Progress Report Meeting - May 2015

Event dates: 
Tuesday, May 12, 2015 - 09:00 to Thursday, May 14, 2015 - 16:30


Progress Report Meetings

Meeting rooms at École Polytechnique de montréal

  • Tuesday May 12:  M-2401 (8:00-13:00)  and   M-2107 (13:00-18:00)
  • Wednesday May 13: M-1010

Participation is by invitation. The target audience is the project participants and guests of the project sponsors. These meetings on related topics were grouped to allow the participants to conveniently attend more than one meeting.

Optional: LTTng-Trace Compass-hack day, May 14: L-4812


Tuesday,  May 12 2015

Online surveillance of critical computer systems through advanced host-based detection (project "ahls")

Start time End time Presenter Subject Description
9:00 9:15   Breakfast and welcome  
9:15 9:30 Mario Couture,  Pr. Michel Dagenais Introduction to AHLS Brief description of the project's objectives, its organization and the participants and overview of progress made in the last months.
9:30 10:00 Jean-Christian Kouamé / Pr. Michel Dagenais Enhanced filtering of data using data-driven analysis
10:00 10:30 Simon Delisle/ Pr. Michel Dagenais Visually representing data-driven analysis using state diagrams
10:30 11:00 Fabien Reumont-Locke/ Pr. Michel Dagenais Parallellisation of analysis with Babeltrace  
11:00 11:15 Break
11:15 11:45 François Doray/ Pr. Michel Dagenais Comparision of 2 program executions from their traces  
11:45 12:00 Dominique Toupin Programming Models  
12:00 12:30 Peter Goodman / Pr. Ashvin Goel Address watchpoints: interpose on data, not code (contact professor Goel for the presentation file)  
12:30 14:00 Lunch
14:00 15:00 Pr. Wahab Hamou-Lhadj & students Online surveillance of critical computer systems through advanced (contact professor Hamou-Lhadj for the presentation file)  
15:00 16:00 Pr. Juergen Dingel & students Model-driven engineering support Together with many other companies in the telecom domain, Ericsson has adopted Model-Driven Engineering (MDE). In this software development approach, developers describe the system to be developed, and relevant aspects of its operating environment such as users, sensors, or the execution infrastructure, in
a high-level model from which code is then automatically generated. Overall, the resulting increase in abstraction has had a positive impact on developers’ ability to produce high-quality system designs efficiently. Moreover, being able to describe the system and its environment in the same model, in a high-level way, enables powerful model-level analyses which can ensure that the model meets its requirements. 
However, the current state of the art in MDE and its supporting tooling does not allow the easy use of run-time information to correct or refine models. The goal this project is to develop algorithms, techniques and open-source tools that leverage run-time information to automatically correct, refine, and complete models and thus improve the quality and utility of models and the overall effectiveness of industrial uses of MDE.
16:00 16:15 Break    
16:15 16:45 Maroua Ben Attia / Pr. Chamseddine Talhi On-device Anomaly Detection for Resource-limited Systems Using Behavioural Analysis An important attack vector targeting Android Smartphone is repackaging legitimate applications to inject malicious activities. This kind of attack can be detected mainly by monitoring the behavior of applications for potential deviations. However, running this detection approach on a mobile environment is not straightforward due to resource constraints imposed by smartphones. This presentation focuses on the usability of on-device anomaly detection algorithms on small-scale embedded systems and proposes a lightweight detection framework for Android-based devices that handles the trade-offs between detection accuracy and resource consumption. The proposed solution allows for the local and remote construction of normal behavior based on various anomaly detection algorithms applied to system calls traces. In our experiments, we applied the proposed anomaly detection model to real and self-written malware samples of three different legitimate mobile applications. The results show that our on-device detection framework is able to achieve a good compromise between security and usability without relying on a remote server.
16:45 17:15 Manel Abdellatif / Pr. Chamseddine Talhi Highly Parallel Architectures to Accelerate Malware Detection Algorithms

Malware detection involves analyzing and matching large amount of data streams against a set of known malware signatures. Unfortunately, as the number of threats grows continuously, the number of malware signatures grows proportionally leading to time and resources consuming detection algorithms. While the security threat level is getting worse, parallel computation capabilities for embedded systems is getting better with the evolution of graphical processing units (GPUs), multi-core processors as well as coprocessors. Moreover, the HPC (High Performance Computing) world is showing interest towards ARM clusters as a way to reduce energy consumption. So how can-we get benefit from the evolving parallel processing capabilities of embedded systems in order to accelerate malware detection while reducing energy costs? In this presentation, we will study the performance of parallel pattern matching algorithms used for malware detection on several platforms: mobile GPUs, epiphany coprocessor, clusters of Parallella boards, and clusters of heterogeneous ARM boards.



Dinner at restaurant Les 9 Muses (1270, ave. Bernard O Montreal, QC, H2V 1V9)


Wednesday, May 13, 2015

Integrated tracing, profiling and debugging for tuning large heterogeneous clusters (project "ctpd")

8:45 9:00   Breakfast and welcome  
9:00 9:15 Dominique Toupin, Pr. Michel Dagenais Introduction to CTPD Discussion on tracing and debugging for new programming models.
9:15 9:45 David Couturier/ Pr. Michel Dagenais Tracing GPUs  
9:45 10:15 Suchakra Sharma /Pr. Michel Dagenais Extending the extended BPF
10:15 10:45 Francis Giraldeau /Pr. Michel Dagenais Distributed traces modelling and critical path analysis The dependencies between the different events causing state changes in processes are automatically analyzed in order to compute the critical path between a start and end event (e.g. query and response). This analysis takes into account several effects including parallel computations happening asynchronously and many different models of distributed computations. This is extremely helpful in identifying where the total time is spent to serve a request.
10:45 11:00 Break
11:00 11:30 Julien Desfossez /Pr. Michel Dagenais Large-scale performance monitoring framework State-of-the-art of large-scale monitoring especially in cloud computing environment and focus on the research to achieve a large-scale fined-grained performance monitoring framework.
11:30 12:00


LTTng Update  
12:00 12:30


Trace Compass Update  
12:30 14:00 Lunch


Wednesday, May 13, 2015 (pm)

Diagnostics for Real Time Distributed Multi-core Architecture in Avionics (project "rtt")

Start time End time Presenter Subject Description
14:00 14:15 Pr. Michel Dagenais Introduction Brief description of the project goals, the participants and the current status.
14:15 14:40 Raphaël Beamonte/ Pr. Michel Dagenais Tracing and Sampling for Real-Time partially simulated Avionics Systems  
14:40 15:00 Mathieu Côté/ Pr. Michel Dagenais Analysis of Real-Time Avionics Systems from Tracing and Sampling data  
15:00 15:30 Pr. Wahab Hamou-Lhadj and Alf Larsson From Data to Knowledge for Better System Maintenance (D2k Project) (contact professor Hamou-Lhadj for the presentation file) In this presentation, we report on our progress in the D2K project. More particularly, we focus on the development of TRRS (Trouble Report Recommendation System) that we have developed at the Software Behaviour Analysis Research Lab at Concordia University. The system is used to find crash reports using a historical database that are similar to an incoming report. This way, the triaging team can direct the report to the appropriate development teams, resulting in a significant reduction of time and effort spent on processing crash reports. TRRS is being integrated with Ericsson's crash report handling system.
15:30 15:45 Break    
15:45 16:00  

Final words, discussion. Prepare for the hack-a-thon.

LTTng-Trace Compass-hack Day, May 14 from 9h30

Meeting room:  L-4812  Bring your laptop or your whole desktop!

Informal hacking/tutorial on LTTng and Trace Compass.  Come with your questions and projects and we'll all work on it together, or in small groups.  Depending on the demand, some more formal sessions may be scheduled for those interested.  We have the room all day.