Our times are characterized by the massive presence of highly distributed systems consisting of diverse and specialized devices, forming heterogeneous networks, and providing different services and applications. Revolutionary phenomena such as social networks and cloud computing are examples of such systems.
In Comète we study emerging concepts of this new era of computing. Security and privacy are some of the fundamental concerns that arise in this setting. In particular, in the modern digital world the problem of keeping information secret or confidential is exacerbated by orders of magnitude: the frequent interaction between users and electronic devices, and the continuous connection between these devices and the internet, offer malicious agents the opportunity to gather and store huge amount of information, often without the individual even being aware of it. Mobility is an additional source of vulnerability, since tracing may reveal significant information. To avoid these kinds of hazards, security protocols and various techniques for privacy protection have been designed. However, the properties that they are supposed to ensure are rather subtle, and, furthermore, it is difficult to foresee all possible expedients that a potential attacker may use. As a consequence, even protocols that seem at first “obviously correct” are later (often years later) found to be prone to attacks.
In addition to the security problems, the problems of correctness, robustness and reliability are made more challenging by the complexity of these systems, since they are highly concurrent and distributed. Despite being based on impressive engineering technologies, they are still prone to faulty behavior due to errors in the software design.
To overcome these drawbacks, we need to develop formalisms, reasoning techniques, and verification methods, to specify systems and protocols, their intended properties, and to guarantee that these intended properties of correctness and security are indeed satisfied.
In Comète we study formal computational frameworks for specifying these systems, theories for defining the desired properties of correctness and security and for reasoning about them, and methods and techniques for proving that a given system satisfies the intended properties.
Much of the research of Comète focuses on security and privacy. In particular, we are interested in the problem of the leakage of secret information through public observables.
Ideally we would like systems to be completely secure, but in practice this goal is often impossible to achieve. Therefore, we need to reason about the amount of information leaked, and the utility that it can have for the adversary, i.e. the probability that the adversary is able to exploit such information.
The recent tendency is to use an information theoretic approach to model the problem and define the leakage in a quantitative way. The idea is to consider the system as an information-theoretic channel. The input represents the secret, the output represents the observable, and the correlation between the input and output (mutual information) represents the information leakage.
Information theory depends on the notion of entropy as a measure of uncertainty. From the security point of view, this measure corresponds to a particular model of attack and a particular way of estimating the security threat (vulnerability of the secret). Most of the proposals in the literature use Shannon entropy, which is the most established notion of entropy in information theory. We, however, consider also other notions, in particular Rényi min-entropy, which seems to be more appropriate for security in common scenarios like one-try attacks.
We study computational models and languages for distributed, probabilistic and mobile systems, with a particular attention to expressiveness issues. We aim at developing criteria to assess the expressive power of a model or formalism in a distributed setting, to compare existing models and formalisms, and to define new ones according to an intended level of expressiveness, also taking into account the issue of (efficient) implementability.
Concurrent constraint programming (ccp) is a well established process calculus for modeling systems where agents interact by posting and asking information in a store, much like in users interact in social networks.
This information is represented as first-order logic formulae, called constraints, on the shared variables of the system (e.g.,
Our research in ccp develops along the following two lines:
(a) The study of a bisimulation semantics for ccp. The advantage of bisimulation, over other kinds of semantics, is that it can be efficiently verified.
(b) The extension of ccp with constructs to capture emergent systems such as those in social networks and cloud computing.
Model checking addresses the problem of establishing whether a given specification satisfies a certain property. We are interested in developing model-checking techniques for verifying concurrent systems of the kind explained above. In particular, we focus on security and privacy, i.e., on the problem of proving that a given system satisfies the intended security or privacy properties. Since the properties we are interested in have a probabilistic nature, we use probabilistic automata to model the protocols. A challenging problem is represented by the fact that the interplay between nondeterminism and probability, which in security presents subtleties that cannot be handled with the traditional notion of a scheduler,
The aim of our research is the specification and verification of protocols used in mobile distributed systems, in particular security protocols. We are especially interested in protocols for information hiding.
Information hiding is a generic term which we use here to refer to the problem of preventing the disclosure of information which is supposed to be secret or confidential. The most prominent research areas which are concerned with this problem are those of secure information flow and of privacy.
Secure information flow refers to the problem of avoiding the so-called propagation of secret data due to their processing. It was initially considered as related to software, and the research focussed on type systems and other kind of static analysis to prevent dangerous operations, Nowadays the setting is more general, and a large part of the research effort is directed towards the investigation of probabilistic scenarios and treaths.
Privacy denotes the issue of preventing certain information to become publicly known. It may refer to the protection of private data (credit card number, personal info etc.), of the agent's identity (anonymity), of the link between information and user (unlinkability), of its activities (unobservability), and of its mobility (untraceability).
The common denominator of this class of problems is that an adversary can try to infer the private information (secrets) from the information that he can access (observables). The solution is then to obfuscate the link between secrets and observables as much as possible, and often the use randomization, i.e. the introduction of noise, can help to achieve this purpose. The system can then be seen as a noisy channel, in the information-theoretic sense, between the secrets and the observables.
We intend to explore the rich set of concepts and techniques in the fields of
information theory and hypothesis testing
to establish the foundations of quantitive information flow and of privacy, and to develop heuristics and methods
to improve mechanisms for the protection of secret information. Our approach will be based on the specification of protocols
in the probabilistic asynchronous
New ANR project REPAS: Reliable and Privacy-Aware Software Systems via Bisimulation Metrics
New industrial contract with Renault: Protection techniques for location data
https://
The goal of libqif is to provide an efficient C++ toolkit implementing a variety of techniques and algorithms from the area of quantitative information flow and differential privacy. We plan to implement all techniques produced by Comète in recent years, as well as several ones produced outside the group, giving the ability to privacy researchers to reproduce our results and compare different techniques in a uniform and efficient framework.
Some of these techniques were previously implemented in an ad-hoc fashion, in small, incompatible with each-other, non-maintained and usually inefficient tools, used only for the purposes of a single paper and then abandoned. We aim at reimplementing those – as well as adding several new ones not previously implemented – in a structured, efficient and maintainable manner, providing a tool of great value for future research. Of particular interest is the ability to easily re-run evaluations, experiments and case-studies from all our papers, which will be of great value for comparing new research results in the future.
The library was under constant development in 2016 with several new features added this year. The project's git repository shows for this year 77 commits by 2 contributors, containing 5697 line additions and 4067 line removals. Some of the techniques already implemented are:
Standard leakage measures: Shannon, min-entropy, guessing entropy
Channel factorization
Hyper distribution produced by a channel run under a prior
Standard differential privacy mechanisms from the literature
The planar Geometric mechanism
The tight-constraints mechanism of (also with equality constraints)
Optimal mechanism construction under DP
The standard Kantorovich metric as well as the multiplicative variant from
Additive capacity for specific prior over all gain functions
All operations are supported for both doubles (for precision) and floats (for memory efficiency)
All operations involving only rational quantities are supported using arbitrary precision rational arithmetic, allowing to obtain exact results
Native linear programing for rationals
Simple installation in OSX via Homebrew
Many more are scheduled to be added in the near future.
http://
D-SPACES is an implementation of constraint systems with space and extrusion operators. Constraint systems are algebraic models that allow for a semantic language-like representation of information in systems where the concept of space is a primary structural feature. We give this information mainly an epistemic interpretation and consider various agents as entities acting upon it. D-SPACES is coded as a c++11 library providing implementations for constraint systems, space functions and extrusion functions. The interfaces to access each implementation are minimal and thoroughly documented. D-SPACES also provides property-checking methods as well as an implementation of a specific type of constraint systems (a boolean algebra). This last implementation serves as an entry point for quick access and proof of concept when using these models. In an illustrative example of using the library is given, in the form of a small social network where users post their beliefs and utter their opinions.
http://
Concurrent Constraint Programming (CCP) is a declarative model for concurrency aimed at specifying reactive systems, i.e. systems that continuously interact with the environment. Some previous works have developed (approximated) declarative debuggers for CCP languages. However, the task of debugging concurrent programs remains difficult. This tool is a companion for the existing debugging techniques. Slicing in our proposal consists of considering partial computations, which show the presence of bugs. Often, the quantity of information in a trace is overwhelming, and the user gets easily lost, since she cannot focus on the sources of the bugs. Our slicer allows for marking part of the state of the computation and assists the user to eliminate most of the redundant information in order to highlight the errors. See for further details.
Information hiding refers to the problem of protecting private information while performing certain tasks or interactions, and trying to avoid that an adversary can infer such information. This is one of the main areas of research in Comète; we are exploring several topics, described below.
Quantitative information flow aims to assess and control the leakage of
sensitive information by computer systems. A key insight in this area is that no
single leakage measure is appropriate in all operational scenarios; as a result,
many leakage measures have been proposed, with many different properties. To
clarify this complex situation, we studied in
information leakage axiomatically, showing important dependencies among
different axioms. We also established a completeness result about the
Bisimulation metrics allow us to compute distances between the behaviors of probabilistic systems. In we presented enhancements of the proof method based on bisimulation metrics, by extending the theory of up-to techniques to (pre)metrics on discrete probabilistic concurrent processes.
Up-to techniques have proved to be a powerful proof method for showing that two systems are bisimilar, since they make it possible to build (and thereby check) smaller relations in bisimulation proofs. We defined soundness conditions for up-to techniques on metrics, and studied compatibility properties that allow us to safely compose up-to techniques with each other. As an example, we derived the soundness of the up-to-bisimilarity-metric-and-context technique.
The study was carried out for a generalized version of the bisimulation metrics, in which the Kantorovich lifting is parametrized with respect to a distance function. The standard bisimulation metrics, as well as metrics aimed at capturing multiplicative properties such as differential privacy, are specific instances of this general definition.
Systems concerned with information hiding often use randomization to obfuscate the link between the observables and the information to be protected. The degree of protection provided by a system can be expressed in terms of the probability of error associated with the inference of the secret information. In we considered a probabilistic process calculus to specify such systems, and we studied how the operators affect the probability of error. In particular, we characterized constructs that have the property of not decreasing the degree of protection, and that can therefore be considered safe in the modular construction of these systems. As a case study, we applied these techniques to the Dining Cryptographers, and we derive a generalization of Chaum's strong anonymity result.
In , we considered the adaptation of differential
privacy to the context of location-based services (LBSs), which personalize the
information provided to a user based on his current position. Assuming that the
LBS provider is queried with a perturbed version of the position of the user
instead of his exact one, we relied on differential privacy to quantify the
level of indistinguishability (i.e., privacy) provided by this perturbation with
respect to the user's position. In this setting, the adaptation of differential
privacy can lead to various models depending on the precise form of
indistinguishability required. We discussed the set of properties that hold for
these models in terms of privacy, utility and also implementation issues. More
precisely, we first introduced and analyzed one of these models, the
(D,eps)-location privacy, which is directly inspired from the standard
differential privacy model. In this context, we described a general
probabilistic model for obfuscation mechanisms for the locations whose output
domain is the Euclidean space
The continuously increasing use of location-based services poses an important threat to the privacy of users. A natural defense is to employ an obfuscation mechanism, such as those providing geo-indistinguishability, a framework for obtaining formal privacy guarantees that has become popular in recent years.
Ideally, one would like to employ an optimal obfuscation mechanism, providing the best utility among those satisfying the required privacy level. In theory optimal mechanisms can be constructed via linear programming. In practice, however, this is only feasible for a radically small number of locations. As a consequence, all known applications of geo-indistinguishability simply use noise drawn from a planar Laplace distribution.
In we studied methods for substantially improving the utility of location obfuscation, while having practical applicability as a central constraint. We provided such solutions for both infinite (continuous or discrete) as well as large but finite domains of locations, using a Bayesian remapping procedure as a key ingredient. We evaluated our techniques in two real world complete datasets, without any restriction on the evaluation area, and showed important utility improvements wrt the standard planar Laplace approach.
The approximation introduced by finite-precision representation of continuous data can induce arbitrarily large information leaks even when the computation using exact semantics is secure. Such leakage can thus undermine design efforts aimed at protecting sensitive information. In we focussed on differential privacy, an approach to privacy that emerged from the area of statistical databases and is now widely applied also in other domains. In this approach, privacy is protected by adding noise to the values correlated to the private data. The typical mechanisms used to achieve differential privacy have been proved correct in the ideal case in which computations are made using infinite-precision semantics. We analyzed the situation at the implementation level, where the semantics is necessarily limited by finite precision, i.e., the representation of real numbers and the operations on them are rounded according to some level of precision. We showed that in general there are violations of the differential privacy property, and we studied the conditions under which we can still guarantee a limited (but, arguably, acceptable) variant of the property, under only a minor degradation of the privacy level. Finally, we illustrated our results on two examples: the standard Laplacian mechanism commonly used in differential privacy, and a bivariate version of it recently introduced in the setting of privacy-aware geolocation.
Belief and min-entropy leakage are two well-known approaches to quantify information flow in security systems. Both concepts stand as alternatives to the traditional approaches founded on Shannon entropy and mutual information , which were shown to provide inadequate security guarantees. In we unified the two concepts in one model so as to cope with the frequent (potentially inaccurate, misleading or outdated) attackers' side information about individuals on social networks, online forums, blogs and other forms of online communication and information sharing. To this end we proposed a new metric based on min-entropy that takes into account the adversary's beliefs.
In the min-entropy approach to quantitative information flow, the leakage is
defined in terms of a minimization problem, which, in the case of large systems,
can be computationally rather heavy. The same happens for the recently proposed
generalization called
Distributed systems have changed substantially in the recent past with the advent of phenomena like social networks and cloud computing. In the previous incarnation of distributed computing the emphasis was on consistency, fault tolerance, resource management and related topics; these were all characterized by interaction between processes. Research proceeded along two lines: the algorithmic side which dominated the Principles Of Distributed Computing conferences and the more process algebraic approach epitomized by CONCUR where the emphasis was on developing compositional reasoning principles. What marks the new era of distributed systems is an emphasis on managing access to information to a much greater degree than before.
Spatial constraint systems are algebraic structures from concurrent constraint programming to specify spatial and epistemic behavior in multi-agent system. In , we developed the theory of spatial constraint systems with operators to specify information and processes moving from a space to another. We investigated the properties of this new family of constraint systems and illustrated their applications. From a computational point of view the new operators provide for process/information extrusion, a central concept in formalisms for mobile communication. From an epistemic point of view extrusion corresponds to a notion we called utterance; a piece of information that an agent communicates to others but that may be inconsistent with the agent's beliefs. Utterances can then be used to express instances of epistemic notions such as hoaxes or intentional lies. Spatial constraint system can express the epistemic notion of belief by means of space functions that specify local information. We showed that spatial constraint can also express the epistemic notion of knowledge by means of a derived spatial operator that specifies global information. In we reported on our progress using spatial constraint system as an abstract representation of modal and epistemic behaviour.
In we used spatial constraint systems to give an abstract characterization of the notion of normality in modal logic and to derive right inverse/reverse operators for modal languages. In particular, we identified the weakest condition for the existence of right inverses and showed that the abstract notion of normality corresponds to the preservation of finite suprema. We applied our results to existing modal languages such as the weakest normal modal logic, Hennessy-Milner logic, and linear-time temporal logic. We also discussed our results in the context of modal concepts such as bisimilarity and inconsistency invariance.
In we introduced D-SPACES, an implementation of constraint systems with space and extrusion operators. D-SPACES is coded as a c++11 library providing implementations for constraint systems, space functions and extrusion functions. D-SPACES provides property-checking methods as well as an implementation of a specific type of constraint systems (boolean algebras). We illustrated the implementation with a small social network where users post their beliefs and utter their opinions.
Concurrent Constraint Programming (CCP) is a declarative model for concurrency where agents interact by telling and asking constraints (pieces of information) in a shared store. Some previous works have developed (approximated) declarative debuggers for CCP languages. However, the task of debugging concurrent programs remains difficult. In we defined a dynamic slicer for CCP and we showed it to be a useful companion tool for the existing debugging techniques. Our technique starts by considering a partial computation (a trace) that shows the presence of bugs. Often, the quantity of information in such a trace is overwhelming, and the user gets easily lost, since she cannot focus on the sources of the bugs. Our slicer allows for marking part of the state of the computation and assists the user to eliminate most of the redundant information in order to highlight the errors. We showed that this technique can be tailored to timed variants of CCP. We also developed a prototypical implementation freely available for making experiments.
Project title: Protection techniques for location data
Duration: July 2016 - December 2016
Budget: 38K euros, financed by Renault
Coordinator: Catuscia Palamidessi, Inria Saclay, EPI Comète
Abstract: The goal of this project is to produce a survey of the state of the art methods for protecting location data, as well as a protytype showing the application of some of these methods in the context of a “connected car”.
Stage: A six month intern (Anna Pazii) was funded by this project.
Project title: Optimal Mechanisms for Privacy Protection
Duration: September 2016 - August 2019
Coordinator: Catuscia Palamidessi, Inria Saclay, EPI Comète
Other PI's: Serge Haddadm ENS Cachan.
Abstract: In this project we plan to investigate classes of utility and privacy measures, and to devise methods to obtain optimal mechanisms with respect to the trade-off between utility and privacy. In order to represent the probabilistic knowledge of the adversary and of the user, and the fact that mechanisms themselves can be randomized, we will consider a probabilistic setting. We will focus, in particular, on measures that are expressible as linear functions of the probabilities.
Project title: D-spaces : Distributed Spaces in Concurrent Epistemic Systems
Duration: Nov 2013 - Oct 2016
Coordinator: Frank Valencia, CNRS-LIX and Inria Saclay, EPI Comète
Other PI's: Stefan Haar ENS Cachan.
Abstract: In this project we developed an innovative and expressive computational model for these systems that coherently combines techniques for the analysis of concurrent systems such as process calculi with epistemic and spatial formalisms.
Project acronym: CAPPRIS
Project title: Collaborative Action on the Protection of Privacy Rights in the Information Society
Duration: September 2013 - December 2016
Coordinator: Daniel Le Metayer, Inria Grenoble
Other partner institutions: The project involves four Inria research centers (Saclay, Saphia-Antipolis, Rennes and Grenoble), CNRS-LAAS, Eurecom and the university of Namur. Besides computer scientists, the consortium also includes experts in sociology and in law, thus covering the complementary areas of expertise required to reach the objectives.
Abstract: The goal of this project is to study the challenges related to privacy in the modern information society, trying to consider not only the technical, but also the social and legal ones, and to develop methods to enhance the privacy protection.
Title: Privacy-Friendly Services and Applications
Inria principal investigator: Catuscia Palamidessi
International Partners:
Cedric Fournet, Microsoft Research Lab, Cambridge, UK
Andy Gordon, Microsoft Research Lab, Cambridge, UK
Duration: 2014 - 2016
URL: http://
Abstract: This is a project sponsored by Microsoft Research Lab, on methods to preserve privacy in web services and location-based services.
Title: Logical and Formal Methods for Information Security
Inria principal investigator: Konstantinos Chatzikokolakis
International Partners:
Mitsuhiro Okada, Keio University (Japan)
Yusuke Kawamoto, AIST (Japan)
Tachio Terauchi, JAIST (Japan)
Masami Hagiya, University of Tokyo (Japan)
Start year: 2016
URL: http://
Abstract: The project aims at integrating the logical / formal approaches to verify security protocols with (A) complexity theory and (B) information theory. The first direction aims at establishing the foundations of logical verification for security in the computational sense, with the ultimate goal of automatically finding attacks that probabilistic polynomial-time adversaries can carry out on protocols. The second direction aims at developing frameworks and techniques for evaluating and reducing information leakage caused by adaptive attackers.
Geoffrey Smith, Florida International University (United States)
Carroll Morgan, NICTA (Australia)
Annabelle McIver, Maquarie University (Australia)
Moreno Falaschi, Professor, University of Siena, Italy
Mario Ferreira Alvim Junior, Assistant Professor, Federal University of Minas Gerais, Brazil
Camilo Rueda, Professor, Universidad Javeriana Cali, Colombia
Program: ANR Blanc
Project title: Reliable and Privacy-Aware Software Systems via Bisimulation Metrics
Duration: October 2016 - September 2021
Coordinator: Catuscia Palamidessi, Inria Saclay, EPI Comète
Other PI's and partner institutions: Ugo del Lago, Inria Sophia Antipolis (EPI Focus) and University of Bologna (Italy). Vincent Danos, ENS Paris. Filippo Bonchi, ENS Lyon.
Abstract: In this project, we aim at investigating quantitative notions and tools for proving program correctness and protecting privacy. In particular, we will focus on bisimulation metrics, which are the natural extension of bisimulation on quantitative systems. As a key application, we will develop a mechanism to protect the privacy of users when their location traces are collected.
Program: ANR Blanc International
Project title: Beyond plain Processes: Analysis techniques, Coinduction and Expressiveness
Duration: January 2013 - December 2016
Coordinator: Daniel Hirschkoff, Ecole Normale Supérieure de Lyon
Other PI's and partner institutions: Catuscia Palamidessi, Inria Saclay, Frank Valencia, CNRS-LIX and Inria Saclay (France). Davide Sangiorgi, University of Bologna (Italy). Yuxi Fu, Shanghai Jiao Tong University (China).
Abstract: This project objective is to enrich and adapt these methods, techniques, and tools to much broader forms of interactive models, well beyond the realm of "traditional" processes.
Program: ANR Blanc International
Project title: Logical Approach to Novel Computational Paradigms
Duration: January 2012 - December 2016
URL: http://
Coordinator: Gilles Dowek, Inria Rocquencourt
Other PI's and partner institutions: Catuscia Palamidessi, Inria Saclay. Thomas Erhard, Paris VII. Ying Jiang , Chinese Academy of Science in Beijin (China).
Abstract: This project aims at exploring the interplays between logic and sequential/distributed computation in formalisms like the lambda calculus and the
Program: CNPq Science Without Borders.
Project title: Music and Spatial Interaction with Constraints, Algebra and Logic: Foundations and Applications.
Duration: Oct 2014 - Oct 2016
URL: http://
Coordinator: Elaine Pimentel, Universidade Federal do Rio Grande do Norte (Brazil),
Other PI's and partner institutions: Camilo Rueda, PUJ Cali (Colombia). Carlos Olarte, Universidade Federal do Rio Grande do Norte (Brazil). Frank Valencia, CNRS-LIX and Inria Saclay (France). Gerard Assayag, IRCAM (France).
Abstract: This multi-disciplinary project aims to develop and integrate tools from logic and concurrency theory for the design and analysis of reactive systems and to their application to musical processes and multimedia systems.
Program: Colciencias - Conv. 712.
Project title: Concurrency, Logic and Algebra for Social and Spatial Interactive Computation.
Duration: Oct 2016 - Oct 2019
URL: http://
Coordinator: Camilo Rueda PUJ Cali (Colombia).
Other PI's and partner institutions: Carlos Olarte, Universidade Federal do Rio Grande do Norte (Brazil). Frank Valencia, CNRS-LIX and Inria Saclay (France).
Abstract:This project will advance the state of the art of domains such as mathematical logic, order theory and concurrency for reasoning about spatial and epistemic behaviour in multi-agent systems..
Mario Ferreira Alvim Junior, Assistant Professor, Federal University of Minas Gerais, Brazil, Dec 2016
Annabelle McIver, Associate Professor, Macquarie University, Australia, Dec 2016
Carroll Morgan, Professor, University of New South Wales and NICTA, Australia, Dec 2016
Geoffrey Smith, Professor, Florida International University, USA, Dec 2016
Camilo Rueda, Professor, PUJ Cali, Colombia, May 2016 and Nov 2016.
Camilo Rocha, Professor, PUJ Cali, Colombia, Oct 2016.
Catuscia Palamidessi visited the Computer Security team of Roberto Focardi at the University of Venice, Italy, from 4 April to 30 April, 2016.
Note: In this section we include only the activities of the permanent internal members of Comète.
Catuscia Palamidessi is member of:
The Executive Committee of SIGLOG, the ACM Special Interest Group on Logic and Computation. Since 2014.
The Organizing Committee of LICS, the ACM/IEEE Symposium on Logic in Computer Science. Since 2010.
The Council of EATCS, the European Association for Theoretical Computer Science. Since 2005.
The Steering Committee of ETAPS, the European Joint Conferences on Theory and Practice of Software. Since 2006.
The Steering Committee of EACSL, the European Association for Computer Science Logics. Since 2015.
The Steering Committee of CONCUR, the International Conference in Concurrency Theory. Since 2016.
The Steering Committee of FORTE, the International Conference on Formal Techniques for Distributed Objects, Components, and Systems. Since 2014.
The IFIP Technical Committee 1 – Foundations of Computer Science. Since 2007.
The IFIP Working Group 2.2 – Formal Description of Programming Concepts. Since 2001.
The IFIP Working Group 1.7 – Theoretical Foundations of Security Analysis and Design. Since 2010.
Frank D. Valencia is member of:
The steering committee of the International Workshop in Concurrency EXPRESS. Since 2010.
Catuscia Palamidessi is/has been a member of the program committees of the following conferences and workshops:
ICTAC 2017. The 14th International Colloquium on Theoretical Aspects of Computing. Hanoi, Vietnam, 23-27 October 2017.
TASE 2017. The 11th International Symposium on Theoretical Aspects of Software Engineering. Nice, France, 13-15 September 2017.
CONCUR 2017. The 28th International Conference on Concurrency Theory. Berlin, Germany, 5-8 September 2017.
CSL 2017. The 26th EACSL Annual Conference on Computer Science Logic. Stockholm, Sweden, 20-25 August 2017.
ICSOFT-PT 2017. The 12th International Conference on Software Paradigm Trends. Lisbon, Portugal, 24-26 July 2017.
ICALP 2017 (Track B). The 44th International Colloquium on Automata, Languages, and Programming. Warsaw, Poland, 10–14 July 2017.
FORTE 2017. The 37th IFIP International Conference on Formal Techniques for Distributed Objects, Components, and Systems. Neuchâtel, Switzerland, 19-22 June 2017.
CSR 2017. The 12th International Computer Science Symposium in Russia. Kazan, Russia, 8–12 June 2017.
ICTAC 2016. The 13th International Colloquium on Theoretical Aspects of Computing. Taipei, Taiwan, 24-31 October 2016.
LOPSTR 2016. The 26th International Symposium on Logic-Based Program Synthesis and Transformation, 6-8 September 2016.
CONCUR 2016. The 27th International Conference on Concurrency Theory. Québec City, Canada, 23-26 August 2016.
TASE 2016. The 10th International Symposium on Theoretical Aspects of Software Engineering. Shanghai, China, 17-19 July 2016.
FCS 2016. The Workshop on Foundations of Computer Security. Lisbon, Portugal, 27 June 2016.
MFPS XXXII. The Thirty-second Conference on the Mathematical Foundations of Programming Semantics. Carnegie Mellon University, Pittsburgh, USA, 23-26 May 2016.
PhDs in Logic VIII. Darmstadt, Germany, 9-11 May 2016.
UEOP 2016. The 1st Workshop on Understanding and Enhancing Online Privacy. San Diego, USA, 21 February 2016.
Konstantinos Chatzikokolakis is/has been a member of the program committees of the following conferences and workshops:
ICDE 2017: IEEE International Conference on Data Engineering
CSF 2017: 30th IEEE Computer Security Foundations Symposium
POST 2017: 6th International Conference on Principles of Security and Trust
BIGQP 2017: International Workshop on Big Geo Data Quality and Privacy
PETS 2016: The 16th Privacy Enhancing Technologies Symposium
WWW 2016: 25th World Wide Web conference
APVP 2016: 7ème Atelier sur la Protection de la Vie Privée
Frank D. Valencia is/has been a member of the program committees of the following conferences and workshops:
PPDP 2016. The 18th International Symposium on Principles and Practice of Declarative Programming (PPDP 2016).
ICTAC 2016. The 13th International Colloquium on Theoretical Aspects of Computing (ICTAC 2016).
ICLP DC 2016. 12th ICLP Doctoral Consortium.
The members of the team reviewed several papers for international conferences and workshops.
Catuscia Palamidessi is:
Member of the Editorial Board of Mathematical Structures in Computer Science, published by the Cambridge University Press.
Member of the Editorial Board of Acta Informatica, published by Springer.
Member of the Editorial Board of the Electronic Notes of Theoretical Computer Science, published by Elsevier Science.
Member of the Editorial Board of LIPIcs: Leibniz International Proceedings in Informatics, Schloss Dagstuhl –Leibniz Center for Informatics.
Konstantinos Chatzikokolakis is:
Editorial board member of the newly established Proceedings on Privacy Enhancing Technologies (PoPETs), a scholarly journal for timely research papers on privacy.
The members of the team reviewed several papers for international journals.
Frank D. Valencia has been:
Co-editor of the special issue on Mathematical Structures in Computer Science dedicated to the best papers from the 12th International Colloquium on Theoretical Aspects of Computing.
Catuscia Palamidessi has given invited talks at the following conferences and workshops:
DISCOTEC 2016 (Keynote speaker). The 11th International Federated Conference on Distributed Computing Techniques. Crete, Greece, 6-9 June 2016.
Journée sur la Securité, la Sureté et la Confidentialité. Organized by Paris VII, Paris XIII and Systematic. Paris, France, 10 May 2016.
Catuscia Palamidessi has been serving in the following committees:
Member of the Alonzo Church Award Committee. Since 2015. This award is for an outstanding contribution to Logic and Computation within the past 25 years.
President of the selection committee for the EATCS Best Paper Award at the ETAPS conferences. Since 2006.
Catuscia Palamidessi has served as:
Reviewer for the projects proposal for the program PRIN, sponsored by the Italian MIUR (“Ministero dell'Istruzione, dell'Università e della Ricerca”). Since 2004.
Member of the comité de selection for a position for Maitre de Conferences at l'Université de Paris VII (Paris Diderot). Spring 2016.
Frank Valencia has served as:
Directeur adjoint de l'UMR 7161, le Laboratoire d'Informatique de l'Ecole Polytechnique (LIX). May 2016 - .
PhD : Catuscia Palamidessi has been teaching a course for PhD students, on Protection of sensitive information, at the University of Venice, Italy. April 2016. Total 30 hours.
Master : Frank D. Valencia has been teaching the undergraduate course "Computability", 45 hours, at the Pontificia Universidad Javeriana de Cali, Colombia. July 27 - Nov 1, 2016.
Master : Frank D. Valencia has been teaching the masters course "Foundations of Computer Science", 45 hours, at the Pontificia Universidad Javeriana de Cali, Colombia. Jan 27 - Jun 1, 2016.
Master: Konstantinos Chatzikokolakis and Catuscia Palamidessi have been teaching a course on the Foundations of Privacy at the MPRI, the Master Parisien pour la Recherche en Informatique. University of Paris VII. A.Y. 2016-17. Total: 24 hours plus 6 hours for the exam and the exercise session is preparation to the exam.
PhD in progress (2016-) Tymofii Prokopenko. Ecole Polytechnique and ENS Cachan. Grant Digiteo-Digicosme. Co-supervised by Konstantinos Chatzikokolakis, Catuscia Palamidessi, and Serge Haddad.
PhD in progress (2015-) Joris Lamare. Ecole Polytechnique. Grant MSR Center. Co-supervised by Catuscia Palamidessi and Konstantinos Chatzikokolakis.
PhD in progress (2014-) Michel Guzman. Ecole Polytechnique. Grant Inria CORDI-S. Co-supervised by Catuscia Palamidessi and Frank D. Valencia.
PhD completed (2013-16) Salim Percy. Ecole Polytechnique. Grant Digiteo-Digicosme. Co-supervised by Frank D. Valencia and Stefan Haar.
Catuscia Palamidessi has been reviewer and member of the board at the PhD defense for the thesis of the following PhD student:
Huu-Hiep Nguyen, PhD student supervised by Abdessamad Imine, University of Lorraine, France. November 2016. Title of the thesis: Social Graph Anonymization.
Catuscia Palamidessi is:
External member of the scientific council for the PhD in Computer Science at the University of Pisa, Italy. Since 2012.
Member of the Committee d'Encadrement de Thèse of Jun Wang (PhD student supervised by Qiang Tang and Peter Ryan), University of Luxembourg. Since December 2014.
Member of the advising committee for the PhD of Andrea Margheri (PhD student supervised by Rosario Pugliese), University of Florence, Italy. 2014-16.
Konstantinos Chatzikokolakis and Catuscia Palamidessi have designed, and coordinate, a course on the Foundations of Privacy at the MPRI, the Master Parisien pour la Recherche en Informatique. University of Paris VII. A.Y. 2016-17.