In our next ROC seminar, recently hired staff will present their current work on Tuesday, 28 October 2025, from 14:00 to 16:00.
Seminar Location: Room 35.1.53, 2 rue Conté, 75003 Paris, France
Speaker: Zeidan Braik
Title: DDRF: Dependency-Aware Dominant Resource Fairness for Multi-Tenant Systems
Abstract: Multi-resource allocation in network-congested scenarios, where demands exceed available capacity, is a challenge in multi-tenant systems, as there is no intuitive nor agreed approach on how much to allocate to each resource, when resources depend on each-other. Classical approaches such as Dominant Resource Fairness (DRF), which generalizes Max-Min Fairness (MMF) to multiple resources, assume linear dependencies across resources, requiring allocations to follow fixed proportions implied by tenants’ demands. However, this assumption may lead to inefficient allocations and resource waste, with allocated resources that go unused in practice. In this paper, we propose the Dependency-aware Dominant Resource Fairness (DDRF) policy, a centralized generalization of DRF that considers inter-resource dependencies: it equalizes active dominant shares of congested resources, preserving DRF’s desirable properties, while avoiding its inefficiency with low-demand tenants. We prove that DDRF always saturates at least one congested resource, ensuring Pareto efficiency and eliminating resource waste. We evaluate DDRF on Amazon EC2 traces; results show that it outperforms Dependency-Agnostic policies in effective tenant satisfaction by up to 60%, while improving Jain’s fairness index by up to 30% when compared with Utilitarian Dependency-Aware policy.
Bio: Zeidan Braik is currently a Ph.D. at Cédric, Cnam, Paris, France in distributed multi-objective optimization and protocols, he received his B.Sc. degree in mathematics from ANNU, Nablus, Palestine in 2021; the M.Sc. in Optimization at University Paris-Saclay, Orsay, France in 2023. His research interests are in convex and black-box optimization, operation research, reinforcement learning with application to fairness in network resource allocation.
Speaker: Thierry N’kouka
Title: Traffic Prediction Improvement in 5G and beyond: AI and Self-Controlled Components
Abstract: The advent of 5G and Beyond 5G (B5G) networks requires novel network management strategies to mitigate potential congestion. Traditional reactive approaches are inadequate as they address issues only post-occurrence, whereas proactive Artificial Intelligence (AI) powered methods can predict and optimize resource allocation. This paper leverages AI on 5G emulated datasets to forecast network traffic, facilitating proactive resource allocation. The experimental results however indicate suboptimal model performance due to the high variability, irregular patterns, sudden traffic bursts, noise, and inconsistent data distributions in the datasets. Our analysis revealed that these issues arise from uncoordinated background traffic, system operations, and random traffic-consuming activities, leading to underperforming model outcomes. Given these challenges, we have proposed a Self-Controlled Component (SCC)-based approach to ensure that high-quality data focused on user-origin traffic is fed into the selected AI models, thereby improving prediction accuracy and enhancing performance.
Bio: Thierry N’Kouka holds a master’s degree in computer networks and IoT Systems from the Conservatoire National des Arts et Métiers (Cnam) in Paris and is currently pursuing a PhD in Distributed Artificial Intelligence for IoT Architectures. His research focuses on leveraging distributed AI to design sustainable and scalable solutions for managing the growing complexity and demands of interconnected smart systems in IoT. It aims to address challenges such as device heterogeneity, resource constraints, and scalability.
Publication: Thierry Isaac N’kouka, Tatiana Aubonnet, Frédéric Lemoine, Mounir Kellil, Noëmie Simoni. Traffic Prediction Improvement in 5G and beyond: AI and Self-Controlled Components. 2025 12th IFIP International Conference on New Technologies, Mobility and Security (NTMS), Jun 2025, Paris, France. pp.213-216, 10.1109/NTMS65597.2025.11076981. hal-05172767
Speaker: Jacopo Bufalino
Title: Inside Job: Defending Kubernetes Clusters Against Network Misconfigurations
Abstract: Kubernetes has emerged as the de facto standard for container orchestration. Unfortunately, its increasing popularity has also made it an attractive target for malicious actors. Despite extensive research on securing Kubernetes, little attention has been paid to the impact of network configuration on the security of application deployments. This paper addresses this gap by conducting a comprehensive analysis of network misconfigurations in a Kubernetes cluster with specific reference to lateral movement. Accordingly, we carried out an extensive evaluation of 287 open-source applications belonging to six different organizations, ranging from IT companies and public entities to non-profits. As a result, we identified 634 misconfigurations, well beyond what could be found by solutions in the state of the art. We responsibly disclosed our findings to the concerned organizations and engaged in a discussion to assess their severity. As of now, misconfigurations affecting more than thirty applications have been fixed with the mitigations we proposed.
Bio: Jacopo is a security researcher working on cloud and supply chain security. He is also a doctoral candidate at Aalto University.
Publication: Jacopo Bufalino, Jose Luis Martin Navarro, Mario Di Francesco, Tuomas Aura. Inside Job: Defending Kubernetes Clusters Against Network Misconfigurations. CoNEXT, Dec 2025, 10.1145/3749220. hal-05230013
