quipe MADYNES

Lquipe exemple est une quipe du LORIA et un projet dInria Grand Est.
Page Web

http ://madynes.loria.fr

Objectifs MADYNES (MAnaging DYnamic NEtworks and Services) is a research team devoted to investigate
the management and security issues of new networks and services. Its main objective is to develop novel approaches and algorithms that can cope with the increasing dynamics and scale both major attributes of emerging
networks.
Thmatique scientifique & Objets de recherche The team investigates :
Self-* techniques for network management combining distributed monitoring, self-configuration and healing approaches for highly dynamic networks,
Security management and assessment models, architectures and algorithms for sensitive networked services involving a large number of devices,
Scalability, uncertainty and robustness issues in both the management and the functional planes of tomorrows Internet.
Applications We apply and validate our approaches on various application domains including P2P overlays,
Internet of Things, Information/Content Centric Networks, industrial systems.
Collaborations industrielles et acadmiques To perform the evaluation and assessment of our models we
have access and contribute to large experimental facilities like the High Security Laboratory at LORIA, PlanetLab and IoT-LAB. We also develop strong cooperations with both industry and academics through national and
european level project like the FLAMINGO Network of Excellence Project focussing on Network and Service
Management.

Sujet 1
Experimentation tools for Software Defined
Networking and Named Data Networking
Propos par : Lucas Nussbaum
Executive summary : Extend the Grid5000 testbed and the Distem emulator to enable experimentation on
SDN and NDN
Key technical skills required : interest (and willingness to learn about) for deep & dirty technical stuff in
Linux environments. system/network programming and administration.
Research team name :
Research Unit :
Intern tutors :
Internship duration :
Followed by a PhD :

Madynes
LORIA / Inria Nancy Grand Est
Lucas Nussbaum <lucas.nussbaum@loria.fr>
4 to 6 month
possible (but not mandatory)

Context
Software Defined Networking (NDN) and Named-Data Networking (NDN) are two new paradigms that aim
at changing the way we design and architecture networks. In a nutshell, SDN is to managing networks what
Cloud infrastructures are to managing servers : by moving the control to software, it brings better scalability,
elasticity, resilience, etc. Named-Data Networking explores the idea of moving from the current host-centric
(IP-address-centric) architecture to one where data and content are at the center of the design.
To evaluate algorithms and software targetting those architectures, experimentation tools are required :
simulators, emulators, testbeds.
We are already involved in the design of two experimentation tools : first, the Grid5000 testbed, which
is a major testbed for research on HPC, Clouds, Big Data. Second, the Distem emulator, that relies on Linux
technologies to emulate varying performance and arbitrary network topologies on top of clusters of homogeneous
nodes (typically from Grid5000).

Description
The goal of this project is to design extensions to Grid5000 and Distem to support experimentation on SDN and NDN.
Typically, the intern will :
1. Evaluate requirements for experiments on SDN and/or NDN, by doing a survey of existing experimentation tools and recent experimental studies.
2. Design extensions to Grid5000 and/or Distem to enable/enhance experimental capabilities in the contexts
of SDN and NDN.
3. Evaluate those extensions by performing experiments on SDN and NDN.
Depending on opportunities for convergence (and on interest of the intern), the internship will focus first on
Grid5000 and SDN, or on Distem and NDN.

Links
Distem : http ://distem.gforge.inria.fr/
Grid5000 : http ://www.grid5000.fr/

Sujet 2
Dimensionnement dun rseau de
passerelles pour lIoT
Propos par : Emmanuel Nataf
Informations gnrales
Encadrants
Adresse
Tlphone
Email
Bureau

Emmanuel Nataf
LORIA, Campus Scientifique - BP 239, 54506 Vanduvre-ls-Nancy
03 59 20 49
nataf@loria.fr
B 128

Motivations
LInternet of Things (IoT) est un domaine dans lequel un certain nombre dobjets (notamment des capteurs),
forment un ou plusieurs rseaux afin de transporter des informations vers une passerelle vers lInternet. Ces
rseaux sont sans fil, et ont une topologie qui sadapte aux conditions de lenvironnement et de ltat (notamment
de la batterie) des objets.
Ces rseaux vont se multiplier dans une mme zone gographique (btiment, ville [2]) et se pose le problme
de dimensionner des passerelles de sorte quun grand rseau de capteurs puisse utiliser plusieurs passerelles
et quune mme passerelle puisse connecter plusieurs rseaux vers lInternet [1] [3].

Sujet
Le sujet consiste proposer une solution qui permette de partager les ressources des passerelles afin de
servir au mieux diffrents rseaux de capteurs. Dun cot, les rseaux ont intrt utiliser le plus de passerelles possibles car cela limite les communications entre les capteurs, coteuses en nergie. Mais loppos,
les passerelles doivent tre disponibles pour accepter le plus de rseaux possibles et donc choisir de ne pas relayer certains rseaux, suffisamment relays par dautres passerelles, et ainsi de pouvoir accepter de nouveaux
rseaux de capteurs.
Il sagit dun problme doptimisation qui doit tre paramtr par diffrents facteurs, comme la qualit de
service demande par un rseau, la charge que reprsente le relais,. . .

Cadre du travail
Nous travaillons avec un protocole de routage standardis par lIETF [4], qui est implant dans le systme
dexploitation Contiki, programm en C. Les capteurs peuvent tre tout dabord simuls dans Cooja avant de
passer aux capteurs rels (de type Sky). Les passerelles seront implantes dans des nano-ordinateurs (raspberry) quips de carte de communication avec les capteurs.
Aprs une tude de lexistant, le travail devra comporter des propositions de formulation du problme
doptimisation et une mthode de rsolution. Laspect dynamique des rseaux de capteurs sera prendre en
compte. Suivant lapparition ou la disparition des capteurs, les passerelles devront sadapter pour respecter les
contraintes. En revanche, le nombre et la position des passerelles est fixe et connu.

Rfrences
[1] Zachariah, Thomas and Klugman, Noah and Campbell, Bradford and Adkins, Joshua and Jackson, Neal
and Dutta, Prabal The Internet of Things Has a Gateway Problem In Proceedings of the 16th International
Workshop on Mobile Computing Systems and Applications. ACM - 2015
[2] Okabayashi, Vitor Hugo and Ribeiro, Igor Cesar Gonzalez and Passos, Diego Menezes and Albuquerque,
Clio Vinicius Neves A Resilient Dynamic Gateway Selection Algorithm Based on Quality Aware Metrics
for Smart Grids In Proceedings of the 18th ACM International Conference on Modeling, Analysis and
Simulation of Wireless and Mobile Systems. 2015
[3] Preetha Thulasiraman RPL Routing for Multigateway AMI Networks Under Interference Constraints In
IEEE International Conference on Communications (ICC) 2013
[4] T. Winter, P. Thubert and all RPL : IPv6 Routing Protocol for Low-Power and Lossy Networks Request for
Comments 6550 - IETF
5

Sujet 3
Automating Security Function Chaining
for Protecting Smartphones
Propos par : Rmi Badonnel, Abdelkader Lahmadi
Informations gnrales
Encadrants
Adresse
Tlphone
Email
Bureau

Rmi Badonnel, Abdelkader Lahmadi, Olivier Festor

LORIA - INRIA Nancy Grand Est, Campus Scientifique, 54500 Vanduvre-ls-Nancy
03 54 95 86 39
badonnel@loria.fr
B 126

Motivations
High-speed mobile networking has led to the large-scale deployment of smart devices, such as android smartphones and tablets, offering multiple services and applications for end-users, but also being an attractive target
for attackers. Most of current security solutions for them are available in the form of applications or packages
to be directly installed on the devices themselves. Such on-device approaches offer some advantages, including
a consistent view of the system state during security operations, as well as the self-contained aspect they adopt.
However, these approaches generally induce significant resources consumption on the devices leading to the
reduction of the battery lifetime. In the meantime, current cloud-based solutions deal with this issue by offloading the most of the workload on a remote server, while only installing lightweight agents on the devices.
Such solutions permit to reduce the amount of used resources on the devices, but it remains at least two major
problems. The first one is the implication of the users, who generally do not have the required knowledge to
properly perform security decisions in case of settings or alerts for instance. The second one is the flexibility of
such solutions and their capacity to contextualize the device state to know how and when to use them.

Sujet
This Master thesis will consist in proposing, evaluating and implementing an approach for automating security function chaining in order to protect smartphones. The security functions, hosted on cloud infrastructures
or locally kept on the devices, will be activated and chained dynamically depending on contextual parameters.
A first part of the work will be dedicated to the analysis of security function chaining methods and techniques.
The targeted environment will be the Android operating system due to its large-scale deployment. A particular
focus will be given to software-defined networking and network function virtualization in that context. A second
part will be centred on the elaboration of an orchestrator and its algorithms, built on top of a software-defined
networking controller, in order to support the protection of android smartphones based on chained security
functions.

Cadre du travail
The internship will take place in the MADYNES research team at LORIA - INRIA Nancy Grand Est. First,
the Master student will get familiar with security function outsourcing and chaining in the context of cloud
infrastructures. He will then propose and implement an orchestrator and its algorithms for driving the dynamic chaining of security functions. The proposed strategy will be evaluated based on analytical results and
experimentations. Required skills : strong skills in programming (Python/Java), networking and systems, solid
mathematical background.

Rfrences
[1] G. Hurel, R. Badonnel, A. Lahmadi, O Festor. Behavioral and Dynamic Security Functions Chaining For
Android Devices. Proceedings of the IFIP/IEEE/In Assoc. with ACM SIGCOMM International Conference
on Network and Service Management (CNSM), Nov 2015, Barcelone, France.
[2] G. Hurel, R. Badonnel, A. Lahmadi, O Festor. Towards Cloud-Based Compositions of Security Functions For
Mobile Devices. Proceedings of the IFIP/IEEE International Symposium on Integrated Network Management (IM15), May 2015, Ottawa, Canada.
[3] J. Bergstra and M. Burgess. Handbook of Network and System Administration. Elsevier Edition, 2007.
http ://research.iu.hio.no/asysadm.php.
6

Sujet 4
Automated Generation of Complex Attack
Trees
Propos par : Abdelkader Lahmadi

Informations gnrales
Encadrants
Adresse
Tlphone
Email
Bureau

Abdelkader Lahmadi, Olivier Festor, Jrme Franois

LORIA, Campus Scientifique - BP 239, 54506 Vanduvre-ls-Nancy
03 54 95 84 78
lahmadi@loria.fr
B 266

Motivations
Complex and targeted attacks are one of the most fast growing information threats that companies, organization and government agencies are facing today. This has been intensified by the large deployment of new
devices in addition to traditional computers, and mainly because attackers have evolved from individuals towards organized cyber-criminal organizations to be able to make more sophisticated and complex attacks. A
complex attack is characterized by its low profile and slow mode involving several attack that some of them are
detected by traditional detection system (IDS, IPS, Firewall, Antivirus, . . .), however these steps are scattered
spatially and temporally, seems to be unrelated but as a whole they constitute a single powerful attack. Therefore fighting such a threat require to model, analyze and correlate various sources of data to create summarized
view that are exploitable by security analyst and, if possible, in real time and in an automated way.

Sujet
The objective of this master thesis is to design and develop a methodology to generate in an automated way
attack trees that will be useful to model required steps of an attacker to reach its goal. In first par of the work,
we will mainly rely on common attack pattern enumeration and classifications CAPEC provided by MITRE
to generate attack tree models. A second part will de dedicated to their enrichment and matching regarding
monitoring data and attack traces.

Cadre du travail
The internship will take place in the Madynes research team at LORIA - INRIA Nancy Grand Est. In this
work, we will use several network data sets including full data sets from LHS (Laboratory of High Security)
and also data sets from a running national project.

Rfrences
[1] The MITRE corporation. Common Attack Pattern Enumeration and Classification.
[2] E. Godefroy, E. Totel, M. Hurfin, F. Majorczyk Automatic Generation of Correlation Rules to Detect Complex
Attack Scenarios. In 2014 International Conference on Information Assurance and Security (IAS 2014), Nov
2014, Okinawa, Japan. IEEE, pp.6 .
[3] S. Paul. Towards Automating the Construction & Maintenance of Attack Trees : a Feasibility Study In
Proceedings of the 1st International Workshop on Graphical Models for Security (GraMSec 2014) co-located
with The European Joint Conferences on Theory and Practice of Software (ETAPS 2014), (pp. 31-46)
[4] S.A Camtepe, B. Yener Modeling and detection of complex attacks In Security and Privacy in Communications Networks and the Workshops, 2007. SecureComm 2007. Third International Conference on , vol., no.,
pp.234-243, 17-21 Sept. 2007.

Sujet 5
Formal Verification of Security Function
Chains
Propos par : Rmi Badonnel, Abdelkader Lahmadi

Informations gnrales
Encadrants
Adresse
Tlphone
Email
Bureau

Rmi Badonnel, Abdelkader Lahmadi, Olivier Festor, Stephan Merz

LORIA - INRIA Nancy Grand Est, Campus Scientifique, 54500 Vanduvre-ls-Nancy
03 54 95 86 39
badonnel@loria.fr
B 126

Motivations
High-speed mobile networking has led to the large-scale deployment of smart devices, such as android smartphones and tablets, offering multiple services and applications for end-users, but also being an attractive target
for attackers. Most of current security solutions for them are available in the form of applications or packages
to be directly installed on the devices themselves. Such on-device approaches offer some advantages, including
a consistent view of the system state during security operations, as well as the self-contained aspect they adopt.
However, these approaches generally induce significant resources consumption on the devices leading to the reduction of the battery lifetime. In the meantime, current cloud-based solutions deal with this issue by offloading
the most of the workload on a remote server, while only installing lightweight agents on the devices. Such solutions permit to reduce the amount of used resources on the devices, but it remains at least two major problems.
The first one is the implication of the users, who generally do not have the required knowledge to properly perform security decisions in case of settings or alerts for instance. The second one is the flexibility of such solutions
and their capacity to contextualize the device state to know how and when to use them. In MADYNES team,
we proposed a solution based on Network Function Virtualization (NFV) and Software Defined networks (SDN)
to elaborate service function chains to offload mobile security functions to the cloud. However, inconsistent or
incomplete chains could cause break-down of the supporting monitoring infrastructure.

Sujet
This Master thesis will consist in using formal methods for the verification and generation of service functions chains applied for security monitoring. The security functions, hosted on cloud infrastructures or locally
kept on the devices, will be activated and chained dynamically depending on contextual parameters. A first
part of the work will be dedicated to the elaboration of a methodology to cut efficiently security configurations
between a device and the cloud. The cutting problem will be formulated as a constraint satisfaction problem
and solved using SAT or SMT solvers. The second part, will be dedicated to the extension of the proposed
methodology for the verification of the obtained network function chains regarding their consistency with the
security requirements the targeted environment that will be the Android operating system due to its large-scale
deployment.

Cadre du travail
The internship will take place in the MADYNES research team at LORIA - INRIA Nancy Grand Est. First,
the Master student will get familiar with security function outsourcing and chaining in the context of cloud
infrastructures. He will then propose and elaborate the methodology using formal tools and techniques for the
verification in virtualized environments. Required skills : strong skills in programming (Python/Java), solid
formal methods background.

Rfrences
[1] G. Hurel, R. Badonnel, A. Lahmadi, O Festor. Behavioral and Dynamic Security Functions Chaining For
Android Devices. Proceedings of the IFIP/IEEE/In Assoc. with ACM SIGCOMM International Conference
on Network and Service Management (CNSM), Nov 2015, Barcelone, France.
8

[2] G. Hurel, R. Badonnel, A. Lahmadi, O Festor. Towards Cloud-Based Compositions of Security Functions For
Mobile Devices. Proceedings of the IFIP/IEEE International Symposium on Integrated Network Management (IM15), May 2015, Ottawa, Canada.
[3] M-K. Shin, K. Nam, S. Pack, S. Lee, R. Krshnan, T. Kim. Verification of NFV Services : Problem Statement
and Challenges. https://tools.ietf.org/html/draft-shin-nfvrg-service-verification-04.

Sujet 6
Security Monitoring Using Virtual Reality
Platforms
Propos par : Abdelkader Lahmadi

Informations gnrales
Encadrants
Adresse
Tlphone
Email
Bureau

Abdelkader Lahmadi, Jrme Franois

LORIA, Campus Scientifique - BP 239, 54506 Vanduvre-ls-Nancy
03 54 95 84 78
lahmadi@loria.fr and jerome.francois@loria.fr
B 138

Motivations
The huge growth of Internet exposes many users to various threats. This has been intensified by the large
deployment of new devices in addition to traditional computers. This includes smartphones and sensors, and
will concern daily life objects in a near future with the emergence of the Internet of Things (IoT) the last years.
Hence, this represents a tremendous playground for attackers. To fight them, security monitoring is an essential activity to identify misbehaviors and potential victims as earlier as possible. Usually, this activity relies on
security analysts where they are using several visualization tools to perform analysis of data, helping them to
identify attack patterns and malicious activities. However, currently this discovery process using data visualization is becoming challenging since the volume, the rate and the complexity of log data are growing, where they
are multi-dimensional (events, logs, IP addresses, ports, text, etc) and also multi-source (network flows, DNS
records, network trafic, balcklist records, server logs, firewall logs , etc). Massive data vectors collected when
monitoring systems, networks and services encapsulate key features for discovering and finding attack activities, security breaches and anomalies, and in the same time they require new tools and techniques to support
their analysis and investigation activities.

Sujet
In this master thesis, the goal is to develop a novel visual exploration technique based on a virtual reality
platform for the analysis and discovery of patterns inside monitoring data. Visualization is a well established
technique to link the content of data and human intuition to discover knowledge and extract patterns. However,
humans are used to see the world in 3 dimensions. A first part of the work will be dedicated to the transform
of multi-dimensional data vectors generated by security monitoring tool in 3D objets, and the second part will
dedicated to the development of techniques using devices from immersive virtual reality to build an interactive
and visual exploration platform.

Cadre du travail
The internship will take place in the Madynes research team at LORIA - INRIA Nancy Grand Est. In this
work, the student will use several network data sets including full data sets collected from LHS (Laboratory of
High Security). It will also get famiand with Oculus Rift devices programming and environments. In this work,
the student will also use big data techniques for data processing and web based virtual reality technologies for
visualization.

Rfrences
[1] C. Donalek, et al. Immersive and Collaborative Data Visualization Using Virtual Reality Platforms. In
proceedings of IEEE International Conference on Big Data, page 609, 2014.
[2] Cloud Security Alliance. Big Data Analytics for Security Intelligence.
[3] W Lidong, W Guanghui and A Cheryl Ann Big Data and Visualization : Methods, Challenges and Technology
Progress In Digital Technologies, Volume 1, Number 1, Pages 33-38, 2015.
10