UC resources through centralized software system, it is far from delivering sustainable and efficient UC infrastructures for future needs.
The DISCOVERY initiative aims at exploring a new way of operating Utility Computing (UC) resources by leveraging any facilities available through the Internet in order to deliver widely distributed platforms that can better match the geographical dispersal of users as well as the ever increasing demand. Critical to the emergence of such locality-based UC (also referred as Fog/Edge Computing) platforms is the availability of appropriate operating mechanisms. The main objective of DISCOVERY is to design, implement, demonstrate and promote a new kind of Cloud Operating System (OS) that will enable the management of such a large-scale and widely distributed infrastructure in an unified and friendly manner.
The consortium is composed of experts in the following research areas: large-scale infrastructure management systems, networking and P2P algorithms. Moreover, two key network operators, namely Orange and RENATER, are involved in the project.
By deploying and using a Fog/Edge OS on backbones, our ultimate vision is to enable large parts of the Internet to be hosted and operated by its internal structure itself: a scalable set of resources delivered by any computing facilities forming the Internet, starting from the larger hubs operated by ISPs, governments and academic institutions, to any idle resources that may be provided by end users.
MADYNES contributes to the DISCOVERY IPL on the networking axis. A CIFRE PhD with Orange is expected to start at the beginning of 2018.
Title: Federation for FIRE Plus
Program: H2020
Duration: January 2017 - December 2021
Coordinator: Interuniversitair Micro-Electronicacentrum Imec VZW
Partners:
Universidad de Malaga
National Technical University of Athens - NTUA
The Provost, Fellows, Foundation Scholars & the other members of board of the College of the Holy & Undivided Trinity of Queen Elizabeth Near Dublin
Ethniko Kentro Erevnas Kai Technologikis Anaptyxis
GEANT LImited
Institut Jozef Stefan
Mandat International Alias Fondation Pour la Cooperation Internationale
Universite Pierre et Marie Curie - Paris 6
Universidad De Cantabria
Fundacio Privada I2CAT, Internet I Innovacio Digital A Catalunya
EURESCOM-European Institute For Research And Strategic Studies in Telecommunications GMBH
Nordunet A/S
Technische Universitaet Berlin
Instytut Chemii Bioorganicznej Polskiej Akademii Nauk
Fraunhofer Gesellschaft zur Foerderung Der Angewandten Forschung E.V.
Universiteit Van Amsterdam
University of Southampton
Martel GMBH
Atos Spain SA
Institut National de Recherche en Informatique et automatique
Inria contact: David Margery (for MADYNES: Lucas Nussbaum)
Fed4FIRE+ is a successor project to Fed4FIRE. In Fed4FIRE+, we more directly integrate Grid'5000 into the wider eco-system of experimental platforms in Europe and beyond using results we developped in Fed4FIRE. We will also provide a generalised proxy mechanisms to allow users with Fed4FIRE identities to interact with services giving access to different testbeds but not designed to support Fed4FIRE identities. Finally, we will work on orchestration of experiments in a federation context. Fed4FIRE+ was prepared in 2016, and has started January 1st, 2017.
Program: Eurosatrs-2
Project acronym: RETINA
Project title: Real-Time support for heterogenous networks in automotive applications
Duration: April 2016 - March 2018
Coordinator: TCN (Time critical networks)
Other partners: TCN (Sweden), Alkit (Sweden), Viktoria (Sweden), TNO (Netherlands), Scuola Superiore Sant'Anna (Italy), Evidence (Italy), University of Lorraine (France)
Abstract: The project will develop integrated software tools to predict, simulate, test and support real-time communication in heterogeneous vehicular networks. The tool set will allow SMEs and larger industry to design, develop and evaluate time-critical applications such as advanced safety systems and autonomous vehicles. This will put high requirements on both in-vehicle infrastructure, as well as vehicle-to-vehicle and vehicle-to infrastructure utilizing the next generation of mobile networks for ITS.
Title: Internet of Things for Developping countries
International Partner (Institution - Laboratory - Researcher):
UY (Cameroon) - MASECNeSS - Thomas DJOTIO NDIE
Start year: 2016
See also: https://
Our goal is to connect wireless sensors networks (WSN) to the Internet through gateways. WSN should have several accessible gateways (depending on the size and quality of service needed) and gateways should be used by several wireless sensors networks. This is an optimization problem in a peculiar context featuring unreliable communications and equipments that are easily disturbed by environment .
Title: MAnagement of Software-Defined INfrastructure
International Partner (Institution - Laboratory - Researcher):
University of Luxembourg (Luxembourg) - SnT (Interdisciplinary Centre for Security, Reliability and Trust) - Radu State
Start year: 2016
See also: https://
Networking is deeply evolving with the advent of new paradigms making the network more configurable and more dynamic. In particular, SDN (Software-Defined Network) consists in splitting the control plane and the data plane. A SDN-enabled switch is so only viewed as a specialized device in forwarding data traffic while a logically centralized controller exposes interfaces to services and applications strengthening their coupling. Hence, network is not only a medium of communication but a software component. In the same context, NFV (Network Function Virtualization) promotes the virtualization of all kinds of network functions (router, load-balancer, firewall…) on commodity server, a server in a cloud. These technologies are deeply changing networking principle by allowing a high flexibility in network management. The new features provided by these concepts will thus allow to reinvent the network management in all its areas, especially for network monitoring and provisioning. In addition, even more recent propositions argue for a finer granularity applying the programmability idea of SDN (working at flow level) to packet processing level by promoting the definition of a common language like P4 to reconfigure any switch at low level (vendor independent). The original goal of the associate team is to explore co-jointly this research area through four directions: Monitoring of NFV- and SDN-enabled networks, investigating the integration of data analytics as virtualized functions in virtual networks, security of SDN networks, service chain composition, programming packet processing with P4 and other equivalents. ICN (Information Centric Networking) is also an important topic which is addressed in the team, especially regarding performance (with SDN) and security.
Furthermore, management of blockchain has been set as a new research topic to be focused in the team at the end of 2016. In the scope of network management, our objective is to design monitoring and orchestration methods for blockchain. In particular, we want to assess the relationships and impact between blockchain and network performance. We will have to define proper metrics to catch meaningful data to be analyzed. Moreover, a blockchain technology is by nature without authority (except in the private case), configuration requires thus to enforce some collaboration between nodes.
Rémi Badonnel: IEEE/IFIP International Symposium on Integrated Network Management (IEEE/IFIP IM 2017), IFIP International Conference on Autonomous Infrastructure, Management and Security (IFIP AIMS 2017), IEEE/IFIP International Network Operations and Management Symposium (IEEE/IFIP NOMS 2018).
Lucas Nussbaum: 4th International Workshop on Reproducibility in Parallel Computing (REPPAR 2017).
Isabelle Chrisment was a TPC co-chair of the 2nd IEEE/IFIP Workshop on Analytics for Network and Service Management (AnNet 2017). She was member of the steering committee for RESSI’17 (Rendez-vous de la Recherche et de l’Enseignement de la Sécurité des Systèmes d’Information).
Rémi Badonnel is a TPC co-chair for the Third IEEE/IFIP International Workshop on Analytics for Network and Service Management (AnNet 2018).
Jérôme François was a co-chair of the 3rd IEEE/IFIP Workshop on Security for Emerging Distributed Network Technologies (DISSECT).
Lucas nussbaum was a co-chair of the High Performance Computing in/with the Cloud track at 9th IEEE International Conference on Cloud Computing Technology and Science (CloudCom 2017).
Rémi Badonnel: IFIP/IEEE International Conference on Network and Service Management (IFIP/IEEE CNSM 2017) ; IEEE Conference on Network Softwarization (IEEE NetSoft 2017) ; IFIP/IEEE International Symposium on Integrated Network Management (IFIP/IEEE IM 2017) ; IFIP International Conference on Autonomous Infrastructure, Management and Security (IFIP AIMS 2017) ; IEEE Global Information Infrastructure and Networking Symposium (IEEE GIIS 2017) ; Asia-Pacific Network Operations and Management Symposium (APNOMS 2017) ; IEEE International Conference on Communications (IEEE ICC - SAC 2017).
Olivier Festor: IFIP/IEEE International Conference on Network and Service Management (IFIP/IEEE CNSM 2017) ; IEEE Conference on Network Softwarization (IEEE NetSoft 2017) ; IFIP/IEEE International Symposium on Integrated Network Management (IFIP/IEEE IM 2017) ; IFIP International Conference on Autonomous Infrastructure, Management and Security (IFIP AIMS 2017) ; IFIP Networking 2017.
Abdelkader Lahmadi: IEEE Conference on Network Softwarization (IEEE NetSoft 2017) ; IFIP/IEEE International Symposium on Integrated Network Management (IFIP/IEEE IM 2017) ; Asia-Pacific Network Operations and Management Symposium (APNOMS 2017) ; 1st Cyber Security in Networking Conference (CSNET 2017).
Jérôme François: IEEE Conference on Network Softwarization (IEEE NetSoft 2017) ; IFIP/IEEE International Symposium on Integrated Network Management (IFIP/IEEE IM 2017) ; Asia-Pacific Network Operations and Management Symposium (APNOMS 2017) ; IEEE Global Information Infrastructure and Networking Symposium (IEEE GIIS 2017) ; Principles, Systems and Applications of IP Telecommunications (IPTComm'17); IFIP/IEEE International Workshop on Management of SDN and NFV Systems (IFIP/IEEE ManSDN 2017).
Thibault Cholez: IEEE/IFIP Workshop on Security for Emerging Distributed Network Technologies (DISSECT 2017); 4th ACM Conference on Information-Centric Networking: Demos and Posters tracks (ICN 2017).
Lucas Nussbaum: 4th International Workshop on Computer and Networking Experimental Research Using Testbeds (CNERT'2017) ; 26th IEEE International Conference on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE'2017) ; 23nd IEEE International Conference on Parallel and Distributed Systems (ICPADS'2017).
Isabelle Chrisment: IFIP International Conference on Autonomous Infrastructures, Management and Security (IFIP AIMS’17) ; Rencontres Francophones sur la Conception de Protocoles, l’évaluation de Performance et l’Expérimentation Aspects Algorithmiques de Télécommunications (CoResl’17) ; IEEE/IFIP International Symposium on Network Operations and Management (IFIP/IEEE IM’17).
Ye-Qiong Song: IEEE International Workshop on Factory Communication Systems (WFCS 2017); IEEE International Conference on Communications and Networking (ComNet 2017) ; IEEE International Conference on Emerging Technologies and Factory Automation (ETFA 2017) ; 25th International Conference on Real-Time Networks and Systems (RTNS 2017) ; IEEE Clobecom 2017; ICOST 2017; IEEE RTCSA 2017.
Rémi Badonnel is Associate Editor for the Wiley International Journal of Network Management (IJNM), and serves as a Guest Editor for a Special Issue on Management of SDN/NFV-based Systems in the same journal.
Jérôme François serves as a Guest Editor for a Special Issue on Security for Emerging Open Networking Technologies in Wiley International Journal of Network Management (IJNM).
Ye-Qiong Song is an Associate Editor for the Elsevier Computers and Electrical Engineering journal, and for the Journal of Multimedia Information System.
The following reviews for journals has been made by team members:
Rémi Badonnel: IEEE Transactions on Network and Service Management (IEEE TNSM), Springer Journal of the Network and Systems Management (JNSM), Wiley International Journal of Network Management (IJNM), IEEE Communications Magazine (COMMAG), Elsevier Journal on Computer Communications (COMCOM), Elsevier Journal on Communication Networks (COMNET), Elsevier Journal on Computers and Security (COSE).
Olivier Ferstor: Elsevier Computers & Security.
Abdelkader Lahmadi: IEEE Transactions on Network and Service Management (IEEE TNSM), Springer Journal of the Network and Systems Management (JNSM), Wiley International Journal of Network Management (IJNM), International Journal of Distributed Sensor Networks (IJDSN), IEEE Communications Magazine (COMMAG).
Jérôme François: IEEE Communications Magazine (COMMAG), Wiley International Journal of Network Management (IJNM).
Thibault Cholez: Wiley International Journal of Network Management (IJNM), Elsevier Journal on Communication Networks (COMNET).
Lucas Nussbaum: PLOS ONE ; Springer Journal of Internet Services and Applications (JISA) ; International Journal of Grid and Utility Computing (IJGUC) ; IEEE Transactions on Services Computing (TSC).
Isabelle Chrisment: IEEE Transactions on Network and Service Management (IEEE TNSM), IEEE Communications Magazine (COMMAG). Elsevier Journal Computer Communications (COMCOM)
Ye-Qiong Song: Elsevier Computers and Electrical Engineering journal, IEEE Transactions on Industrial Informatics, IEEE Communications surveys and tutorials.
Jérôme François:
IRTF NMRG (IETF 100), Singapore: "Network traffic analysis for encrypted traffic and security monitoring"
7th annual Inria@SiliconValley workshop, Berkeley, CA, USA: panelist on "Blockchain Technology for Cybersecurity and Social Impact" and presenter in session "Scaling up for IoT"
Annual CODE event of the Universität der Bundeswehr, Munich, Germany: panelist on "Smart Atttacks requires smart defence"
Lucas Nussbaum:
École ARCHI 2017: "Experimenting on Architectures for High Performance Computing"
Reproducible Research Webinars: "Testbeds in Computer Science"
École RESCOM 2017: "Scaling Your Experiments"
Vassili Rivron:
CERReV/Université de Caen Normandie Conference on Les services gratuits du web entre empowerment et hégémonie : contradictions et régulations de l’économie collaborative, “Sites d'information et bloqueurs de publicité : intermédiaires de l'auto-régulation publicitaires dans le champ journalistique”, March 2017.
SHS Seminar in Loria, "News-sites and adblockers : intermediaries of advertising self-regulation in the field of journalism", in collaboration with Thibault Cholez, June 2017.
Abdelkader Lahmadi served as a member of the Selection Committee of the 2017 ComSoc Student Competition "Communications Technology Changing the World".
Jérôme François serves as reviewer for ANRT to evaluate a CIFRE PhD proposition and as reviewer for ANR.
Yeqiong Song serves as reviewer for ANRT to evaluate a CIFRE PhD proposition and as reviewer for ANR.
Abdelkader Lahmadi is a member of the CDT of Inria Nancy Grand Est.
Jérôme François is a member of the Horizon Startup local committee in Nancy Grand Est.
Isabelle Chrisment is a member of :
AFNIC's scientific council
scientific pole AM2I (Automatique, Mathématiques, Informatique et leurs Interaction) at Université de Lorraine
COMIPERS at Inria Nancy Grand Est.
CMI (Commission de la Mention Informatique), part of the doctoral school IAEM.
She also served as a member of the working group "Plan Stratégique Scientifique Inria".
Olivier Festor is member of the Scientific Council of Telecom Sud Paris. Olivier Festor is leading the IFIP TC6 Working Group 6.6 : Network and Service Management. He is also in charge of the CERI initiative between France and Germany.
Yeqiong Song is head of Department 3 of LORIA.
Olivier Festor is the Director of the TELECOM Nancy Engineering School.
Rémi Badonnel is heading the Internet Systems and Security specialization of the 2nd and 3rd years at the TELECOM Nancy engineering school, and is coordinating the Security Pathway Program at the same school, elaborated in the context of the International Master of Science in Security of Computer Systems built with the Mines Nancy school.
Laurent Ciarletta is co-heading the specialization Safe Systems Architecture of the Computer Science and IT department of the Ecole des Mines de Nancy ("Grande Ecole", Engineering School, Master degree level).
Team members are teaching the following courses:
Rémi Badonnel 242 hours - L3, M1, M2 - Networks, Systems and Services, Software Design and Programming, Cloud Computing, Network and Security Management - TELECOM Nancy, Université de Lorraine
Abdelkader Lahmadi 280 hours - L3, M1, M2 - Real time and Embedded Systems Programming, Distributed Systems and Algorithms, Green IT, Algorithms and Advanced Programming - ENSEM Engineering School
Yeqiong Song 200 hours - L3, M1, M2 - Green IT, Algorithms and Advanced Programming, Databases networking - ENSEM Engineering School
Jérôme François 70 hours - M1, M2 -Network security, Big Data - TELECOM Nancy, Université de Lorraine, University of Lorraine
Thibault Cholez 300 hours - L3, M1, M2 - Techniques and Tools for Programming, Computer Networks, Object-Oriented Programming, Network Services, Constraint development on small Connected Objects, Mobile applications and Internet of Things, Project Management - TELECOM Nancy, Université de Lorraine, University of Lorraine
Isabelle Chrisment 220 hours -L3, M1, M2 -C and Shell Programming, Computer Networking, Operating Systems, Network Security. - TELECOM Nancy, Université de Lorraine
E-learning
MOOC: Thibault Cholez, Supervision de réseaux et services (concept clés avec SNMP), 1 semaine (5 leçons), FUN, Université de Lorraine, Ingénieur, formation initiale et continue, ouverture en janvier 2018.
MOOC: Rémi Badonnel, Laurent Andrey, Supervision de réseaux et services (monitoring avec Nagios), 1 semaine (5 leçons), FUN, Université de Lorraine, Ingénieur, formation initiale et continue, ouverture en janvier 2018.
MOOC: Olivier Festor, Abdelkader Lahmadi, Supervision de réseaux et services (instrumentation avec JMX), 1 semaine (3 leçons), FUN, Université de Lorraine, Ingénieur, formation initiale et continue, ouverture en janvier 2018.
MOOC: Jérôme François, Supervision de réseaux et services (évolution des protocoles), 1 semaine (4 leçons), FUN, Université de Lorraine, Ingénieur, formation initiale et continue, ouverture en janvier 2018.
PhD: Wazen Shbair, Service-Level Monitoring of HTTPS Traffic defended on May 3rd 2017, University of Lorraine, supervised by Isabelle Chrisment and Thibault Cholez.
PhD: Julien Vaubourg, Intégration de modèles de réseaux IP à un multi-modèle DEVS, pour la co-simulation de systèmes cyber-physiques , defended in April 2017, Université de Lorraine, supervised by Vincent Chevrier and Laurent Ciarletta.
PhD: Evangelia Tsiontsiou, Multi-constrained QoS Routing and Energy Optimization in Wireless Sensor Networks, defended on December 15th 2017, University of Lorraine, supervised by Ye-Qiong Song and Bernardetta Addis.
PhD: Patrick-Olivier Kamgueu, Configuration Dynamique et Routage pour l'Internet des Objets, defended on December 18th 2017, Université de Yaoundé & Universiité de Lorrain, supervised by Olivier Festor, Emmanuel Nataf and Thomas Djotio
PhD: Elian Aubry, Protocole de routage pour l’architecture NDN, defended on December 19th 2017, University of Lorraine, supervised by Isabelle Chrisment and Thomas Silverston
PhD in progress: Thomas Paris, Mo, délisation de systèmes complexes par composition, since September 2015, supervised by Vincent Chevrier and Laurent Ciarletta.
PhD in progress: Maxime Compastie, Software-Defined Security for the Cloud, since December 2015, supervised by Olivier Festor and Rémi Badonnel.
PhD in progress: Florian Greff, QoS and fault-tolerance of distributed real-time systems over mesh networks, since Feb. 2015, supervised by Ye-Qiong Song and Laurent Ciarletta.
PhD in progress: Nicolas Schnepf, Orchestration and Verification of Security Functions for Smart Environments, since October 2016, supervised by Stephan Merz, Rémi Badonnel and Abdelkader Lahmadi.
PhD in progress: Giulia De Santis, Data Analytics for Security, since October 2015, supervised by Olivier Festor, Abdelkader Lahmadi and Jérôme François.
PhD in progress: Paul Chaignon, Mécanismes de supervision de la sécurité dans un réseau programmable de type SDN/NFV, since November 2015, supervised by Olivier Festor, Kahina Lazri and Jérôme François.
PhD in progress: Xavier Marchal, Secure operation of virtualized Named Data Networks, since December 2015, supervised by Olivier Festor and Thibault Cholez.
PhD in progress: Salvatore Signorello, A multifold approach to address the security issues of stateful forwarding mechanisms in Information- Centric Networks, since December 2014, supervised by Olivier Festor, Jérôme François and Radu State.
PhD in progress: Abdulqawi Saif, Open Science for the scalability of a new generation search technology, since December 2015, supervised by Ye-Qiong Song and Lucas Nussbaum.
PhD in progress: Pierre-Olivier Brissaud, Anomaly detection in encrypted traffic, since July 2016, supervised by Isabelle Chrisment, Jérôme François and Thibault Cholez.
PhD in progress: Petro Aksonenko, Positionnement robuste pour véhicules autonomes à base de fusion de données de capteurs reposant sur les systèmes de navigation inertielle, since October 2016, supervised by Patrick Henaff (Biscuit, Dep 5, loria), Vadim Avrutov (Kiev Polytechnic institute in Urkaine) and Laurent Ciarletta.
PhD in progress: Lakhdar Meftah, Cartography of the quality of experience for mobile internet access, since November 2016, supervised by Romain Rouvoy and Isabelle Chrisment.
PhD in progress: Haftay Gebreslasie Abreha, Compressed and Verifiable Filtering Rules in Software-defined Networking, since Octobrer 2017, supervised by Michael Rusinowitch, Abdelkader Lahmadi and Adel Bouhoula.
PhD in progress: Mingxiao Ma, Cyber-physical systems defense through smart network configuration, since December 2017, supervised by Isabelle Chrisment and Abdelkader Lahmadi.
PhD in progress: Louis Viard, Environnement de développement et d'analyse de propriétés pour des systèmes cyber-physiques mobiles, since November 2017, supervised by Pierre-Etienne Moreau and Laurent Ciarletta.
Team members participated to the following Ph.D. defense committees in:
Maryam Barshan, PhD in Computer Science from Ghent University, Belgium. Title: Cloud Resource Provisioning and Bandwidth Management in Media-Centric Networks, August 2017 – (Rémi Badonnel as reviewer).
Jose Jair Cardoso de Santanna, PhD in Computer Science from University of Twente, The Netehrlands. Title: DDOS-as-a-Service - Investigating Booter Websites, November 2017 – (Olivier Festor as reviewer).
Amina Boubendir, PhD in Computer Science from TELECOM ParisTech, France. Title: Flexibility and Dynamicity for Open Network-as-a-Service : From Architecture Modeling to Deployment, March 2017 – (Olivier Festor as reviewer).
Merve Sahin, PhD in Computer Science from TELECOM ParisTech, France. Title: Understanding Telephony Fraud as an Essential Step to Better Fight It, September 2017 – (Olivier Festor as reviewer).
Christian Hammerschmidt, PhD in Computer Science from the University of Luxembourg, Luxembourg Title: Learning Finite Automata via Flexible State-Merging and Applications in Networking – (Jérôme François as reviewer).
Pascal Thubert, PhD in Computer Science from IMT Atlantique - Bretagne -Pays de Loire, France. Title: Converging over Deterministic Networks for an Industrial Network, March 2017 – (Isabelle Chrisment as reviewer).
Yoann Bertrand, PhD in Computer Sciencce from Université Côte d'Azur, France. Title: Access control policies and companies data transmission management, March 2017 – (as examiner).
Eric Asselin, Phd in Computer Science from Université de Toulouse, France. Title: Système de détection d’intrusion adapté au système de communication aéronautique ACARS, June 2017 – (Isabelle Chrisment as reviewer)
Xiao Han, Phd in Computer Science from TELECOM ParisTech, France. Title: Measurement and Monitoring of Security from the Perspective of a Service Provider, September 2017 – (Isabelle Chrisment as reviewer)
Bruno Dorsemaine, Phd in Computer Science from TELECOM ParisTech, France. Title: Conception et expérimentation d’un modèle de sécurité dédié à un système d’information interagissant avec des infrastructures d’objets connectés, October 2017 – (Isabelle Chrisment as examiner)
Rishikesh SAHAY, Phd in Computer Science from TELECOM ParisTech, France. Title: Policy-Driven Autonomic Cyberdefense using Software Defined Networking, November 2017 – (Isabelle Chrisment as examiner)
Florian Grandhomme, Phd in Computer Science from Université de Rennes 1, France. Title: Études de protocoles de routage dynamique externe de type BGP dans un environnement réseaux tactiques ad hoc mobiles : faisabilité et performance, November 2017 – (Isabelle Chrisment as examiner)
Celestin Matte, Phd in Computer Science from Université de Lyon, Insa, France. Title: Wi-Fi Tracking: Fingerprinting Attacks and Counter-Measures, December 2017 – (Isabelle Chrisment as examiner)
Zied Aouini, Phd in Computer Science from Université de la Rochelle, France. Title: Traffic Monitoring in Home Networks: From Theory to Practice, December 2017 – (Isabelle Chrisment as reviewer)
Deepak Subramanian, Phd in Computer Science from CentraleSupélec, France. Title: Information Flow Control for the Web Browser through a Mechanism of Split Qddress, December 2017 – (Isabelle Chrisment as reviewer)
Emilie Bérard-Deroche, Phd in Computer Science from Université de Toulouse - INP Toulouse, France. Title: Distribution d’une architecture modulaire intégrée dans un contexte hélicoptère, December 2017 – (Yeqiong Song as reviewer)
Alemayehu Addisu Desta, Phd in Computer Science from Université de Paris-Est, France. Title: Energy Supply and Demand Side Management in Industrial Microgrid Context, December 2017 – (Yeqiong Song as examinator)
Muhammad Agus Zainuddin, Phd in Computer Science from Université de Franche-Comté, France. Title: Efficient Low Layer Techniques for Electromagnetic Nanocommunication Networks, March 2017 – (Yeqiong Song as reviewer)
Team members participated to the following mid-term Ph.D. defense committees in:
Philippe Pittoli, PhD Student in Université de Strasbourg, France. Title : Architecture de sécurité pour l’Internet des Objets, July 2017 – (Isabelle Chrisment as external reviewer)
Antoine Vastel, PhD Student in Université de Lille, France. Title; Browser Fingerprinting: Privacy, Security and tracking, September 2017 – (Isabelle Chrisment as external reviewer)
John Harrison Kurunathan, PhD Student in the University of Porto, Portugal. Title: Improving QoS for IEEE 802.15.4e Networks, September 2017 – (Yeqiong Song as external reviewer)
Team members participated to the following Habilitation Degree defense committees:
Mathieu Bouet, Habilitation Degree in Computer Science from Université Pierre et Marie Curie - Sorbonne Universités, France. Title: Software networks : Orchestration, resilience, and programmability concerns, July 2017 – (Olivier Festor as reviewer).
Nader Mbarek, Habilitation Degree in Computer Science from Université de Bourgogne, France. Title: Contributions à la Gestion Autonome et la Garantie du Niveau de Service dans les Environnements Cloud, Radio Maillés et Mobiles, July 2017 – (Olivier Festor as reviewer).
Osman Salem, Habilitation Degree in Computer Science from Université Paris Descartes, France. Title: Anomaly Detection in Wireless Body Area Networks for Reliable Healthcare Monitoring, April 2017 – (Olivier Festor as reviewer).
Francis Colas, Habilitation Degree in Computer Science from Université de Lorraine, France. Title: Modélisation bayésienne et robotique, May 2017 – (Yeqiong Song as examinator).
Hanen Idoudi, Habilitation Degree in Computer Science from Université Jean Jaures, Toulouse 2, France. Title: Contributions à l'amélioration des communications dans les réseaux sans fil multi-sauts, December 2017 – (Yeqiong Song as reviewer).
Karine Deschinkel, Habilitation Degree in Computer Science from Université de Franche-Comté, France. Title: Nouveaux modèles de programmation linéaires et de flots pour la résolution de problèmes d'optimisation difficiles, June 2017 – (Yeqiong Song as president).
Isabelle Chrisment was in charge of the scientific part of the 4th module (connecter le réseau) in the Class'Code project https://