Articles in international journals

  • Network Information Hiding and Science 2.0: Can it be a Match?
    Steffen Wendzel, Luca Caviglione, Wojciech Mazurczyk, Jean-François Lalande
    International Journal of Electronics and Telecommunications vol. 63 4 Warsaw Science Publishers of PAS 2017 url
  • Detecting Local Covert Channels Using Process Activity Correlation on Android Smartphones
    Marcin Urbanski, Wojciech Mazurczyk, Jean-François Lalande, Luca Caviglione
    International Journal of Computer Systems Science and Engineering CRL Publishing Ltd To-appear2017
    ABS
    Modern malware threats utilize many advanced techniques to increase their stealthiness. to this aim, information hiding is becoming one of the preferred approaches, especially to exfiltrate data. however, for the case of smartphones, covert communications are primarily used to bypass the security framework of the device. the most relevant case is when two "colluding applications" cooperate to elude the security policies enforced by the underlying os. unfortunately, detecting this type of malware is a challenging task as well as a poorly generalizable process. in this paper, we propose a method for the detection of malware exploiting colluding applications. in more details, we analyze the correlation of processes to spot the unknown pair covertly exchanging information. experimental results collected on an android device showcase the effectiveness of the approach, especially to detect low-attention raising covert channels, i.e., those active when the user is not operating the smartphone.
  • Challenges in Android Malware Analysis
    Valérie Viet Triem Tong, Jean-François Lalande, Mourad Leslous
    ERCIM News 106 ERCIM Special Theme: Cybersecurity 42-432016 url
    ABS
    The best protection against malware is to execute it: a security paradox.
  • Seeing the Unseen: Revealing Mobile Malware Hidden Communications via Energy Consumption and Artificial Intelligence
    Luca Caviglione, Mauro Gaggero, Jean-François Lalande, Wojciech Mazurczyk, Marcin Urbanski
    IEEE Transactions on Information Forensics and Security vol. 11 4 TIFS IEEE Computer Society 799-8102016 doi url
    ABS
    Modern malware uses advanced techniques to hide from static and dynamic analysis tools. to achieve stealthiness when attacking a mobile device, an effective approach is the use of a covert channel built by two colluding applications to locally exchange data. since this process is tightly coupled with the used hiding method, its detection is a challenging task, also worsened by the very low transmission rates. as a consequence, it is important to investigate how to reveal the presence of malicious software by using general indicators such as the energy consumed by the device. in this perspective, the paper aims to spot malware covertly exchanging data by using two detection methods based on artificial intelligence tools such as neural networks and decision trees. to verify their effectiveness, seven covert channels have been implemented and tested over a measurement framework using android devices. experimental results show the feasibility and effectiveness of the proposed approach to detect the hidden data exchange between colluding applications.
  • A Practical Set-Membership Proof for Privacy-Preserving NFC Mobile Ticketing
    Ghada Arfaoui, Jean-François Lalande, Jacques Traoré, Nicolas Desmoulins, Pascal Berthomé, Saïd Gharout
    Proceedings on Privacy Enhancing Technologies vol. 2015 2 PoPETS De Gruyter Open 25-452015 doi url
    ABS
    To ensure the privacy of users in transport systems, researchers are working on new protocols providing the best security guarantees while respecting functional requirements of transport operators. in this paper1, we design a secure nfc m-ticketing protocol for public transport that preserves users' anonymity and prevents transport operators from tracing their customers' trips. to this end, we introduce a new practical set-membership proof that does not require provers nor verifiers (but in a specific scenario for verifiers) to perform pairing computations. it is therefore particularly suitable for our (ticketing) setting where provers hold sim/uicc cards that do not support such costly computations. we also propose several optimizations of boneh-boyen type signature schemes, which are of independent interest, increasing their performance and efficiency during nfc transactions. our m-ticketing protocol offers greater flexibility compared to previous solutions as it enables the post-payment and the off-line validation of m-tickets. by implementing a prototype using a standard nfc sim card, we show that it fulfils the stringent functional requirement imposed by transport operators whilst using strong security parameters. in particular, a validation can be completed in 184.25ms when the mobile is switched on, and in 266.52ms when the mobile is switched off or its battery is flat.
  • An extended attribute based access control model with trust and privacy: Application to a collaborative crisis management system
    Waleed W. Smari, Patrice Clemente, Jean-Francois Lalande
    Future Generation Computer Systems vol. 31 - FGCS Elsevier 147-1682014 doi url
    ABS
    Many efforts in the area of computer security have been drawn to attribute-based access control (abac). compared to other adopted models, abac provides more granularity, scalability, and flexibility. this makes it a valuable access control system candidate for securing platforms and environments used for coordination and cooperation among organizations and communities, especially over open networks such as the internet. on the other hand, the basic abac model lacks provisions for context, trust and privacy issues, all of which are becoming increasingly critical, particularly in high performance distributed collaboration environments. this paper presents an extended access control model based on attributes associated with objects and subjects. it incorporates trust and privacy issues in order to make access control decisions sensitive to the cross-organizational collaboration context. several aspects of the proposed model are implemented and illustrated by a case study that shows realistic abac policies in the domain of distributed multiple organizations crisis management systems. furthermore, the paper shows a collaborative graphical tool that enables the actors in the emergency management system to make better decisions. the prototype shows how it guarantees the privacy of object's attributes, taking into account the trust of the subjects. this tool incorporates a decision engine that relies on attribute based policies and dynamic trust and privacy evaluation. the resulting platform demonstrates the integration of the abac model, the evolving context, and the attributes of actors and resources.
  • A Privacy-Preserving NFC Mobile Pass for Transport Systems
    Ghada Arfaoui, Guillaume Dabosville, Sébastien Gambs, Patrick Lacharme, Jean-François Lalande
    EAI Endorsed Transactions on Mobile Communications and Applications vol. 14 5 ICST e42014 doi url
    ABS
    The emergence of the nfc (near field communication) technology brings new capacities to the next generation of smartphones, but also new security and privacy challenges. indeed through its contactless interactions with external entities, the smartphone of an individual will become an essential authentication tool for service providers such as transport operators. however, from the point of view of the user, carrying a part of the service through his smartphone could be a threat for his privacy. indeed, an external attacker or the service provider himself could be tempted to track the actions of the user. in this paper, we propose a privacy-preserving contactless mobile service, in which a user's identity cannot be linked to his actions when using the transport system. the security of our proposition relies on the combination of a secure element in the smartphone and on a privacy-enhancing cryptographic protocol based on a variant of group signatures. in addition, although a user should remain anonymous and his actions unlinkable in his daily journeys, we designed a technique for lifting his anonymity in extreme circumstances. in order to guarantee the usability of our solution, we implemented a prototype demonstrating that our solution meets the major functional requirements for real transport systems: namely that the mobile pass can be validated at a gate in less than 300 ms, and this even if the battery of the smartphone is exhausted.
  • Improving Mandatory Access Control for HPC clusters
    Mathieu Blanc, Jean-François Lalande
    Future Generation Computer Systems vol. 29 3 FGCS 876-8852013 doi url
    ABS
    Hpc clusters are costly resources, hence nowadays these structures tend to be co-financed by several partners. a cluster administrator has to be designated, whose duties include, amongst others, the prevention of accidental data leakage or theft. linux has been chosen as an operating system for the cea's computing platforms. however, strong system security solutions such as selinux are usually difficult to set up in large environments. this article presents how we have adapted a mac mechanism in order to enforce confidentiality and integrity between a large number of users. first we define our security objectives, and show how they direct our technical choices. then we present how confinement was achieved using the selinux security mechanism, and how various attack scenarios were addressed. we then focus on the use of mandatory categories, access control on high bandwidth network filesystems and the integration of new users and applications. we discuss some residual technical challenges. finally, we present benchmark results and validate the acceptable performance impact of our deployment on a modern cluster.
  • Security properties in an open peer-to-peer network
    Jean-François Lalande, David Rodriguez, Christian Toinard
    International Journal of Network Security & Its Applications vol. 1 3 IJNSA 73-892010 url
    ABS
    This paper proposes to address new requirements of confidentiality, integrity and availability properties fitting to peer-to-peer domains of resources. the enforcement of security properties in an open peer-topeer network remains an open problem as the literature have mainly proposed contribution on availability of resources and anonymity of users. that paper proposes a novel architecture that eases the administration of a peer-to-peer network. it considers a network of safe peer-to-peer clients in the sense that it is a commune client software that is shared by all the participants to cope with the sharing of various resources associated with different security requirements. however, our proposal deals with possible malicious peers that attempt to compromise the requested security properties. despite the safety of an open peer-to-peer network cannot be formally guaranteed, since a end user has privileges on the target host, our solution provides several advanced security enforcement. first, it enables to formally define the requested security properties of the various shared resources. second, it evaluates the trust and the reputation of the requesting peer by sending challenges that test the fairness of its peer-to-peer security policy. moreover, it proposes an advanced mandatory access control that enforces the required peer-to-peer security properties through an automatic projection of the requested properties onto selinux policies. thus, the selinux system of the requesting peer is automatically configured with respect to the required peer-to-peer security properties.
  • Security and Results of a Large-Scale High-Interaction Honeypot
    Jérémy Briffaut, Jean-François Lalande, Christian Toinard
    Journal of Computers vol. 4 5 JCP 395-4042009 doi url
    ABS
    This paper presents the design and discusses the results of a secured high-interaction honeypot. the challenge is to have a honeypot that welcomes attackers, allows userland malicious activities but prevents system corruption. the honeypot must authorize real malicious activities. it must ease the analysis of those activities. a clustered honeypot is proposed for two kinds of hosts. the first class prevents a system corruption and never has to be reinstalled. the second class assumes a system corruption but an easy reinstallation is available. various off-the-shelf security tools are deployed to detect a corruption and to ease analysis. moreover, host and network information enable a full analysis for complex scenario of attacks. the solution is totally based on open source software and has been validated over two years. a complete analysis is provided using the collected events and alarms. first, different types of malicious activities are easily reconstructed. second, correlation of alarms enables us to compare the efficiency of various off-the-shelf security tools. third, a correlation eases a complete analysis for the host and network activities. finally, complete examples of attacks are explained. ongoing works focus on recognition of complex malicious activities using a correlation grid and on distributed analysis.
  • Formalization of security properties: enforcement for MAC operating systems and verification of dynamic MAC policies
    Jérémy Briffaut, Jean-François Lalande, Christian Toinard
    International journal on advances in security vol. 2 4 325-3432009 url
    ABS
    This paper focuses on the enforcement of security properties fitting with dynamic mandatory access control policies. it adds complementary results to previous works of the authors in order to better address dynamic policies. previous works of the authors provide several advances for enforcing the security of mac system. an administration language for formalizing a large set of security properties is available to system administrators. that language uses several flow operators and ease the formalization of the required security properties. a solution is also available for computing the possible violations of any security property that can be formalized using our language. that solution computes several flow graphs in order to find all the allowed activities that can violate the requested properties. that paper addresses remaining problems related to the enforcement of the same kind of properties but with dynamic mac policies. enforcement is more much complex if we consider dynamic policies since the states of those policies are theoretically infinite. a new approach is proposed for dynamic mac policies. the major idea is to use a meta-policy language for controlling the allowed evolutions of those dynamic policies. according to those meta-policy constraints, the computation problem becomes easier. the proposed solution adds meta-nodes within the considered flow graphs. a general algorithm is given for computing the required meta-nodes and the associated arcs. the proposed meta-graphs provide an overestimation of the possible flows between the different meta-nodes. the computation of the possible violations within the allowed dynamic policies is thus allowed. several concrete security properties are considered using regular expressions for identifying the requested meta- contexts. the resulting violations, within the allowed meta- graphs, are computed and real violations are presented.

Chapters of books

  • Understanding Information Hiding to Secure Communications and to Prevent Exfiltration of Mobile Data
    Luca Caviglione, Mauro Gaggero, Jean-Francois Lalande, Wojciech Mazurczyk
    Adaptive Mobile Computing: Advances in Processing Mobile Data Sets Elsevier To-appear2017
  • Honeypot forensics for system and network SIEM design
    Jérémy Briffaut, Patrice Clemente, Jean-François Lalande, Jonathan Rouzaud-Cornabas
    Advances in Security Information Management: Perceptions and Outcomes 8 Nova Science Publishers Computer Networks and Computer Science, Technology and Applications 181-2162013 url
    ABS
    This chapter presents forensic investigations of cyber attackers' activities on a large scale honeypot and shows how these methodologies can be integrated into an siem. the chapter describes our high interaction honeypot and analyzes the illegal activities performed by attackers on the basis of the data collected over two years of attacks: logged sessions, intrusion detection system alerts, mandatory access control system alerts. the empirical study of these illegal activities has allowed us to understand the global motivations of the attackers, their technical skills, the geographical location of the attackers and their targets. a generic method is presented that has enabled us to rebuild the illegal activities using correlation techniques operating on system and network events. monitoring the network and the operations occurring on each system has provided precise and high level characterization of attacks. finally, the chapter explains how network and system methods for forensics can be integrated into an siem in order to more accurately monitor the security of a pool of hosts.
  • Quasi-Optimal Resource Allocation in Multi-Spot MFTDMA Satellite Networks
    Sara Alouf, Eitan Altman, Jérôme Galtier, Jean-François Lalande, Corinne Touati
    Combinatorial Optimization in Communication Networks Springer Berlin Heidelberg Combinatorial Optimization 325-3652006 doi url
    ABS
    This chapter presents an algorithm for resource allocation in satellite networks. it deals with planning a time/frequency plan for a set of terminals with a known geometric configuration under interference constraints. our objective is to maximize the system throughput while guaranteeing that the different types of demands are satisfied, each type using a different amount of bandwidth. the proposed algorithm relies on two main techniques. the first generates admissible configurations for the interference constraints, whereas the second uses linear and integer programming with column generation. the obtained solution estimates a possible allocation plan with optimality guarantees, and highlights the frequency interferences which degrade the construction of good solutions.

International conferences with proceedings

  • GroddDroid: a Gorilla for Triggering Malicious Behaviors
    Adrien Abraham, Radoniaina Andriatsimandefitra, Adrien Brunelat, Jean-François Lalande, Valérie Viet Triem Tong
    10th International Conference on Malicious and Unwanted Software MALWARE 2015 IEEE Computer Society 119-1272015 doi url
    ABS
    Android malware authors use sophisticated techniques to hide the malicious intent of their applications. they use cryptography or obfuscation techniques to avoid detection during static analysis. they can also avoid detection during a dynamic analysis. frequently, the malicious execution is postponed as long as the malware is not convinced that it is running in a real smartphone of a real user. however, we believe that dynamic analysis methods give good results when they really monitor the malware execution. in this article, we propose a method to enhance the execution of the malicious code of unknown malware. we especially target malware that have triggering protections, for example branching conditions that wait for an event or expect a specific value for a variable before triggering malicious execution. in these cases, solely executing the malware is far from being sufficient. we propose to force the triggering of the malicious code by combining two contributions. first, we define an algorithm that automatically identifies potentially malicious code. second, we propose an enhanced monkey called grodddroid, that stimulates the gui of an application and forces the execution of some branching conditions if needed. the forcing is used by grodddroid to push the execution flow towards the previously identified malicious parts of the malware and execute it. the source code for our experiments with grodddroid is released as free software. we have verified on a malware dataset that we investigated manually that the malicious code is accurately executed by grodddroid. additionally, on a large dataset of 100 malware we precisely identify the nature of the suspicious code and we succeed to execute it at 28\%.
    (best paper award)
  • A Practical Set-Membership Proof for Privacy-Preserving NFC Mobile Ticketing
    Ghada Arfaoui, Jean-François Lalande, Jacques Traoré, Nicolas Desmoulins, Pascal Berthomé, Saïd Gharout
    Proceedings on Privacy Enhancing Technologies vol. 2015 2 PoPETS De Gruyter Open 25-452015 doi url
    ABS
    To ensure the privacy of users in transport systems, researchers are working on new protocols providing the best security guarantees while respecting functional requirements of transport operators. in this paper1, we design a secure nfc m-ticketing protocol for public transport that preserves users' anonymity and prevents transport operators from tracing their customers' trips. to this end, we introduce a new practical set-membership proof that does not require provers nor verifiers (but in a specific scenario for verifiers) to perform pairing computations. it is therefore particularly suitable for our (ticketing) setting where provers hold sim/uicc cards that do not support such costly computations. we also propose several optimizations of boneh-boyen type signature schemes, which are of independent interest, increasing their performance and efficiency during nfc transactions. our m-ticketing protocol offers greater flexibility compared to previous solutions as it enables the post-payment and the off-line validation of m-tickets. by implementing a prototype using a standard nfc sim card, we show that it fulfils the stringent functional requirement imposed by transport operators whilst using strong security parameters. in particular, a validation can be completed in 184.25ms when the mobile is switched on, and in 266.52ms when the mobile is switched off or its battery is flat.
  • Analysis of Human Awareness of Security and Privacy Threats in Smart Environments
    Luca Caviglione, Jean-Francois Lalande, Wojciech Mazurczyk, Steffen Wendzel
    vol. 9190 3rd International Conference on Human Aspects of Information Security, Privacy and Trust HAS 2015 Springer Berlin / Heidelberg LNCS 165-1772015 doi url
    ABS
    Smart environments integrate information and communication technologies (ict) into devices, vehicles, buildings and cities to offer an increased quality of life, energy efficiency and economical sustainability. in this perspective, the individual has a core role and so has networking, which enables such entities to cooperate. however, the huge amount of sensitive data, social aspects and the mixed set of protocols offer many opportunities to inject hazards, exfiltrate information, mass profiling of citizens, or produce a new wave of attacks. this work reviews the major risks arising from the usage of ict-techniques for smart environments, with emphasis on networking. its main contribution is to explain the role of different stakeholders for causing a lack of security and to envision future threats by considering human aspects.
  • Practical and Privacy-Preserving TEE Migration
    Ghada Arfaoui, Jean-François Lalande, Saïd Gharout, Jacques Traoré
    vol. 9311 9th IFIP WG 11.2 International Conference on Information Security Theory and Practice WISTP 2015 Springer LNCS 153-1682015 doi url
    ABS
    Trusted execution environments (tee) are becoming widely deployed in new smartphone generation. running within the tee, the trusted applications (ta) belong to diverse service providers. each ta manipulates a profile, constituted of secret credentials and user's private data. normally, a user should be able to transfer his tee profiles from a tee to another compliant tee. however, tee profile migration implies security and privacy issues in particular for tee profiles that require explicit agreement of the service provider. in this paper, we first present our perception of the deployment and implementation of a tee: we organize the tee into security domains with different roles and privileges. based on this new model, we build a migration protocol of tee profiles ensuring its confidentiality and integrity. to this end, we use a reencryption key and an authorization token per couple of devices, per service provider and per transfer. the proposed protocol has been successfully validated by avispa, an automated security protocol validation tool.
  • Software Countermeasures for Control Flow Integrity of Smart Card C Codes
    Jean-François Lalande, Karine Heydemann, Pascal Berthomé
    vol. 8713 19th European Symposium on Research in Computer Security ESORICS 2014 Springer International Publishing LNCS 200-2182014 doi url
    ABS
    Fault attacks can target smart card programs in order to disrupt an execution and gain an advantage over the data or the embedded functionalities. among all possible attacks, control flow attacks aim at disrupting the normal execution flow. identifying harmful control flow attacks as well as designing countermeasures at software level are tedious and tricky for developers. in this paper, we propose a methodology to detect harmful intra-procedural jump attacks at source code level and to automatically inject formally-proven countermeasures. the proposed software countermeasures defeat 100\%of attacks that jump over at least two c source code statements or beyond. experiments show that the resulting code is also hardened against unexpected function calls and jump attacks at assembly level.
  • Privacy and Mobile Technologies: the Need to Build a Digital Culture
    Mathilde De Saint Léger, Sébastien Gambs, Brigitte Juanals, Jean-François Lalande, Jean-Luc Minel
    Digital Intelligence DI 2014 Université de Nantes 100-1052014 url
    ABS
    This paper studies the topic of privacy in its relations with mobile technologies. after presenting the complexity of the topic and the need for an interdisciplinary approach on this subject, we analyze its media coverage in the modern public space. despite the di culties high- lighted by these studies, we argue that research e orts should support the emergence of mobile services that respect users' privacy as well as the development of a digital culture of privacy.
  • A Privacy-Preserving Contactless Transport Service for NFC Smartphones
    Ghada Arfaoui, Sébastien Gambs, Patrick Lacharme, Jean-François Lalande, Lescuyer Roch, Jean-Claude Paillès
    vol. 130 Fifth International Conference on Mobile Computing, Applications and Services MobiCASE 2013 Springer Berlin / Heidelberg LNICST 282-2852013 doi url
    ABS
    The development of nfc-enabled smartphones has paved the way to new applications such as mobile payment (m-payment) and mobile ticketing (m-ticketing). however, often the privacy of users of such services is either not taken into account or based on simple pseudonyms, which does not offer strong privacy properties such as the unlinkability of transactions and minimal information leakage. in this paper, we introduce a lightweight privacy-preserving contactless transport service that uses the sim card as a secure element. our implementation of this service uses a group signature protocol in which costly cryptographic operations are delegated to the mobile phone.
  • HoneyCloud: elastic honeypots - On-attack provisioning of high-interaction honeypots
    Patrice Clemente, Jean-François Lalande, Jonathan Rouzaud-Cornabas
    International Conference on Security and Cryptography SECRYPT 2012 SciTePress 434-4392012 doi url
    ABS
    This paper presents honeycloud: a large-scale high-interaction honeypots architecture based on a cloud infrastructure. the paper shows how to setup and deploy on-demand virtualized honeypot hosts on a private cloud. each attacker is elastically assigned to a new virtual honeypot instance. honeycloud offers a high scalability. with a small number of public ip addresses, honeycloud can multiplex thousands of attackers. the attacker can perform malicious activities on the honeypot and launch new attacks from the compromised host. the honeycloud architecture is designed to collect operating system logs about attacks, from various ids, tools and sensors. each virtual honeypot instance includes network and especially system sensors that gather more useful information than traditional network oriented honeypots. the paper shows how are collected the activities of attackers into the cloud storage mechanism for further forensics. honeycloud also addresses efficient attacker's session storage, long term session management, isolation between attackers and fidelity of hosts.
  • High Level Model of Control Flow Attacks for Smart Card Functional Security
    Pascal Berthome, Karine Heydemann, X. Kauffmann-Tourkestansky, Jean-Francois Lalande
    Seventh International Conference on Availability, Reliability and Security AReS 2012 IEEE Computer Society 224-2292012 doi url
    ABS
    Smart card software has to implement software countermeasures to face attacks. some of these attacks are physical disruptions of chip components that cause a misbehavior in the code execution. a successful functional attack may reveal a secret or grant an undesired authorization. in this paper, we propose to model fault attacks at source level and then simulate these attacks to find out which ones are harmful. after discussing the effects of physical attacks at assembly level and going back to their consequences at source code level, the paper focuses on control flow attacks. such attacks are good candidates for the proposed model that can be used to exhaustively test the robustness of the attacked program. on the bzip2 software, the paper's results show that up to 21\%of the assembly simulated control flow attacks are covered by the c model with 30 times less test cases.
  • SYNEMA: visual monitoring of network and system security sensors
    Aline Bousquet, Patrice Clemente, Jean-François Lalande
    International Conference on Security and Cryptography SECRYPT 2011 SciTePress 375-3782011 doi url
    ABS
    This paper presents a new monitoring tool called synema that helps to visualize different types of alerts from well-known security sensors. the architecture of the proposed tool is distributed and enables centralizing the collected information into a lightweight visualizer. the front-end proposes many display modes in order to give the ability to clearly see malicious activities and to be able to visually monitor information collected at system, network and user level in the hosts. the paper concludes with development perspectives about an auto-configurable plugin for visual correlation of attacks.
  • Mandatory Access Control for shared HPC clusters: Setup and performance evaluation
    Mathieu Blanc, Jean-François Lalande
    International Conference on High Performance Computing & Simulation HPCS 2010 IEEE Computer Society 291-2982010 doi url
    ABS
    Protecting a hpc cluster against real world cyber threats is a critical task, with the increasing trend to open and share computing resources. as partners can upload data that is confidential regarding other partners, a company managing a shared cluster has to enforce strong security measures. it has to prevent both accidental data leakage and voluntary data stealing. when using an operating system based on linux, the offered protections are difficult to set up in large scale environments. this article presents how to use the mandatory access control feature of selinux in order to guarantee strong security properties for hpc clusters. the proposed solution is based on the use of the multi-category system, the confinement of user profiles and the use of a dual ssh server. the issues encountered during the implementation and the most difficult technical points are presented. finally, this paper shows experimental results about the performance of our solution and the impact on a large scale cluster.
  • Enforcement of Security Properties for Dynamic MAC Policies
    Jérémy Briffaut, Jean-François Lalande, Christian Toinard, Mathieu Blanc
    Third International Conference on Emerging Security Information, Systems and Technologies SECURWARE 2009 IEEE Computer Society 114-1202009 doi url
    (best paper award)
  • Generation of role based access control security policies for Java collaborative applications
    Jérémy Briffaut, Xavier Kauffmann-Tourkestansky, Jean-François Lalande, Waleed Smari
    Third International Conference on Emerging Security Information, Systems and Technologies SECURWARE 2009 IEEE Computer Society 224-2292009 doi url
    ABS
    Java collaborative applications are increasingly and widely used in the form of applets or servlets, as a way to easily download and execute small programs on one's computer. however, security associated with these downloaded applications, even if it exists, is not easily manageable. most of the time, it relies on the user's ability to define a security policy for his virtual machine, which is undesirable. this paper proposes to integrate an rbac mechanism for any java application. it introduces a simple tag process that allows the developer to incorporate the appropriate policy in the source code of his application. the user is endowed with the ability to choose a role that corresponds to the required level of trust required in order for him to embed the policy in the executed code. a case study of a collaborative application shows how works the proposed api for managing roles, generating policies and logging in. at the end, a discussion about the dynamic enforcement of the generated policies is presented.
  • Team-based MAC policy over Security-Enhanced Linux
    Jérémy Briffaut, Jean-François Lalande, Waleed Smari
    Second International Conference on Emerging Security Information, Systems and Technologies SECURWARE 2008 IEEE Computer Society 41-462008 doi url
    ABS
    This paper presents an implementation of team-based access control policy (tmac) using selinux as mandatory access control mechanism for linux operating systems. after explaining the particularities of tmac in an elaborate example, the paper presents the xml tmac format developed and introduces a visualization tool that allows a user to explore the tmac policy. furthermore, we discuss how this policy is projected under selinux. finally, we discuss the limitations of this implementation and propose further future developments.
  • Quasi-optimal bandwidth allocation for multi-spot MFTDMA satellites
    Sara Alouf, Eitan Altman, Jérôme Galtier, Jean-François Lalande, Corinne Touati
    vol. 1 IEEE Conference on Computer Communications INFOCOM 2005 IEEE Computer Society 560-5712005 doi url
    ABS
    This paper presents an algorithm for resource allocation in satellite networks. it deals with planning a time/frequency plan for a set of terminals with a known geometric configuration under interference constraints. our objective is to maximize the system throughput while guaranteeing that the different types of demands are satisfied, each type using a different amount of bandwidth. the proposed algorithm relies on two main techniques. the first generates admissible configurations for the interference constraints, whereas the second uses linear and integer programming with column generation. the obtained solution estimates a possible allocation plan with optimality guarantees, and highlights the frequency interferences which degrade the construction of good solutions.
  • Approximate Multicommodity Flow for WDM Networks Design
    Mohamed Bouklit, David Coudert, Jean-François Lalande, Christophe Paul, Hervé Rivano
    Colloquium on Structural Information and Communication Complexity SIROCCO 2003 Carleton Scientific 43-562003 url

International workshops with proceedings

  • Kharon dataset: Android malware under a microscope
    Nicolas Kiss, Jean-François Lalande, Mourad Leslous, Valérie Viet Triem Tong
    The Learning from Authoritative Security Experiment Results Workshop LASER 2016 USENIX Association 1-122016 url
    ABS
    This study is related to the understanding of android malware that now populate smartphone's markets. our main objective is to help other malware researchers to better understand how malware works. additionally, we aim at supporting the reproducibility of experiments analyzing malware samples: such a collection should improve the comparison of new detection or analysis methods. in order to achieve these goals, we describe here an android malware collection called kharon. this collection gives as much as possible a representation of the diversity of malware types. with such a dataset, we manually dissected each malware by reversing their code. we run them in a controlled and monitored real smartphone in order to extract their precise behavior. we also summarized their behavior using a graph representations of the information flows induced by an execution. with such a process, we obtained a precise knowledge of their malicious code and actions. as a result, researchers can figure out the engineering efforts of malware developers and understand their programming patterns. another important result of this study is that most of malware now include triggering techniques that delay and hide their malicious activities. we also think that this collection can initiate a reference test set for future research works.
  • Hiding privacy leaks in Android applications using low-attention raising covert channels
    Jean-François Lalande, Steffen Wendzel
    First International Workshop on Emerging Cyberthreats and Countermeasures ECTCM 2014 IEEE Computer Society 701-7102013 doi url
    ABS
    Covert channels enable a policy-breaking communication not foreseen by a system's design. recently, covert channels in android were presented and it was shown that these channels can be used by malware to leak confidential information (e.g., contacts) between applications and to the internet. performance aspects as well as means to counter these covert channels were evaluated. in this paper, we present novel covert channel techniques linked to a minimized footprint to achieve a high covertness. therefore, we developed a malware that slowly leaks collected private information and sends it synchronously based on four covert channel techniques. we show that some of our covert channels do not require any extra permission and escape well know detection techniques like taintdroid. experimental results confirm that the obtained throughput is correlated to the user interaction and show that these new covert channels have a low energy consumption – both aspects contribute to the stealthiness of the channels. finally, we discuss concepts for novel means capable to counter our covert channels and we also discuss the adaption of network covert channel features to android-based covert channels.
  • Protecting resources in an open and trusted peer-to-peer network
    Jean-François Lalande, David Rodriguez
    The 1st IEEE International Workshop on Methods for Establishing Trust with Open Data METHOD 2012 IEEE Computer Society 140-1432012 doi url
    ABS
    This paper presents a new way of deploying security properties and trust in an open peer-to-peer network. the originality is that the security properties are freely defined by the user and are attached to the exchanged resources that are associated with domains. the paper proposes an implementation of a monitoring agent that looks after an open source peer-to-peer client and detects any attempt of bypassing the defined security policy. the monitoring agent evaluates the consistency of policies when a transaction occurs and measures the trust of peers before authorizing the transaction. even if an experienced hacker can defeat locally the enforcement of the security policy, we show that this malicious user will be progressively excluded from the network by the computation of its trust. the trust measure of a peer is based on the consistency of the declared policy, its history of transactions and the evaluation of download challenges sent to a set of neighbors of the evaluated peer. a prototype of monitoring agent and a peer-to- peer client have been implemented and we show how a policy can be enforced locally to protect the resources at filesystem level. a second experiment has been performed in order to evaluate the trust computation using a peer-to-peer simulator for a network of 100 nodes.
  • Repackaging Android applications for auditing access to private data
    Pascal Berthomé, Thomas Fécherolle, Nicolas Guilloteau, Jean-François Lalande
    First International Workshop on Security of Mobile Applications IWSMA 2012 IEEE Computer Society 388-3962012 doi url
    ABS
    One of the most important threats for android users is the collection of private data by malware put on the market. most of the proposed approaches that help to guarantee the user's privacy rely on modified versions of the android operating system. in this paper, we propose to automatically detect when an application accesses private data and to log this access in a third-party application. this detection should be performed without any modification to the operating system. the proposed methodology relies on the repackaging of a compiled application and the injection of a reporter at bytecode level. thus, such a methodology enables the user to audit suspicious applications that ask permissions to access private data and to know if such an access has occurred. we show that the proposed methodology can also be implemented as an ips, in order to prevent such accesses. experimental results show the efficiency of the methodology on a set of 18 regular applications of the android market that deal with contacts. our prototype detected 66\%of the accesses to the user's contacts. we also experimented the detection of privacy violations with 5 known malware that send premium-rate sms.
  • Attack model for verification of interval security properties for smart card C codes
    Pascal Berthomé, Karine Heydemann, Xavier Kauffmann-Tourkestansky, Jean-François Lalande
    5th ACM SIGPLAN Workshop on Programming Languages and Analysis for Security PLAS 2010 ACM 1-122010 doi url
    ABS
    Smart card programs are subject to physical attacks that disturb the execution of the embedded code. these attacks enable attackers to steal valuable information or to force a malicious behavior upon the attacked code. this paper proposes a methodology to check interval security properties on smart card source codes. the goal is to identify critical attacks that violate these security properties. the verification takes place at source-level and considers all possible attacks thanks to a proposed source-level model of physical attacks. the paper defines an equivalence relation between attacks and shows that a code can be divided into areas where attacks are equivalent. thus, verifying an interval security property considering all the possible attacks requires to verify as many codes as the number of equivalence classes. this paper provides a reduction algorithm to define the classes i.e. the minimal number of attacked codes that covers all possible attacks. the paper also proposes a solution to make the property verification possible for large codes or codes having unknown source parts.
  • Mandatory access control implantation against potential NFS vulnerabilities
    Mathieu Blanc, Kévin Guérin, Jean-François Lalande, Vincent Le Port
    Workshop on Collaboration and Security COLSEC 2009 IEEE Computer Society 195-2002009 doi url
    ABS
    This paper proposes a technical solution for protecting users using a shared nfs service possibly controlled by a malicious user. the main goal is to protect the integrity and confidentiality of user's resources. moreover, we propose to solve a more difficult challenge: how to prevent a malicious user from exploiting a supposed nfs vulnerability in order to read or write the resources of another user? thus, this paper assumes that a vulnerability might exist in the nfs protocol or software components that gives the ability to a malicious user to execute any arbitrary code on the nfs server. technical details about the implantation of mandatory access control mechanisms with multi categories on the server side are given. the proposed solution avoids heavy modifications of the clients and only relies on the authentication of these clients.
  • A proposal for securing a large-scale high-interaction honeypot
    Jérémy Briffaut, Jean-François Lalande, Christian Toinard
    Workshop on Security and High Performance Computing Systems SHPCS 2008 IEEE Computer Society 206-2122008 url
    ABS
    This paper presents the design of a secured high-interaction honeypot. the challenge is to have a honeypot that welcomes attackers, allows userland malicious activities but prevents from system corruption. the honeypot must be scalable to authorize a large amount of malicious activities and to analyze those activities efficiently. the hardening of the honeypot is proposed for two kinds of host. the first class prevents system corruption and has never to be reinstalled. the second class assumes system corruptions but easy reinstallation is available. a first cluster enables to deploy a wide range of honeypots and security sensors. a second cluster provides an efficient auditing facility. the solution is totally based on open source software and has been validated during one year. a statistical analysis shows the efficiency of the different sensors. origin and destination of attacks are given. moreover, the complementarities of the sensors are discussed. ongoing works focus on recognition of complex malicious activities using a correlation grid.
  • Collaboration between MAC policies and IDS based on a meta-policy approach
    Mathieu Blanc, Jérémy Briffaut, Jean-François Lalande, Christian Toinard
    Workshop on Collaboration and Security COLSEC 2006 IEEE Computer Society 48-552006 doi url
    ABS
    This paper presents a new infrastructure based on a novel meta-policy approach. this solution allows to deploy a mac kernel within a distributed system. it is a completely decentralized solution that has strong fault tolerance properties. despite a local control of the updates, each local policy satisfies global security properties. our ids approach add new security properties. it prevents any accidental or malicious update of the local policies. moreover, the collaboration between the meta-policy and our ids system enables to detect illegal sequences of legal operations.
  • Distributed control enabling consistent MAC policies and IDS based on a meta-policy approach
    Mathieu Blanc, Jérémy Briffaut, Jean-François Lalande, Christian Toinard
    Seventh IEEE International Workshop on Policies for Distributed Systems and Networks POLICY 2006 IEEE Computer Society 153-1562006 doi url
    ABS
    This paper presents a new framework based on a meta-policy linked to a new intrusion detection approach. it deploys a mac kernel within a distributed system while guaranteeing the consistency of the security policy, preventing any accidental or malicious update of the local policies of each host. access control decisions are resolved locally in accordance with a meta-policy. at the same time, the framework allows the evolution of the distributed policy without any network communication, and also guarantees that it satisfies the global security properties defined in the meta-policy. the combined policy and ids approach relies on trusted operating systems integrating mac and rbac. the proposed architecture controls a wider set of attacks and provides increased fault-tolerance, compared to other existing distributed access control approaches and policy-based ids techniques. details are given about languages used for the meta-policy, and implementation of the framework.

Invited talks

  • Malware à base de canaux auxiliaires
    Jean-François Lalande
    Colloque International sur la Sécurité des Systèmes d'Information CISSI 2016 2016
  • Sécurité Android: exemples de malware
    Jean-François Lalande
    Colloque International sur la Sécurité des Systèmes d'Information CISSI 2015 2015
  • Un titre de transport sur mobile NFC respectueux de la vie privée
    Jean-François Lalande
    Colloque International sur la Sécurité des Systèmes d'Information CISSI 2014 2014

National conferences with proceedings

  • Arrondi aléatoire et protection des réseaux WDM
    Jean-François Lalande, Michel Syska, Yann Verhoeven
    Congrès annuel de la Société française de recherche opérationnelle et d'aide à la décision ROADEF 2005 Tours : Presses universitaires François Rabelais 241-2422005 url
    ABS
    Nous présentons un algorithme de calcul de chemins de secours dans un réseau optique qui offre de meilleures performances pratiques que d'autres algorithmes connus grâce à l'application d'une technique d'arrondi aléatoire.
  • Approximation Combinatoire de Multiflot Factionnaire : Améliorations
    Mohamed Bouklit, David Coudert, Jean-François Lalande, Hervé Rivano
    5ièmes Rencontres Francophones sur les Aspects ALGOrithmiques des TELécommunications AlgoTel 2003 2003 url
  • Groupage dans les réseaux dorsaux WDM
    Jean-François Lalande, Stéphane Pérennes, Michel Syska
    Congrès annuel de la Société française de recherche opérationnelle et d'aide à la décision ROADEF 2003 Université d'Avignon et des Pays de Vaucluse 254-2552003 url

Oral communications

  • ANR LYRICS: Cryptographie pour la protection de la vie privée, optimisée pour les services mobiles sans contact
    Sébastien Gambs, Jean-François Lalande, Jacques Traoré
    Rendez-vous de la Recherche et de l'Enseignement de la Sécurité des Systèmes d'Information RESSI 2015 2015 url
  • Kharon : Découvrir, comprendre et reconnaitre des malware Android par suivi de flux d'information
    Radoniaina Andriatsimandefitra Ratsisahanana, Thomas Genet, Laurent Guillo, Jean-François Lalande, David Pichardie, Valérie Viet Triem Tong
    Rendez-vous de la Recherche et de l'Enseignement de la Sécurité des Systèmes d'Information RESSI 2015 2015 url
  • A Privacy Preserving Post-Payment Mobile Ticketing Protocol for Transport Systems
    Ghada Arfaoui, Jean-François Lalande
    Atelier sur la Protection de la Vie Privée 2014 APVP 2014 2014
    ABS
    In this paper, we present a new mobile ticketing protocol for public transport service preserving the users' privacy and offering greater flexibility comparing to existing solutions. our protocol enables post-payment approach. hence, users pay only what they really used. moreover, our protocol enables off-line ticket validation.
  • A Privacy Preserving Post-Payment Mobile Ticketing Protocol for Transport Systems
    Ghada Arfaoui, Jean-François Lalande
    Atelier sur la Protection de la Vie Privée 2014 APVP 2014 2014
    ABS
    In this paper, we present a new mobile ticketing protocol for public transport service preserving the users' privacy and offering greater flexibility comparing to existing solutions. our protocol enables post-payment approach. hence, users pay only what they really used. moreover, our protocol enables off-line ticket validation.
  • Attacking Smartphone Privacy Using Local Covert Channels
    Jean-François Lalande, Steffen Wendzel
    Fourth International Workshop on Constructive Side-Channel Analysis and Secure Design COSADE'2013 2013
  • Comment ajouter de la privacy after design pour les applications Android ?
    Pascal Berthomé, Jean-François Lalande
    Atelier Protection de la Vie Privée APVP 2012 2012
    ABS
    Nos smartphones hébergent de plus en plus de données privées qu'il convient de protéger d'applications malveillantes. cependant, comme le système de permissions d'android délègue à l'utilisateur l'analyse de la légitimité d'une demande de permission d'accès à une donnée privée, nous considérons que la gestion de la privacy est broken by design. nous proposons donc dans ce papier d'améliorer la sécurité des données privées sans toucher au système d'exploitation sous-jacent, ceci afin de maximiser le nombre d'utilisateurs potentiels de notre solution. la méthodologie proposée repose sur le repackaging d'une application dans laquelle on injecte des codes monitorant l'accès aux données privées du smartphone. nous montrons au travers de résultats expérimentaux comment l'accès aux contacts est audité ou protégé sur un ensemble de 18 applications du market. nous montrons aussi comment décliner la méthode pour empêcher l'envoi de sms, ce que nous avons testé sur un malware réalisant ce type d'attaque.
  • Simulating physical attacks in smart card C codes: the jump attack case
    Pascal Berthomé, Karine Heydemann, Xavier Kauffmann-Tourkestansky, Jean-François Lalande
    e-Smart: The Future of Digital Security Technologies e-Smart 2011 2011
    ABS
    Smart cards are in the embedded world one of the few hardware devices that can be subject to targeted physical attacks from malicious and skilled people. these physical attacks can target any element of the chip resulting in unpredictable effects on the executed software. for an applicative developer who is more familiar with a high level language, it is a difficult task to predict the consequences of such low level attacks. analysing the consequences of a physical attack and creating a realistic and plausible attack model is the first step that leads to a better understanding of the security of an application. but even with this model it is still difficult to pinpoint locations in the source code where physical attacks might lead to security vulnerabilities. different approaches and techniques exist to simulate faults at hardware or software level. however most of them focus either on a high level of abstraction as with software fuzzing techniques or a precise description of the low level hardware as with a vhdl simulator. since one of the developer's goals is to implement high level countermeasures to prevent low level attacks, both preceding approaches lack of expressiveness. thus, the challenge is to simulate with additional c code the consequences of low level attacks such as register disruption, processor instruction modification, arbitrary jumps. the second difficulty is to deal with the number of possible attacks which is related to the code size, the size of variable domains and the persistence of the attack effect. as it is impossible to exhaustively simulate all the possible attacks, our study focuses on jump attacks. these are classical attacks that lead to a change in the control flow of the code and can be used to bypass security checks. in this talk we will present a cost effective methodology and a technical solution to simulate, at c level, the effects of physical jump attacks. experimental results compare the effect of simulated high level attacks to physical low level attacks. in order to benchmark and validate the methodology, the experiments use the spec 2000 benchmarks with well- studied open source c codes. to make the analogy with the smart card, we consider that a successful attack against a spec 2000 software induces a termination with a wrong output. crashes and non terminating executions are safe results from a security point of view. the results also show how to identify vulnerable functions in a complete application. the knowledge of potential vulnerable locations in the source code of a project will enable a software developer to implement his countermeasures accordingly with more precision and assurance.
  • Attaques physiques à haut niveau pour le test de la sécurité des cartes à puce
    Pascal Berthomé, Karine Heydemann, Xavier Kauffmann-Tourkestansky, Jean-François Lalande
    Journée Sécurité des Systèmes & Sûreté des Logiciels 3SL 2011 13-142011
    ABS
    Dans cet article, nous proposons de décrire les hypothèses d'attaques physiques contre les cartes à puce afin de modéliser ces attaques à haut niveau. cette modélisation cherche à représenter l'attaque au niveau du langage c par l'injection d'un morceau de code qui simule ses effets. l'intérêt du modèle est qu'il permet de simuler les attaques possibles à un niveau où le programmeur peut comprendre les effets sur le code qu'il développe. cependant, le nombre d'attaques possibles est très grand ce qui empêche la réalisation exhaustive de tous les tests. les résultats expérimentaux montrent comment identifier par simulation les attaques par saut qui aboutissent. enfin, nous présentons nos perspectives de travaux qui concernent la vérification statique de ces codes attaqués.

Research and technical reports

  • Implementation of exponential and parametrized algorithms in the AGAPE project
    Pascal Berthomé, Jean-François Lalande, Vincent Levorato
    2012 url
    ABS
    This technical report describes the implementation of exact and parametrized exponential algorithms, developed during the french anr agape during 2010-2012. the developed algorithms are distributed under the cecill license and have been written in java using the jung graph library.
  • From Manual Cyber Attacks Forensic to Automatic Characterization of Attackers' Profiles
    Jérémy Briffaut, Patrice Clemente, Jean-François Lalande, Jonathan Rouzaud-Cornabas
    2011 url
    ABS
    This chapter studies the activities of cyber attackers on a large scale honeypot run- ning for more than 2 years. a honeypot is a set of online computers that welcome attackers and let them perform their attacks. the chapter presents how to classify complex distributed sessions of attacks. the first part of this chapter analyzes the illegal activities performed by attackers using the data collected during two years of attacks: logged sessions, intrusion detection system alerts, mandatory access control system alerts. the study of these illegal activities allows to understand the global motivations of the cyber attackers, their technical skills and the geographical location of the attackers and their targets. the second part of this chapter presents generic methods to rebuild the illegal ac- tivities appearing on several attacked hosts. by correlating information collected by multiple sources (loggers, monitors, detectors) both watching at the network and the operations occurring on each system, we provide precise and high level characterization of attacks. the proposed method follows an incremental approach that characterizes attacks from basic ones to highly complex malicious activities, including largely distributed attacks (migrating/hopping attacks, distributed denials of service). this work reveals the global goals of attackers that take control of mul- tiple hosts to launch massive attacks on big universities, industries, or governmental organisations. experimental results of these forensic and high level characteriza- tion methods are presented using the collected data of our large-scale honeypot.
  • Mascopt - A Network Optimization Library: Graph Manipulation
    Jean-François Lalande, Michel Syska, Yann Verhoeven
    2004 url
    ABS
    This report introduces a java library whose objective is to provide tools for solving some network optimization problems and that may be used to write prototype software. we describe here the first step of the development which concerns algorithmic graph problems. this open source library named mascopt includes an implementation of a generic model of graph. this library has been designed with an object-oriented model and aims to be user friendly rather than focusing on speed of execution. we show how the model can be extended and dedicated to a user application by using simple object mechanism. we also present a basic description of the mascopt functionalities so that developers, who are familiar with objects, can use effectively for their own experimentations.
  • Un algorithme d'allocation de bande passante satellitaire
    Sara Alouf, Eitan Altman, Jérôme Galtier, Jean-François Lalande, Corinne Touati
    2004 url
    ABS
    Ce rapport présente un algorithme d'allocation de ressources pour les réseaux satellitaires. il s'agit de prévoir un plan d'allocation en temps/fréquence pour un ensemble de terminaux ayant une configuration géométrique définie et soumis à des contraintes d'interférence. on cherche à minimiser la taille du plan de fréquences tout en garantissant que toutes les demandes des terminaux, en termes de bande passante et pour différents types, sont satisfaites. l'algorithme proposé repose sur deux techniques principales: la génération de configurations admissibles pour les contraintes d'interférence par des heuristiques, la programmation mixte linéaire/entière utilisant la génération de colonnes. la solution obtenue permet de prévoir un plan d'allocation admissible avec des garanties d'optimalité et permet aussi de mettre en évidence les configurations d'interférences qui entravent la génération de bonnes solutions.

PhD thesis / Habilitation to supervize research

  • Vers la sécurité mobile : caractérisation des attaques et contremesures
    Jean-François Lalande
    Université d'Orléans 2016 url
    ABS
    Ce manuscrit d'habilitation à diriger des recherches présente une synthèse de mes travaux menés à l'insa centre val de loire dans le laboratoire lifo (laboratoire d'informatique fondamentale d'orléans) depuis septembre 2005. nous nous sommes intéressés à la sécurité de différents systèmes, depuis les systèmes à large échelle ou à hautes performances jusqu'à ceux qui sont embarqués comme les téléphones mobiles et les cartes à puce. nos contributions sont structurées autour de trois axes. dans un premier temps, nous abordons le problème de la conception de politiques de sécurité pour le contrôle d'accès pour des systèmes hautes performances ou collaboratifs. dans un second temps, nous explorons la problématique de l'intégrité du flot de contrôle. les contributions présentées permettent tout à la fois d'élaborer des attaques ou des contremesures pour les malware android et les cartes à puce, dont les garanties sont prouvées formellement. enfin, dans la dernière partie nous nous intéressons à la problématique de la protection des données personnelles dans le contexte particulier de la téléphonie mobile. pour ces systèmes, des contremesures pour traiter les attaques par canaux auxiliaires ainsi qu'un protocole respectueux de la vie privée sont proposés.
  • Conception de réseaux de télécommunications : optimisation et expérimentations
    Jean-François Lalande
    Université de Nice Sophia-Antipolis 2004 url
    ABS
    Dans cette thèse, nous nous intéressons aux problèmes d'optimisation dans les réseaux de télécommunication. un premier objectif consiste à identifier les problèmes spécifiques aux réseaux optiques et satellitaires, et à présenter des contributions pour l'optimisation des ressources de ces réseaux. le second objectif est de présenter une contribution logicielle pour la conception et l'optimisation de réseaux.la première partie débute par la présentation des réseaux optiques wdm. nous abordons ensuite les modèles pour les réseaux optiques et satellitaires et proposons des méthodes algorithmiques nouvelles pour optimiser l'allocation des ressources de ces réseaux. nous traitons ainsi le problème du routage, du groupage et de la protection des réseaux wdm successivement dans trois chapitres puis nous nous intéressons à un algorithme dédié à l'allocation de fréquences dans les réseaux satellitaires. enfin, pour chaque problème, nous présentons des résultats expérimentaux sur des instances de réseaux réels.la deuxième partie de cette thèse présente les développements logiciels qui ont été entrepris. le premier chapitre présente le logiciel porto dédié à la résolution de problèmes de routage, groupage et protection dans des réseaux optiques utilisant trois niveaux de brassage. dans un second chapitre nous présentons le logiciel mascopt, une bibliothèque d'optimisation pour le domaine des graphes et des réseaux qui a servi notamment à réaliser les expérimentations présentées dans la première partie.

About Me

Nullam turpis vestibulum et sed dolore. Nulla facilisi. Sed tortor. lobortis commodo. More ...

Publications

dblp

Reviews

Interesting confs