inproceedings_parrend.bib

@inproceedings{Frenot2008monitoring,
  abstract = {: In simple and monolithic systems such as our current home gateways, monitoring is often overlooked: the home user can only reboot the gateway when there is a problem. In next-generation home gateways, more services will be available (pay-per-view TV, games...) and different actors will provide them. When one service fails, it will be impossible to reboot the gateway without disturbing the other services. We propose a management framework that monitors remote gateways. The framework tests response times for various management activities on the gateway, and provides reference time/performance ratios. The values can be used to establish a management schedule that balances the rate at which queries can be performed with the resulting load that the query will induce locally on the gateway. This allows the manager to tune the ratio between the reactivity of monitoring and its intrusiveness on performance},
  author = {St\'{e}phane Fr\'{e}not and Yvan Royon and Pierre Parrend and Denis Beras},
  booktitle = {IEEE/IFIP Network Operations and Management Symposium (NOMS), Salvador de Bahia, Brazil, 7-11 April 2008},
  file = {http\://www.ieeexplore.ieee.org/xpls/abs_all.jsp?isnumber=4575087&arnumber=4575162&count=195&index=74:PDF},
  keywords = {Monitoring, load calibration, home gateways},
  timestamp = {2007.12.24},
  title = {Monitoring Scheduling for Home Gateways},
  url = {http://www.rzo.free.fr/frenot08monitoring.php},
  year = {2008}
}
@inproceedings{Geoffray2009cfse,
  address = {Toulouse, France},
  author = {N. Geoffray and G. Thomas and G. Muller and P. Parrend and S. Frenot and B. Folliot},
  booktitle = {Conference Francaise sur les Systemes d'Exploitation},
  month = {September},
  timestamp = {2010.01.29},
  title = {I-JVM: une machine virtuelle Java pour l'isolation de composants dans OSGi.},
  year = {2009}
}
@inproceedings{NicolasGeoffray2009,
  address = {Lisbon, Portugal},
  author = {Nicolas Geoffray and Gael Thomas and Gilles Muller and Pierre Parrend and Stephane Frenot and Bertil Folliot},
  booktitle = {39th IEEE/IFIP Conference on Dependable Systems and Networks (DSN)},
  timestamp = {2010.01.29},
  title = {I-JVM: a Java Virtual Machine for Component Isolation in OSGi},
  year = {2009}
}
@inproceedings{Parrend2009ares,
  abstract = {Java-based systems are built from components from various providers that are integrated together. Generic coding best practices are gaining momentum, but no tool is availableso far that guarantees that the interactions between these components are performed in a secure manner. We propose the 'Weak Component Analysis' (WCA) tool, which performs static analysis of the component code to identify exploitable vulnerabilities. Three types of classes can be identified in Java components, that each can be exploited through specific vulnerabilities. Internal classes which are not available for other components can be abused in an indirect manner. Shared classes which are provided by libraries can be abused through class-level vulnerabilities. Shared objects, i.e. instantiated classes, which are made available as local services in Service-oriented Programming platforms such as OSGi, Spring and Guice can be abused through object-level vulnerabilities in addition to class-level vulnerabilities.},
  address = {Fukuoka, Japan},
  author = {Pierre Parrend},
  booktitle = {Forth International Conference on Availability, Reliability and Security (AReS 2009)},
  month = {March},
  title = {Enhancing Automated Detection of Vulnerabilities in Java Components},
  year = {2009}
}
@inproceedings{parrend05ontologies,
  abstract = {Model Driven Engineering (MDE) knows growing interest as much as a research domain as an industry process for building software quickly and reliably. However, in the way to reuse and automation of design processes, it has limitation for this purpose, as it focuses on design much more as on user s need. Use of an ontology representing domain design knowledge can be a way to bridge the gap between use scenarios and models, and so to empower MDE approaches.},
  author = {Pierre Parrend and Bertrand David},
  booktitle = {IEEE EuroCon 2005, Belgrad, Serbia-Montenegro},
  file = {abs_all.jsp?arnumber=1629992:http\://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=1629992:PDF},
  timestamp = {2005.11.07},
  title = {Use of Ontologies as a Way to Automate MDE Processes},
  url = {http://www.rzo.free.fr/parrend05ontologies.php},
  year = {2005}
}
@inproceedings{parrend08cbac,
  abstract = {Extensible Component Platforms support the discovery, installation, starting, uninstallation of components at runtime. Since they are often targeted at mobile resource-constraint devices, they have both strong performance and security requirements. The current security model for Java systems, Permissions, are based on call stack analysis. They proves to be very time-consuming, which makes them difficult to use in production environments. We therefore define the Component-Based Access Control (CBAC) Security Model, which aims at emulating Java Permissions through static analysis at the installation phase ofthe components. CBAC is based on a fully declarative approach, thatmakes it possible to tag arbitrary meth- ods as sensitive. A formal model is defined to guarantee that a given component have sufficientaccess rights, and that dependencies between components are taken into account. A first implementation of the model is provided for the OSGi Platform, using the ASM library for code anal- ysis. Performancetests show that the cost of CBAC at install time is negligible, becauseit is executed together with digital signature which is much more costly. Moreover, contrary to Java Permissions, the CBAC security model does not imply any runtime overhead.},
  author = {Pierre Parrend and St\'{e}phane Fr\'{e}not},
  booktitle = {Software Composition (SC'2008)},
  file = {k282223p57n56273:http\://www.springerlink.com/content/k282223p57n56273/:PDF},
  keywords = {Software Security, Component Middleware, Static Analysis, OSGi Platform},
  month = {March},
  pages = {68-83},
  publisher = {Springer Berlin / Heidelberg},
  series = {LNCS},
  title = {Component-based Access Control: Secure Software Composition through Static Analysis},
  url = {http://www.rzo.free.fr/parrend08cbac.php},
  volume = {4954/2008},
  year = {2008}
}
@inproceedings{parrend08cbse,
  abstract = {Java-based systems have evolved from stand-alone applications to multi-component to Service Oriented Programming (SOP) platforms. Each step of this evolution makes a set of Java vulnerabilities directly exploitable by malicious code: access to classes in multi-component platforms, and access to object in SOP, is granted to them with often no control. This paper defines two taxonomies that characterize vulnerabilities in Java components: the vulnerability categories, and the goals of the attacks that are based on these vulnerabilities. The `vulnerability category' taxonomy is based on three application types: stand-alone, class sharing, and SOP. Entries express the absence of proper security features at places they are required to build secure component-based systems. The `goal' taxonomy is based on the distinction between undue access, which encompasses the traditional integrity and confidentiality security properties, and denial-of-service. It provides a matching between the vulnerability categories and their consequences. The exploitability of each vulnerability is validated through the development of a pair of malicious and vulnerable components. Experiments are conducted in the context of the OSGi Platform. Based on the vulnerability taxonomies, recommendations for writing hardened component code are issued.},
  address = {Karlsruhe, Germany},
  author = {Pierre Parrend and St\'{e}phane Fr\'{e}not},
  booktitle = {Conference on Component-based Software Engineering (CBSE'2008)},
  keywords = {Software Security, Service-oriented Programming, Component Middleware},
  month = {October},
  publisher = {Springer Berlin / Heidelberg},
  series = {LNCS},
  title = {Classification of Component Vulnerabilities in {J}ava Service Oriented Programming ({SOP}) Platforms},
  url = {http://www.rzo.free.fr/parrend08cbse.php},
  volume = {5282/2008},
  year = {2008}
}
@inproceedings{parrend2007sfelix,
  abstract = {The OSGi platform is a lightweight management layer over a Java virtual machine that makes runtime extensibility and multi-application support possible in mobile and constraint environments. This powerfull capability opens a particular attack vector against mobile platforms: the installation of malicious OSGi bundles. The first countermeasure is the digital signature of the bundles. We developed a tool suite that supports the signature, the publication and the validation of the bundles in an OSGi framework. Our tools support the publication of bundles onto a remote bundle repository as well as the validation of the signature according to the OSGi R4 specifications. A comparison of existing validation mechanisms shows that our security layer is the only one that is compliant with the specification.},
  author = {Pierre Parrend and St\'{e}phane Fr\'{e}not},
  booktitle = {First IEEE WoWMoM Workshop on Adaptive and DependAble Mission- and bUsiness-critical mobile Systems, Helsinki, Finland},
  file = {abs_all.jsp?isnumber=4351672&arnumber=4351681&count=140&index=8:http\://ieeexplore.ieee.org/xpls/abs_all.jsp?isnumber=4351672&arnumber=4351681&count=140&index=8:PDF},
  keywords = {OSGi Plattform, Component Publication and Deployment, dependable mobile systems, business critical execution environments},
  month = {June},
  timestamp = {2007.03.24},
  title = {Supporting the Secure Deployment of {OSGi} Bundles},
  url = {http://www.rzo.free.fr/parrend07sfelix.php},
  year = {2007}
}
@inproceedings{parrend06secuAnalysis,
  abstract = {Providing Services at Home has become over the last few years a very dynamic and promising technological domain. It is likely to enable wide dissemination of secure and automated living environments. We propose a methodology for identifying threats to Services at Home Delivery systems, as well as a threat analysis of a multi-provider Home Gateway architecture. This methodology is based on a dichotomous positive/preventive study of the target system: it aims at identifying both what the system must do, and what it must not do. This approach completes existing methods with a synthetic view of potential security flaws, thus enabling suitable measures to be taken. Security implications of the evolution of a given system become easier to deal with. A prototype is built based on the conclusions of this analysis},
  author = {Pierre Parrend and St\'{e}phane Fr\'{e}not},
  booktitle = {International Conference on Cryptography, Coding \& Information Security, CCIS 2006, November 24-26, Venice, Italy},
  file = {v16-53.pdf:http\://www.waset.org/pwaset/v16/v16-53.pdf:PDF},
  keywords = {Security requirements, Connected Home, OSGi, Sofware Components},
  month = {November},
  title = {A Security Analysis for Home Gateway Architectures},
  url = {http://www.rzo.free.fr/parrend06secuAnalysis.php},
  year = {2006}
}
@inproceedings{parrend07privacy,
  abstract = {Privacy mechanisms exist for monolithic systems. However, pervasive environments that gather user data to support advanced services provide little control over the data an individual releases. This is a strong inhibitor for the development of pervasive systems, since most users do not accept that their personal information is sent out to the wild, but potentially passed over to third party systems. We therefore propose a framework to support user control over the data made available to service providers in the context of an OSGi based Extensible Service Systems. A formal privacy model is defined and service and policy descriptions are deduced. Technical system requirements to support these policies are identified. Since guaranteeing privacy inside the system is of little help if any malicious entity can break into it, a security architecture for OSGi based Extensible Service Systems is also defined.},
  author = {Pierre Parrend and St\'{e}phane Fr\'{e}not and Sebastian Hoehn},
  booktitle = {Second IEEE International Workshop on Services Integration in Pervasive Environments (SIPE'2007)},
  file = {abs_all.jsp?arnumber=4283946:http\://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=4283946:PDF},
  keywords = {Privacy, Service Integration, OSGi Plattform},
  month = {July},
  title = {Privacy-Aware Service Integration},
  url = {http://www.rzo.free.fr/parrend07privacy.php},
  year = {2007}
}
@inproceedings{parrend07ibcrypto,
  author = {Pierre Parrend and Samuel Galice and St\'{e}phane Fr\'{e}not and St\'{e}phane Ubeda},
  booktitle = {IARIA International Conference on Emerging Security Information, Systemsand Technologies (SecurWare)},
  file = {abs_all.jsp?isnumber=4385294&arnumber=4385333&count=43&index=38:http\://www.ieeexplore.ieee.org/xpls/abs_all.jsp?isnumber=4385294&arnumber=4385333&count=43&index=38:PDF},
  keywords = {OSGi Plattform, Identity-Based Cryptography, Component Publication and Deployment, dependable mobile systems},
  month = {October},
  title = {Identity-Based Cryptosystems for Enhanced Deployment of {OSGi} Bundles},
  url = {http://www.rzo.free.fr/parrend07ibcrypto.php},
  year = {2007}
}
@inproceedings{pparrend06communities,
  author = {Pierre Parrend and Yvan Royon and Noha Ibrahim},
  booktitle = {1st IEEE International Workshop on Services Integration in Pervasive Environments, Lyon, France},
  file = {sipe06.pdf:http\://www.rzo.free.fr/publis/sipe06.pdf:PDF},
  keywords = {Service-Oriented Programming, Communities, Home Gateways, Component Systems},
  month = {June},
  title = {Service-Oriented Distributed Communities in Residential Environments},
  url = {http://www.rzo.free.fr/parrend06communities.php},
  year = {2006}
}
@inproceedings{royon2007bbeuope,
  absract = {When providing services to home users, management is a key activity. In-home devices, and especially the Residential Gateway, can use multiple management technologies for multiple management activities: read/write parameters, but also deploy, update, start and stop software components. This paper defines management realms around the Residential Gateway, where different actors perform different management activities, using different technologies. We propose techniques that integrate these technologies (TR-069, UPnP, NetConf and JMX). We also address transient issues related to security.},
  author = {Yvan Royon and Pierre Parrend and St\'{e}phane Fr\'{e}not and Serafeim Papastefano and Humberto Abdelnur and Dirk Van de Poel},
  booktitle = {BroadBand Europe},
  file = {BBEurope_2007_INR_Multi.pdf:http\://www.ist-muse.org/Documents/BBEurope2007/BBEurope_2007_INR_Multi.pdf:PDF},
  keywords = {Residential Gateways, TR-069, UPnP, NetConf, JMX},
  month = {December},
  title = {Multi-service, Multi-protocol Management for Residential Gateways},
  url = {http://www.rzo.free.fr/royon07bbeurope.php},
  year = {2007}
}