The Department 3 PhD Day will take place on Monday, December 13th in the room C005 of Loria.

Program:

8:30 – 8:55 Welcome coffee and pastries (room A008)

9:00 – 9:30 Opening session (room C005)
Thomas Lambert (MCF, joined LORIA in sept. 2021)
Making Distributed Applications Communication-Aware

9:30 – 10:35 session 1 (room C005)
Mohamed Oulaaffart (20’)
Automating Security Enhancement for Cloud Services

Adrien Hemmer (20’)
Predictive Security Monitoring for Large-Scale Internet-of-Things

Jean-Philippe Eisenbarth (20’)
Ethereum’s Peer-to-Peer Network Monitoring and Sybil Attack prevention

Omar Anser (5’)
Automation of security counter-measures in Mobile-Edge Computing infrastructure

10:35 – 10:55 coffee break (room A008)

11:00 – 12:40 session 2 (room C005)
Debashisha Mishra (20’)
UAV Cellular Communication for Vertical Industries in 5G and Beyond

Amalia Macali (20’)
Designing exact optimization methods for process synthesis

Philippe Graff (20’)
Development and orchestration of microservices for low latency and secure applications.

Runbo Su (20’)
PDTM: Phase-based dynamic Trust Management for Internet of Things

Alexandre Bourbeillon (20’)
Measuring trust in distributed collaborative systems

12:45 – 14:00 Lunch at the Canteen

14:00 – 16:10 session 3 (room C005)
Amaury Saint-Jore (20’)
Multi-Agent, Machine / Deep / Continuous Learning and Augmented / Mixed reality for
networked, collaborative and mobile robots

Pierre-Antoine Rault (20’)
Access Control and Security Mecanisms in Distributed Systems with no Central Authority

Clelie Amiot (20’)
Trustworthy cognitive assistants for large-scale collaboration

Matthieu Nicolas (20’)
Efficient (re)naming in Conflict-free Replicated Data Types (CRDTs)

Maxime Samson (20’)
Assister la conception et la configuration de réseaux TSN par une approche basée sur les
modèles

Imene Zaidi (co-supervised UL-UHA) (20’)
Gestion optimisée de la charge de flotte de véhicules électriques

Enzo d’Andréa (5’)
Reusable and Adaptable Machine Learning for Network Security

Diego Vega (5’)
Combining co-simulation with optimization and learning
___________________________________________________________________________
Appendix: Abstracts of the presentations

Session 1
Mohamed OULAAFFART
Automating Security Enhancement for Cloud Services
Abstract: The main objectives of this PhD thesis are to propose, design and evaluate automated
security strategies for protecting cloud services, with a particular focus on challenges related to
the migration of resources composing these services. The first part of the work will be dedicated
to the elaboration of a state-of-the-art, taking into account the analysis of existing orchestration
languages, such as the TOSCA language (Topology and Orchestration Specification for Cloud
Applications), for building and implementing elaborated cloud services, as well as current
security mechanisms that have been proposed so far for protecting cloud elementary resources.
The second part will consist in proposing a security management framework, as well as
automation algorithms to support the security enhancement of cloud services, during the
migration of resources. This enhancement will potentially rely on both endogeneous security
mechanisms through the hardening of cloud resources, as well exogeneous security
mechanisms based on the activation of chains of security functions. The third part will be
focused on the development of a proof-of-concept prototype, and the performance evaluation
of the proposed security automation strategies. The analyzed use cases will consider the specific
requirements expressed by the H2020 Concordia project, and will give a specific interest to
vulnerability management issues.
key words : Security, Enhancement, Composite Services, Orchestration, Cloud,
Automation, Migration.

Adrien HEMMER
Predictive Security Monitoring for Large-Scale Internet-of-Things
Abstract: Recently, Internet-of-Things has grown in importance in multiple domain such as
domestic with smart-homes or industrial with the industry 4.0. It is complex to manage IoT
infrastructure because each of its device can be really different, in addition they lack power and
compute efficiency. Moreover, to add in complexity, the devices can be made by several third
parties that do not use the same protocols for collecting or sending information. As a result,
such a system is too complex to be absolutely secured, and is naturally a source of potential
threats.
The objective of the thesis, in the context of the European H2020 project SecureIoT, to define
and evaluate a predictive security framework for IoT for devices from multiple domains. The
challenging goal is to observe evidences of future attacks or misuse by collecting and
integrating heterogeneous data. In the new IoT architecture under construction, a security
engine has to be designed for the predictive analysis. This engine has to perform a security
assessment, using collected data, and support decision on counter-measures. However, the
gathered data have to be meaningful in order to detect abnormal behaviours of systems.
Furthermore, the monitoring and collection process have to be scalable to handle complex realtime
ecosystem.

Jean-Philippe EISENBARTH
Ethereum’s Peer-to-Peer Network Monitoring and Sybil Attack prevention
Abstract: Public blockchains, like Ethereum, rely on an underlying peer-to-peer (P2P) network
to disseminate transactions and blocks between nodes. With the rise of blockchain applications
and cryptocurrencies values, they have become critical infrastructures which still lack
comprehensive studies. In this paper, we propose to investigate the reliability of the Ethereum
P2P network. We developed our own dependable crawler to collect information about the peers
composing the network over one month. Our data analysis regarding the size of the network,
the geographical distribution of peers and the churn rate shows good network properties.
However, in a second time, we investigate suspicious patterns that can denote a Sybil attack.
We find that many nodes hold numerous identities in the network and could become a threat.
To mitigate future Sybil attacks, we propose an architecture to detect suspicious nodes and
revoke them. It is based on a central monitoring system, a smart contract to propagate the
information and an external revocation tool to help clients remove their connections to
suspicious peers. Our experiment on Ethereum’s Test network proved that our solution is
effective.

Omar ANSER
Automation of security counter-measures in Mobile- Edge Computing infrastructure
Abstract:Nowadays, cybersecurity is a major concern everywhere with the growth of co
nnected devices that are beyond common computers. People are connected using their
smartphone but also with Internet-of-Things (IoT) devices. Everything tends to be connected
in buildings, cars, factories, cities, airplanes… with all the risks that induces.
To circumvent these problems, decades of research and development have led to build new
techniques and tools to fight back to the attacks over Internet. Nonetheless, the number of
attacks and their magnitude still grow.
As a result, guaranteeing a high level of security is very challenging. New methods to
counteract against new threats and attacks will be proposed. However, a practical problem is to
properly use the arsenal of all these techniques: What to use? For which purposes? When? How
to configure it? What should be given as inputs… Hence, a large set of questions remain even
if you assume that you have all possible techniques at your disposal. Unfortunately security is
still mostly manual or only assisted. Developing an autopilot for managing the security of
connected systems is an ultimate goal but highly challenging.
This thesis aims at proposing a framework and techniques to empower the automation of
network security assuming a highly dynamic environment, in particular Mobile-Edge
Computing infrastructure and 5G.

Session 2
Debashisha MISHRA
UAV Cellular Communication for Vertical Industries in 5G and Beyond
Abstract: UAV and Cellular technology are two mutual beneficial ecosystems. In this
presentation, two integration paradigms are highlighted for enabling support towards emerging
business verticals (e.g., automotive, multi-media, industry 4.0 etc.) in 5G and beyond systems:
(1) UAV as an Aerial Base Station (UAV-BS), and (2) UAV as an Aerial User of the existing
5G network (UAV-UE). In the first paradigm (UAV-BS), we showcase and reason on the
emerging network slicing approach for UAV-BS platform catering services from
heterogeneous business verticals. In the second paradigm (UAV-UE), feasibility of realizing
inter-UAV communication based on cellular Sidelink (PC5 radio interface) is discussed. We
also provide a technical overview of potential options to leverage UAV communication in 6G
era.

Amalia MACALI
Designing exact optimization methods for process synthesis
Abstract: The main topics of my PhD is the optimization of membrane separation technology.
Membrane separation technology is often used to achieve gas purification and it can be used in
different aspects of the industry. The performance of membrane separation depends on the
operating conditions and the interconnections between the selected equipment. Membranes for
gas separation can be made of different materials, and each material leads to different
permeability performances. When a mixture of gas enters the membrane some components
having low permeability pass through the membrane as in a tube, forming the retentate output,
whereas other components with higher permeability drop through the material, forming the
permeated output of the membrane. When a high level of purity is required, one separation
stage is not enough, and multiple stages are needed. In this case, a problem of membrane system
design has to be solved where the number of stages, the interconnections and the operating
conditions for each stage have to be chosen. The objective function to be considered is the cost
of the system, ensuring a certain level of performance in terms of purity and recovery of the
desired gas. Up to now, the problem has been solved using a heuristic global optimization
approach, which was a combination of multistart and a problem tailored Monotonic Basin
Hopping. The proposed method was applied to optimize and analyse several well-known and
important gas separation cases. The degrees of freedom of the optimization model were
increased case by case considering more parameters as decision variables and optimizing the
separation process design. The obtained results were good, but since the algorithm is heuristic,
there is no guarantee of finding the global optimal solution

Philippe GRAFF
Development and orchestration of microservices for low latency and secure applications.
Abstract: Within the scope of the ANR project MOSAICO (Orange, Montimage, UTT,
LORIA), this PhD project proposes to design, implement and validate micro-services based on
optimized virtualized network functions but integrated in a more global architecture using
several different network programmability technologies.
To achieve this ambitious goal, the project will adopt an experimental methodology organized
in 4 tasks.
The first one will consist in studying the different micro-services architecture for the network
and selecting the most suitable one for our case study.
In a second step, the identification, specification and design of micro-services and the definition
of the global architecture of the project will be carried out in partnership with the other partners.
The first function to be created will be a flow classifier based on machine learning techniques
and allowing the detection of real-time flows in order to process them in a specific way.
The specified micro-services will then be implemented and evaluated in a synthetic
environment close to reality in order to verify their adequacy with the strong QoS and security
constraints of the project.
Finally, the last task that will be carried out jointly with an engineer aims at evaluating the
whole solution applied to an immersive service in real conditions such as cloud gaming.

Runbo SU
PDTM: Phase-based dynamic Trust Management for Internet of Things
Abstract : Un modèle de la gestion de la confiance qui permet de maintenir la fiabilité des
systèmes IoT et en même temps identifier les attaques de malveillants en calculant les scores
de confiance des noeuds de manière diversifiée et dynamique en termes de phases.

Alexandre BOURBEILLON
Measuring trust in distributed collaborative systems
Abstract: In recent years, the growth of the Internet has led to the development of collaborative
distributed systems. In such systems, a large number of users contribute simultaneously to
accomplish a common task. One of the best-known examples of collaborative distributed
systems is Wikipedia, which is the biggest open encyclopedia existing. Wikipedia’s
main objective is to produce neutral and high-quality articles. To achieve this kind of goal,
being able to measure how well we can trust any user is very important. It allows the platform
to adapt its policies and other users to adapt their behaviour regarding previous interactions.
Moreover, it is an efficient way to design strategies to handle harmful contributors and thus
increase the quality of the content and the number of contributors.
The objective of the thesis is to define and validate trust metrics that help predict how well a
user of a distributed collaborative system will behave in the future based on its previous
contributions in Wikipedia. Our aim is to base this metric on the quality of each contribution
produced by the user. We investigated the usage of several metrics to compute the quality of a
contribution using the notion of longevity. Longevity is a measure of quality based on how well
the contribution will survive to future edits and be maintained in the document.

Session 3
Amaury SAINT-JORE
Multi-Agent, Machine / Deep / Continuous Learning and Augmented / Mixed reality for
networked, collaborative and mobile robots
Abstract: The overall objective is to develop a system of interconnected robots seen as Cyber-
Physical Systems (CPS) allowing to carry out autonomous missions in complex environments
interacting with operators and increasing their context awareness.
– The primary objective is to help the Human being in different tasks.
– This multi-agent system is composed of mobile and agile ground robots and aerial UAVs,
capturing different data in the field from several points of views: images, geolocation, sounds,
etc.
– Data, information and experiences can be exchanged between robots but also transmitted to
computers carried by one or more operators to help them carry out their mission.
– Data can be viewed using an augmented / mixed reality headset providing digital and spatial
information.
– Each agent will be assigned one or more AIs, to perform object recognition, environment
modelling, or to define the path and guidelines to be followed, or to monitor other agents. A
global distributed AI is embedded on the robot, and the operators will allow the supervision of
each agent and their associated AI, as well as assess the state and evolution of the system as a
whole.
The system continuously adapts the individual and collective response to the situation
according to different scales.

Pierre-Antoine RAULT
Access Control and Security Mecanisms in Distributed Systems with no Central
Authority
Abstract: Distributed applications are part of our everyday lives, but too often their good
operation depends on central servers, which are single points of failure and performance
bottlenecks. Designing systems for fully distributed communications however still requires
porting common mechanisms needed for feature-rich applications: user rights differentiation,
end-to-end confidentiality, administrators and other application-specific roles. We rely on
conflict-free replicated data types (CRDT) to allow each user to exchange independently and
concurrently without coordination, and present our own CRDT to manage a distributed access
control policy. To verify that policy stays consistent, we examine different applicative use cases
pertaining to collaborative edition, and design conflict resolution strategies at the document and
policy levels. In order to guarantee confidentiality in a distributed setting, we also consider
secure communication protocols and how to integrate their operation in a collaborative group.
To that end, we plan to extend our work with a novel CRDT tying key exchanges from select
asynchronous key exchange protocols to policy operations affecting group membership.

Clelie AMIOT
Trustworthy cognitive assistants for large-scale collaboration
Abstract: Collaborative endeavors are happening on an increasingly larger scale. Digitalization
and globalization allow organizations to collaborate across borders and time zones on projects
like commercial releases, academic research, or crisis management. However, those
collaborations bring their challenges: ever growing data to parse, different levels of security
clearances to manage, and varying vocabularies, expertise, and processes to coordinate.
Cognitive assistants are a promising solution to help decision-making and reduce mistakes
caused by this overload of constraints. My thesis investigates how implementing a cognitive
agent in a large-scale collaboration can be done while maintaining trust in the tool. Indeed, an
untrustworthy tool will not be used or will cause delays by being over-monitored, such as using
backchannels to check the tool’s information and actions. We highlighted a clear difference in
reception between human and robot assistants, where people showed higher compliance to a
chatbot’s advice but lower engagement in the reasoning process. Our work will also investigate
the impact of a chatbot assistant on a team’s dynamics performing a collaborative task and how
it can be adjusted for efficient and trustful collaboration.

Matthieu NICOLAS
Efficient (re)naming in Conflict-free Replicated Data Types (CRDTs)
Abstract: To achieve high availability, large-scale distributed systems have to replicate data
and to minimise coordination between nodes. For these purposes, literature and industry
increasingly adopt CRDTs to design such systems. CRDTs are new specifications of existing
data types, e.g. Set or Sequence. While CRDTs have the same behaviour as previous
specifications in sequential executions, they actually shine in distributed settings as they
natively support concurrent updates. To this end, CRDTs embed in their specification conflict
resolution mechanisms. These mechanisms usually rely on identifiers attached to elements of
the data structure to resolve conflicts in a deterministic and coordination-free manner.
Identifiers have to comply with several constraints, such as being unique or belonging to a dense
total order. These constraints may hinder the identifier size from being bounded. Identifiers
hence tend to grow as the system progresses, which increases the overhead of CRDT over time
and leads to performance issues. To address this issue, we propose a novel Sequence CRDT
which embeds a renaming mechanism. It enables nodes to reassign shorter identifiers to
elements in an uncoordinated manner. Experimental results demonstrate that this mechanism
decreases the overhead of the replicated data structure and eventually minimises it.

Maxime SAMSON
Assister la conception et la configuration de réseaux TSN par une approche basée sur les
modèles
Abstract: Les nouvelles fonctionnalités qu’apportent les standards définis par le groupe de
travail IEEE 802.1 TSN à la commutation Ethernet permettent son utilisation pour des réseaux
temps réel. Ces nouvelles fonctionnalités rendent possible la conception de réseaux Ethernet
déterministes, mais au prix d’un effort de configuration très important. Cette difficulté de
configuration s’applique à la fois aux équipements réseaux et aux outils utilisés pour concevoir
ces réseaux, par exemple des simulateurs.
Notre approche est basée sur les modèles et permet la génération automatique de la
configuration d’un réseau TSN pour des outils tels que des simulateurs. Cette approche simplifie
lest étapes de conception et de configuration du réseau et assure la cohérence entre les
configurations générées pour les différentes cibles. La grande diversité des outils de conception,
tant par leur nombre que par les différentes fonctionnalités de TSN qu’ils supportent, permet à
une approche de génération d’offrir un gain de de temps important en simplifiant leur utilisation.

Imene ZAIDI (co-supervised UL-UHA)
Gestion optimisée de la charge de flotte de véhicules électriques
Abstract : Dans le cadre de la lutte contre la crise climatique, plusieurs gouvernements ont pris
des mesures visant à encourager l’adoption des véhicules électriques pour diminuer l’émission
de gaz à effet de serre. Actuellement les véhicules électriques sont encore peu nombreux sur le
réseau routier et leur impact sur le réseau électrique reste faible. Néanmoins, il s’avère
important d’anticiper une éventuelle saturation des stations de recharges en cas de déploiement
massif de ces véhicules dans les années à venir. Aussi, il est primordial de proposer des outils
opérationnels permettant aux stations d’assurer de la qualité de service de recharge tout en
respectant les contraintes physiques imposées par les opérateurs des réseaux électrique. C’est
l’objectif assigné à ce travail de thèse. Plus précisément, l’objet de ces travaux portent sur la
recharge intelligente qui va permettre aux opérateurs des stations de recharge d’optimiser la
planification de la recharge afin de répondre le mieux possible aux attentes des usagers et en
même temps de minimiser le coût et la consommation d’énergie. Pour cela, nous travaillons sur
la modélisation mathématique des différentes variantes de problème de planification de la
recharge des véhicules électriques. Nous étudions également la classe de complexité de ces
problèmes. De plus, nous proposons des nouveaux algorithmes d’optimisation adaptés à ces
problèmes y compris des algorithmes d’optimisation en temps réel. Enfin, nous sommes amenés
à faire des simulations et des tests pour valider les approches développées.

Enzo d’ANDREA
Reusable and Adaptable Machine Learning for Network Security
Abstract: Cybersecurity is a major concern everywhere with the growth of connected devices.
The attack surface therefore increases with the number of devices but also with the number of
applications they support. Techniques used by attackers and defenders evolved and includes
complex mechanisms with for example massive use of encryption which serves both attackers
and defenders. As a result, machine learning and artificial intelligence has become a major field
of study regarding network security.
With the use of Machine Learning comes the problem of choosing the right set of features,
metrics but also algorithm. The reusability of existing results is limited as context-specific
interpretation or adaptation is required. There exists some proposal, especially for port numbers
or IP adresses, but proposed metrics are usually too coarse-grained and are far from being
satisfactory.
A major research challenge is the definition of network-based features that are both meaningful
and reusable in a variety of scenarios. A second challenge is to select the right sets of attributes
with the context, with criteria being for example the contribution to final results, but also cost
to collect and transform.
The first objective of the thesis is to define new representations of network data as features for
ML algorithms. The second objective of the thesis is to define a method to automatically select
the right set of features.

Diego VEGA
Combining co-simulation with optimization and learning
Abstract: The thesis aims to explore the relationships between co-simulation, optimization and
learning having in mind to propose a global decision support approach based on cosimulation.
The relationships between co-simulation, optimization and learning can be
considered in multiple ways. A first point of view can be to consider optimization and learning
as “beside” the co-simulation tool and being able to execute it to obtain data and/or to modify
the parameters or the structure of the multi-model. These relationships can also be conceived
at different levels: at the level of a component/model or at the level of the composite/system.
Another point of view is to consider that optimization and learning are part of the co-simulation
as a component (and therefore as a model) of decision within the simulated system. The central
idea of study is to question the DEVS formalism and the associated concept of System, Entity
Structure in order to assess to what extent they are compatible with these different notions of
optimization and learning, and under what assumptions according to each of the facets
compatibility can exist. A first (restricted) case study will be chosen and confronted with a first
proposal of definitions, then in an incremental way, the proposal will be improved and again
confronted with one or several case studies.