Français Anglais
Accueil Annuaire Plan du site
Home > Research results > Dissertations & habilitations
Research results
Ph.D de

Group : Verification of Algorithms, Languages and Systems

Attack Tolerance for Services-based Applications in the Cloud

Starts on 01/10/2015
Advisor : ZAIDI, Fatiha

Funding : Contrat doctoral uniquement recherche
Affiliation : Université Paris-Sud
Laboratory : LRI - VALS

Defended on 21/12/2018, committee :
Directrice de thèse :
- Fatiha Zaïdi, Maître de Conférences HDR, Université Paris-Sud (LRI)

Co-encadrante de thèse :
- Ana R. Cavalli, Professeur Emérite, Télécom SudParis (SAMOVAR)

Examinateurs :
- Joaquin Garcia-Alfaro, Professeur, Télécom SudParis
- Manuel Núñez, Professeur, Universidad Complutense de Madrid
- Edgardo Montes De Oca, Directeur R&D, Montimage Paris

Rapporteurs :
- Frédéric Cuppens, Professeur des Universités, IMT Atlantique
- Pascal Poizat, Professeur des Universités, Université Paris-Nanterre (LIP6)

Research activities :

Abstract :
Web services allow the communication of heterogeneous systems on the Web. These facilities make them particularly suitable for deploying in the cloud. Although research on formalization and verification
has improved trust in Web services, issues such as high availability and security are not fully addressed; since the solutions proposed are sometimes attack-specific. In addition, Web services deployed in cloud infrastructures inherit their vulnerabilities. For example when different tenants in a cloud platform consume the same instance of the service, attacks such as side-channel can be performed by malicious tenants. Because of this limitation, they may be unable to perform their tasks perfectly. In this thesis, we claim that a good tolerance requires attack detection and continuous monitoring on the one hand; and reliable reaction mechanisms on the other hand. We therefore proposed a new runtime monitoring methodology that takes into account the risks that our services may face. To implement this methodology, we first developed an approach of attack tolerance that leverages model-level diversity. We define a model of the system and derive more robust functionally equivalent variants that can replace the first one in case of attack.
To avoid manually deriving the variants and to increase the level of diversity, we proposed a second complementary approach. The latter still consists in having different variants of our services; but unlike the first, we have a single model and the implementations differ at the language, source code and binaries levels. Moreover, to ensure detection of insider attacks, we investigated a new detection and reaction mechanism based on software reflection. While the program is running, we analyze the methods to detect malicious executions. Finally, we leveraged a formal framework for Web service choreography verification and testing, SChorA, by incorporating these complementary mechanisms in order to take advantage of the benefits of each of them.

Ph.D. dissertations & Faculty habilitations
The original manuscript conceptualizes the recent rise of digital platforms along three main dimensions: their nature of coordination devices fueled by data, the ensuing transformations of labor, and the accompanying promises of societal innovation. The overall ambition is to unpack the coordination role of the platform and where it stands in the horizon of the classical firm – market duality. It is also to precisely understand how it uses data to do so, where it drives labor, and how it accommodates socially innovative projects. I extend this analysis to show continuity between today’s society dominated by platforms and the “organizational society”, claiming that platforms are organized structures that distribute resources, produce asymmetries of wealth and power, and push social innovation to the periphery of the system. I discuss the policy implications of these tendencies and propose avenues for follow-up research.