Scientist who joined IRISA 2017 Institut de Recherche en Informatique et Systèmes Aléatoires Olivier ZENDRA CR (Inria) D4 -Language And Software Engineering (LSE) TAMIS Short BIO Olivier Zendra is new member of the Tamis team. His research focused on the analysis and transformation of programs, which he developed in the context of compilation and optimization, memory management and automatic garbage collection, impact of the hardwaresoftware interface on performance, power and energy optimizations for embedded systems, software visualization and cybersecurity. The research projects he has worked on include SmartEiffel, The GNU Eiffel Compiler (formerly SmallEiffel), during his PhD, for which he was one of the two key designers and implementers during his PhD; the software part of the Open-PEOPLE (Open Power and Energy Optimization PLatform and Estimator) project; and the VITRAIL (Advanced, Immersive and Real-Time Visualisation Software) project. He received the PhD degree in computer science with highest honors in 2000 from the the Université Henri Poincaré of Nancy, France, on the compilation and optimization of objetoriented programs. He then worked a year as postdoctorate at McGill University, Canada, on optimization of Java (bytecode) programs. He joined Inria Nancy in 2002, where he worked in the Miro, Design and TRIO teams, extending his work to power and energy, and later program visualization. He joined the Tamis team of Irisa and Inria- Rennes working in cybersecurity in September 2016, moving to Rennes in August 2017. Olivier ZENDRA Short BIO Who am I ? Timeline 1971: Birth (from + ) 1995: « DEA » in CS 1995 - 1997: « Coopérant Scientifique » at UCSB 1997 - 2000: PhD in CS (Highest honors) 2001 - 2002: Postdoctorate at McGill University 2002 - 09/2016: CR2/1 at Inria Nancy 09/2016 - 09/2017 : CR1 in Tamis team Inria RBA (living in Lorraine ) 09/2017 - : CR1 in Tamis team Inria RBA (living in Brittany ) Olivier ZENDRA Research project 1. Prior Work Ø Program analysis and transformation § Low power/energy § Visualization of programs Compilation of OO languages § Eiffel (Small-/SmartEiffel) to C or to Java bytecode § Java bytecode to (optimized) Java bytecode § Type analysis § Code customization • Eg. Dynamic binding (-VFTs +BTDs) • Eg. Memory management (specialized M&S GC) Olivier ZENDRA Research project Prior Work § Program analysis and transformation Ø Low power/energy § Visualization of programs § Characterize / model the impact of HW architecture on optimisations § Bring low-level (HW) to high-level (SW) § SW and HW (compila6on, run6me) complete each other § Static and dynamic complete each other: • Static (offline): much larger context possible (lots of resources) • Dynamic (online): accurate run6me behavior § SPM (Scratch-pad Memory) Olivier ZENDRA Research project Prior Work § Program analysis and transformation § Low power/energy Ø Visualization of programs Java executions hot spots: methods order JavaC by occurrence numbered methods 401 200K bytecodes executed (samples of 2K bytecodes) Olivier Zendra - Tamis 13/09/2017 - 9 Olivier ZENDRA Research project Java executions hot spots: memory locations JavaC load/store by occurrence order 28825 memory locations numbered 200K bytecodes executed (samples of 2K bytecodes) Olivier ZENDRA Research project Java executions hot spots: memory allocation sites Soot (conversion of 5 .class files) numbered by occurrence order 1564 allocation instructions (new) Total allocated memory since execution start. 20940 KB; samples of 10 KB Olivier ZENDRA Research project VITRAIL: Visualisation Temps Réel, Avancée et Immersive de Logiciels § Goal: faster and better understanding of software and its behavior for developer § Idea: shatter limits of 2D textual development § Means: • Program analyses • Advanced (immersive) (real-time) visualization of software Olivier ZENDRA Research project pcgen, 1126 classes, modified Treemap. From « Visualization-based Analysis of Quality for Large-scale Software Systems » by Langelier, Sahraoui and Poulin (Université de Montréal). Olivier ZENDRA Research project VITRAIL: dynamic calls visualization Calls in an execution of JEdit (Java JRE classes included). 2710 classes, 10870 edges representing 4 632 680 calls. City metaphor with nested layout. Olivier ZENDRA Research project 2. Integration into the Tamis team Ø Vulnerability analysis (Axis I) § Malware analysis (Axis II) § Research projects § Additional possibilities for future Techniques to discover SW vulnerabilities (I.2): • Static analyses (program structure) • Dynamic analyses (traces, behaviors) • Focus on code or memory • Work at C / Java / binary level • Intermediate representations: LLVM IR, Java bytecode Olivier ZENDRA Research project 2. Integration into the Tamis team § Vulnerability analysis (Axis I) Ø Malware analysis (Axis II) § Research projects § Additional possibilities for future Behavioral signature extraction (II.1): • Binary analysis • With de-obfuscation (unpacking, de-virtualization) • Extracting representative signatures from binary samples • System Call Dependency Graphs (SCDG) • For analysis and classification Olivier ZENDRA Research project 2. Integration into the Tamis team § Vulnerability analysis (Axis I) § Malware analysis (Axis II) Ø Research projects § Additional possibilities for future § EU ACANTO (2014-2018): secure communication system for autonomous system to drive people to POIs § Thales (2017-2019): analysis of vulnerabilities in IKEV2 protocol (Tristan Ninet’s PhD) § EU TeamPlay (2018-2020, coordination): Non-functional properties as first class citizens. Focus on power/energy & security. § MASSE (2017-2019): extraction of malware syntactic signatures (Alexander Zhdanov’s PhD) Olivier ZENDRA Research project 2. Integration into the Tamis team § Vulnerability analysis (Axis I) § Malware analysis (Axis II) § Research projects Ø Additional possibilities for future § Power/energy leveling to prevent information leakage • Side-channel attack prophylaxis § Visualization for security • Software security properties • Security events • Overall runtime behavior § Self-modifying program code • Defensive, self-healing .