Issam Rabhi page

Dr. Issam Rabhi has obtained his Bsc in Computer Engineering (Networking) in 2007 from the Higher School of Technology and Computer Science (ESTI) of Tunis (Tunisia). He received a Msc in Computer Engineering (Distributed systems and networks) in 2008 from the University of Franche-Comté of Besançon (France). He has obtained his PhD in Computer Science at Blaise Pascal University / LIMOS laboratory (Computer Science, Modeling and Optimization of Systems) of Clermont-Ferrand in 2011. He worked mainly with Sébastien Salva, Patrice Laurençot and Michel Misson. His ongoing research focuses on diverse forms of automated Web services testing.

Dr. Issam worked at Blaise Pascal University as monitor (teaching assistant) between 2008 and 2011. He filled an ATER position (Temporary Attached of Teaching and Researches) at the University of Avignon et des Pays de Vaucluse-CERI/LIA between 2011 and 2013 before to join MAESTRO team at INRIA.

Dr. Issam is currently a research engineer at INRIA Sophia-Antipolis in France under the ANR project MARMOTE (MARkovian MOdeling Tools and Environments). My main activity aims at realizing a software environment dedicated to modeling with Markov chains

MARMOTE

Objective: Development of a modeling environment for Markovian systems which should give them access to algorithms devised by specialists.
Principal features: as open as possible, component-oriented, contributive. Populate it with a modeling language, minimum user interfaces, minimum solution methods.

SUMMARY OF MY RESEARCH APPROACH

My ongoing research focuses on diverse forms of automated Web services testing:
. Functional testing through conformance and robustness testing.
. Non-functional properties testing, such as the testability and security.
(Stateful/ Stateless Web Service) We proposed a robustness testing method for stateless/stateful Web service which consists in completing the Web service specification in order to describe correct and incorrect behaviors. By using a symbolic model of the completed specification, the Web service robustness is tested with relevant hazards. We show that few hazards can be really handled and then we improve the robustness issue detection by separating the SOAP processor behavior from the Web service one.
(Testability) We study the BPEL testability on a well-known testability criterion called observability. To evaluate, we have chosen to transform BPEL specifications into STS(Symbolic Transition System) to apply existing methods. Then, from STS testability issues, we deduce some patterns of BPEL testability degradation. These latter help to finally propose testability enhancement methods of BPEL specifications.
(Security) We proposed a security testing method for stateful Web Services. We de- fine some specific security rules with the Nomad language. Afterwards, we construct test cases from a symbolic specification and test purposes derived from the previous rules. We present some experimentation results based on roughly 1000 Web Services and we show that 11 percent have vulnerabilities.

DIVERS

Got selected in the top 10 contributors to the Google Vulnerability Reward Program in 2013.
Got Listed in the "Hall Of Fame" of : Google, Facebook, Paypal, Microsoft, Apple, Adobe, Ebay, Redhat..
. http://www.google.com/about/appsecurity/hall-of-fame/distinction/
. http://www.facebook.com/whitehat/thanks/
. http://technet.microsoft.com/en-us/security/cc308575.aspx
. http://support.apple.com/kb/HT1318
. http://www.oracle.com/ocom/groups/public/@otn/documents/webcontent/1841215.xml
. http://www.adobe.com/support/security/bulletins/securityacknowledgments.html
. http://bugbounty.yahoo.com/security_wall.html
. https://www.paypal.com/us/webapps/mpp/security-tools/wall-of-fame-honorable-mention
. http://www.nokia.com/global/security/acknowledgements/
. http://ebay.com/securitycenter/ResearchersAcknowledgement.html