Pierre Parrend

I-JVM: a Java Virtual Machine for component isolation in OSGi

The OSGi framework is a Java-based, centralized, component oriented platform. It is being widely adopted as an execution environment for the development of extensible applications. However, current Java Virtual Machines are unable to isolate components from each other. For instance, a malicious component can freeze the complete platform by allocating too much memory or alter the behavior of other components by modifying shared variables. This paper presents I-JVM, a Java Virtual Machine that provides a lightweight approach to isolation while preserving compatibility with legacy OSGi applications. Our evaluation of I-JVM shows that it solves the 8 known OSGi vulnerabilities that are due to the Java Virtual Machine and that the overhead of I-JVM compared to the JVM on which it is based is below 20%.

Supporting the Secure Deployment of OSGi Bundles

The OSGi platform is a lightweight management layer over a Java virtual machine that makes runtime extensibility and multi-application support possible in mobile and constraint environments. This powerfull capability opens a particular attack vector against mobile platforms: the installation of malicious OSGi bundles. The first countermeasure is the digital signature of the bundles. We developed a tool suite that supports the signature, the publication and the validation of the bundles in an OSGi framework. Our tools support the publication of bundles onto a remote bundle repository as well as the validation of the signature according to the OSGi R4 specifications. A comparison of existing validation mechanisms shows that our security layer is the only one that is compliant with the specification.

Component-based access control: secure software composition through static analysis

Extensible Component Platforms support the discovery, installation, starting, uninstallation of components at runtime. Since they are often targeted at mobile resource-constrained devices, they have both strong performance and security requirements. The current security model for Java systems - Permissions - is based on call stack analysis. This is very time-consuming, which makes it difficult to use in production environments. We therefore define the Component-Based Access Control (CBAC) Security Model, which emulates Java Permissions through static analysis at the installation phase of the components. CBAC is based on a fully declarative approach that makes it possible to tag arbitrary methods as sensitive. A formal model is defined to guarantee that a given component have sufficient access rights, and that dependencies between components are taken into account. A first implementation of the model is provided for the OSGi Platform, using the ASM library for code analysis. Performance tests show that the cost of CBAC at install time is negligible, since it is executed together with digital signature verification which is much more costly. Moreover, unlike Java Permissions, the CBAC security model does not have any runtime overhead.

Towards a Formal Model of the Lean Enterprise

Abstract In this paper, we describe the characteristics of the Lean Enterprise and make the case for modelling it in order to reproduce its successful practices more easily. The literature contains many good descriptions of the Toyota Production System and Lean in general, but no formal model that we can build upon. We then make the hypothesis that Lean is a Complex System, which can be modelled formally. We propose to follow the KREM model which comprises four components. The K (Knowledge) component includes domain knowledge about Lean in the form of several ontologies, the R (Rules) component is expressed by probabilistic rules, the E (Experience) component describes the practices (Kata) and the M (Meta-data) component describes the context of the application of Lean (different types of companies or cultural environments, for example). A practical example modelling the Hoshin Kanri process for setting objectives at the enterprise level demonstrates how to put this approach into practice.

GridVis: Visualisation of Island-Based Parallel Genetic Algorithms

Island Model parallel genetic algorithms rely on various migration models and their associated parameter settings. A fine understanding of how the islands interact and exchange informations is an important issue for the design of efficient algorithms. This article presents GridVis, an interactive tool for visualising the exchange of individuals and the propagation of fitness values between islands. We performed several experiments on a grid and on a cluster to evaluate GridVis’ ability to visualise the activity of each machine and the communication flow between machines. Experiments have been made on the optimisation of a Weierstrass function using the EASEA language, with two schemes: a scheme based on uniform islands and another based on specialised islands (Exploitation, Exploration and Storage Islands).

Identity-Based Cryptosystems for Enhanced Deployment of OSGi Bundles

The OSGi platform is designed to make Java software extensible at runtime. This undeniably presents a great interest in several domains like embedded platforms or enterprise application servers. However, securing the deployment of the OSGi components, or bundles, proves to be a major challenge. The current approach consists in digitally signing the bundles and certifying the signature through a public key infrastructure (PKI). We propose to replace this technology with an identity-based cryptosystem, which provides both better performances and simplified key management. We present an infrastructure for initialization and use of identity-based cryptography, and define the digital signature of bundles using such a cryptographic scheme. Based on our implementation, we provide a comparison between classical PKI management and identity-based PKI management. The proposed approach proves to support radical improvement in the key management process, especially in strongly asymmetric system such as OSGi-based home gateway, where a few providers publish services for millions of potential users.

Static vulnerability detection in Java service-oriented components

Extensible component-based platforms allow dynamic discovery, installation and execution of components. Such platforms are service-oriented, as components may directly interact with each other via the services they provide. Even robust languages such as Java were not designed to handle safe code interaction between trusted and untrusted parties. Dynamic installation of code provided by different third parties leads to several security issues. The different security layers adopted by Java or component-based platforms cannot fully address the problem of untrusted components trying to tamper with other components via legitimate interactions. A malicious component might even use vulnerable ones to compromise the whole component-based platform. Our approach identifies vulnerable components in order to prevent them from threatening services security. We use static analysis to remain as exhaustive as possible and to avoid the need for non-standard or intrusive environments. We show that a static analysis through tainted object propagation is well suited to detect vulnerabilities in Java service-oriented components. We present STOP, a Service-oriented Tainted Object Propagation tool, which applies this technique to statically detect those security flaws. Finally, the audit of several trusted Apache Felix bundles shows that nowadays component-based platforms are not prepared for malicious Java interactions.

Use of Ontologies as a Way to Automate MDE Processes

Model driven engineering (MDE) knows growing interest as much as a research domain as an industry process for building software quickly and reliably. However, in the way to reuse and automation of design processes, it has limitation for this purpose, as it focuses on design much more as on users need. Use of an ontology representing domain design knowledge can be a way to bridge the gap between use scenarios and models, and so to empower MDE approaches

An Artificial Immune Ecosystem Model for Hybrid Cloud Supervision

In this paper, we propose a new approach to the performance supervision of complex and heterogeneous infrastructures found in hybrid cloud networks, which typically consist of hundreds or thousands of interconnected servers and networking devices. This hardware and the quality of the interconnections are monitored by sampling specific metrics (such as bandwidth usage, CPU time and packet loss) using probes, and raising alarms in case of an anomaly. We study an Artificial Immune Ecosystem model derived from the Artificial Immune Systems (AIS) algorithms to perform distributed analysis of the data collected throughout the network by these probes. In particular, we use the low variability of the measured data to derive statistical approaches to outlier detection, instead of the traditional stochastic antibody generation and selection method. The failure modes and baseline behaviour of the metrics being monitored (such as bandwidth usage, CPU time and packet loss) are recorded in a distributed learning process and increase the system’s ability to react quickly to suspicious events. By matching the data with only a small number of failure signatures, we reduce the overall computations required to operate the system with respect to traditional AIS, therefore allowing its deployment on low-end monitoring servers or virtual machines. We demonstrate that a very small computational overhead allows the supervision engine to react much faster than the monitoring solutions currently in use.

The Graph Matching Optimization methodology for thin object recognition in pick and place tasks

Bin-picking emerges as a major interest in the industry. The aim is to replace current ‘pick and place’ systems, where one must place mechanical components in dedicated distribution devices such as bowl feeders for picking them up with a robot arm. A large number of image processing methods are available for recognizing these components. For instance, the stereovision approach provides fine results by comparing several images of the objects taken from different angles. However, when several types of components are available or for thin components, the identification remains a delicate task. We propose the Graph Matching Optimization methodology, which uses graph comparison with evolutionary algorithms between stereoscopic images and a model, in order to identify thin pieces in a constrained time frame. First, we extract characteristic component information by binarization and skeletonization of the images. Then, we retrieve the position of the objects in a 3 three-dimensional space through an evolutionary algorithm derived from Harmony Search Optimisation (HSO). Lastly, we extract and validate optimal parameter ranges for which the devised algorithm shows a high efficiency for representative component positions of randomly arranged thin objects.