Marc Lacoste

• PhD in Computer Science (University of Grenoble, France); Engineering Degrees from Ecole Polytechnique and Télécom ParisTech.
• Senior Researcher at Orange Labs

Replicated state machine is a fundamental concept used for obtaining fault tolerant distributed computation. Legacy distributed computational architectures (such as Hadoop or Zookeeper) are designed to tolerate crashes of individual machines. Later, Byzantine fault-tolerant Paxos as well as self-stabilizing Paxos were introduced. Here we present fo...

The cloud model is rapidly evolving, with maturing intercloud architectures and progressive integration of sparse, geodistributed resources into large datacenters. The single-provider administrative barrier is also increasingly crossed by applications, allowing new verticals to benefit from the multicloud model. For instance, in home healthcare sys...

This paper presents the architecture for a self-stabilizing hypervisor able to recover itself in the presence of Byzantine faults regardless of the state it is currently in. Our architecture is applicable to wide variety of underlying hardware and software and does not require augmenting computers with special hardware. The actions representing def...

End-to-end security is one of the biggest challenges for mobile clouds today: mobile cloud computing may mean the worst of cloud and device worlds regarding threats. Unfortunately, previous solutions considered the problem from one end only, lacking device-to-cloud virtual organizations (VOrgs), end-to-end VOrg isolation, and automated security sup...

Strong user expectations for protecting their cloud-hosted IT systems make enhanced security a key element for cloud adoption. This means that cloud infrastructure security should be guaranteed, but also that security monitoring services should be correctly designed to protect the user Virtual Machines (VMs), using Intrusion Detection and Preventio...

Nested virtualization [1] provides an extra layer of virtualization to enhance security with fairly reasonable performance impact. Usercentric vision of cloud computing gives a high-level of control on the whole infrastructure [2], such as untrusted dom0 [3, 4]. This paper introduces RetroVisor, a security architecture to seamlessly run a virtual m...

Security is a growing concern as it remains the last barrier to widespread adoption of cloud environments. However, is today’s cloud security Lucy in the Sky with Diamonds? Expected to be strong, flexible, efficient, and simple? But surprisingly, being neither? A new approach, making clouds self-defending , has been heralded as a possible element o...

Self-protection has recently raised growing interest as possible element of answer to the cloud computing infrastructure protection challenge. Faced with multiple threats and heterogeneous defense mechanisms, the autonomic approach proposes simpler, stronger, and more efficient cloud security management. Yet, previous solutions fall at the last hur...

Recently, some of the most potent attacks against cloud computing infrastructures target their very foundation: the hypervisor or Virtual Machine Monitor (VMM). In each case, the main attack vector is a poorly confined device driver in the virtualization layer, enabling to bypass resource isolation and take complete infrastructure control. Current...

This paper describes a flexible approach to manage autonomically cloud resource isolation between different layers of an IaaS infrastructure, reconciling computing and network views. The corresponding framework overcomes fragmentation of security components and automates their administration by orchestrating different autonomic loops, vertically (b...

Our society is becoming increasingly more IT-oriented, and the images and sounds that reflect our daily life are being stored mainly in a digital form. This digital personal life can be part of the home multimedia contents, and users demand access and possibly share these contents (such as photographs, videos, and music) in an ubiquitous way: from...

Network and device heterogeneity, nomadic mobility, intermittent connectivity and, more generally, extremely dynamic operating conditions, are major challenges in the design of security infrastructures for pervasive computing. Yet, in a ubiquitous computing environment, limitations of traditional solutions for authentication and authorization can b...

This paper presents VSK, a lightweight adaptable OS authorization architecture suitable for self-protection of pervasive devices. A virtual management plane, separate from execution resources, is defined for full run-time control by applications of their execution environment. This plane also performs non-invasive and yet effective authorization th...

This paper describes a first proposal towards a Quality of Experience (QoE) model and framework for home network services. This model aims at mapping efficiently the user preferences to the home resources, including network and devices, so as to maximize the quality perceived by the user. First-class citizen home services considered are of multimed...

Although highly promising to meet the challenges of pervasive network security, self-managed protection has been little addressed in this setting. This paper adopts a policy-based management approach to the problem, and presents a policy-driven security framework called ASPF. Enforced authorization policies in a device are adapted according to the...

Existing self-protection frameworks so far hardly addressed the specification of autonomic security adaptation strategies which guide risk-aware selection or reconfiguration of security mechanisms. Domain-Specific Languages (DSL) present many benefits to achieve this goal in terms of simplicity, automated strategy verification, and run-time integra...

Current pervasive systems tend to consider security and QoS separately, ignoring the influence of each aspect on the other. This paper presents an adaptation model based on selection of component compositions enabling to capture dynamic and fine-grained trade-offs between both QoS and security in those systems. The model is multi-constraints and ut...

By introducing context-awareness in the system layer, pervasive computing is a turning point in OS design. Device mobility and dynamicity of situations raise strong challenges for run-time adaptability of embedded software, while at the same time inducing new, serious threats to device security. Paradoxically, due to the multiplicity of protection...

Protection should fundamentally be flexible for devices roaming in Beyond 3G networks. In this federation of heterogeneous access networks, each sub-network comes with its own security requirements, policies, and protocols. Foundational element of device security, the embedded OS itself, should become adaptable to make it possible to tune its prote...

Security management for pervasive networks should be fundamentally flexible. The dynamic and heterogeneous character of these environments requires a security infrastructure which can be tailored to different operating conditions, at variable levels of granularity, during phases of design, deployment, and execution. This is possible with a componen...

Component-Based Software Engineering (CBSE) does not yet fully address non-functional requirements of embedded systems. To reach this goal, we show how to extend a component model like FRACTAL with relevant abstractions such as threads, protection rings, or security domains. The FRACTAL Architecture Description Language (ADL) is extended by means o...

Ubiquitous environments both require strong and yet flexible protection, due to their highly dynamic character, and to the diversity of their security requirements. Autonomic security provides an elegant solution to the problem by applying the idea of flexibility to the security space itself, and automating reconfiguration of the protection mechani...

The unpredictable fluctuations in computing resources, contexts, and user preferences that characterize pervasive environments have stressed the need for context-aware self-adaptive systems. So far, this research area mostly dealt exclusively with concerns related either to standard QoS or to security. Taking into account trade-offs between these t...

In Systems Beyond 3G, protection fundamentally needs to be flexible. Due to heterogeneity of access networks and mobile devices, multiple security requirements (e.g., cryptographic algorithms, network security policies) must be addressed. The security infrastructure must also be reconfigurable (e.g., system patches to defeat new attacks) to cope wi...

We propose a software framework that augments context data with a range of assorted confidence/reputation metadata for dimensions such as security, privacy, safety, reliability, or precision, defined according to a generic context confidence ontology. These metadata are processed through the network of federated distributed software services that s...

In ubiquitous computing, the main security challenges arise from network heterogeneity and from a dynamic population of nomadic users and limited devices. For these environments, security infrastructures based on traditional PKIs present a number of major drawbacks: limited scalability and reconfigurability, static vision of trust, and high adminis...

We present a Java software framework for building infrastructures to support the development of applications for systems where mobility and network awareness are key issues. The framework is particularly useful to develop run-time support for languages oriented towards global computing. It enables platform designers to customize communication proto...

We describe the architecture and the implementation of the MIKADO software framework, that we call IMC (Implementing Mobile Calculi). The framework aims at providing the programmer with primitives to design and im- plement run-time systems for distributed process calculi. The paper describes the four main components of abstract machines for mobile...

Abstract We describe the architecture and the implementation of the MIKADO software framework, that we call IMC (Implementing Mobile Calculiand show how it can be used. The framework,aims at providing the programmer,with primitives to design and implement,run-time systems for distributed process cal- culi. The document,describes the four main compo...

This paper presents the formal specification of an abstract machine or the M-calculus, a new distributed process calculus. The M-calculus can be understood as an extension of the Join calculus that realizes an original combination of the following features: programmable localities, higher-order functions and processes, process mobility, and dynamic...

With the expansion of mobility in communication technologies, the increasing individual audio solicitations require a definition of priorities in audio information. A new concept called superphony is identified which improves communication abilities by reconstructing an audio sphere around each user and filtering audio information based on user and...

Building reliable distributed infrastructures still re-mains a challenge. Two separate and slowly diverg-ing visions for solutions have emerged: the first re-lies upon an implementation-based approach of to-day's now mature middleware object technologies, of-ten without much concern for the underlying theoreti-cal foundations. The second focuses on...

Building reliable distributed applications involving multiple concerns such as security, fault-tolerance or real-time properties still remains a challenge. A "provably correct" formal approach, i.e., using a carefully designed model with a well-defined semantics and an implementation that strictly conforms to the model, bringing obvious benefits in...

We present some issues relevant to the design of a secure platform for distributed mobile computing, that goes beyond existing ad-hoc approaches to software mobility. This platform aims to support wide-area computing applications such as active network infrastructures or network supervision tools. Our contribution is two-fold: the first part of the...

Ce document présente une analyse comparative de divers langages prototypes et modèles formels existants pour la mobilité de code. Trois aspects sont retenus pour cette étude: la distribution, la mobilité, et la sécurité. L'étude est également structurée autour de la notion de domaine qui nous semble centrale dans ces langages et modèles, et illustr...

The notion of security membrane appears as an emerging concept in the design of secure languages for global computing. Membranes separate the computational behavior of a site from the security code controlling access to site-located resources. We provide a survey of some of the challenges which arise when trying to implement security membranes in a...

In systems Beyond 3G, protection fundamentally needs to be flexible. Due to heterogeneity of access networks and mobile devices, multiple security requirements must be addressed (e.g., to support different cryptographic algorithms or network security policies). The infrastructure must also be reconfigurable to cope with extremely dynamic conditions...

Abstract This document presents a comparative analysis of various models and languages for mobile code, incorporating some notion of site or more generally of domain. These models and languages will be referred to as distributed mobile calculi. Our study will focus on three aspects of these calculi: distribution, mobilityand security. Moreover,it w...

Despite its potential to tackle many security challenges of large-scale systems such as pervasive networks, self-managed protection has been little explored. This paper addresses the problem from a policy management perspective by presenting a policy-driven framework for self-protection of pervasive systems called ASPF (Autonomic Security Policy Fr...