International audienceThe AVANTSSAR Platform is an integrated toolset for the formal specification and automated validation of trust and security of service-oriented architectures and other applications in the Internet of Services. The platform supports application-level specification languages (such as BPMN and our custom languages) and features three validation backends (CL-AtSe, OFMC, and SATMC), which provide a range of complementary automated reasoning techniques (including service orchestration, compositional reasoning, model checking, and abstract interpretation). We have applied the platform to a large number of industrial case studies, collected into the AVANTSSAR Library of validated problem cases. In doing so, we unveiled a number of problems and vulnerabilities in deployed services. These include, most notably, a serious flaw in the SAML-based Single Sign-On for Google Apps (now corrected by Google as a result of our findings). We also report on the migration of the platform to industry
Behavioral and targeted profiling of users is an important task in marketing and in the advertising industry. Being able to match a given user profile to an advertising that leads to effective purchases is challenging because of a very tiny proportion of users willing to purchase goods and thus monetize the advertising. With such proportions being less than one percent of the overall user population, efficient feature extraction and modeling techniques are required in order to capture and recognize the potential consumers. This paper proposes a new approach for modeling the observed behavior in a mobile advertising platform, where time related features are correlated with additional system level and campaign related performance statistics. We capture the temporal behavior with Hawkes processes and use the estimated parameters as additional features for predicting if a given user profile will be a revenue generating customer.
Abstract-Software-defined deployments are growing into data center and enterprise network infrastructures. The typical promises of software-defined networks (SDN) are improved time for market, decreased risk and operational costs for services, flexibility and unified management. However, little is known and shared about how to actually manage an SDN network, especially in localising underperforming network paths (what we call "troubleshooting"). We describe a novel approach to ease large network troubleshooting by leveraging SDN features and incorporating distributed monitoring of network traffic. We suggest SDN-RADAR, a tool that can help network administrators understand which is the most likely faulty network link. To the best of our knowledge this is the first troubleshooting solution that combines user-side performance measurements with network data extracted from the SDN controller.
Abstract:The recent and massive deployment of Voice over IP infrastructures had raised the importance of the VoIP security and more precisely of the underlying signalisation protocol SIP. In this paper, we will present a new attack against the authentication mechanism of SIP. This attack allows to perform toll fraud and call hijacking. We will detail the formal specification method that allowed to detect this vulnerability, highlight a simple usage case and propose a mitigation technique.
a b s t r a c tInnovative in-car applications provided on smartphones can deliver real-time alternative mobility choices and subsequently generate visual-manual demand. Prior studies have found that multi-touch gestures such as kinetic scrolling are problematic in this respect. In this study we evaluate three prototype tasks which can be found in common mobile interaction use-cases. In a repeated-measures design, 29 participants interacted with the prototypes in a car-following task within a driving simulator environment. Task completion, driving performance and eye gaze have been analysed. We found that the slider widget used in the filtering task was too demanding and led to poor performance, while kinetic scrolling generated a comparable amount of visual distraction despite it requiring a lower degree of finger pointing accuracy. We discuss how to improve continuous list browsing in a dual-task context.
Abstract-This paper presents a work in progress focused on facilitation of cross-cultural awareness between citizens of two European cities. We aim to engage visitors of telecom museums in Athens and Luxembourg to learn more about both cities by means of collaborative games played on multitouch tables. We also explore how live video-to-video streaming influences players' behaviour and collaboration with remote players.
Abstract. Alice&Bob notation is widely used to describe conversations between partners in security protocols. We present a tool that compiles an Alice&Bob description of a Web Services choreography into a set of servlets. For that we first compute for each partner an executable specification as prudent as possible of her role in the choreography. This specification is expressed in ASLan language, a formal language designed for modeling Web Services tied with security policies. Then we can check with automatic tools that this ASLan specification verifies some required security properties such as secrecy and authentication. If no flaw is found, we compile the specification into Java servlets that real partners can use to execute the choreography.
In this paper we present the DriveLab IVIS testing platform which allows for the same experiments to be conducted both under simulator and real car conditions. Other key aspects of DriveLab is that it is highly modular (therefore allowing the exchange or integration of different components) and that it supports more than one driver. For example we show that the same IVIS devices and scenario can be used with two different 3D engines. The paper provides a technical overview and a brief example of use.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.