Guy-Vincent Jourdan

Areas of interest

My main areas of interest in research loosely include formal methods, software modelling, software testing, software security, distributed systems, Rich Internet Applications and mobile applications. That is a wide and seemingly unconnected range of topics. I actually see it as only three separated areas of research.

Software modelling and testing

It has been until recently my main area of research. I am interested in using formal methods (discrete systems, finite state machines, partially ordered sets etc.) to create a model of a software system, concurrent or not, and use this model to help building and testing an implementation.

My most recent work is on the automatic inference of models for Rich Internet Applications (that is, a Web application that combines synchronous and asynchronous communications with the back-end Web server, for example using Ajax calls, and for which the client states are not simply defined by the current URL). Building such a model is necessary for Web page indexing, and can also be used for example for automated security and usability testing [C32, C37]. My research group, the Software Security Research Group, had been working intensively on this question. We have introduced the concept of "Model-Based Crawling" [J17, J18, C35, C38 , C44 etc.], where a formal meta-model is used to infer the model of the application more efficiently. We have also been working extensively on distributed algorithms for crawling RIAs [C45, C48, C49 , C51] and a new technique called "Component-Based Crawling" [C50].

On the testing side, I have done some work on checking sequences [J11, C31, C28, C21, C13]. With my colleague Hűsnű Yenigűn and our co-supervised Master's student Canan Gűniçen, we have published what is believed to be the most efficient distinguishing sequences-based checking sequence generation algorithm known to date, by combining several distinguishing sequences [C52]. With our colleague Hasan Ural, we have been working on locating sequences, providing a new and much improved generation method [C54] and using them to act as reliable resets [J19].

I have also worked on a new model, called Partial-Order Input/Output Automata (POIOA), which is a finite state machine in which transitions are labeled with a partially ordered sets of inputs and outputs. Techniques to test implementations specified as POIOAs have been developed [C22, C18]. One key finding is that the complexity of testing POIOAs is, in the worst case and under some assumptions, much lower than the complexity of a similar system modeled with a classical labeled transition system.

I have also explored a number of other questions, such as testing sequences for Petri Nets [C30, C27], loop inference from traces [C19, C12, J14], adaptive testing [J5, C23], reliability testing [C36, C39] etc.

Software security, cybercrime detection and prevention

I have a long practical interest in software security, and this is an area on which my research is more focused lately.

Recently, our focus has been on cybercrime detection and prevention, with our initial work based on phishing attacks detection. We noticed that attackers tend to recycle their attacks a lot, either as is or after small variation. In fact, well over 95% of the "new" reported attacks are fairly similar to attacks that have been reported recently before. We thus came up with a schema that can quickly and effectively flag attack repeats [C57]. Our schema is simple, yet efficient [C59]. It is meant to be used before switching to slower detection techniques, removing the bulk of the repeat attacks quickly. We have also studied the evolution of attacks over time [C60], and compared phishing attacks and general malware attacks [C58].

Previously, we have worked on automatic session reconstruction in RIAs, in the context of security forensics [C53]. A have created a tool that work concurrently to efficiently recover a user session of a Rich Internet Application using only the log of the session as input [J20]. This is useful for forensics analysis, to help investigating an attack after the fact. It is also useful to help with the configuration of security scanners or simply with automated testing of RIAs.

I am also interested in the software engineering questions related to software security [J9, J8, C20, C9], as well as education on the topic [J7, C26], and creation of tools [C34]. I have also done some research on privacy [C41] and on mobile [C47]

Software Applications for Mobile Devices

In addition to the activities listed above, I am increasingly involved in research involving mobile devices. I am involved in a growing number of projects around health and medical apps [J12, J15], and I am now a researcher affiliated at the research institute of the Montfort Hospital.

Publications (since 2005)

Copyright Notice: copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright.

Papers in refereed Journals

[J20] Hooshmand, S., Bochmann, G. v., Jourdan, G.-V., Couturier, R. and Onut, V., Recovering user-interactions of Rich Internet Applications through replaying of HTTP traces, in Journal of Internet Services and Applications, 9, pp. 9 - 41, 2018 [open access].

[J19] Jourdan, G.-V, Ural, H. and Yenigűn, H., Reduced Checking Sequences Using Unreliable Reset, in Information Processing Letters, 115(5), pp. 532 - 535, 2015 [doi:10.1016/j.ipl.2015.01.002][pdf].

[J18] Choudhary, S., Dincturk, E., Mirtaheri, S., Bochmann, G. v., Jourdan, G.-V., and Onut, V., Model-Based Rich Internet Applications Crawling: "Menu" and `"Probability" Models, in Journal of Web Engineering, 13(3&4), pp. 243 – 262, 2014 [pdf].

[J17] Dincturk, E., Jourdan, G.-V., Bochmann, G. v. and Onut, V., A Model-based Approach for Crawling Rich Internet Applications, in ACM Transactions on the Web, 8(3), Article 19, 39 pages, June 2014 [pdf].

[J16] Jeddah, A., Casteigts, A., Jourdan, G.-V and Mouftah, H., Bluetooth scatternet formation from a time-efficiency perspective, in Wireless Networks, 20(5), pp 1133 – 1156, 2014 [pdf].

[J15] Ellaham, N.N., Jourdan, G.-V., Champagne, S., Yeung, J.,and Bromwich, M., Evolution of audiometry- clinical testing of a new tablet audiometer, in Canadian Acoustics, 20(3), pp 112 – 113 2012 [pdf].

[J14] Jourdan, G.-V and Yenigűn, H., Recovering representations of systems with repetitive sub- functions from observations, in Journal of Multiple-Valued Logic and Soft Computing, 27(2-3), pp 255-273, 2016.

[J13] Jeddah, A., Jourdan, G.-V and Zaguia, N., Toward Better Understanding of the Behavior of Bluetooth Networks Distributed Algorithms, in International Journal of Parallel, Emergent and Distributed Systems, 27(6), pp. 563 – 586, 2012 [pdf].

[J12] Ellaham, N.N., Yilma, Y, Jourdan, G.-V., and Bromwich, M., A new iPad application for hearing screening in children, in Canadian Acoustics, 39(3), pp. 118—119, 2011 [pdf].

[J11] Jourdan, G.-V., Ural, H, Yenigün, H, and Zhang, J.C., Lower bounds on lengths of checking sequences, in Formal Aspects of Computing, 22(6), pp. 667 – 679, 2010.

[J10] Alshashem, M., Jourdan, G.-V., Zaguia, N., On the Book Embedding of Ordered Sets, in Ars Combinatoria, 119, pp. 47 – 64, 2016 - [pdf].

[J9] Jourdan, G.-V., Securing Large Applications Against Command Injections, in IEEE aerospace and electronic systems magazine, 24(6), pp. 15-24. 2009 - Reprinted from [C20].

[J8] Jourdan, G.-V., Data Validation, Data Neutralization, Data Footprint: A Framework Against Injection Attacks, in The Open Software Engineering Journal, 2, pp. 45-54, 2008 - [pdf].

[J7] Jourdan, G.-V., Centralized Web Proxy Services: Security and Privacy Considerations, in IEEE Internet Computing, November-December 2007, reprinted in IEEE Distributed Systems Online, 8(12), 2007.

[J6] Jourdan, G.-V., Rakotomalala, L., Zaguia, N., LR-Upward Drawing of Ordered Sets, in Machine Graphics & Vision, 18(1), pp. 3-19, 2009.

[J5] Jourdan, G.-V., Ural, H, Zaguia, N., Minimizing the Number of Inputs while Applying Adaptive Test Cases, in Information Processing Letters, 94(4), pp. 165-169, 2005 - [pdf].

Papers in Refereed Conference Proceedings

[C60] Cui, Q., Jourdan, G.-V., Bochmann, G. v., Onut, I.V and Flood, J., Phishing Attacks Modications and Evolutions, in ESORICS 2018, Barcelona, Spain, September 2018. Springer LNCS 11098. 20 pages.

[C59] LePage, S., Cui, Q., Jourdan, G.-V., Bochmann, G. v., Flood, J., and Onut, I.V., Using AP-TED to Detect Phishing Attack Variations, in PST 2018, Belfast, Ireland, August 2018. 6 pages (short paper).

[C58] LePage, S., Jourdan, G.-V., Bochmann, G. v., Flood, J., and Onut, I.V., Using URL Shorteners to Compare Phishing and Malware Attacks, in E-Crime 2018, San Diego, USA, May 2018. 13 pages.

[C57] Cui, Q., Jourdan, G.-V., Bochmann, G., Couturier, R. and Onut, V., Tracking Phishing Attacks Over Time, in WWW 2017, Perth, Australia, April 2017. 10 pages.

[C56] Hooshmand, S., Faheem, M., Bochmann, G. v., Jourdan, G.-V., Couturier, R., and Onut, I.V., D-ForenRIA: A Distributed Tool to Reconstruct User Sessions for Rich Internet Applications, in CASCON 2016, Toronto, Canada, November 2016. 10 pages.

[C55] Hafaiedh, K.B, Bochmann, G.v., Jourdan, G.-V. and Onut, I.V., Fault Tolerant P2P RIA Crawling, in NETYS 2016, Marrakech, Morocco, May 2014. Springer LNCS 9944. 16 pages.

[D1] Hooshmand, S., Bochmann, G. v., Jourdan, G.-V., Faheem, M., and Onut, I.V., D-ForenRIA: Distributed Reconstruction of User-Interactions for Rich Internet Applications, in Demo at the Internation WWW conference, Montréal, Canada, April 2016.

[C54] Jourdan, G.-V., Ural, H., and Yenigűn, H, Reducing Locating Sequences for Testing from Finite State Machines, in SAC 2016, Software Verification and Testing Track, Pisa, Italy, April 2016. ACM. 6 pages.

[C53] Baghbanzadeh, S., Hooshmand, S., Bochmann, G. v., Jourdan, G.-V., Mirtaheri, S., Faheem, M., and Onut, I.V., ForenRIA: The Reconstruction of User-Interactions from HTTP Traces for Rich Internet Applications, in Twelfth Annual IFIP WG 11.9 International Conference on Digital Forensics, New Delhi, India, January 2016. 15 pages.

[C52] Gűniçen, C., Jourdan, G.-V., and Yenigűn, H, Using Multiple Adaptive Distinguishing Sequences for Checking Sequence Generation, in ICTSS 2015, Dubai, United Arab Emirates, November 2015. Springer LNCS. 16 pages - [pdf].

[C51] Mirtaheri, S., Bochmann, G. v., Jourdan, G.-V. and Onut, V, PDist-RIA Crawler: A Peer-to-Peer Distributed Crawler for Rich Internet Applications, in WISE 2014, Thessaloniki, Greece, October 2014. Springer LNCS. 15 pages.

[C50] Moosavi, A., Hooshmand , S., Baghbanzadeh, Jourdan, G.-V., Bochmann, G. v., and Onut, I.V., Indexing Rich Internet Applications Using Components-Based Crawling, in 13th International Conference on Web Engineering (ICWE 2014), Toulouse, France, July 2014. Springer LNCS 8541. 18 pages - [pdf].

[C49] Mirtaheri, S., Bochmann, G. v., Jourdan, G.-V. and Onut, V., GDist-RIA Crawler: A Greedy Distributed Crawler for Rich Internet Applications, in NETYS 2014, Marrakech, Morocco, May 2014. Springer LNCS 8593. 15 pages - [pdf].

[C48] Hafaiedh, K.B, Bochmann, G.v., Jourdan, G.-V. and Onut, I.V., A Scalable P2P RIA Crawling System with Partial Knowledge, in NETYS 2014, Marrakech, Morocco, May 2014. Springer LNCS 8593. 15 pages - [pdf].

[C47] Adams, C. and Jourdan, G.-V, Digital Signatures for Mobile Users, in 27th IEEE CCECE 2014: Symposium on Computers, Software and Applications, Toronto, Canada, May 2014. 5 pages.

[C46] Mirtaheri, S., Dincturk, E., Hoosmand, S., Bochmann, G. v., Jourdan, G.-V. and Onut, V., A Brief History of Web Crawlers, in CASCON 2013, Toronto, Canada, November 2013. 15 pages - [pdf].

[C45] Mirtaheri, S., Zou, D., Bochmann, G. v., Jourdan, G.-V., and Onut, V., Dist-RIA Crawler: A Distributed Crawler for Rich Internet Applications, in 8TH International Conference on P2P, Parallel, Grid, Cloud and Internet Computing (3PGCIC 2013), Compiegne, France, October 2013. 8 pages - [pdf].

[C44] Choudhary, S., Dincturk, E., Mirtaheri, S., Jourdan, G.-V., Bochmann, G. v., and Onut, V., Building Rich Internet Applications Models: Example of a Better Strategy, in 12th International Conference on Web Engineering (ICWE 2013), Aalborg, Denmark, July 2013. Springer LNCS 7977. 15 pages - [pdf].

[C43] Jeddah, A., Casteigts, A., Jourdan, G.-V and Mouftah, H., BSF-UED: A New Time-Efficient Bluetooth Scatternet Formation Algorithm Based on Unnecessary-Edges Deletion, in 18th IEEE Symposium on Computers and Communication (ISCC’13), Split, Croatia, July 2013. 5 pages.

[C42] Choudhary, S., Dincturk, E. , Mirtaheri, S., Moosavi, A., Bochmann, G. v., Jourdan, G.-V. and Onut, V., Crawling Rich Internet Applications: The State of the Art, in CASCON 2012, Toronto, Canada, November 2012. 15 pages - [pdf].

[C41] Casteigts, A., Chomienne, M.-H., Bouchard, L. and Jourdan. G.-V., Differential Privacy in Tripartite Interaction: A Case Study with Linguistic Minorities in Canada, in 7th International Workshop on Data Privacy Management (DPM 2012), Pisa, Italy, September 2012. Springer LNCS 7731. 13 pages.

[C40] Jeddah, A., Jourdan, G.-V and Mouftah, H., Time-efficient Algorithms for the Outdegree Limited Bluetooth Scatternet Formation Problem, in 17th IEEE Symposium on Computers and Communication (ISCC’12), Cappadocia, Turkey, July 2012. 7 pages.

[C39] Wan, B., Bochmann G. v. and Jourdan, G.-V., Evaluating Reliability-Testing Usage Models, in 36th IEEE Signature Conference on Computers, Software, and Applications (COMPSAC 2012), Izmir, Turkey, July 2012. 11 pages.

[C38] Dincturk, E., Choudhary, S., Bochmann, G. v., Jourdan, G.-V. and Onut, V., A Statistical Approach for Efficient Crawling of Rich Internet Applications, in 12h International Conference on Web Engineering (ICWE 2012), Berlin, Germany, July 2012. Springer LNCS 7387, 8 pages (short paper) - [pdf].

[C37] Choudhary, S., Dincturk, E. , Bochmann, G. v., Jourdan, G.-V., Onut, V. and Ionescu, P., Solving Some Modeling Challenges when Testing Rich Internet Applications for Security, in 3rd IEEE International Workshop on Security Testing (SECTEST2012), Montreal, Canada, April 2012. 8 pages - [pdf].

[C36] Bochmann, G. v., Jourdan, G.-V. and Wan, B., Improved Usage Model for Web Application Reliability Testing, in 23rd IFIP International Conference on Testing Software (ICTSS 2011), Paris, France, November 2011. Springer LNCS 7019. 16 pages.

[C35] Benjamin, K., Bochmann, G. v., Dincturk, E., Jourdan, G.-V. and Onut, V., A Strategy for Efficient Crawling of Rich Internet Applications, in 11th International Conference on Web Engineering (ICWE 2011), Paphos, Cyprus, June 2011. Springer LNCS 6757. 15 pages - [pdf].

[C34] Adams, C., Jourdan, G.-V, Levac, J.-P., and Prevost, F., Lightweight protection against brute force login attacks on web applications, in 8th IEEE International Conference on Privacy, Security and Trust (PST 2010), Ottawa, Canada, August 2010. 8 pages - [pdf] [slides (Keynote format)].

[C33] Jeddah, A., Jourdan, G.-V and Zaguia, N., What are the Side Effects of FHSS on Bluetooth Networks Distributed Algorithms?, in 8th ACS/IEEE International Conference on Computer Systems and Applications (ACS/IEEE AICCSA-2010), Hammamet, Tunisia. May 2010. 8 pages.

[C32] Benjamin, K., Bochmann, G. v., Jourdan, G.-V. and Onut, V., Some Modeling Challenges when Testing Rich Internet Applications for Security, in First International workshop on modeling and detection of vulnerabilities (MDV 2010), Paris, France, April 2010. 8 pages - [pdf].

[C31] Hieron, R, Jourdan, G.-V., Ural, H. and Yenigűn, H., Checking Sequence Construction Using Adaptive and Preset Distinguishing Sequences, in 7th IEEE International Conference on Software Engineering and Formal Methods, Hanoi, Vietnam, November 2009. 10 pages - [pdf].

[C30] Bochmann, G. v. and Jourdan, G.-V., Testing k-Safe Petri Nets, in 21st IFIP International Conference on Testing of Communicating Systems and 9th International Workshop on Formal Approaches to Testing of Software (TestCom/FATES 09), Eindhoven, Netherlands, November 2009, Springer, LNCS 5826, 16 pages - [pdf].

[C29] Jeddah, A., Zaguia, N. and Jourdan, G.-V., A Note on the Study of Bluetooth Networks’ Distributed Algorithms, in 2nd IEEE International Workshop on Wireless Network Algorithm and Theory (IEEE WiNA-2009), Macau, China, October 2009. 6 pages.

[C28] Jourdan, G.-V., Ural, H., Yenigűn, H. and Zhu, D., Using a SAT Solver to Generate Checking Sequences, in 24th International Symposium on Computer and Information Science (ISCIS’09), Cyprus, Turkey, September 2009. 6 pages - [pdf].

[C27] Jourdan, G.-V. and Bochmann, G. v., On Testing 1-Safe Petri Nets, in 3rd IEEE International Symposium on Theoretical Aspects of Software Engineering (TASE 09), July 2009, Tianjin, China. 8 pages - [pdf].

[C26] Jourdan, G.-V., Software Security Vulnerabilities Seen As Feature Interactions, in 10th International Conference on Feature Interactions (ICFI 2009), Lisbon, Portugal, June 2009. 11 pages - [pdf].

[C25] Jeddah, A., Zaguia, N. and Jourdan, G.-V., Analyzing the Device Discovery Phase of Bluetooth Scatternet Formation Algorithms, short paper. In The Second International Workshop on Specialized Ad Hoc Networks and Systems (SAHNS 2009), Montreal, Quebec, Canada, June 2009. 4 pages.

[C24] Jeddah, A., Zaguia, N. and Jourdan, G.-V., An Analysis of the BluePleidas Algorithms Device Discovery Phase, In 2nd International Conference on Information and Communication Technology Accessibility (ICTA 09), Hammamet, Tunisia, May 2009. 8 pages.

[C23] Jourdan, G.-V., Ural, H., and Yenigűn, H., Combining Adaptive Tests, in 23rd International Symposium on Computer and Information Science (ISCIS’08), Istanbul, Turkey, October 2008.

[C22] Bochmann, G. v., Haar, S, Jard, C and Jourdan, G.-V., Testing Systems Specified as Partial Order Input/Output Automata, in 20th IFIP International Conference on Testing of Communicating Systems and 8th International Workshop on Formal Approaches to Testing of Software (TestCom/FATES 08), Tokyo., Japan, June 2008, Springer LNCS 5047, 15 pages - [pdf].

[C21] Hieron, R, Jourdan, G.-V., Ural, H. and Yenigűn, H., Using adaptive distinguishing sequences in checking sequence constructions, in 23rd ACM Symposium on Applied Computing, Ceará, Brazil, March 2008. 6 pages.

[C20] Jourdan, G.-V., Securing Large Applications Against Command Injections, in 41st IEEE International Carnahan Conference on Security Technology, Ottawa, Canada, October 2007.8 pages - [pdf][slides].

[C19] Jourdan, G.-V., Ural, H., S. Wang, and Yenigűn, H., Recovering Repetitive Sub-Functions from Observations, in 27th IFIP International Conference on Formal Methods for Networked and Distributed Systems (FORTE’07), Tallinn, Estonia, June 2007, Springer LNCS 4574. 15 pages - [pdf].

[C18] Haar, S, Jard, C, and Jourdan, G.-V., Testing Input/Output Partial Order Automata, in 19th IFIP International Conference on Testing of Communicating Systems and 7th International Workshop on Formal Approaches to Testing of Software (TestCom/FATES 07), Tallinn, Estonia, June 2007, Springer LNCS 4581. 15 pages - [pdf].

[C17] Jourdan, G.-V., Rakotomalala, L., Zaguia, N., LR-Upward Drawing: a More Usable Ordered Sets Drawing, in 1st International Conference on Information and Communication Technology Accessibility (ICTA 07), Hammamet, Tunisia, April 2007. 6 pages.

[C16] Jourdan, G.-V., Rakotomalala, L., Zaguia, N., LR-Upward Drawing of Ordered Sets, in 23rd European Workshop on Computational Geometry (EWCG 07), Graz, Austria, March 2007. 4 pages.

[C15] Jourdan, G.-V., Ritthiruangdech, P., Ural, H., Test suite reduction based on dependence analysis, in 21st International Symposium on Computer and Information Science (ISCIS’06), Istanbul, Turkey, October 2006. Springer LNCS 4263, 9 pages.

[C14] Chen, J., Jourdan, G.-V., Ma, W., Ural, H., Improving Coverage in Functional Testing, in 6th IEEE International Conference on Quality Software (QSIC '06), Beijing, China, October 2006. 7 pages.

[C13] Jourdan, G.-V., Ural, H., Yenigűn, H., Minimizing Coordination Channels in Distributed Testing, in 26th IFIP WG 6.1 International Conference on Formal Methods for Networked and Distributed Systems (FORTE’06), Paris, France, September 2006. Springer LNCS 4229. 16 pages.

[C12] Jourdan, G.-V., Ural, H., Yenigűn, H., Recovering the Lattice of Repetitive Sub-functions, in 20th International Symposium on Computer and Information Science (ISCIS’05), Istanbul, Turkey, October 2005. Springer LNCS 3733, 9 pages.

[C11] Alshashem, M., Jourdan, G.-V., Zaguia, N., On the Pagenumber of Bipartite Orders, in 17th Canadian Conference on Computational Geometry (CCCG’05), Windsor, Canada, August 2005. 4 pages.

[C10] Jourdan, G.-V., Zaguia, N., Heuristics for useful enumerations of conflict free schedules of student courses, in 3rd International Conference on Education and Information Systems: Technologies and Applications (EISTA’05), Orlando, Florida, United States, July 2005. 3 pages.

[C9] Adams, C., Jourdan, G.-V., Why Good Software Engineering Practices Often Do Not Produce Secure Software, in IEEE Workshop on Cyber Infrastructure Emergency Preparedness Aspects, Ottawa, Canada, April 2005. 9 pages - [pdf].