Cédric Bonhomme

This paper presents VLAI, a transformer-based model that predicts software vulnerability severity levels directly from text descriptions. Built on RoBERTa, VLAI is fine-tuned on over 600,000 real-world vulnerabilities and achieves over 82% accuracy in predicting severity categories, enabling faster and more consistent triage ahead of manual CVSS scoring. The model and dataset are open-source and integrated into the Vulnerability-Lookup service.

There are many solutions to cover risk assessment: from big software solutions to standalone applications – even based on spreadsheets. A risk assessment takes a significant amount of time and becomes expensive rather quickly resulting in the impossibility for small companies to perform such an analysis. MONARC aims to make performing more accessible through optimisations and sharing. Each of these reduce the time needed to perform such an assessment and subsequently, money. Finally, after the… Voir plus

There are many solutions to cover risk assessment: from big software solutions to standalone applications – even based on spreadsheets. A risk assessment takes a significant amount of time and becomes expensive rather quickly resulting in the impossibility for small companies to perform such an analysis. MONARC aims to make performing more accessible through optimisations and sharing. Each of these reduce the time needed to perform such an assessment and subsequently, money. Finally, after the development of the tool, MONARC has been released as open source software (GNU Affero General Public License version 3). In this paper, we will introduce MONARC, the optimisation and sharing features. The presentation will include a live demo of the introduced features. Voir moins

Carpooling consists in sharing one's personal vehicles with one or several passengers in order to share the related costs but also reduce traffic and CO 2 emissions. One of the main issues with such a service is that it requires a prior agreement between the driver and the potential passengers. Dynamic carpooling uses an IT system to remove this limitation and provide ways to react to events such as a traffic jam or to provide a precise evaluation of the cost of the trip for each of the… Voir plus

Carpooling consists in sharing one's personal vehicles with one or several passengers in order to share the related costs but also reduce traffic and CO 2 emissions. One of the main issues with such a service is that it requires a prior agreement between the driver and the potential passengers. Dynamic carpooling uses an IT system to remove this limitation and provide ways to react to events such as a traffic jam or to provide a precise evaluation of the cost of the trip for each of the involved actors. But it requires accessing potentially sensitive information such as the real time users' position or their identity. As such, an efficient security mechanism should be implemented to protect data exchanged to provide the service but also to increase the users' confidence in the tool. This article presents a technological IT solution for dynamic carpooling mobility service based on a secure multi-agent platform in the context of the WiSafeCar (Wireless Traffic Safety Network between Cars) project. It mainly focuses on the security services allowing both the mutual authentication of the users and of the application components with the system. Voir moins

This paper first analyzes the current gap in the literature in security assurance. It then proposes new metrics for the appraisal of security assurance at runtime. Our metrics are based on key concepts pertinent to gaining confidence on a security mechanism to meet its functions. Such parameters include: security correctness; security effectiveness and the quality of the security verification process. Validation of our approach has been achieved through tool implementation, and application to… Voir plus

This paper first analyzes the current gap in the literature in security assurance. It then proposes new metrics for the appraisal of security assurance at runtime. Our metrics are based on key concepts pertinent to gaining confidence on a security mechanism to meet its functions. Such parameters include: security correctness; security effectiveness and the quality of the security verification process. Validation of our approach has been achieved through tool implementation, and application to another of security components including firewall, DNS and antivirus. Voir moins

In Multi-Agent Systems (MAS), Organizations are means to structure cooperation and collaboration between agents. MoiseInst is a normative Organization model giving the possibility to constraint agents behavior according to four dimensions (structural, functional, contextual and normative). Mabeli as Electronic Institution model allows the supervision of MoiseInst Organizations compliance through an arbitration system. The difficulty is to easily instantiate such Organizations to obtain a… Voir plus

In Multi-Agent Systems (MAS), Organizations are means to structure cooperation and collaboration between agents. MoiseInst is a normative Organization model giving the possibility to constraint agents behavior according to four dimensions (structural, functional, contextual and normative). Mabeli as Electronic Institution model allows the supervision of MoiseInst Organizations compliance through an arbitration system. The difficulty is to easily instantiate such Organizations to obtain a dynamic entity in which agents can evolve. In this paper we introduce Utopia, our Institution-oriented and Institution-based programming framework. Utopia permits to easily and automatically set up a MAS thanks to a XML MoiseInst Specification file. The framework convert this file into an innovative mathematical structure namely a recursive graph. We show a concrete application of the prototype through RED, an EUREKA/CELTIC European project use-case. Voir moins

The paper provides a global architectural and decision support solution for a reaction after alert detection mechanisms in the frame of information systems security applied to telecom infrastructures. Therefore, the architecture is developed in a distributed perspective and is composed of three basic layers: the low level that constitutes the interface between the architecture and the infrastructure. The intermediate level that is responsible of correlating the alerts coming from different… Voir plus

The paper provides a global architectural and decision support solution for a reaction after alert detection mechanisms in the frame of information systems security applied to telecom infrastructures. Therefore, the architecture is developed in a distributed perspective and is composed of three basic layers: the low level that constitutes the interface between the architecture and the infrastructure. The intermediate level that is responsible of correlating the alerts coming from different domains of the infrastructure and to deploy the reaction actions. The architecture is elaborated using a MAS associated to the OntoBayes model for decision mechanism. This model helps agents to make decisions according to preference values and is built upon ontology based knowledge sharing, Bayesian networks based uncertainty management and influence diagram. The major novelty of this Decision Support System is the layered view of the infrastructure thanks to MAS architecture, which enables the decision making with different levels of knowledge. Voir moins

International Conference on Society and Information Technologies (ICSIT 2010), Orlando, Florida

Electric power consumption is dependent on weather conditions. In most of the EU countries, power distribution is often subject to failure and it is frequent for the population to suffer power blackout. Within the solutions, deployed in order to avoid or face that problem, the public notification of blackout risks for a target region and the demand for reduced consumption are both interesting… Voir plus

International Conference on Society and Information Technologies (ICSIT 2010), Orlando, Florida

Electric power consumption is dependent on weather conditions. In most of the EU countries, power distribution is often subject to failure and it is frequent for the population to suffer power blackout. Within the solutions, deployed in order to avoid or face that problem, the public notification of blackout risks for a target region and the demand for reduced consumption are both interesting alternatives. This last solution is very basic but whatever meaningful. Consequently, automatic notification of cold weather and power distribution risks appears to provide many advantages especially when the alert is associated with the decision mechanism and supported by dynamic and virtual communication channels. In this paper, we introduce a solution to broadcast weather alerts using MAS architecture associated with a Crisis Management enhanced XACML technology. This solution fosters the exploitation of a multi-layer approach required to be aligned with contextual constraints. In parallel, a decisional system allows managing the broadcasting of alert based on their utility for the population, as well as for the industry. The case study used to illustrate the feasibility of our approach exploiting weather and electric parameters and do not reflect the full constraints of any existing infrastructure in operation. Voir moins

In Multi-Agent Systems, Organizations are means to structure cooperation and collaboration between agents. MoiseInst is a normative Organization model giving the possibility to constraint agents behaviour according to four dimensions (structural, functional, contextual and normative). Mabeli as Electronic Institution model allows the supervision of MoiseInst Organizations compliance through an arbitration system. The difficulty is to easily instantiate such Organizations to obtain a dynamic… Voir plus

In Multi-Agent Systems, Organizations are means to structure cooperation and collaboration between agents. MoiseInst is a normative Organization model giving the possibility to constraint agents behaviour according to four dimensions (structural, functional, contextual and normative). Mabeli as Electronic Institution model allows the supervision of MoiseInst Organizations compliance through an arbitration system. The difficulty is to easily instantiate such Organizations to obtain a dynamic entity in which agents can evolve. In this paper we introduce Utopia, our Institution-oriented and Institution-based programming framework. Utopia permits to easily and automatically set up a MAS thanks to a XML MoiseInst Specification file. The framework convert this file into an innovative mathematical structure namely a recursive graph, and solve several optimization problems in order to compute the most efficient role distribution. We show a concrete application of the prototype through RED, an EUREKA/CELTIC European project use-case. Voir moins

Power distribution constitutes a critical service for our economy. To foreseen electricity overload and risks of power blackout according to external perturbations such as the weather, the temperature or the barometric pressure in real time is a crucial challenge. In order to face those problems, research tends to involve consumers in the utilization of the electricity based on weather conditions. Our previous works had proposed an agent based architecture to support this alert mechanism. The… Voir plus

Power distribution constitutes a critical service for our economy. To foreseen electricity overload and risks of power blackout according to external perturbations such as the weather, the temperature or the barometric pressure in real time is a crucial challenge. In order to face those problems, research tends to involve consumers in the utilization of the electricity based on weather conditions. Our previous works had proposed an agent based architecture to support this alert mechanism. The architecture exploited a static assignment of functions to agents. That static assignment was a weak point because isolating an agent or breaking the communication channel between two of them created serious damage on the crisis management. In this paper, we complete our previous works and make mobile the assignment of functions mobile for agents. Our approach exploits the concept of agent responsibility that we dynamically assigned to the agent taking into consideration the agent reputation. Voir moins