Context-aware Authorization in Highly Dynamic Environments

Highly dynamic computing environments, like ubiquitous and pervasive computing environments, require frequent adaptation of applications. Context is a key to adapt suiting user needs. On the other hand, standard access control trusts users once they have authenticated, despite the fact that they may reach unauthorized contexts. We analyse how taking into account dynamic information like context in the authorization subsystem can improve security, and how this new access control applies to interaction patterns, like messaging or eventing. We experiment and validate our approach using context as an authorization factor for eventing in Web service for device (like UPnP or DPWS), in smart home security

Aspects of Assembly and Cascaded Aspects of Assembly: Logical and Temporal Properties

Highly dynamic computing environments, like ubiquitous and pervasive computing environments, require frequent adaptation of applications. This has to be done in a timely fashion, and the adaptation process must be as fast as possible and mastered. Moreover the adaptation process has to ensure a consistent result when finished whereas adaptations to be implemented cannot be anticipated at design time. In this paper we present our mechanism for self-adaptation based on the aspect oriented programming paradigm called Aspect of Assembly (AAs). Using AAs: (1) the adaptations process is fast and its duration is mastered; (2) adaptations' entities are independent of each other thanks to the weaver logical merging mechanism; and (3) the high variability of the software infrastructure can be managed using a mono or multi-cycle weaving approach.Comment: 14 pages, published in International Journal of Computer Science, Volume 8, issue 4, Jul 2011, ISSN 1694-081

AnoRand: A Semi Supervised Deep Learning Anomaly Detection Method by Random Labeling

Anomaly detection or more generally outliers detection is one of the most popular and challenging subject in theoretical and applied machine learning. The main challenge is that in general we have access to very few labeled data or no labels at all. In this paper, we present a new semi-supervised anomaly detection method called \textbf{AnoRand} by combining a deep learning architecture with random synthetic label generation. The proposed architecture has two building blocks: (1) a noise detection (ND) block composed of feed forward ferceptron and (2) an autoencoder (AE) block. The main idea of this new architecture is to learn one class (e.g. the majority class in case of anomaly detection) as well as possible by taking advantage of the ability of auto encoders to represent data in a latent space and the ability of Feed Forward Perceptron (FFP) to learn one class when the data is highly imbalanced. First, we create synthetic anomalies by randomly disturbing (add noise) few samples (e.g. 2\%) from the training set. Second, we use the normal and the synthetic samples as input to our model. We compared the performance of the proposed method to 17 state-of-the-art unsupervised anomaly detection method on synthetic datasets and 57 real-world datasets. Our results show that this new method generally outperforms most of the state-of-the-art methods and has the best performance (AUC ROC and AUC PR) on the vast majority of reference datasets. We also tested our method in a supervised way by using the actual labels to train the model. The results show that it has very good performance compared to most of state-of-the-art supervised algorithms

An alternative version of HTTPS to provide non-repudiation security property (A flexible component-based approach for secured transactions in a mobile environment): A flexible component-based approach for secured transactions in a mobile environment

International audienceThe number of mobile devices connected to the Internet is rapidly growing, inducing security issues that cannot be prevented by common mechanisms such as HTTPS. Indeed, mobile environments require light algorithms that can reduce the power-consumption and extend battery life. Moreover, HTTPS does not offer fine-grained control over the security properties such as integrity, confidentiality or authenticity. This lack of flexibility can be problematic for both power-consumption and security robustness. To overcome these issues, we have proposed in previous works a modular architecture, called LECCSAM, based on security components to secure any communication protocol by adding the required security properties. In the context of HTTP, it provides an alternative version of HTTPS by adding the integrity, confidentiality, and authenticity properties to HTTP separately or in block (i.e. only one property or any combinations of two or more properties), depending on the user needs and usage context. In this paper, we propose to extend this alternative version of HTTPS with the non-repudiation property. Preliminary results of the performance evaluation are encouraging

Service Oriented Architecture Definition Using Composition of Business-Driven Fragments

International audienceServices Oriented Architecture are built through the compo- sition of services (e.g. Web Services) to define complex business process (e.g. Orchestrations). Well known methodologies focus on identifying ser- vices and orchestrations at design time. However the orchestration design phase is still a heavy burden, as it induces to deal with both technical and business domain concerns. This article proposes to use an evolution framework (Adore) to capitalize architects knowledge and best practices into “evolutions”. Architects can build business-driven orchestrations by composing reusable “evolutions” following a design–by–composition ap- proach. We apply this approach to build a legacy Soa called Seduite (validation platform for the French national research project Faros)

Named Entity Recognition using Neural Networks for Clinical Notes

International audienceCurrently, the best performance for Named Entity Recognition in medical notes is obtained by systems based on neural networks. These supervised systems require precise features in order to learn well fitted models from training data, for the purpose of recognizing medical entities like medication and Adverse Drug Events (ADE). Because it is an important issue before training the neural network, we focus our work on building comprehensive word representations (the input of the neural network), using character-based word representations and word representations. The proposed representation improves the performance of the baseline LSTM. However, it does not reach the performances of the top performing contenders in the challenge for detecting medical entities from clinical notes.Actuellement, la meilleure performance pour la reconnaissance de l'entité nommée dans les notes médicales est obtenue par des systèmes basés sur des réseaux de neurones. Ces systèmes supervisés nécessitent des caractéristiques précises afin d'apprendre des modèles bien ajustés à partir des données de formation, dans le but de reconnaître les entités médicales comme les médicaments et les événements indésirables liés aux médicaments (EIM). Parce qu'il s'agit d'une question importante avant la formation du réseau neuronal, nous concentrons notre travail sur la construction de représentations complètes de mots (l'entrée du réseau neuronal), en utilisant des représentations de mots basés sur des caractères et des représentations de mots. La représentation proposée améliore la performance de la LSTM de référence. Cependant, il n'atteint pas les performances des concurrents les plus performants dans le challenge de détection d'entités médicales à partir de notes cliniques

JavaPod : une plate-forme à composants adaptable et extensible

Dans le cadre de la construction d'applications réparties, nous nous intéresso ns aux plates-formes logicielles qui servent de support à ces applications. Ces plates-formes prennent en charge une propriété non-fonctionnelle : la mise en oeuvre de la communication à distance entre les composants. CORBA permet de donner aux applications d'autres propriétés non-fonctionnelles (transactions, persistance, etc.) mais le programmeur doit les utiliser de façon explicite dans son application. A l'inverse, la plate-forme Enterprise Java Beans (EJB), en utilisant une certaine forme de réflexivité, permet de séparer complètement le code fonctionnel et les propriétés non-fonctionnelles. L'approche EJB nous semble intéressante, mais elle est encore assez limitée : en particulier, la liste des propriétés non-fonctionnelles offertes est figée. Nous proposons donc une plate-forme dont l'architecture est inspirée de l'architecture EJB, et qui est mise en oeuvre grâce à un modèle original de composition d'objets implémenté par une extension de Java. Le but de ce modèle est de pouvoir offrir aux applications un ensemble de propriétés non-fonctionnelles non limité a priori, et également de pouvoir composer facilement les différentes propriétés

An Architecture to Support the Collection of Big Data in the Internet of Things

International audienceThe Internet of Things (IoT) relies on physical objects interconnected between each others, creating a mesh of devices producing information. In this context, sensors are surrounding our environment (e.g., cars, buildings, smartphones) and continuously collect data about our living environment. Thus, the IoT is a prototypical example of Big Data. The contribution of this paper is to define a software architecture supporting the collection of sensor-based data in the context of the IoT. The architecture goes from the physical dimension of sensors to the storage of data in a cloud-based system. It supports Big Data research effort as its instantiation supports a user while collecting data from the IoT for experimental or production purposes. The results are instantiated and validated on a project named SMARTCAMPUS, which aims to equip the SophiaTech campus with sensors to build innovative applications that supports end-users

Communication-efficient Federated Learning through Clustering optimization

International audienceWe study the problem of model personalization in Federated Learning (FL) with non-IID (Independent and Identically Distributed) data collected at nodes in a network, under the network communication cost constraints. Classical FL collaboratively trains a unique global model. If data is statistically heterogenic (non-IID), personalized models for groups of nodes with similar statistics have been shown to provide better performances compared to FL [1]. We propose a Clustered Federated Learning approach that provides a trade-off between identifying models that are more adapted to nodes locally, under communication cost constraints. Our method identifies clusters of nodes with similar data statistics, which improves the local model accuracy. In particular, it aims at finding the cluster structure, cluster heads and a set of model weights (one per cluster) that minimize an objective function composed of two terms: a classical multi-task optimization term and a communication cost regularization. Local model updates represent proxy values of the local data distributions (statistically similar train sets have similar updates) where similar updates are aggregated together [2,3,4]. Our algorithm has two phases: initialization and cluster optimization. During the initialization, nodes collaboratively train a global initial model. The cluster head nodes are identified and nodes are clustered based only on the communication cost minimization [5]. The cluster optimization phase starts by applying the Hierarchical Agglomerative Clustering on a distance metric composed of two terms: the cosine dissimilarity between the locally computed model updates of two nodes, and the communication cost of grouping two nodes in the same cluster. In parallel, respective cluster heads are also optimized. The clusters are organized in a tree hierarchy. At each round, the cluster heads verify if a new cluster optimization is needed based on the model update values. If required, the same method is applied to further create sub-clusters. We evaluate our method on several non-IID settings generated from MNIST dataset, while simulating the communication cost at each round. We show that our algorithm improves the quantity of nodes reaching 99% of accuracy (from 48% to 72%) and can reduce the overall communication cost by 35%. Finally, it is able to adapt the cluster structure in case of new conditions (new network nodes or time-evolution of local data distribution) by a tree structure search

Adaptation dynamique de services

This paper proposes a software architecture for dynamical service adaptation. The services are constituted by reusable software components. The adaptation's goal is to optimize the service function of their execution context. For a first step, the context will take into account just the user needs but other elements will be added. A particular feature in our proposition is the profiles that are used not only to describe the context's elements but also the components itself. An Adapter analyzes the compatibility between all these profiles and detects the points where the profiles are not compatibles. The same Adapter search and apply the possible adaptation solutions: component customization, insertion, extraction or replacement