Section: New Results
Privacy
Computer privacy is a domain where the education and information of the general public is paramount. In this perspective, through [44] we have participated to the popularization effort in the area, by exposing a survey of accessible computing tools allowing users to better protect their online privacy.
Formal Privacy Policies and Logical Tools :
One of the obstacles to the improvement of the privacy level in distributed applications is the lack of expressiveness, usability and enforceability of the associated policies. This new research track aims at designing better privacy policies for complex systems, more adapted to the specific needs of personal data protection regulations and easier to enforce in a distributed fashion. Logical languages, in particular, are considered as interesting candidates because of the reasoning capabilities attached to the formalisms, allowing autonomous peers to perform efficient, privacy-aware planning. [18] is a contribution to the modal logics used to model formal norms, focusing on specific deadline-related temporal notions often encountered in privacy policies. In [39] , we propose an ambitious, collaborative research project based on an epistemic view of the privacy laws and regulations, which should lead to the design of several tools, including policy writing assistants and validation software. [24] is a generic work in the domain of formal policies, where we propose a logical model of various concepts of responsibility in an organizational framework featuring obligation delegation. This kind of framework is intended to model the handling of complex policies in real-life human institutions.
Privacy in Social Networking Sites :
Social Networking Sites (SNS), such as Facebook and LinkedIn, have become the established place for keeping contact with old friends and meeting new acquaintances. As a result, a user leaves a big trail of personal information about him and his friends on the SNS, sometimes even without being aware of it. This information can lead to privacy drifts such as damaging his reputation and credibility, security risks (for instance identity theft) and profiling risks. Another research challenge stems from the fact that in the digital world where it is possible to copy the information as often as desired, it is not easy to control how information is disseminated once it is out on the Internet. In an ongoing collaboration [23] with Ai Thanh Ho and Esma Aïmeur (Université de Montréal), we investigate tools that can help user to maintain the sovereignty of their data on the World Wide Web. We also introduce PrivacyMarker, an approach drawing on the concept of provenance and accountability to protect user privacy on SNS. More precisely, it is possible to imagine that by a combination of logs and techniques such as watermarking and traitor-tracing schemes, the dissemination of information can be (at least partially) controlled and that in case of a privacy breach, it is possible to identify which persons are potentially suspect because they have previously accessed this information.
Geo-privacy :
A geolocalised system generally belongs to an individual and as such knowing its location reveals the location of its owner, which is a direct threat against his privacy. To protect the privacy of users, a sanitization process, which adds uncertainty to the data and removes some sensible information, can be performed but at the cost of a decrease of utility due to the quality degradation of the data. In a joint work [16] with Marc-Olivier Killijian and Miguel Nunez del Prado (LAAS-CNRS), we describe GEPETO (for GEoPrivacy-Enhancing TOolkit), a flexible open source software which can be used to visualize, sanitize, perform inference attacks and measure the utility of a particular geolocalised dataset. We also introduce a mobility model that we coin as mobility Markov Chain, which can represent in a compact yet precise way the mobility behaviour of an individual. Finally, we describe an algorithm for learning such a structure from the mobility traces of an individual.
Geosocial networks are relatively new compared to the more “traditional“ (i.e. non-geolocated) social networking sites such as Facebook or LinkedIn that have been around since more than 6 years, but they are currently growing relatively fast along with the widespread development of other geolocated applications and technologies. In a study [29] done in cooperation with Olivier Heen (Technicolor) and Christophe Potin, we provide a comparative analysis of some existing geosocial networks with respect to privacy in order to (1) highlight some of privacy issues that are raised by the fast development of these system and (2) propose recommendations that could be integrated in the design of these systems to enhance the privacy of their users based on this analysis.
Privacy in Distributed Systems :
In a joint work [19] with Anne-Marie Kermarrec and Mohammad Alaggan (team INRIA ASAP), we address the problem of computing the similarity between two users (according to their profiles) while preserving their privacy in a fully decentralized system and for the passive adversary model. First, we introduce a two-party protocol for privately computing a threshold version of the similarity and apply it to well-known similarity measures such as the scalar product and the cosine similarity. The output of this protocol is only one bit of information telling whether or not two users are similar beyond a predetermined threshold. Afterwards, we explore the computation of the exact and threshold similarity within the context of differential privacy, a recent notion developed that provides a strong privacy guarantee that holds independently of the auxiliary knowledge that the adversary might have. More specifically, we design several differentially private variants of the exact and threshold protocols and we also analyze their complexity as well as their impact on the utility of the resulting similarity measure. Finally, we provide experimental results validating the effectiveness of the proposed approach on real datasets.
Other ongoing work tackles the problem of computing an aggregation function in a secure and scalable way in a distributed network [42] (joint work with Rachid Guerraoui, Hamza Harkous, Florian Huc and Anne-Marie Kermarrec).