Déclaration et découverte de services dans les réseaux ad-hoc sans fil

Colloque avec actes et comité de lecture. internationale.International audiencel'évolution des services dans le réseau est aujourd'hui incontestable. Il semble indubitable que le nombre de services offerts va aller en croissant mais il est aussi à parier que la demande de services va elle aussi suivre la même croissance. Face à cette évolution il apparaît nécessaire de pouvoir déclarer, découvrir et déployer des services de façon la plus transparente possible et surtout de façon dynamique. Les protocoles qui sont proposés à l'heure actuelle le sont pour des réseaux filaires. Il nous semble intéressant de se pencher sur le cas des réseaux ad-hoc car le domaine de l'informatique mobile est en plein essor. Un réseau ad-hoc est une collection d'entités mobiles interconnectées par une technologie sans fil formant un réseau temporaire sans l'aide de toute administration ou de tout support fixe. Cet article présente une approche pour la déclaration et la découverte de services adaptée aux réseaux ad-ho

Mobile Ad hoc networks in the Global system of Interconnected Computer Networks

Computers capable of attaching to the Internet from many places are likely to grow in popularity until they dominate the population of the Internet. Consequently, protocol research has shifted into high gear to develop appropriate network protocols for supporting mobility. This introductory article attempts to outline some of the many promising and interesting research directions. The papers in this special issue indicate the diversity of viewpoints within the research community, and it is part of the purpose of this introduction to frame their place within the overall research area

On designing large, secure and resilient networked systems

2019 Summer.Includes bibliographical references.Defending large networked systems against rapidly evolving cyber attacks is challenging. This is because of several factors. First, cyber defenders are always fighting an asymmetric warfare: While the attacker needs to find just a single security vulnerability that is unprotected to launch an attack, the defender needs to identify and protect against all possible avenues of attacks to the system. Various types of cost factors, such as, but not limited to, costs related to identifying and installing defenses, costs related to security management, costs related to manpower training and development, costs related to system availability, etc., make this asymmetric warfare even challenging. Second, newer and newer cyber threats are always emerging - the so called zero-day attacks. It is not possible for a cyber defender to defend against an attack for which defenses are yet unknown. In this work, we investigate the problem of designing large and complex networks that are secure and resilient. There are two specific aspects of the problem that we look into. First is the problem of detecting anomalous activities in the network. While this problem has been variously investigated, we address the problem differently. We posit that anomalous activities are the result of mal-actors interacting with non mal-actors, and such anomalous activities are reflected in changes to the topological structure (in a mathematical sense) of the network. We formulate this problem as that of Sybil detection in networks. For our experimentation and hypothesis testing we instantiate the problem as that of Sybil detection in on-line social networks (OSNs). Sybil attacks involve one or more attackers creating and introducing several mal-actors (fake identities in on-line social networks), called Sybils, into a complex network. Depending on the nature of the network system, the goal of the mal-actors can be to unlawfully access data, to forge another user's identity and activity, or to influence and disrupt the normal behavior of the system. The second aspect that we look into is that of building resiliency in a large network that consists of several machines that collectively provide a single service to the outside world. Such networks are particularly vulnerable to Sybil attacks. While our Sybil detection algorithms achieve very high levels of accuracy, they cannot guarantee that all Sybils will be detected. Thus, to protect against such "residual" Sybils (that is, those that remain potentially undetected and continue to attack the network services), we propose a novel Moving Target Defense (MTD) paradigm to build resilient networks. The core idea is that for large enterprise level networks, the survivability of the network's mission is more important than the security of one or more of the servers. We develop protocols to re-locate services from server to server in a random way such that before an attacker has an opportunity to target a specific server and disrupt it’s services, the services will migrate to another non-malicious server. The continuity of the service of the large network is thus sustained. We evaluate the effectiveness of our proposed protocols using theoretical analysis, simulations, and experimentation. For the Sybil detection problem we use both synthetic and real-world data sets. We evaluate the algorithms for accuracy of Sybil detection. For the moving target defense protocols we implement a proof-of-concept in the context of access control as a service, and run several large scale simulations. The proof-of- concept demonstrates the effectiveness of the MTD paradigm. We evaluate the computation and communication complexity of the protocols as we scale up to larger and larger networks

Architecture de découverte des services web géolocalisés dans les réseaux mobiles de prochaine génération

Définition et concepts de base -- Éléments de la problématique -- Objectifs de recherche -- Esquisse méthodologique -- Principales contributions et originalité -- Plan de la thèse -- Découverte et distribution des services -- Synthèse des requis et défis de recherche -- Architecture de découverte de services géolocalisés proposée -- Principaux requis de l'architecture proposée -- Principes de l'architecture proposée -- Architecture du système GLWSA -- Formalisme mathématique du système GLWSA -- Implémentation du système GLWSA -- Architecture fonctionnelle du système GLWSA -- La couche des services publiés synchrones et d'écoute des messages asynchrones -- La couche de gestion des services -- La couche des classes de base -- La persistance dans le système GLWSA -- Extension du protocole MLP : MLPe -- Évaluation de l'architecture et résultats -- Évaluation des requis fonctionnels -- Évaluation de la collecte des donnés dynamiques de QoS

The Continuum Architecture: Towards Enabling Chaotic Ubiquitous Computing

Interactions in the style of the ubiquitous computing paradigm are possible today, but only in handcrafted environments within one administrative and technological realm. This thesis describes an architecture (called Continuum), a design that realises the architecture, and a proof-of-concept implementation that brings ubiquitous computing to chaotic environments. Essentially, Continuum enables an ecology at the edge of the network, between users, competing service providers from overlapping administrative domains, competing internet service providers, content providers, and software developers that want to add value to the user experience. Continuum makes the ubiquitous computing functionality orthogonal to other application logic. Existing web applications are augmented for ubiquitous computing with functionality that is dynamically compiled and injected by a middleware proxy into the web pages requested by a web browser at the user?s mobile device. This enables adaptability to environment variability, manageability without user involvement, and expansibility without changes to the mobile. The middleware manipulates self-contained software units with precise functionality (called frames), which help the user interact with contextual services in conjunction with the data to which they are attached. The middleware and frame design explicitly incorporates the possibility of discrepancies between the assumptions of ubiquitous-computing software developers and field realities: multiple administrative domains, unavailable service, unavailable software, and missing contextual information. A framework for discovery and authorisation addresses the chaos inherent to the paradigm through the notion of role assertions acquired dynamically by the user. Each assertion represents service access credentials and contains bootstrapping points for service discovery on behalf of the holding user. A proof-of-concept prototype validates the design, and implements several frames that demonstrate general functionality, including driving discovery queries over multiple service discovery protocols and making equivalences between service types, across discovery protocols

Tecnologías middleware para el desarrollo de servicios en entornos de computación ubicua

En esta Tesis doctoral realizamos contribuciones en el campo de la definición de tecnologías middleware para el desarrollo de servicios en entornos de computación ubicua. En primer lugar, abordamos el problema del descubrimiento de servicios, que permitirá que de forma automática un dispositivo descubra los servicios ofrecidos por otros dispositivos que le rodean. Aunque existen propuestas en este sentido, no cubren todas las necesidades que imponen estos nuevos entornos de computación, por lo que hemos definidio un nuevo mecanismo de descubrimiento: Pervasive Discovery Protocol (PDP). En sengudo lugar, proponemos el uso de la tecnología de agentes móviles como middleware para el desarrollo de servicios en entornos ubicuos. Los agentes se caracterizan por estar orientados a realizar tareas, por ser autónomos, por su capacidad de cooperar y si poseen la característica de movilidad, por ser capaces de moverse a sistemas remotos para realizar sus tareas, minimizando el coste de las comunicaciones. Estas características se adaptan a las restricciones que imponen la computación ubicua. En esta línea, contribuimos a la adaptación del estándar de agentes FIPA para su funcionamiento en estos entornos, y en concreto, nos centramos en el Directory Faciliator (DF). Estas propuestas nos han llevado a participar de forma activa en el comité técnico FIPA Ad-Hoc. _________________________________________________In this Ph.D. dissertation, we contribute to the definition of middleware technologies for the development of services in pervasive computing environments. First, we broach the problem of service discovery, that allow devices to automatically discover the services offered by other devices in their surroundings. Although other proposais exist, we think none of them fulfils the needs of these new environments, so we have defined a new discovery mechanism: the Pervasive Discovery Protocol (PDP). PDP is a new protocol designed for local scopes, fully distributed, where requests and replys are both multica,sted, and where each device stores in a local cache the advertisements listened so far and shares this information with the devices arround it. PDP manages to reduce the number of messages transmited per service request while obtaining high service discovery ratios, and besides it makes devices with greater availability time to answer flrst, so minimizing the battery dram of the more power-constrained ones. Secondly, we propose the use of mobile agents technology as the middleware for the development of services in a pervasive computing nvironment. Agents are characterized by their autonomous and goal-oriented behaviour, their ability to cooperate with other agents and, if mobile, they are able to move to remote systems to carry out their task, so minimizing the communication cost. These characteristics fit well into the restrictions that pervasive computing impose. We also aim to adapt the FIPA standard to these environments; specifically, we concentrate in the yellow pages service, the so called Directory Facilitator (DF). In our solution, we define a new agent, the Service Discovery Agent (SDA), that uses an underlaying implementation of our service discovery protocol, PDP, to make efficient searches of remote services, removing the mechanism of DFs federation defined by FIPA. These proposais have been presented and discussed in the FIPA Ad-Hoc Technical Commitee, after what we were invited to take part and are now an active member of it

Local Coordination for Interpersonal Communication Systems

The decomposition of complex applications into modular units is anacknowledged design principle for creating robust systems and forenabling the flexible re-use of modules in new applicationcontexts. Typically, component frameworks provide mechanisms and rulesfor developing software modules in the scope of a certain programmingparadigm or programming language and a certain computing platform. Forexample, the JavaBeans framework is a component framework for thedevelopment of component-based systems -- in the Java environment.In this thesis, we present a light-weight, platform-independentapproach that views a component-based application as a set of ratherloosely coupled parallel processes that can be distributed on multiplehosts and are coordinated through a protocol. The core of ourframework is the Message Bus (Mbus): an asynchronous, message-orientedcoordination protocol that is based on Internet technologies andprovides group communication between application components.Based on this framework, we have developed a local coordinationarchitecture for decomposed multimedia conferencing applications thatis designed for endpoint and gateway applications. One element of thisarchitecture is an Mbus-based protocol for the coordination of callcontrol components in conferencing applications