Cloud security (2014 – present)
- Firres (2017 – present): A set of software artefacts made available along with 3 papers for ensuring reproducibility. These software use statistics and artificial intelligence techniques to gather insights about public vulnerabilities (from the CVE database) without relying on their metadata. There are 3 versions of Firres: (i) Firres-ressi: a companion software to our paper in RESSI 2019, Firres-noms: a companion software of our paper in NOMS 2020, using the TF-IDF algorithm to map software vulnerabilities to their most probable software entry (from the CPE database), and (iii) Firres-ares: a companion software to our paper in ARES 2020, which allows to predict the severity (CVSS vector) of a vulnerability at disclosure. Firres software is distributed under the AGPL-3.0 open source license. C. Elbaz developed the software as part of his PhD work I co-supervised with L. Rilling.
- DataInt (2017 – 2019): Blockchain-based remote data integrity checking tool. This software has been developed in collaboration with Sean Peisert from LBNL as part of the DALHIS associate team. It is used to perform remote data integrity checking without relying on a single third party. In order to remove the trusted third party the tool relies on the distributed ledger (blockchain) technology. The ledger is used to store evidences (in the form of hash values for the files to be checked for their integrity). These values are used as an input in the integrity checking mechanism. This tool uses the Hyperledger Fabric as blockchain technology and a simple Python-based HTTP server application with functionalities to upload and download files to a server (PoC software). This software was developed by Amir Teshome Wonjiga in the framework of his PhD thesis I co-supervised (PoC software).
- ECSLA (2016 – 2019): Formal SLA language used to express cloud security monitoring SLOs. It is an extension of the existing CSLA SLA language. ECSLA introduces security monitoring features, capability to describe users security monitoring requirements and a way to describe complex metrics computed from basic metrics (false positive, false negative, true positive, true negative). This software was developed by Amir Teshome Wonjiga in the framework of his PhD thesis I co-supervised (PoC software).
- SLO-V (2016 – 2019): SLO-V is an NIDS configuration evaluator developed in the framework of Amir Teshome Wonjiga’s PhD thesis I co-supervised.It was experimented on a cloud managed by OpenStack and for Snort mainstream NIDS technology (PoC software).
- SAIDS (2014 – 2017): self-adaptive security monitoring system for IaaS clouds.To maintain an effective level of intrusion detection, SAIDS monitors changes in the virtual infrastructure of a Cloud environment and reconfigures its components (security probes) accordingly. SAIDS can also reconfigure probes in the case of a change in the list of running services. SAIDS was demonstrated at the International Cybersecurity Forum (FIC) held in Lille in January 2016 and 2017 and at Rencontres Inria – Industrie in October 2017. This software was developed in the framework of Anna Giannakou’s PhD thesis I co-supervised (PoC software).
- AL-SAFE (2015 – 2017): cloud-tailored application-level secure self-adaptable firewall which combines the high degree of visibility of an application-level firewall with the isolation of a traditional standalone firewall. This software was developed in the framework of Anna Giannakou’s PhD thesis I co-supervised (PoC software).
Cloud Computing (2009 – present)
- Diffuse (since 2012): distributed framework for cloud-based epidemic simulation environments.
- Resilin (2010 – 2015): elastic Map/Reduce over multiple IaaS clouds (open source).
- Snooze (2010 – 2015): self-organizing energy aware virtual machine manager for IaaS clouds (open source).
- VEP Virtual Execution Platform (open source).
- Meryn (2012 – 2014): open, SLA-driven PaaS architecture that supports cloud bursting and allows hosting an extensible set of application types. Meryn relies on a decentralized optimization policy that aims at maximizing the overall provider profit, taking into account the penalties incurred when quality guarantees are unsatisfied. Meryn builds on the Snooze VM manager and supports batch and MapReduce applications. Meryn was developed in the framework of Djawida Dib’s PhD thesis I co-supervised.
- Merkat (2010 – 2015): a platform allowing users of an organization to automatically manage and scale their applications while maximizing the infrastructure’s utilization. Merkat was developed in the framework of Stefania Costache’s PhD thesis I co-supervised.
- Shrinker (2009 – 2011): a system used for live migration of virtual machines between data centers interconnected by wide-area networks. It improves bandwidth efficiency of wide-area live virtual machine migration. It identifies memory pages already present on the remote site in order to transfer them using the local network instead of the wide-area network. Shrinker uses content-based addressing in a distributed hash table combined with periodic VM memory indexing. It is implemented as a modification of the KVM hypervisor. Shrinker was developed in the framework of Pierre Riteau’s PhD thesis I co-supervised.
- Saline/VMDeploy (2009 – 2011): a generic framework to deploy and manage encapsulated user jobs in virtual machines (VMs) at grid level by moving them from one site to another transparently for the encapsulated jobs. Saline was developed in the framework of Jérôme Gallard’s PhD thesis I supervised and was made available to the Grid’5000 community under the BSD license.
Grid Computing (2002 – 2013)
- XtreemOS (2006 – 2013 : Linux-based Grid operating system providing native support to virtual organizations (open source)
- Vigne (2002 – 2010): Grid-aware operating system for large scale dynamic Grids (PoC software)
Cluster Computing (1994 – 2011)
- Kerrighed (1999 – 2011): Linux-based single system image operating system (open source) – packaged as the SSI-OSCAR RPM and Debian packages for the OSCAR open source software suite for HPC clusters.
- HA-PSLS (1998 – 2001): highly available parallel single level store system, implementation in C on top of Linux kernel, experimentation on a cluster of PCs interconnected by an SCI network. 9000 LOC in Java. Developed in collaboration with Anne-Marie Kermarrec and Renaud Lottiaux.
- Icare (1994 – 1996): a recoverable distributed shared memory system, implementation on top of Chorus micro-kernel on a network of PCs interconnected by an ATM network. Developed in the framework of Anne-Marie Kermarrec’s PhD thesis under my supervision.
Network Management (1996 – 1999)
- Magenta (1996 – 1998): an environment for executing fault-tolerant mobile agents in wireless networks, implementation in Java and native methods in C, experimentation in a network of heterogeneous workstations and portable PCs communicating through a GSM network, application of this technology to a network management platform (Astrolog). Developed in the framework of Akhil Sahai’s PhD thesis under my supervision.
Scalable Shared Memory Multiprocessor Architectures (1991 – 1995)
- Simulator of scalable shared memory architectures (1991 – 1994): developed to evaluate the Extended Coherence Protocol (ECP) proposed for fault-tolerant COMA multiprocessors. Implementation in C++ on a Unix system. Developed in the framework of Alain Gefflaut’s PhD thesis under my supervision.
Networks of Workstations (1987 – 1990)
- GOTHIC reliable communication system (1987 – 1990): comprising of atomic multicast protocols for the implementation of the multiprocedure concept in the GOTHIC distributed operating system. Implementation in C, in the Spart operating system on a network of BULL/SPS7 multiprocessor machines. I developed this subsystem during my PhD thesis.