EN FR
EN FR

2023Activity reportProject-TeamPETRUS

RNSR: 201622250V
  • Research center Inria Saclay Centre
  • In partnership with:Université Versailles Saint-Quentin
  • Team name: PErsonal & TRUSted cloud
  • Domain:Perception, Cognition and Interaction
  • Theme:Data and Knowledge Representation and Processing

Keywords

Computer Science and Digital Science

  • A1.1.8. Security of architectures
  • A1.1.9. Fault tolerant systems
  • A1.3. Distributed Systems
  • A3.1.2. Data management, quering and storage
  • A3.1.3. Distributed data
  • A3.1.5. Control access, privacy
  • A3.1.6. Query optimization
  • A3.1.9. Database
  • A3.1.11. Structured data
  • A4.7. Access control
  • A4.8. Privacy-enhancing technologies

Other Research Topics and Application Domains

  • B2.5.3. Assistance for elderly
  • B6.4. Internet of things
  • B6.6. Embedded systems
  • B9.10. Privacy

1 Team members, visitors, external collaborators

Research Scientists

  • Nicolas Anciaux [Team leader, INRIA, Senior Researcher, until Sep 2023, HDR]
  • Luc Bouganim [Team leader, INRIA, Senior Researcher, from Oct 2023, HDR]
  • Nicolas Anciaux [INRIA, Senior Researcher, from Oct 2023, HDR]
  • Luc Bouganim [INRIA, Senior Researcher, until Sep 2023, HDR]

Faculty Members

  • Philippe Pucheral [UVSQ, Professor, HDR]
  • Iulian Sandu Popa [UVSQ, Associate Professor, HDR]

PhD Students

  • Ludovic Javet [INRIA, until Jun 2023]
  • Xinqing Li [INRIA, from Oct 2023]
  • Julien Mirval [INRIA, from Nov 2023]
  • Julien Mirval [Cozy Cloud, until Oct 2023]
  • Ali Ncibi [INRIA, from Mar 2023]
  • Haoying Zhang [INSA Centre Val de Loire, from Sep 2023]

Technical Staff

  • Robin Carpentier [INRIA, until May 2023]
  • Mariem Habibi [INRIA, Engineer]
  • Ludovic Javet [INRIA, Engineer, from Jul 2023]

Interns and Apprentices

  • Gustavo Jodar Soares [INRIA, Intern, from May 2023 until Aug 2023, engineering student at ENSTA]
  • Matthieu Moussine-Pouchkine [INRIA, Intern, from May 2023 until Aug 2023, engineering student at ENSTA]
  • Ali Ncibi [INRIA, until Feb 2023]

Administrative Assistant

  • Katia Evrat [INRIA]

Visiting Scientists

  • Luis Ibañez-Lissen [UNIV CARLOS III, from Nov 2023, PhD student]
  • José M. de Fuentes [UNIV CARLOS III, from Sep 2023, Associate Professor]

External Collaborator

  • Benjamin Nguyen [INSA Centre Val de Loire, Professor, HDR]

2 Overall objectives

We are witnessing an exponential accumulation of personal data on central servers: data automatically gathered by administrations and companies but also data produced by individuals themselves (e.g., photos, agendas, data produced by smart appliances and quantified-self devices) and deliberately stored in the cloud for convenience. The net effect is, on the one hand, an unprecedented threat on data privacy due to abusive usage and attacks and, on the other hand, difficulties in providing powerful user-centric services (e.g. personal big data) which require crossing data stored today in isolated silos. The Personal Cloud paradigm holds the promise of a Privacy-by-Design storage and computing platform, where each individual can gather her complete digital environment in one place and share it with applications and users, while preserving her control. However, this paradigm leaves the privacy and security issues in user's hands, which leads to a paradox if we consider the weaknesses of individuals' autonomy in terms of computer security, ability and willingness to administer sharing policies. The challenge is however paramount in a society where emerging economic models are all based - directly or indirectly - on exploiting personal data.

While many research works tackle the organization of the user's workspace, the semantic unification of personal information, the personal data analytics problems, the objective of the PETRUS project-team is to tackle the privacy and security challenges from an architectural point of view. More precisely, our objective is to help providing a technical solution to the personal cloud paradox. More precisely, our goals are (i) to propose new architectures (encompassing both software and hardware aspects) and administration models (decentralized access and usage control models, data sharing, data collection and retention models) for secure personal cloud data management, (ii) to propose new secure distributed database indexing models, privacy preserving query processing strategies and data anonymization techniques for the personal cloud, and (iii) study economic, legal and societal issues linked to secure personal cloud adoption.

3 Research program

To tackle the challenge introduced above, we identify three main lines of research:

  • (Axis 1) Personal cloud server architectures and administration models. Based on the intuition that user control, security and privacy are key properties in the definition of trusted personal cloud solutions, our objective is to propose new architectures (encompassing both software and hardware aspects) for secure personal cloud data management. We also focus in this axis on administration models and their enforcement in relation to the architecture of the system, so that the exclusive control of a non expert individual can be ensured.
  • (Axis 2) Global query evaluation. The goal of this line of research is to provide capabilities for crossing data belonging to multiple individuals (e.g., performing statistical queries over personal data, computing queries on social graphs or organizing participatory data collection) in a fully decentralized setting while providing strong and personalized privacy guarantees. This means proposing new secure distributed database indexing models and query processing strategies. In addition, we concentrate on locally ensuring to each participant the good behaviour of the processing, such that no collective results can be produced if privacy conditions are not respected by other participants.
  • (Axis 3) Technical, legal and economical issues linked to PDMS adoption. This research axis is more transverse and entails multidisciplinary research, addressing the links between economic, legal, societal and technological aspects. We are particularly interested in some specific issues related to the design, implementation and deployment of real PDMS solutions.

Our contributions also rely on tools (algorithms, protocols, proofs, etc.) from other communities, namely security (cryptography, secure multiparty computations, differential privacy, etc.) and distributed systems (distributed hash tables, gossip protocols, etc.). Beyond the research actions, we structure our software activity around advanced platforms integrating our main research contributions. These platforms are cornerstones to help validating our research results through accurate performance measurements, a common practice in the DB community, and target the best conferences. It is also a strong vector to federate the team, simplify the bootstrapping of new PhD or master students, conduct multi-disciplinary research and open the way to industrial collaborations and technological transfers. Our main platform is called PlugDB and has reached a high level of maturity. It runs on a microcontroller and is integrated in a real PDMS home box solution deployed in the field for social-medical care. In addition, we are developing a second platform (which is only in the research prototype stage), to provide the user with a PDMS solution that can be hosted on a cloud platform using trusted execution environments (such as Intel SGX) to ensure data privacy and security.

4 Application domains

4.1 Personal cloud, home care, IoT, sensing, surveys

As stated in the software section, the Petrus research strategy aims at materializing its scientific contributions in an advanced hardware/software platform with the expectation to produce a real societal impact. Hence, our software activity is structured around a common Secure Personal Cloud platform rather than several isolated demonstrators. This platform will serve as the foundation to develop a few emblematic applications.

Several privacy-preserving applications can actually be targeted by a Personal Cloud platform, like: (i) smart disclosure applications allowing the individual to recover her personal data from external sources (e.g., bank, online shopping activity, insurance, etc.), integrate them and cross them to perform personal big data tasks (e.g., to improve her budget management) ; (ii) management of personal medical records for care coordination and well-being improvement; (iii) privacy-aware data management for the IoT (e.g., in sensors, quantified-self devices, smart meters); (iv) community-based sensing and community data sharing; (v) privacy-preserving studies (e.g., cohorts, public surveys, privacy-preserving data publishing). Such applications overlap with all the research axes described above but each of them also presents its own specificities. For instance, the smart disclosure applications will focus primarily on sharing models and enforcement, the IoT applications require to look with priority at the embedded data management and sustainability issues, while community-based sensing and privacy-preserving studies demand to study secure and efficient global query processing.

Among these applications domains, one is already receiving a particular attention from our team. Indeed, we gained a strong expertise in the management and protection of healthcare data through our past DMSP (Dossier Medico-Social Partagé) experiment in the field. This expertise is being exploited to develop a dedicated healthcare and well-being personal cloud platform. We are currently deploying 10000 boxes equipped with PlugDB in the context of the DomYcile project. In this context, we are currently setting up an Inria Innovation Lab with the Hippocad company to industrialize this platform and deploy it at large scale (see Section the bilateral contract OwnCare II-Lab).

5 New software, platforms, open data

5.1 New software

5.1.1 PlugDB

  • Keywords:
    Databases, Personal information, Privacy, Hardware and Software Platform
  • Functional Description:

    PlugDB is a complete platform dedicated to a secure and ubiquitous management of personal data. It aims at providing an alternative to a systematic centralization of personal data. The PlugDB engine is a personal database server capable of storing data (tuples and documents) in tables and BLOBs, indexing them, querying them in SQL, sharing them through assertional access control policies and enforcing transactional properties (atomicity, integrity, durability).

    The prototype version of PlugDB engine is embedded in a tamper-resistant hardware device combining the security of smartcard with the storage capacity of NAND Flash. The personal database is hosted encrypted in NAND Flash and the PlugDB engine code runs in the tamper-resistant device. Complementary modules allow to pre-compile SQL queries for the applications, communicate with the DBMS from a remote Java program, synchronize local data with remote servers (typically used for recovering the database in the case of a broken or lost devices) and participate in distributed computation (e.g., global queries). Then, PlugDB was extended to run both on secure devices provided by Gemalto and on specific secure devices designed by PETRUS and assembled by electronic SMEs. Mastering the hardware platform opens up new research and experiment opportunities (e.g., support for wireless communication, secure authentication, sensing capabilities, battery powered ...).

    PlugDB engine has been registered first at APP (Agence de Protection des Programmes) in 2009 - a new version being registered every two years - and the hardware datasheets in 2015. PlugDB has been experimented in the field, notably in the healthcare domain. PlugDB was used in an educational platform that we set up : SIPD (Système d’Information Privacy- by-Design). SIPD was used at ENSIIE, INSA CVL and UVSQ through the Versailles Sciences Lab fablab, to raise students awareness of privacy protection problems and embedded programming.

    PlugDB combines several research contributions from the team, at the crossroads of flash data management, embedded data processing and secure distributed computations. It then strongly federates all members of our team (permanent members, PhD students and engineers). It is also a vector of visibility, technological transfer and dissemination and gives us the opportunity to collaborate with researchers from other disciplines around a concrete privacy-enhancing platform.

    PlugDB is currently industrialized in the context of the OwnCare Inria Innovation Lab (II-Lab). In OwnCare, PlugDB acts as a secure personal cloud to manage medical/social data for people receiving care at home. It is currently being deployed over 10.000 patient in the Yvelines district. The industrialization process covers the development of a complete testing environment, the writing of a detailed documentation and the development of additional features (e.g., embedded ODBC driver, TPM support, flexible access control model and embedded code upgrade notably). It has also required the design of a new hardware platform equipped with a battery power supply, introducing new energy consumption issues for the embedded software.

  • URL:
  • Authors:
    Nicolas Anciaux, Luc Bouganim, Philippe Pucheral, Aydogan Ersoz, Laurent Schneider, Ludovic Javet
  • Contact:
    Nicolas Anciaux

5.2 New platforms

Participants: Nicolas Anciaux, Luc Bouganim, Iulian Sandu Popa [correspondent].

Personal Data Management Systems (PDMS) arrive at a rapid pace boosted by smart disclosure initiatives and new regulations such as GDPR. However, our survey 1 indicates that the existing PDMS solutions cover partially the PDMS data life-cycle and, more importantly, focus on specific privacy threats depending on the employed architecture. To address this issue, we proposed in 1 a logical reference architecture for an extensive (i.e., covering all the major functionalities) and secure (i.e., circumventing all the threats specific to the PDMS context) PDMS. We also discussed several possible physical instances fo the architecture and showed that TEEs (Trusted Execution Environments) are a prime option for building a trustworthy PDMS platform 2.

Hence, based on our previous studies, we have developed a first prototype of an extensive and secure PDMS (ES-PDMS) platform using the state-of-the-art TEE technology available today, i.e., Intel Software Guard eXtension (SGX). The originality of our approach is to achieve extensibility through a set of isolated data-oriented tasks potentially untrusted by the PDMS owner, running alongside a trusted module which controls the complete workflow and limits data leakage. Our ES-PDMS software stack can be deployed on any SGX-enabled machine (i.e., any relatively recent computer having an Intel CPU). This prototype was presented in a demonstration paper 6 focusing on security properties of the platform with the help of several concrete scenarios and interactive games.

Xinqing Li's PhD thesis, which started in Oct 2023, takes up some of the plateforms's elements and adapts them to the context of a cloud database service (going beyond that of PDMS) with code extensions potentially vulnerable to certain attacks.

6 New results

6.1 A new PET for Data Collection via Forms with Data Minimization, Full Accuracy and Informed Consent (Axis 1)

Participants: Nicolas Anciaux [correspondent], Benjamin Nguyen.

Data minimization is a privacy principle of the GDPR, which states that the collection of personal data must be minimized according to the purpose of the intended processing. We have proposed a "privacy-enhancing technology" (PET) for the collection of personal data, specifically targeting public sectors such as social services, where forms are filled in by applicants to apply for certain benefits. Our approach, based on classical logic and game theory, aims to minimize data collection while ensuring that users make informed choices and obtain all due benefits. It offers a practical solution for preserving privacy without compromising service accuracy. We also demonstrated the implementation of our data minimization model in two real-life scenarios concerning French social benefits. This work resulted in an article in EDBT'24 3 and was demonstrated at CSS'23 13. This work was done in collaboration with Sabine Frittella (INSA-VDL) and Guillaume Scerri (ENS Paris Saclay).

6.2 Decentralized and Reliable Secure Aggregation Protocols (Axis 2)

Participants: Luc Bouganim, Julien Mirval, Iulian Sandu Popa [correspondent].

The development and adoption of personal data management systems (PDMS) has been fueled by legal and technical means such as smart disclosure, data portability and data altruism. By using a PDMS, individuals can effortlessly gather and share data, generated directly by their devices or as a result of their interactions with companies or institutions. In this context, federated learning appears to be a very promising technology, but it requires secure, reliable, and scalable aggregation protocols to preserve user privacy and account for potential PDMS dropouts. Despite recent significant progress in secure aggregation for federated learning, we still lack a solution suitable for the fully decentralized PDMS context. In this work, we proposed a family of fully decentralized protocols that are scalable and reliable with respect to dropouts. We focused in particular on the reliability property which is key in a peer-to-peer system wherein aggregators are system nodes and are subject to dropouts in the same way as contributor nodes. We showed that in a decentralized setting, reliability raises a tension between the potential completeness of the result and the aggregation cost. We proposed a set of strategies that deal with dropouts and offer different trade-offs between completeness and cost. We extensively evaluated the proposed protocols and showed that they cover the design space allowing to favor completeness or cost in all settings. This work was published in SSDBM 17. We also built a demonstration platform to illustrate these results within the open-source Cozy Cloud PDMS product. This demonstration was published in COOPIS 18 and highlights both the utility aspect of collective computations and the main features of the aggregation protocol.

6.3 Edgelet Computing: Opportunistic Queries on Secure Edges (Axis 3)

Participants: Nicolas Anciaux, Luc Bouganim, Ludovic Javet [correspondent], Philippe Pucheral.

This work explores the distributed use of PDMSs in an Opportunistic Network context, where messages are transferred from one device to another without the need for any infrastructure. The objective is to enable the implementation of complex processing crossing data from thousands of individuals, while guaranteeing the security and fault tolerance of the executions. The proposed approach leverages the Trusted Execution Environments to define a new computing paradigm, entitled Edgelet computing, that satisfies both validity, resiliency and privacy properties. Contributions include: (1) security mechanisms to protect executions from malicious attacks seeking to plunder personal data, (2) resiliency strategies to tolerate failures and message losses induced by the fully decentralized environment, (3) extensive validations and practical demonstrations of the proposed methods. In 2023, we have demonstrated a prototype in PERCOM’23 16 which highlights the pertinence of the approach through a real medical use-case. We then extend the applicability of the solution beyond the OppNet context, by considering TEE-enabled devices communicating through various forms of degraded channels. The demonstration published at EDBT'23 15 showed the pertinence of the approach through execution scenarios integrating heterogeneous secure personal devices. This work is part of Ludovic Javet's PhD 22.

6.4 Incubation of a Petrus spin-off

Participants: Nicolas Anciaux, Benjamin Nguyen.

Since July 2023, a PETRUS spin-off has been incubating around the development of privacy-enhancing technologies (PETs). This project aims to model and implement solutions to protect personal data in different contexts such as: information exchange for remote workers, anonymous reporting of school bullying or minimizing the collection of personal data in applications. Drawing inspiration from regulations such as the RGPD and societal issues, the aim is to reconcile privacy protection and legitimate uses in an ever-changing digital environment, with a focus on the secure design, optimization and effective deployment of PETs, while ensuring their explicability and practical applicability.

7 Bilateral contracts and grants with industry

7.1 Bilateral contracts with industry

OwnCare-2 IILab (Jan 2022 - Dec 2025)

- Partners: PETRUS, Hippocad

Participants: Nicolas Anciaux, Luc Bouganim, Ludovic Javet, Philippe Pucheral [correspondent], Laurent Schneider.

The OwnCare IILab – Inria Innovation Lab - (Jan 2018-Dec 2021) aimed at conceiving a secured personal medical folder facilitating the organization of medical and social care provided at home to elderly people and at deploying it in the field. This IILab has been built in partnership with the Hippocad company which won, in association with Inria and UVSQ, a public call for tender launched by the Yvelines district to deploy this medical folder on the whole distinct (10.000 patients). This solution, named DomYcile in the Yvelines district, is based on a home box combining the PlugDB hardware/software technology developed by the Petrus team (to manage and secure the medical folder) and additional technology developed by Hippocad. The primary result of the OwnCare IILab has been to build a concrete industrial solution based on PlugDB and deploy it so far among 3000 patients in the Yvelines district, despite the Covid pandemia. In 2022, Hippocad has become a subsidiary of the La Poste group opening new opportunities in terms of deployment. Hence, Inria, UVSQ and Hippocad have launched a follow up of the OwnCare IILab for the period Jan 2022-Dec 2025. The goal of the OwnCare2 IILab is (1) to integrate our solution in the MaSanté 2022 national roadmap by making it interoperable with external services (without hurting the security provided by the box), (2) to handle, in a privacy-preserving way, new usages like actimetrics, teleassistance and global statistics based on IoT techniques, machine learning and decentralized computations and (3) try to deploy it at the national/international level. In 2023, a new district (Hauts de Seine) has decided to deploy the DomYcile solution on its own territory, leading to an extended partnership. The beginning of this second deployment is planned in the course of 2024.

7.2 Bilateral grants with industry

Cozy Cloud CIFRE - Mirval contract (Nov 2020 - Oct 2023)

- Partners: Cozy Cloud, PETRUS

Participants: Luc Bouganim, Julien Mirval [correspondent], Iulian Sandu Popa.

A third CIFRE PhD thesis has been concluded between Cozy Cloud and Julien Mirval from PETRUS. Cozy Cloud is a French startup providing a personal Cloud platform. The Cozy product is a software stack that anyone can deploy to run his personal server in order to host his personal data and web services. The objective of this thesis is to propose appropriate solutions to effectively train an AI model (e.g., a deep neural network) in a fully distributed system while providing strong security guarantees to the participating nodes. The results, in the form of protocols and distributed and secure execution algorithms,were applied to practical cases provided by the Cozy Cloud company (see 18).

8 Partnerships and cooperations

8.1 International research visitors

8.1.1 Visits of international scientists

Other international visits to the team
José M. de Fuentes:
  • Status
    Associate Professor
  • Institution of origin:
    Carlos III University of Madrid (UC3M)
  • Country:
    Spain
  • Dates:
    from 1 Sept. 2023 to 31 Aug. 2024
  • Context of the visit:
    The aim of Prof. José M. de Fuentes' stay in the Petrus project-team is to combine our respective expertise to propose new protection mechanisms that are adapted to today's real-world personal data clouds. Two lines of collaborative research are being investigated: (1) the combination of database techniques (such as matrix profile) and artificial intelligence for authenticating data sources, and (2) privacy protection techniques for sharing and exploiting personal data in specific contexts such as home surveillance and remote working. The one-year research stay is fully covered by a UC3M grant.
  • Mobility program/type of mobility:
    Research stay
Luis Ibañez-Lissen:
  • Status
    PhD student
  • Institution of origin:
    Carlos III University of Madrid (UC3M)
  • Country:
    Spain
  • Dates:
    from 3 Nov. 2023 to 20 Dec. 2023
  • Context of the visit:
    Luis Ibañez-Lissen is a PhD student directed by Prof. José M. de Fuentes. He joins the PETRUS project-team to work on a collaboration between Petrus and UC3M on a privacy preserving combination of database techniques (like the matrix profile) and Artificial Intelligence for authenticating data sources. This stay is thus framed within the project DEPROFAKE-CM-UC3M led by Prof. José M. de Fuentes.
  • Mobility program/type of mobility:
    Research stay

8.2 National initiatives

8.2.1 iPoP, interdisciplinary Project on Privacy, PEPR Cybersécurité (July 2022 - June 2028)

Partners: Inria, CNRS, EDHEC, INSA CVL, INSA Lyon, UGA, Université de Lille, Université Rennes 1, UVSQ, CNIL

Digital technologies provide services that can greatly increase quality of life (e.g. connected e-health devices, location based services or personal assistants). However, these services can also raise major privacy risks, as they involve personal data, or even sensitive data. Indeed, this notion of personal data is the cornerstone of French and European regulations, since processing such data triggers a series of obligations that the data controller must abide by. This raises many multidisciplinary issues, as the challenges are not only technological, but also societal, judiciary, economic, political and ethical. The objectives of this project are thus to study the threats on privacy that have been introduced by these new services, and to conceive theoretical and technical privacy-preserving solutions that are compatible with French and European regulations, that preserve the quality of experience of the users. These solutions will be deployed and assessed, both on the technological and legal sides, and on their societal acceptability. In order to achieve these objectives, we adopt an interdisciplinary approach, bringing together many diverse fields: computer science, technology, engineering, social sciences, economy and law.

The project’s scientific program focuses on new forms of personal information collection, on the learning of Artificial Intelligence (AI) models that preserve the confidentiality of personal information used, on data anonymization techniques, on securing personal data management systems, on differential privacy, on personal data legal protection and compliance, and all the associated societal and ethical considerations. This unifying interdisciplinary research program brings together internationally recognized research teams (from universities, engineering schools and institutions) working on privacy, and the French Data Protection Authority (CNIL).

8.2.2 YPPOG, Youth Privacy Protection in Online Gaming, DATAIA project (Sept. 2021 - Sept. 2024)

Partners: CERDI (Université Paris Saclay), LITEM (IMT-BS), PETRUS (Inria-UVSQ).

Despite its somewhat seemingly light nature, Youth Privacy Protection in Online Gaming is a very important topic in the field of Privacy. Indeed, 94% of minor children (under 18 years old) play video games, and 60% of the 10-17 year olds play online. While 68% of parent declare “to feel concerned” by the games their children play online, 12% actively monitor their children’s activities. This topic leads to several multidisciplinary questions, which are studied in the context of the YPPOG project, which groups researcher in Law (CERDI), Economics (LITEM) and Computer Science (PETRUS). First of all, consent: what does it mean for (or how can) a minor to consent ? How can the GDPR be enforced online ? Do technical solutions exist, and are they sufficient. Secondly, data processing of minor’s data: how is the data collected, what are the purposes ? Can we accompany the stakeholders of the online gaming field to help them to apply the GDPR ? The french regulator (the CNIL) is very interested in the topic, and is monitoring the advance of our project.

As stated above, our approach is multi-disciplinary, mixing computer science, to propose privacy preserving algorithms and infrastructures to manage youth online data, economy in order to understand the constraints of the gaming industry and how to take them into account when it comes to legal aspects, and finally law in order to propose procedures to help the companies move to legally compliant processes.

One example of a technical prototype, developed by PETRUS in 2022 (see the git repository) is a wrapper for the publicly available data of one of the most played games online, League of Legends (LoL). In 2023, we have extended our wrappers to many different games and gaming platforms (Fortnite, Riot, Steam, ...) and are in the process of recruiting participants for a field study to see if it is possible to train AI algorithms to detect, based on this open data, if a player is under or over 18.

9 Dissemination

9.1 Promoting scientific activities

9.1.1 Scientific events: selection

Member of the conference program committees
  • Nicolas Anciaux: BDA'23, EDBT'24
  • Iulian Sandu Popa: SSDBM’23, DATA’23, IEEE BigData'23, IEEE Mobile Cloud’23, BDA'23 (Demo).

9.1.2 Journal

Member of the editorial boards

9.1.3 Invited talks

  • Nicolas Anciaux: "Third-party computations on trustworthy personal data management systems", Journées Nationales 2023 du GDR Sécurité Informatique, privacy working group (GT PVP), Campus Cyber de La Défense, June 2023.
  • Iulian Sandu Popa: invited tutoriel at RESSI'23 (Rendez-vous de la Recherche et de l’Enseignement de la Sécurité des Systèmes d’Information). Neuvy-sur-Barangeon, France, 2023.

9.1.4 Scientific expertise

  • Nicolas Anciaux: member of the jury of the 8th edition of CNIL-Inria Privacy Award 2023.
  • Luc Bouganim: Member of the selection committee (COS) for the position of professor - ENSEA Cergy.
  • Luc Bouganim: Evaluator for the program : STIC, MATH & CLIMAT AMSUD
  • Philippe Pucheral: Member of the selection committee (COS) for the position of professor - ENSEA Cergy.

9.1.5 Research administration

  • Nicolas Anciaux: deputy scientific director (DSA) at Inria Saclay research center.
  • Nicolas Anciaux: member of Inria Commission d'Evaluation.
  • Nicolas Anciaux: Inria representative at U. Paris-Saclay as member of the "Comité de Direction Recherche et Valorisation" (CoDiReV) and the Conseil Académique Commission Recherche (CR du CAC).
  • Nicolas Anciaux: Member of the Bureau of David lab at UVSQ.
  • Iulian Sandu Popa: Member of the Technological Development Commission (CDT) at Inria de Saclay (ADT funding and SED engineer requests).
  • Iulian Sandu Popa: Member of the ATER committee at UVSQ.
  • Iulian Sandu Popa: Member of the Bureau of David lab at UVSQ.
  • Luc Bouganim: PhD thesis referent for the Doctoral School of University Paris-Saclay
  • Luc Bouganim: Member of the Scientific Commission (CS) of Inria Saclay-IDF (Cordi-S,Post-Doc, Delegation) - up to September 2023.
  • Philippe Pucheral: Member of the Scientific Commission (CS) of the ISN Graduate School of Paris-Saclay University.

9.2 Teaching - Supervision - Juries

9.2.1 Teaching

  • Philippe Pucheral: head of the M1 and M2 DataScale master program at University Paris-Saclay.
  • Master: Iulian Sandu Popa, Bases de données relationnelles (niveau M1), Gestion des données spatiotemporelles (niveau M2), Sécurité des bases de données (niveau M2), 96, UVSQ, France. Philippe Pucheral, courses in M1 and M2 in databases and in security, introductory courses for jurists,UVSQ, France.
  • Licence: Iulian Sandu Popa, Bases de données (niveau L2), 96, UVSQ, France.
  • Engineers school: Nicolas Anciaux, Databases (ENSTA, module IN206, M1), 32, and Advanced databases (ENSTA, module ASI13, level M2), 32. Luc Bouganim, Bases de données relationnelles (ENSTA, module IN207, M1), 32.
  • MOOC: Défis technologiques des villes intelligentes participatives. Co-Auteurs: Nicolas Anciaux, Stéphane Grumbach, Valérie Issarny, Nathalie Mitton, Christine Morin, Animesh Pathak et Hervé Rivano. Sessions sur la plateforme FUN en 2022. In 2023, the Mooc was extended by 1 year due (at least in part) to the forum's interest in the TIPE 2022-2023, which focused on the Mooc's theme. The Mooc will go into "archived open for registration" mode from April 2024. To date, the Mooc has 21320 registered users, with a total of 2041 badges and certificates of achievement issued since April 2019.

9.2.2 Supervision

  • Defended PhD (July 19, 2023), Ludovic Javet, Requêtes distribuées respectueuses de la vie privée dans un environnement partiellement connecté, Luc Bouganim, Nicolas Anciaux and Philippe Pucheral.
  • PhD in progress: Julien Mirval, DISSEC-ML : DIStributed and SECure Machine Learning on Personal Clouds, CozyCloud, since November 2020, Luc Bouganim and Iulian Sandu Popa.
  • PhD in progress: Ali Ncibi, Secure machine Learning on IOT traces for daily activity discovery, Inria, since March 2023, Luc Bouganim and Philippe Pucheral.
  • PhD in progress: Xinqing Li, Securing Algorithms for Classification and Machine Learning on Personal Data using Trusted Execution Environments, Inria, since October 2023, Nicolas Anciaux and Iulian Sandu Popa.
  • PhD in progress: Haoying Zhang, Privacy-Enhancing Technologies for telework data sharing: an approach based on informed user consent, INSA-CVL, since Sept 2023, Nicolas Anciaux and Benjamin Nguyen.

9.2.3 Juries

  • Nicolas Anciaux: reviewer of the HDR (habilitation to supervise research) defended by Omar Hasan (Insa Lyon), June 2023.
  • Philippe Pucheral: president of the PhD jury of Damien Wojtowicz (U. Toulouse III), April 2023.
  • Philippe Pucheral: president of the PhD jury of Nathanael Denis (Télécom SUdParis), October 2023.

9.3 Popularization

9.3.1 Articles and contents

  • Nicolas Anciaux, Luc Bouganim : Extensive and Secure Personal Data Management Systems. ERCIM News (Apr 20, 2023)

9.3.2 Interventions

  • "Data protection and privacy" Conference, by Nicolas Anciaux, "European Heritage Days", Inria Rocquencourt, 16 Sept 2023, Journées Européennes du Patrimoine.
  • "Research on Privacy-Enhencing Technologies", by Nicolas Anciaux, CHICHE! program, 1 Scientifique 1 classe, with about fifty high school students from second-year classes, 2 June 2023.

10 Scientific production

10.1 Major publications

  • 1 articleN.Nicolas Anciaux, P.Philippe Bonnet, L.Luc Bouganim, B.Benjamin Nguyen, P.Philippe Pucheral, I.Iulian Sandu-Popa and G.Guillaume Scerri. Personal Data Management Systems: The security and functionality standpoint.Information Systems802019, 13-35HALDOIback to textback to text
  • 2 articleN.Nicolas Anciaux, L.Luc Bouganim, P.Philippe Pucheral, I. S.Iulian Sandu Popa and G.Guillaume Scerri. Personal Database Security and Trusted Execution Environments: A Tutorial at the Crossroads.Proceedings of the VLDB Endowment (PVLDB)August 2019HALDOIback to text
  • 3 inproceedingsN.Nicolas Anciaux, S.Sabine Frittella, B.Baptiste Joffroy, B.Benjamin Nguyen and G.Guillaume Scerri. A new PET for Data Collection via Forms with Data Minimization, Full Accuracy and Informed Consent.EDBT27th International Conference on Extending Database Technology, EDBT 2024Paestum, ItalyMarch 2024HALback to text
  • 4 articleL.Luc Bouganim, J.Julien Loudet and I.Iulian Sandu Popa. Highly distributed and privacy-preserving queries on personal data management systems.The VLDB Journal322March 2023, 415-445HALDOI
  • 5 articleM.Mariem Brahem, N.Nicolas Anciaux, V.Vaĺerie Issarny and G.Guillaume Scerri. Consent-driven Data Reuse in Multi-tasking Crowdsensing Systems: A Privacy-by-Design Solution.Pervasive and Mobile Computing832022HALDOI
  • 6 inproceedingsR.Robin Carpentier, F.Floris Thiant, I.Iulian Sandu Popa, N.Nicolas Anciaux and L.Luc Bouganim. An Extensive and Secure Personal Data Management System Using SGX.EDBT 2022 - 25th International Conference on Extending Database TechnologyEdinburgh / Virtual, United KingdomMarch 2022HALback to text
  • 7 inproceedingsL.Ludovic Javet, N.Nicolas Anciaux, L.Luc Bouganim and P.Philippe Pucheral. Edgelet Computing: Pushing Query Processing and Liability at the Extreme Edge of the Network.CCGrid 2022Taormina, ItalyMay 2022HAL
  • 8 inproceedingsR.Riad Ladjel, N.Nicolas Anciaux, P.Philippe Pucheral and G.Guillaume Scerri. Trustworthy Distributed Computations on Personal Data Using Trusted Execution Environments.TrustCom 2019 - The 18th IEEE International Conference on Trust, Security and Privacy in Computing and Communications / BigDataSE 2019 - 13th IEEE International Conference on Big Data Science and EngineeringRotorua, New ZealandAugust 2019HALDOI
  • 9 inproceedingsJ.Julien Loudet, I.Iulian Sandu-Popa and L.Luc Bouganim. SEP2P: Secure and Efficient P2P Personal Data Processing.EDBT 2019 - 22nd International Conference on Extending Database TechnologyLisbon, PortugalMarch 2019HAL
  • 10 articleI.Iulian Sandu Popa, D. H.Dai Hai Ton That, K.Karine Zeitouni and C.Cristian Borcea. Mobile participatory sensing with strong privacy guarantees using secure probes.Geoinformatica253July 2021, 533-580HALDOI

10.2 Publications of the year

International journals

Invited conferences

  • 12 inproceedingsA.Antoine Boutet and I.Iulian Sandu Popa. Tutorial: Trusted Execution Environments and Intel SGX - a few basic notions and usages.RESSI 2023 - Rendez-vous de la Recherche et de l'Enseignement de la Sécurité des Systèmes d'InformationNeuvy-sur-Barangeon, France2023HAL

International peer-reviewed conferences

National peer-reviewed Conferences

  • 19 inproceedingsJ.Julien Mirval, L.Luc Bouganim and I.Iulian Sandu Popa. Federated Learning on Personal Data Management Systems: Decentralized and Reliable Secure Aggregation Protocols.BDA 2023 - 39ème Conférence sur la Gestion de Données – Principes, Technologies et ApplicationsMontpellier, FranceOctober 2023, 1-12HAL

Conferences without proceedings

Scientific book chapters

Doctoral dissertations and habilitation theses

  • 22 thesisL.Ludovic Javet. Privacy-preserving distributed queries compatible with opportunistic networks.Université Paris-SaclayJuly 2023HALback to text