Progress report meeting - may 2013

Submitted by gbastien on Thu, 2013-03-28 10:22
Event dates: 
Thursday, May 2, 2013 - 09:00 to Friday, May 3, 2013 - 12:30

 

Progress Report Meetings for several related projects

Meeting room: L-2712

Participation is by invitation. The target audience is the project participants and guests of the project sponsors. These meetings on related topics were grouped to allow the participants to conveniently attend more than one meeting.

 

Thursday, May 2, 2013 (am)

Online surveillance of critical computer systems through advanced host-based detection (project "ahls")





Start time End time Presenter Subject Description
9:00 9:15   Breakfast and welcome  
9:15 9:30 Mario Couture, Michel Dagenais Introduction to AHLS Brief description of the project initial objectives, its organization and the participants and overview of progress made in the last months.
9:30 9:50 Naser Ezzati Trace Stream OLAP Analysis
We propose an efficient architecture, the corresponding data structures and algorithms to perform OLAP analysis and compute multilevel, multidimensional statistics of different system metrics from a stream of execution trace events.
9:50 10:20 Florian Wininger Scalable Observation infrastructure - Low disturbance multi-level observation and production of enhanced data A state of the art is presented to cover the area of system data collection, from kernel events to sampled state variables and hardware counters, and various host-level intrusion detection tools.
10:20 10:40 Break
10:40 11:40 Wahab Hamou-Lhadj & students Scalable Detection infrastructure - Harmonized Anomaly Detection Techniques In this presentation, we will discuss our progress in developing techniques for host-based anomaly detection. We will show our approach for combining system call models and other system events namely file operations for better accuracy. We will also discuss how the learning and building time of reference models can be significantly reduced using varying length n-grams. This is contrasted with fixed n-gram techniques used in the literature. We will discuss questions of model generalization and the reduction of false-positive rates.  Another aspect of this presentation will focus on the detection of rootkits using techniques inspired by reverse engineering research,  hence putting engineering into rootkit detection research. Preliminary results will be shown followed with future steps.
11:40 12:10 Ashvin Goel & students Scalable Detection infrastructure - Knowledge base for the Linux kernel Kernel modules extend the functionality of operating systems (OSes). Modules are used to support new devices (e.g., network and graphics cards) and provide new features (e.g., file systems). Kernel modules are often third-party code and may be distributed as binaries. They are known to be more buggy and insecure than the core kernel, but they operate in the same address space as the kernel, and so bugs or vulnerabilities in kernel modules can easily crash or compromise the kernel. Therefore, it is important to understand and analyze the behaviour of modules and their interactions with the core kernel.

We have been developing a framework called Granary to address the challenges of module analysis. Granary is a binary instrumentation framework that efficiently instruments arbitrary, binary Linux kernel modules. Our extensive use of compile-time meta-programming enables efficient, dynamic analyses that are driven by static kernel type information. Our plan is to use this analysis to build a knowledge base that helps determine whether modules are interacting with the kernel in unexpected ways, e.g., a local disk driver module shouldn't be using the network to send data elsewhere.
12:15 13:30 Lunch

 

 

Thursday, May 2, 2013 (pm)

Integrated tracing, profiling and debugging for tuning large heterogeneous clusters (project "ctpd")





13:30 13:45 Dominique Toupin, Pr. Michel Dagenais Introduction to CTPD Brief description of the project initial objectives, its organization and the participants.
13:45 14:15 Adrien Vergé and Simon Marchi/ Pr. Michel Dagenais

Hardware assisted software tracing

Tracing on many-core systems

 State of the art study of new multi-core processors and hardware support for tracing, profiling and debugging. The systems studied include the Tilera GX, Freescale T4240, Intel Xeon Phi and ARM.
14:15 14:30 Suchakra Sharma /Pr. Michel Dagenais Investigations on the available dynamic user space tracing methods and their performance An introductory analysis of the performance and comparison of available approaches for dynamic tracing (Dyninst API and GDB's tracing infrastructure etc.)
14:30 15:00 Julien Desfossez /Pr. Michel Dagenais Large-scale performance monitoring framework State-of-the-art of large-scale monitoring especially in cloud computing environment and focus on the research to achieve a large-scale fined-grained performance monitoring framework.
15:00 15:15 Mohamad Gebai/Pr.Michel Dagenais Virtual machine monitoring using trace analysis  
15:15 15:30 Break
15:30 16:00 Francis Giraldeau/ Pr. Michel Dagenais Distributed traces modelling and critical path analysis (presentation available soon) The dependencies between the different events causing state changes in processes are automatically analyzed in order to compute the critical path between a start and end event (e.g. query and response). This analysis takes into account several effects including parallel computations happening asynchronously and many different models of distributed computations. This is extremely helpful in identifying where the total time is spent to serve a request.
16:00 16:30 Phuong Tran Gia / Pr. Michel Dagenais Cluster level modelling and analysis (Cancelled) State of the art study on cluster modelling and analysis, including systems such as Dapper (Google) and Zipkin (Twitter).
16:30 16:45 Kim Nguyen/Pr. Mohamed Cheriet Integration of Tracer in Cloud Computing Environment

Performance Analysis of Cluster-based Data Centers:
Measuring the behaviours of a cluster-based data center including the current usage of all resources, in response to virtualization and migration actions, is very challenging due to the high complexity and heterogeneity of the cloud environment. Such measurements will be used to improve resource management and migration algorithms in order to optimize resource usage, system throughput, and response time. This presentation will provide an overview of research activities at the Synchromedia Laboratory. Next, we will present our current research on cloud computing, with a focus on cloud-based paradigms for green ICT. Finally, we will discuss challenges and requirements when developing tracing and profiling tools for cluster-based data centers, and provide our plan to achieve the goals of this project.
16:45 17:15   Discussion  

18:00

    

Dinner at L'Espace Lafontaine

  

 

Friday, May 3, 2013 (am)

Diagnostics for Real Time Distributed Multi-core Architecture in Avionics (project "rtt")





Start time End time Presenter Subject Description
9:00 9:15 Pr. Michel Dagenais Introduction Brief description of the project goals, the participants and the current status.
9:15 9:45 Raphaël Beamonte/ Pr. Michel Dagenais Tracing and Sampling for Real-Time partially simulated Avionics Systems The real-time characteristics of Linux, with and without the RT-Preempt option, have been studied. The tools and methodology to measure the latency are detailed and are used to evaluate the impact of LTTng/UST tracing on the real-time response of applications. As a result, LTTng/UST is being optimized for real-time.
9:45 10:15 François Rajotte/ Pr. Michel Dagenais Analysis of Real-Time Avionics Systems from Tracing and Sampling data The state of the art in real-time systems analysis and visualization tools is presented along with results of early prototyping with the Tracing and Monitoring Framework (TMF). New views in TMF are being developed to show real-time characteristics such as period and latency.
10:15 10:45 Hossein Salman/ Pr. Abdelwahab Hamou-Lhadj Trace abstraction and correlation techniques for real-time avionic systems (Upload a presentation) We will briefly review the literature on trace abstraction and feature location techniques. We will then discuss the application of these techniques to CAE systems with a particular focus on how these techniques can be used to help CAE software engineers debug execution scenarios used in the design of flight simulation systems. We will show the detailed steps of our approach followed by preliminary results. Finally, we will present the roadmap for future steps.
10:45 11:00 Break
11:00 11:30 Efraim Lopez/ Pr. Abdelwahab Hamou-Lhadj Visualization of Avionic System Traces (Upload a presentation) We will present the state of the art studies in trace visualization and analysis. We will discuss CAE needs in terms of trace analysis tool support. Through an example, we will review TMF visualization techniques and their application to the understanding and debugging of CAE systems. We will discuss pros and cons and identify additional views that should be supported by TMF. Finally, we will present our  
future steps.
11:30 11:55   Demo of TMF Demonstration of the new features of TMF

11:55

 12:20   LTTng updates Presentation of the new features of LTTng
12:20 13:30   Lunch  
13:30     Discussion & Workshop For participants interested, some topics might be discussed after lunch or more complete demos presented.