Nicolas Anciaux

National Institute for Research in Computer Science and Control | INRIA · PETRUS - PErsonal and TRUSted Cloud

Mobile crowdsensing allows gathering massive data across time and space to feed our environmental knowledge, and to link such knowledge to user behavior. However, a major challenge facing mobile crowdsensing is to guarantee privacy preservation to the contributing users. Privacy preservation in crowdsensing systems has led to two main approaches, s...

Imagine a group of citizens willing to collectively contribute their personal data for the common good to produce socially useful information, resulting from data analytics or machine learning computations. Sharing raw personal data with a centralized server performing the computation could raise concerns about privacy and a perceived risk of mass...

The place of individuals and the control of their data have emerged as central issues in the European data protection regulation. The 'empowerment' of the individual has notably resulted in the recognition of a new prerogative for the individual: the right to the portability of personal data. The corollary of this new right is the design and deploy...

Smart disclosure initiatives and new regulations such as GDPR allow individuals to get the control back on their data by gathering their entire digital life in a Personal Data Management Systems (PDMS). Multiple PDMS architectures exist and differ on their ability to preserve data privacy and to perform collective computations crossing data of mult...

Smart disclosure initiatives and new regulations such as GDPR in the EU increase the interest for Personal Data Management Systems (PDMS) being provided to individuals to preserve their entire digital life. Consequently, the thorny issue of data security becomes more and more prominent, but highly differs from traditional privacy issues in outsourc...

Riding the wave of smart disclosure initiatives and new privacy-protection regulations, the Personal Cloud paradigm is emerging through a myriad of solutions offered to users to let them gather and manage their whole digital life. On the bright side, this opens the way to novel value-added services when crossing multiple sources of data of a given...

Pushed by recent legislation and smart disclosure initiatives, the Personal Cloud emerges and holds the promise of giving the control back to the individual on her data. However, this shift leaves the privacy and security issues in user’s hands, a role that few people can properly endorse. This demonstration illustrates a new sharing paradigm, call...

The Personal Cloud paradigm has emerged as a solution that allows individuals to manage under their control the collection, usage and sharing of their data. However, by regaining the full control over their data, the users also inherit the burden of protecting it against all forms of attacks and abusive usages. The Secure Personal Cloud architectur...

Pushed by recent legislation and smart disclosure initiatives, personal cloud solutions emerge and hold the promise of giving the control back to the individual on her data. However, this shift leaves the privacy and security issues in user’s hands, a role that few people can properly endorse. Considering the inadequacy of existing sharing models,...

There are currently more than half a million diabetes cases in Cameroon and the deaths caused by diabetes complications will double before 2030. Diabetes complications mostly occur due to a bad follow-up of patients. In this paper, we propose a new IT architecture for diabetes follow-up and introduce the bases of a new distributed computation proto...

The emerging Personal Could paradigm holds the promise of a Privacy-by-Design storage and computing platform where personal data remain under the individual's control while being shared by valuable applications. However, leaving the data management control to user's hands pushes the security issues to the user's platform. This demonstration present...

This paper presents a new embedded search engine designed for smart objects. Such devices are generally equipped with extremely low RAM and large Flash storage capacity. To tackle these conflicting hardware constraints, conventional search engines privilege either insertion or query scalability but cannot meet both requirements at the same time. Mo...

Administrative services such social care, tax reduction, and many others using complex decision processes, request individuals to provide large amounts of private data items, in order to calibrate their proposal to the specific situation of the applicant. This data is subsequently processed and stored by the organization. However, all the requested...

En très peu de temps, nous sommes entrés dans une ère de génération massive des données personnelles créées par les individus, leurs équipements digitaux ou mises à disposition par certaines organisations. L’ensemble de ces données constitue la vie numérique de l’individu, décrivant ses déplacements, sa consommation, ses relations, son état médical...

According to a wide range of studies, IT should become a key facilitator in establishing primary education, reducing mortality and supporting commercial initiatives in Least Developed Countries (LDCs). The main barrier to the development of IT services in these regions is not only the lack of communication facilities, but also the lack of consisten...

Mass-storage secure portable tokens are emerging and provide a real breakthrough in the management of sensitive data. They can embed personal data and/or metadata referencing documents stored encrypted in the Cloud and can manage them under holder’s control. Mass on-board storage requires efficient embedded database techniques. These techniques are...

According to a wide range of studies, IT should become a key facilitator in establishing primary education, reducing mortality and supporting commercial initiatives in Least Developed Countries (LDCs). The main barrier to the development of IT services in these regions is not only the lack of communication facilities, but also the lack of consisten...

International seminar organized by the "Institut des sciences de la communication" CNRS with the participation of the "Groupe de réflexion avec les associations de malades" (GRAM Inserm)

Les formulaires d'application sont souvent util ises pour collecter des donnees personnelles sur les postulants, et par la suite po ur ajuster ces services a leur situation specifique. L'ensemble de ces donnees doit etre red uit a son strict minimum en vue du traitement ulterieur. Actuellement, il n'existe auc une technique permettant cette minimis...

Crowdsourcing refers to a distributed problemsolving model in which a crowd of undefined size is engaged in the task of solving a complex problem through an open call. This novel problem-solving model found its way into numerous applications on the web ...

Online services such as social care, tax services, bank loans and many others, request individuals to fill in application forms with hundreds of private data items, in order to calibrate their offer. In practice, far too much data is requested, leading to over data disclosure. As shown in our previous works, avoiding this problem would (1) improve...

How do you keep a secret about your personal life in an age where your daughter’s glasses record and share everything she senses, your wallet records and shares your financial transactions, and your set-top box records and shares your family’s energy consumption? Your personal data has become a prime asset for many companies around the Internet, bu...

During the last decade, many countries launched ambitious Electronic Health Record (EHR) programs with the objective to increase the quality of care while decreasing its cost. Pervasive healthcare aims itself at making healthcare information securely available anywhere and anytime, even in disconnected environments (e.g., at patient home). Current...

Application forms are often used by companies and administrations to collect personal data about applicants and tailor services to their specific situation. For example, taxes rates, social care, or personal loans, are usually calibrated based on a set of personal data collected through application forms. In the eyes of privacy laws and directives,...

Personal information about applicants is often requested by service providers to be used as an input of a classification process establishing the specific situation of each applicant. This is a prerequisite for the service provider to make an appropriate offer to the applicant. For example, the rate and duration of personal loans are usually adapte...

During the past decade, many countries launched ambitious Electronic Health Record (EHR) programs with the objective to increase the quality of care while decreasing its cost. Pervasive healthcare aims itself at making healthcare information securely available anywhere and anytime, even in disconnected environments (e.g., at patient home). Current...

An increasing amount of personal data is automatically gathered and stored on servers by administrations, hospitals, insurance companies, etc. Citizen themselves often count on internet companies to store their data and make them reliable and highly available through the internet. However, these benefits must be weighed against privacy risks incurr...

An increasing amount of personal data is automatically gathered and stored on servers by administrations, hospitals, insurance companies, etc. Citizen themselves often count on internet companies to store their data and make them reliable and highly available through the internet. However, these benefits must be weighed against privacy risks incurr...

An increasing amount of personal data is automatically gathered on servers by administrations, hospitals and private companies while several security surveys highlight the failure of database servers to keep confidential data really private. The advent of powerful secure tokens, combining the security of smart card microcontrollers with the storage...

An increasing amount of personal data is automatically gathered and stored on servers by administrations, hospitals, insurance companies, etc. Citizen themselves often count on internet companies to store their data and make them reliable and highly available through the internet. However, these benefits must be weighed against privacy risks incurr...

During the past decade, many countries launched ambitious Electronic Health Record (EHR) programs with the objective to increase the quality of care while decreasing its cost. Pervasive healthcare aims itself at making healthcare information securely available anywhere and anytime, even in disconnected environments (e.g., at patient home). Current...

During the past decade, many countries launched ambitious Electronic Health Record (EHR) programs with the objective to increase the quality of care while decreasing its cost. Pervasive healthcare aims itself at making healthcare information securely available anywhere and anytime, even in disconnected environments (e.g., at patient home). Current...

Personal data is a valuable asset for service providers. To collect such data, free services are offered to users, for whom the risk of loosing privacy by subscribing to a service is often not clear. Although the services are free in terms of money, the user does not know how much he or she actually pays for a given service when allowing his or her...

Private data sometimes must be made public. A corporation may keep its customer sales data secret, but reveals totals by sector for marketing reasons. A hospital keeps individual patient data secret, but might reveal outcome information about the treatment of particular illnesses over time to support epidemiological studies. In these and many other...

During the last decade, many countries launched ambitious Electronic Health Record (EHR) programs with the objective to increase the quality of care while decreasing its cost. Pervasive healthcare aims itself at making healthcare information securely available anywhere and anytime, even in disconnected environments (e.g., at patient home). Current...

This chapter advocates the convergence between Access Control (AC) models, focusing on the granularity of sharing, and Digital Right Management (DRM) models focusing on conditional authorizations and obligations. The convergence is also expected in terms of control enforcement considering that both AC and DRM models must be equally protected agains...

This chapter advocates the convergence between Access Control (AC) models, focusing on the granularity of sharing, and Digital Right Management (DRM) models focusing on conditional authorizations and obligations. The convergence is also expected in terms of control enforcement considering that both AC and DRM models must be equally protected agains...

Secure chips, e.g. present in smart cards, USB dongles, i-buttons, are now ubiquitous in applications with strong security requirements. And they require embedded data management techniques. However, secure chips have severe hardware constraints which make traditional database techniques irrelevant. The main problem faced by secure chip DBMS design...

Trail disclosure is the leakage of privacy sensitive data, resulting from negligence, attack or abusive scrutinization or usage of per- sonal digital trails. To prevent trail disclosure, data degradation is proposed as an alternative to the limited retention principle. Data degradation is based on the assumption that long lasting purposes can often...

Ambient intelligence (AmI) environments continuousl y monitor surrounding individuals' context (e.g., l ocation, activity, etc.) to make existing applications smarter, i.e., make decision without requiring user interaction. Such AmI smartn ess ability is tightly coupled to quantity and quality of the available (past and pre sent) context. However,...

Paper-based folders have been widely used to coordinate cares in medical-social networks, but they introduce some burning issues (e.g. privacy protection, remote access to the folder). Replacing the paper-based folder system by a traditional Electronic Healthcare Record (EHR) introduces new drawbacks: forcing of the patient consent, unbounded data...

People cannot prevent personal information from being collected by various actors. Several security measures are implemented on servers to minimize the possibility of a privacy violation. Unfortunately, even the most well defended servers are subject to attacks and however much one trusts a hosting organism/ company, such trust does not last foreve...

Smart card is today the most widespread secured portable computing device. Four years ago, we addressed the problem of scaling down database techniques for the smart card and we proposed the design of what we called a PicoDBMS, a full-fledged database system embedded in a smart card. Since then, thanks to the hardware progress and to the joint impl...

This chapter advocates the convergence between Access Control (AC) models focusing on the granularity of sharing and Digital Right Management (DRM) models focusing on conditional authorizations and obligations. The convergence is also expected in terms of control enforcement considering that both AC and DRM models must be equally protected against...

Our daily life activity leaves digital trails in an increasing number of databases (commercial web sites, internet service providers, search engines, location tracking systems, etc). Personal digital trails are commonly exposed to accidental disclosures resulting from negligence or piracy and to ill-intentioned scrutinization and abusive usages fos...

Electronic health record (EHR) projects have been launched in most developed countries to increase the quality of healthcare while decreasing its cost. The benefits provided by centralizing the healthcare information in database systems are unquestionable in terms of information quality, availability, and protection against failure. Yet, patients a...

Les solutions existantes de partage de données (médicales, sociales, administratives, commerciales, professionnelles, etc.) sont classiquement basées sur une approche serveur. L'approche serveur apporte en effet des propriétés essentielles telles que : complétude (c.à.d, l'information est complète et à jour), disponibilité (l'information est access...

Imagine that you have been entrusted with private data, such as corporate product information, sensitive government information, or symptom and treatment information about hospital patients. You may want to issue queries whose result will combine private and public data, but private data must not be revealed. GhostDB is an architecture and system t...

corporate product information, sensitive government information, or symptom and treatment information about hospital patients. You may want to issue queries whose result will combine private and public data, but private data must not be revealed, say, to the prying eyes of some insurance fraudster. GhostDB is an architecture and system to achieve t...

Imagine that you have been entrusted with private data, such as corporate product information, sensitive government information, or symptom and treatment information about hospital patients. You may want to issue queries whose result will combine private and public data, but private data must not be revealed. GhostDB is an architecture and system t...

Ambient Intelligence imposes many challenges in protecting people's privacy. Storing privacy-sensitive data permanently will inevitably result in privacy violations. Limited retention techniques might prove useful in order to limit the risks of unwanted and irreversible disclosure of privacy-sensitive data. To overcome the rigidness of simple limit...

Livrable L1 du projet PlugDB