09:00 - 09:05 - Introduction
09:05 - 09:30 - Mario Couture, The Poly-Tracing Project, DRDC Perspective
09:30 - 09:45 - Michel Dagenais, École Polytechnique de Montréal
Title: Project Overview (slides)
Overview of the Tracing and Monitoring Multi-core Distributed Systems project. Achievements in each track, short term plans and longer term future research.
09:45 - 10:05 - State History System
Alexandre Montplaisir (slides)
A final update on the new State System for trace viewers like TMF. We will also present the partial history. This new option allows for important reductions in disk space usage while maintaining logarithmic performance.
10:05 - 10:25 - Naser Ezzati
Title: Multi level trace events linking, storage and display (slides)
This presentation investigates making link between different levels of information and discuss the problem in detail and some possible solutions for that.
10:25 - 10:40 - Break
10:40 - 11:15 - Université Laval
Overview about the work done in Anomaly-Based detection and Policy-Based techniques. (slides)
11:15 - 12:00 - Université Concordia: Abstraction of user space traces
12:00 - 13:00 - Lunch
Lunch will be provided at Polytechnique
Room - L4812
13:00 - 13:40 - LTTng 2.0 + LTTngtop (David+Mathieu+Julien+Yannick)
13:40 - 14:10 - Eclipse
Matthew Khouzam (slides(PDF))
The TMF platform will be explored with this questions and answers. New views will be explored and we will discuss how to help the research projects most effectively.
14:10 - 14:40 - Host-based anomaly detection techniques (Concordia)
14:40 - 15:25 - UOttawa - Model-Directed Tracing
Title: War stories and advances in nmoel-directed tracing
Description: Recent progress, including discussion of state machine code generation, and inserting trace directives into state machines.
15:25 - 15:40 - Break
15:40 - 15:55 - Rafik Fahem
Efficient dynamic and static tracepoints in kernel space: (slides)
15:55 - 16:10 - Francis Giraldeau
Title: Dependency analysis of userspace applications from kernel trace
Description: Understanding the runtime behavior of a distributed application may be challenging. We propose to apply the Critical Path Method on a kernel trace to recover the execution graph of an application. The method to compute the critical path from the execution graph will be presented. Related and future work will be discussed.
16:10 - 16:30 - Masoume Jabarrifar
Title: Multi-level, Multi-core Distributed Trace Synchronization
16:30 - 16:50 - Alireza Shameli Sendi
Title: System Health Monitoring and Proactive Response Activation
Response cost evaluation is a major part of the Intrusion Response System (IRS). Although many automated IRSs have been proposed, most of them use statically evaluated responses, avoiding the need for dynamic evaluation of response cost. However, by designing a dynamic evaluation for the responses we can alleviate the drawbacks of the static model. Furthermore, it will be more effective at defending a system from an attack as it will be less predictable. A dynamic model offers the best response based on the current situation of the network. Thus, the evaluation of the positive effects and negative impacts of the responses must be computed online, at attack time, in a dynamic model. We evaluate the response cost online with respect to the resources dependencies, the number of online users, and user’s privilege level.
In this presentation, we present a practical model with relevant factors for response cost evaluation. The proposed model is a platform that leads us to account for the user’s need in terms of quality of services (QoS) and the dependencies of critical processes. Compared with other response evaluation models, the proposed model consists of not only a novel online mechanism for response cost evaluation in complex network
topologies, but also the more detailed factors to evaluate positive effects and negative impacts. In addition, we discuss the main challenges to evaluate response costs with respect to the attack type.
16:50 - 17:00 - Conclusion