Progress Report Meeting Dec. 5-7, 2012

Submitted by gbastien on Wed, 2012-11-21 10:30
Event dates: 
Wednesday, December 5, 2012 - 14:00 to Friday, December 7, 2012 - 17:00

 

Progress Report Meetings for several related projects

Meeting room: M-2002, Lassonde buildings, Ecole Polytechnique de Montréal (http://www.polymtl.ca/rensgen/en/coordonnees/campus.php)

Participation is by invitation. The target audience is the project participants and guests of the project sponsors. These meetings on related topics were grouped to allow the participants to conveniently attend more than one meeting.

Wednesday, December 5, 2012 (pm)

Diagnostics for Real Time Distributed Multi-core Architecture in Avionics (project "rtt")





Start time End time Presenter Subject Description
14:00 14:15 Pr. Michel Dagenais Introduction Brief description of the project goals, the participants and the current status.
14:15 14:45 Raphaël Beamonte/ Pr. Michel Dagenais Tracing and Sampling for Real-Time partially simulated Avionics Systems The real-time characteristics of Linux, with and without the RT-Preempt option, have been studied. The tools and methodology to measure the latency are detailed and are used to evaluate the impact of LTTng/UST tracing on the real-time response of applications. As a result, LTTng/UST is being optimized for real-time.
14:45 15:15 François Rajotte/ Pr. Michel Dagenais Analysis of Real-Time Avionics Systems from Tracing and Sampling data The state of the art in real-time systems analysis and visualization tools is presented along with results of early prototyping with the Tracing and Monitoring Framework (TMF). New views in TMF are being developed to show real-time characteristics such as period and latency.
15:15 15:30 Break
15:30 16:00 Hossein Salman/ Pr. Abdelwahab Hamou-Lhadj Trace abstraction and correlation techniques for real-time avionic systems We will briefly review the literature on trace abstraction and feature location techniques. We will then discuss the application of these techniques to CAE systems with a particular focus on how these techniques can be used to help CAE software engineers debug execution scenarios used in the design of flight simulation systems. We will show the detailed steps of our approach followed by preliminary results. Finally, we will present the roadmap for future steps.
16:00 16:30 Efraim Lopez/ Pr. Abdelwahab Hamou-Lhadj Visualization of Avionic System Traces We will present the state of the art studies in trace visualization and analysis. We will discuss CAE needs in terms of trace analysis tool support. Through an example, we will review TMF visualization techniques and their application to the understanding and debugging of CAE systems. We will discuss pros and cons and identify additional views that should be supported by TMF. Finally, we will present our  
future steps.
16:30 17:30   Discussion  

 

Thursday, December 6, 2012 (all day)

Distributed Multi-Core Tracing (project "dmct")





Start time End time Presenter Subject Description
9:00 9:30 DRDC: Mario Couture Introduction (Upload a presentation) Brief description of the project initial objectives, its organization, the participants and a summary of the main results and motivation for subsequent work.
9:30 10:30 Alexandre Montplaisir, Matthew Khouzam and the TMF team at Ericsson The Tracing and Monitoring Framework (TMF) An important part of the project was applying the new proposed algorithms to real industrial problems. A research and development team at Ericsson developed TMF in collaboration with research associates and students from the project. The resulting system helped refine several of the proposed algorithms and now offers unrivaled performance for analyzing trace data.
10:30 10:45 Break    
10:45 11:15 Hamoud Aljamaan/ Pr. Tim Lethbridge Model-level tracing: presentation and demo. We will demonstrate our progress towards injecting trace statements at the model level, particularly tracing associations, states, and controlling tracing based on the state of objects. Our techniques are tracer-agnostic: They can inject tracing in generated code for LTTng or other tracers.
11:15 12:00 Maxime Carbonneau-Leclerc/ Pr. Béchir Ktari Automated fault identification: presentation and demo. Overview about the work done in signature-based, anomaly-based and policy-based detection techniques. In addition, we will focus on our progress in the modelling of a system and the use of expert systems for identifying behaviours that violate a given security policy.
12:00 13:00 Lunch    
13:00 14:00 Shariyar Murtaza, Waseem Fadel, and Heidar Pirzadeh/ Pr. Abdelwahab Hamou-Lhadj Trace abstraction and correlation: presentation and demo. (Upload a presentation) We will present trace abstraction techniques that we have developed  to simplify the analysis of large system call traces using the Linux Pattern Library. We will also discuss the extraction of high-level views from user space traces using the concept of execution phases. Another aspect of this presentation will focus on presenting the work resulting from the additional investment made by DRDC in the trace abstraction research thread, namely, the review of existing host-based anomaly detection techniques, the comparison of various machine-learning algorithms in the context of anomaly detection systems, and the application of redundancy and diversity for system resilience. This work has led to the definition of two research projects, namely the Online Surveillance of Critical Computer Systems through Advanced Host-Based Detection and the Secure High Availability and Resiliency for Critical Computerized Systems.
14:00 14:30 David Goulet/ Mathieu Desnoyers Algorithms and architecture for tracing Description of the algorithms and techniques used to insert tracepoints in the kernel and in userspace applications with LTTng and UST. Moreover, the organization of shared memory buffers and helper daemons (session and consumer daemons) is described.
14:30 15:00 Julien Desfossez/ Pr. Michel Dagenais Virtual machines and real machines simultaneous tracing and monitoring with LTTngTop The streaming tracing architecture is described along with the LTTngTop live monitoring application. LTTngTop can access tracing data directly from the shared memory buffers or through the network, and efficiently produces a summary of the performance of each node, CPU, process, and other system resources.
15:00 15:15 Break    
15:15 15:45 Masoume Jabbarifar/ Pr. Michel Dagenais Distributed traces synchronisation New and efficient algorithms were developed to incrementally compute the clock differences between every pair of traced communicating nodes. Moreover, a synchronization minimum spanning tree and optimal reference node are incrementally computed to efficiently present a synchronized view of traces originating from several networked nodes.
15:45 16:15 Francis Giraldeau/ Pr. Michel Dagenais Distributed traces modelling and critical path analysis The dependencies between the different events causing state changes in processes are automatically analyzed in order to compute the critical path between a start and end event (e.g. query and response). This analysis takes into account several effects including parallel computations happening asynchronously and many different models of distributed computations. This is extremely helpful in identifying where the total time is spent to serve a request.
16:15 16:45 Alireza Shameli/ Pr. Michel Dagenais System health monitoring and reactive measures activation Once faults are identified from trace analysis, through abstraction and automated fault identification, the system needs to assess the system health and determine if reactive measures are necessary. We propose new algorithms which take into account the criticality of the resources attacked, the effectiveness but also detrimental effect of the available reactive measures, and the recent history of previously applied reactive measures.
16:45 17:00   Conclusion  

 

Friday, December 7, 2012 (am)

Online surveillance of critical computer systems through advanced host-based detection (project "ahls")





Start time End time Presenter Subject Description
9:00 9:30 Mario Couture, Dominique Toupin, Pr. Michel Dagenais Introduction Brief description of the project initial objectives, its organization and the participants.
9:30 10:15 Shayan Eskandari, Afroza Sultana, Shariyar Murtaza/ Pr. Abdelwahab Hamou-Lhadj Scalable Detection infrastructure - Harmonized Anomaly Detection Techniques In this presentation, we will discuss our progress in developing techniques for host-based anomaly detection. We will show our approach for combining system call models and other system events namely file operations for better accuracy. We will also discuss how the learning and building time of reference models can be significantly reduced using varying length n-grams. This is contrasted with fixed n-gram techniques used in the literature. We will discuss questions of model generalization and the reduction of false-positive rates.  Another aspect of this presentation will focus on the detection of rootkits using techniques inspired by reverse engineering research,  hence putting engineering into rootkit detection research. Preliminary results will be shown followed with future steps.
10:15 10:45 Akshay Kumar/ Pr. Ashvin Goel Scalable Detection infrastructure - Knowledge base for the Linux kernel Kernel modules extend the functionality of operating systems (OSes). Modules are used to support new devices (e.g., network and graphics cards) and provide new features (e.g., file systems). Kernel modules are often third-party code and may be distributed as binaries. They are known to be more buggy and insecure than the core kernel, but they operate in the same address space as the kernel, and so bugs or vulnerabilities in kernel modules can easily crash or compromise the kernel. Therefore, it is important to understand and analyze the behaviour of modules and their interactions with the core kernel.

We have been developing a framework called Granary to address the challenges of module analysis. Granary is a binary instrumentation framework that efficiently instruments arbitrary, binary Linux kernel modules. Our extensive use of compile-time meta-programming enables efficient, dynamic analyses that are driven by static kernel type information. Our plan is to use this analysis to build a knowledge base that helps determine whether modules are interacting with the kernel in unexpected ways, e.g., a local disk driver module shouldn't be using the network to send data elsewhere.
10:45 11:00 Break
11:00 11:30 Naser Ezzati/ Pr. Michel Dagenais Advanced host-based Centralized data store and software pattern identification We propose new algorithms and visualization techniques to show information extracted from traces. This information is displayed at several different abstraction levels with efficient navigation between corresponding elements at different levels. This requires developing an advanced centralized data store to incrementally and efficiently store and query state and statistics information. The data store is also needed to store the state of multiple simultaneous patterns used for multi-level abstraction and anomaly detection.
11:30 11:45 Mathieu Denis/ Pr. Michel Dagenais Scalable Observation infrastructure: Mathieu Denis - Low disturbance multi-level observation and production of enhanced data A state of the art is presented to cover the area of system data collection, from kernel events to sampled state variables and hardware counters, and various host-level intrusion detection tools.
11:45 12:05 Chamseddine Talhi/Wahab Hamou-Lhadj SHAR-CCS: Secure High Availability and Resiliency for Critical Computerized Systems High-availability (HA) of trusted services of a host at runtime is a key requirement for current and future industrial and governmental critical operations. HA technologies were developed to address this requirement. Some specific implementations such as the ones based on the Service Availability Forum  could be adapted to specific Department of National Defense (DND) critical information systems to provide HA at both the host-level and the network-level. Despite their increasing popularity (especially in the military context), the SAForum standards (and other availability frameworks for this matter) do not include basic host-level anomaly detection (for security purposes). Host-level health monitoring capabilities are limited to mere checkpoints, which casts doubt on their effectiveness in detecting subtly malicious attacks. The lack of very efficient low false positive detection mechanisms on the market may explain this important technological gap. In this presentation, we will argue that recent advances in software tracing combined with current major investments in the domain of online anomaly detection (for detecting unforeseen cyber-attacks) strongly suggest that bridging this gap is now possible.  We will discuss a new project supported by DRDC (Defence R&D Canada) in which high-availability of host services and host resilience are combined together for effective host protection solutions. We will also show how a redundant and diverse architecture is an important enabler for such solutions, especially with the emergence of virtualized environments. We will also discuss the challenges of spreading this technology to embedded systems, an area of application that is becoming increasingly important in the military context.
12:05 12:30   Discussion  
12:30 13:30 Lunch

 

Friday, December 7, 2012 (pm)

Integrated tracing, profiling and debugging for tuning large heterogeneous clusters (project "ctpd")





13:30 14:00 Dominique Toupin, Pr. Michel Dagenais Introduction Brief description of the project initial objectives, its organization and the participants.
14:00 14:30 Adrien Vergé and Simon Marchi/ Pr. Michel Dagenais Tracing the whole hardware infrastructure, from network processors to application-specific many-core processors State of the art study of new multi-core processors and hardware support for tracing, profiling and debugging. The systems studied include the Tilera GX, Freescale T4240, Intel Xeon Phi and ARM.
14:30 15:00 Julien Desfossez and Mohamad Gebai/ Pr. Michel Dagenais Coordinating multiple sources of monitoring information in the cluster State of the art study of cluster monitoring and debugging frameworks, including systems such as RockSteady.
15:00 15:30 Break
15:30 16:00 Francis Giraldeau and Phuong Tran Gia/ Pr. Michel Dagenais Cluster level modelling and analysis State of the art study on cluster modelling and analysis, including systems such as Dapper (Google) and Zipkin (Twitter).
16:00 16:30 Kim Nguyen/Pr. Mohamed Cheriet Integration of Tracer in Cloud Computing Environment

Performance Analysis of Cluster-based Data Centers:
Measuring the behaviours of a cluster-based data center including the current usage of all resources, in response to virtualization and migration actions, is very challenging due to the high complexity and heterogeneity of the cloud environment. Such measurements will be used to improve resource management and migration algorithms in order to optimize resource usage, system throughput, and response time. This presentation will provide an overview of research activities at the Synchromedia Laboratory. Next, we will present our current research on cloud computing, with a focus on cloud-based paradigms for green ICT. Finally, we will discuss challenges and requirements when developing tracing and profiling tools for cluster-based data centers, and provide our plan to achieve the goals of this project.
16:30 17:00   Discussion