Progress Report Meeting - December 2013
Submitted by gbastien on Fri, 2013-11-01 15:51
Event dates:
Tuesday, December 10, 2013 - 09:00 to Wednesday, December 11, 2013 - 17:00
Progress Report Meetings
Meeting room: L-1720
Participation is by invitation. The target audience is the project participants and guests of the project sponsors. These meetings on related topics were grouped to allow the participants to conveniently attend more than one meeting.
Optional: LTTng-Tmf-hack day, December 12
Tuesday, December 10 2013 (am)
Online surveillance of critical computer systems through advanced host-based detection (project "ahls")
| Start time | End time | Presenter | Subject | Description |
| 9:00 | 9:15 | Breakfast and welcome | ||
| 9:15 | 9:30 | Mario Couture, Michel Dagenais | Introduction to AHLS | Brief description of the project's objectives, its organization and the participants and overview of progress made in the last months. |
| 9:30 | 10:00 | Naser Ezzati/ Pr. Michel Dagenais | Trace Stream OLAP Analysis |
We propose an efficient architecture, the corresponding data structures and algorithms to perform OLAP analysis and compute multilevel, multidimensional statistics of different system metrics from a stream of execution trace events.
|
| 10:00 | 10:15 | Naser Ezzati/ Pr. Michel Dagenais | Scalable Observation infrastructure - Advanced host-based Centralized data store and software pattern identification |
Show how intrumenting syslog with LTTng-UST allows to gather a trace from applications generating entries in syslog, without modifying the original application. It gives access to Snort alerts, AppArmor alerts and other security applications.
|
| 10:15 | 10:45 | Florian Wininger/ Pr. Michel Dagenais | Scalable Observation infrastructure - Low disturbance multi-level observation and production of enhanced data | A state of the art is presented to cover the area of system data collection, from kernel events to sampled state variables and hardware counters, and various host-level intrusion detection tools. |
| 10:45 | 11:00 | Break | ||
| 11:00 | 12:00 | Wahab Hamou-Lhadj & students | Scalable Detection infrastructure - Harmonized Anomaly Detection Techniques | In this presentation, we will discuss our progress in developing techniques for host-based anomaly detection. We will show our approach for combining system call models and other system events namely file operations for better accuracy. We will also discuss how the learning and building time of reference models can be significantly reduced using varying length n-grams. This is contrasted with fixed n-gram techniques used in the literature. We will discuss questions of model generalization and the reduction of false-positive rates. Another aspect of this presentation will focus on the detection of rootkits using techniques inspired by reverse engineering research, hence putting engineering into rootkit detection research. Preliminary results will be shown followed with future steps. |
| 12:00 | 12:30 | Ashvin Goel & students | Scalable Detection infrastructure - Knowledge base for the Linux kernel | Kernel modules extend the functionality of operating systems (OSes). Modules are used to support new devices (e.g., network and graphics cards) and provide new features (e.g., file systems). Kernel modules are often third-party code and may be distributed as binaries. They are known to be more buggy and insecure than the core kernel, but they operate in the same address space as the kernel, and so bugs or vulnerabilities in kernel modules can easily crash or compromise the kernel. Therefore, it is important to understand and analyze the behaviour of modules and their interactions with the core kernel.
We have been developing a framework called Granary to address the challenges of module analysis. Granary is a binary instrumentation framework that efficiently instruments arbitrary, binary Linux kernel modules. Our extensive use of compile-time meta-programming enables efficient, dynamic analyses that are driven by static kernel type information. Our plan is to use this analysis to build a knowledge base that helps determine whether modules are interacting with the kernel in unexpected ways, e.g., a local disk driver module shouldn't be using the network to send data elsewhere. |
| 12:30 | 13:45 | Lunch | ||
| 13:45 | 14:15 | Chamseddine Talhi | Introduction to small-scale systems surveillance: a new thread of the AHLS project | Brief description of the project's objectives, its relevance for AHLS, the main research activities, and an overview of progress made in the last months. |
Tuesday, December 10, 2013 (pm)
Diagnostics for Real Time Distributed Multi-core Architecture in Avionics (project "rtt")
| Start time | End time | Presenter | Subject | Description |
| 14:15 | 14:30 | Pr. Michel Dagenais | Introduction | Brief description of the project goals, the participants and the current status. |
| 14:30 | 15:00 | Raphaël Beamonte/ Pr. Michel Dagenais | Tracing and Sampling for Real-Time partially simulated Avionics Systems | The real-time characteristics of Linux, with and without the RT-Preempt option, have been studied. The tools and methodology to measure the latency are detailed and are used to evaluate the impact of LTTng/UST tracing on the real-time response of applications. As a result, LTTng/UST is being optimized for real-time. |
| 15:00 | 15:30 | François Rajotte/ Pr. Michel Dagenais | Analysis of Real-Time Avionics Systems from Tracing and Sampling data | The state of the art in real-time systems analysis and visualization tools is presented along with results of early prototyping with the Tracing and Monitoring Framework (TMF). New views in TMF are being developed to show real-time characteristics such as period and latency. |
| 15:30 | 15:45 | Break | ||
| 15:45 | 16:15 | Hossein Salman/ Pr. Abdelwahab Hamou-Lhadj | Trace abstraction and correlation techniques for real-time avionic systems | We will briefly review the literature on trace abstraction and feature location techniques. We will then discuss the application of these techniques to CAE systems with a particular focus on how these techniques can be used to help CAE software engineers debug execution scenarios used in the design of flight simulation systems. We will show the detailed steps of our approach followed by preliminary results. Finally, we will present the roadmap for future steps. |
| 16:15 | 16:45 | Efraim Lopez/ Pr. Abdelwahab Hamou-Lhadj | Visualization of Avionic System Traces | We will present the state of the art studies in trace visualization and analysis. We will discuss CAE needs in terms of trace analysis tool support. Through an example, we will review TMF visualization techniques and their application to the understanding and debugging of CAE systems. We will discuss pros and cons and identify additional views that should be supported by TMF. Finally, we will present our future steps. |
| 16:45 | 17:15 | Guests: Maria Toeroe and Parisa Heidari | Introduction to the MAGIC project group | |
|
18:00 |
Dinner at restaurant Lévêque, 1030 Laurier Ouest |
|||
Wednesday, December 11, 2013
Integrated tracing, profiling and debugging for tuning large heterogeneous clusters (project "ctpd")
| 9:00 | 9:15 | Dominique Toupin, Pr. Michel Dagenais | Introduction to CTPD | Brief description of the project initial objectives, its organization and the participants. |
| 9:15 | 9:45 | Adrien Vergé/ Pr. Michel Dagenais | Hardware assisted software tracing | State of the art study of new multi-core processors and hardware support for tracing, profiling and debugging. The systems studied include the Tilera GX, Freescale T4240, Intel Xeon Phi and ARM. |
| 9:45 | 10:15 | Simon Marchi/ Pr. Michel Dagenais | Tracing on many-core systems | |
| 10:15 | 10:45 | Suchakra Sharma /Pr. Michel Dagenais | Investigations on the available dynamic user space tracing methods and their performance | An introductory analysis of the performance and comparison of available approaches for dynamic tracing (Dyninst API and GDB's tracing infrastructure etc.) |
| 10:45 | 11:00 | Break | ||
| 11:00 | 11:30 | Julien Desfossez /Pr. Michel Dagenais | Large-scale performance monitoring framework | State-of-the-art of large-scale monitoring especially in cloud computing environment and focus on the research to achieve a large-scale fined-grained performance monitoring framework. |
| 11:30 | 12:00 | Mohamad Gebai/Pr.Michel Dagenais | Virtual machine monitoring using trace analysis | |
| 12:00 | 12:20 | Masoume Jabbarifar/Pr.Michel Dagenais | Trace synchronization and choice of reference node (Upload a presentation) | We studied approaches for online synchronization of distributed traces in order to monitor distributed systems and diagnose complex problems. Existing approaches based on convex hulls can achieve excellent accuracy for a posteriori analysis, but impose a significant cost and latency when used in live mode and over large clusters. The new approaches presented efficiently and incrementally update the synchronization parameters, without sacrificing the accuracy of the results or delaying their computation. Furthermore, the proposed methods were tested on extremely large clusters and for long duration traces demonstrating their scalability. These algorithms are thus applicable to all types of online time synchronizations. The results of this research have been released in LTTV and TMF, which are able to show synchronized traces. |
| 12:20 | 13:30 | Lunch | ||
| 13:30 | 14:00 | Francis Giraldeau/ Pr. Michel Dagenais | Distributed traces modelling and critical path analysis | The dependencies between the different events causing state changes in processes are automatically analyzed in order to compute the critical path between a start and end event (e.g. query and response). This analysis takes into account several effects including parallel computations happening asynchronously and many different models of distributed computations. This is extremely helpful in identifying where the total time is spent to serve a request. |
| 14:00 | 14:30 | Phuong Tran Gia / Pr. Michel Dagenais | Precisely trace a request in Cloud environment | State of the art study on cluster modelling and analysis, including systems such as Dapper (Google) and Zipkin (Twitter). |
| 14:30 | 15:00 | Mohammed Badr Sbai/Pr. Mohamed Cheriet | Performance analysis of intra data center network | |
| 15:00 | 15:15 | Break | ||
| 15:15 | 15:45 | Sarah Khazri/Pr. Mohamed Cheriet | Profiling cloud-based applications | |
| 15:45 | 16:15 | LTTng updates | Presentation of the new features of LTTng | |
| 16:15 | 16:45 | Demo of TMF | Demonstration of the new features of TMF | |
| 16:45 |
Final words, discussion |
|||
LTTng-Tmf-hack Day, December 12 from 9h30
Meeting room: L-4812 Bring your laptop!
Informal hacking/tutorial on LTTng and TMF. Come with your questions and projects and we'll all work on it together, or in small groups. Depending on the demand, some more formal sessions may be scheduled for those interested. We have the room all day.