Fehmi Jaafar

• PhD
• Professor (Associate) at Université du Québec à Chicoutimi

Artificial intelligence (AI) is revolutionizing many aspects of our lives, except it raises fundamental safety and ethical issues. In this survey paper, we review the current state of research on safe and trustworthy AI. This work provides a structured and systematic overview of AI safety. In which, we emphasize the significance of designing AI sys...

Connected objects are one of the most important vectors for the collection of personal data. With the increase in data volumes, we are observing an increase in network vulnerabilities and data breaches.Data-centric security (DCS) and its related protocols such as the NATO STANAG 4774 have become a suited approach to address diverse data protection...

The concept behind IoT is as powerful as it is complex, and for the entities and modules in the IoT solution to mesh together perfectly, they all must be part of a well-thought-out structure. That is where accomplishing a deep understanding, IoT architecture becomes paramount given the complexity of IoT domains and platforms. In this paper, we pres...

Distributed Machine Learning refers to the practice of training a model on multiple computers or devices that can be called nodes. Additionally, serverless computing is a new paradigm for cloud computing that uses functions as a computational unit. Serverless computing can be effective for distributed learning systems by enabling automated resource...

Machine Learning Operations (MLOps) is an approach to managing the entire lifecycle of a machine learning model. It has evolved over the last years and has started attracting many people in research and businesses in the industry. It supports the development of machine learning (ML) pipelines typical in the phases of data collection, data pre-proce...

Data privacy issues and regulations are on the rise. Privacy and transparency concerns are quickly defining a new era in data management and service operation across applications, platforms and industries. With a continuous flow of revisited privacy laws worldwide, adopted in different regulations such as the General Data Protection Regulation (GDP...

During software evolution, inexperienced developers may introduce design anti-patterns when they modify their software systems to fix bugs or to add new functionalities based on changes in requirements. Developers may also use design patterns to promote software quality or as a possible cure for some design anti-patterns. Thus, design patterns and...

Medical data tampering has become one of the main challenges in the field of secure-aware medical data processing. Forgery of normal patients’ medical data to present them as COVID-19 patients is an illegitimate action that has been carried out in different ways recently. Therefore, the integrity of these data can be questionable. Forgery detection...

Crypto-ransomware is a common type of malware that exploits software vulnerabilities of Internet accessible servers, end-user computers, and mobile devices. In this paper, the behavior of crypto-ransomware is empirically analyzed. We performed dynamic analysis of the ransomware in a virtual environment and the behavior of the malware represented us...

During software evolution, inexperienced developers may introduce design anti-patterns when they modify their software systems to fix bugs or to add new functionalities based on changes in requirements. Developers may also use design patterns to promote software quality or as a possible cure for some design anti-patterns. Thus, design patterns and...

Recent data breaches raise awareness about security vulnerabilities and their frequent presence in all types of software systems. Indeed, security bugs are one of the principal causes of security vulnerabilities in software systems as they can be exploited to gain unauthorized access within an information system. In this paper, we revisited one of...

Software requirements are naturally changing or evolving. Change-impact analysis (CIA) is an important technique to identify the source-code entities being affected by a change in requirements. It determines the consequences of changes in systems. Since the 1980s, researchers have studied the impact of changes in mono-language systems, but, to the...

Nowadays, developers are often using multiple programming languages to exploit the advantages of each language and to reuse code. However, dependency analysis across multi-language is more challenging compared to mono-language systems. In this paper, we introduce two approaches for multi-language dependency analysis: S-MLDA (Static Multi-language D...

Over the past two decades, the Internet of Things (IoT) has become an underlying concept to a variety of solutions and technologies that it is now hardly possible to enumerate and describe all of them. The concept behind the Internet of Things is as powerful as it is complex, and for the components in the IoT solution tomesh together perfectly, the...

A number of solutions have been proposed to secure the Border Gateway Routing (BGP) protocol by validating BGP update path and origin information. These solutions make use of centralized database, centralized Public Key Infrastructure (PKI) and some conventional PGP variants as their security mechanism. These solutions are prone to successful attac...

Context prediction is a promoting research topic with a lot of challenges and opportunities. Indeed, with the constant evolution of context-aware systems, context prediction remains a complex task due to the lack of formal approach. In this paper, we propose a new approach to enhance context prediction using a probabilistic temporal logic and model...

A widely used application layer protocol for IoT communication is Message Queue Telemetry Transport (MQTT) protocol. The provision of security in MQTT protocol is an essential concern in IoT applications. In this paper, we show how the conventional secure MQTT protocol is vulnerable to cipher attack. Then, we present a novel approach to improve the...

In the Internet of Things architecture, devices are frequently connected to the Internet either directly or indirectly. However, many IoT devices lack built-in security features such as device level encryption, user authentication and basic firewall protection. This paper discusses security risks in the layers of Internet of Things general architec...

There are various possible mechanisms for updating potentially vulnerable and exploitable software and firmware on Internet connected devices. Due to their well-known benefits, delta updates have become a common way of updating software. Recently, several authors proposed the use of blockchain technology to update software and firmware. While both...

Cross-site scripting (XSS) is a scripting attack targeting web applications by injecting malicious scripts into web pages. Blind XSS is a subset of stored XSS, where an attacker blindly deploys malicious payloads in web pages that are stored in a persistent manner on target servers. Most of the XSS detection techniques used to detect the XSS vulner...

Crypto-ransomware is a family of commonly seen malware that exploits software vulnerabilities of Internet accessible servers, end user computers and mobile devices. In this paper, behavior of crypto-ransomware is analyzed. Dynamic analysis of the ransomware was performed in a virtual environment and the resulting behavior of the malware was represe...

Web browser fingerprinting is a common technique to identify individual users or devices. However, exploitation of the web browser fingerprinting vulnerability in corporate environments that can lead to unauthorized data leakage has not been adequately explored. In this paper, we propose and examine an enhanced way of web browser fingerprinting tha...

Cloud computing relies on sharing computing resources rather than having local servers or personal devices to handle applications. Nowadays, cloud computing has become one of the fastest growing fields in information technology. However, several new security issues of cloud computing have emerged due to its service delivery models. In this paper, w...

In software engineering, a smell is a part of a software system's source code with a poor quality and that may indicate a deeper problem. Although many kinds of smells have been studied to analyze their causes, their behavior, and their impact on software quality, those smells typically are studied independently from each other. However, if two sme...

Change patterns describe two or more files were often changed together during the development or the maintenance of software systems. Several studies have been presented to detect change patterns and to analyze their types and their impact on software quality. In this context, we introduced the Asynchrony change pattern to describes a set of files...

Internet users are often victimized by malicious attackers. Some attackers infect and use innocent users' machines to launch large-scale attacks without the users' knowledge. One of such attacks is the click-fraud attack. Click-fraud happens in Pay-Per-Click (PPC) ad networks where the ad network charges advertisers for every click on their ads. Cl...

Information systems are designed to present services and functionalities for multiple users. Thus, it is used to have on one information system different levels of privilege for different users. Privileges describe what a user is permitted to do such as viewing files, modifying or deleting data. Privilege escalation takes place when a user gets acc...

Cloud computing relies on sharing computing resources rather than having local servers or personal devices to handle applications. Nowadays, cloud computing has become one of the fastest growing fields in information technology. However, several new security issues of cloud computing have emerged due to its service delivery models. In this paper, w...

Cloud computing relies on sharing computing resources rather than having local servers or personal devices to handle applications. Nowadays, cloud computing has become one of the fastest growing fields in information technology. However, several new security issues of cloud computing have emerged due to its service delivery models. In this paper, w...

On the one hand, design patterns are solutions to recurring design problems, aimed at increasing reuse, flexibility, and maintainability. However, much prior work found that some patterns, such as the Observer and Singleton, are correlated with large code structures and argued that they are more likely to be fault prone. On the other hand, anti-pat...

Software evolution and development are continuous activities that have a never-ending cycle. While developers commit changes on a software system to fix bugs or to implement new requirements, they sometimes introduce anti-patterns, which are bad solutions to recurring design problems in the system. Many previous studies have shown that these anti-p...

Ideally, any change that modifies the similar parts of a cloned code snippet should be propagated to all its duplicates. In practice however, consistent propagation of changes in clones does not always happen. Current evidence indicates that clone families have a 50% chance of having consistent changes. This paper measures cloning and co-changes at...

Software maintenance accounts for the largest part of the costs of any program. During maintenance activities, developers implement changes (sometimes simultaneously) on artifacts in order to fix bugs and to implement new requirements. To reduce this part of the costs, previous work proposed approaches to identify the artifacts of programs that cha...

Ideally, any change that modifies the similar parts of a cloned code snippet should be propagated to all its duplicates. In practice however, consistent propagation of changes in clones does not always happen. Current evidence indicates that clone families have a 50% chance of having consistent changes. This paper measures cloning and co-changes at...

Anti-patterns are motifs that are usually thought to be good solutions tosome design or implementation problems, but back-fires badly when applied. Previousstudies have reported that anti-patterns make object oriented systems hard tomaintain. Anti-patterns motifs usually have dependencies with other classes in thesystem. In this paper, we propose t...

Anti-patterns describe poor solutions to design and implementation problems which are claimed to make object oriented systems hard to maintain. Anti-patterns indicate weaknesses in design that may slow down development or increase the risk of faults or failures in the future. Classes in anti-patterns have some dependencies, such as static relations...

Requirements traceability (RT) links requirements to the corresponding source code entities, which implement them. Information Retrieval (IR) based RT links recovery approaches are often used to automatically recover RT links. However, such approaches exhibit low accuracy, in terms of precision, recall, and ranking. This paper presents an approach...

Over the years, many researchers have studied the evolution and maintenance of object-oriented source code in order to understand the possibly costly erosion of the software. However, many studies thus far did not link the evolution of classes to faults. Since (1) some classes evolve independently, other classes have to do it together with others (...

The literature describes several approaches to identify the artefacts of programs that evolve together to reveal the (hidden) dependencies among these artefacts and to infer and describe their evolution trends. We propose the use of biological methods to group artefacts, to detect co-evolution among them, and to construct their phylogenic trees to...

The literature describes several approaches to identify the artefacts of programs that change together to reveal the (hidden) dependencies among these artefacts. These approaches analyse historical data, mined from version control systems, and report co-changing artefacts, which hint at the causes, consequences, and actors of the changes. We introd...