About
61
Publications
18,459
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
538
Citations
Introduction
Rafael is a lecturer and researcher at EPFL (Swiss Federal Institute of Technology Lausanne), Switzerland, where he teaches and conducts research in the field of Distributed Systems.
Additional affiliations
April 2020 - present
January 2016 - March 2020
Education
January 2016 - March 2020
June 2012 - December 2014
March 2006 - March 2009
Publications
Publications (61)
Decentralized learning (DL) enables collaborative learning without a server and without training data leaving the users' devices. However, the models shared in DL can still be used to infer training data. Conventional defenses such as differential privacy and secure aggregation fall short in effectively safeguarding user privacy in DL, either sacri...
Federated learning (FL) is an appealing approach to training machine learning models without sharing raw data. However, standard FL algorithms are iterative and thus induce a significant communication cost. One-shot federated learning (OFL) trades the iterative exchange of models between clients and the server with a single round of communication,...
Decentralized learning (DL) is an emerging technique that allows nodes on the web to collaboratively train machine learning models without sharing raw data. Dealing with stragglers, i.e., nodes with slower compute or communication than others, is a key challenge in DL. We present DivShare, a novel asynchronous DL algorithm that achieves fast model...
Decentralized learning (DL) offers a powerful framework where nodes collaboratively train models without sharing raw data and without the coordination of a central server. In the iterative rounds of DL, models are trained locally, shared with neighbors in the topology, and aggregated with other models received from neighbors. Sharing and merging mo...
Federated Learning (FL) is a machine learning approach where nodes collaboratively train a global model. As more nodes participate in a round of FL, the effectiveness of individual model updates by nodes also diminishes. In this study, we increase the effectiveness of client updates by dividing the network into smaller partitions, or cohorts. We in...
Decentralized learning (DL) systems have been gaining popularity because they avoid raw data sharing by communicating only model parameters, hence preserving data confidentiality. However, the large size of deep neural networks poses a significant challenge for decentralized training, since each node needs to exchange gigabytes of data, overloading...
Decentralized learning (DL) has gained prominence for its potential benefits in terms of scalability, privacy, and fault tolerance. It consists of many nodes that coordinate without a central server and exchange millions of parameters in the inherently iterative process of machine learning (ML) training. In addition, these nodes are connected in co...
Recommenders are central in many applications today. The most effective recommendation schemes, such as those based on collaborative filtering (CF), exploit similarities between user profiles to make recommendations, but potentially expose private data. Federated learning and decentralized learning systems address this by letting the data stay on u...
Federated Learning (FL) exploits the computation power of edge devices, typically mobile phones, while addressing privacy by letting data stay where it is produced. FL has been used by major service providers to improve item recommendations, virtual keyboards and text auto-completion services. While appealing, FL performance is hampered by multiple...
This paper introduces NVCache, an approach that uses a non-volatile main memory (NVMM) as a write cache to improve the write performance of legacy applications. We compare NVCache against file systems tailored for NVMM (Ext4-DAX and NOVA) and with I/O-heavy applications (SQLite, RocksDB). Our evaluation shows that NVCache reaches the performance le...
Major cloud providers such as Amazon, Google and Microsoft provide nowadays some form of infrastructure as a service (IaaS) which allows deploying services in the form of virtual machines, containers or bare-metal instances. Although software-based solutions like homomorphic encryption exit, privacy concerns greatly hinder the deployment of such se...
This extended abstract summarises my PhD thesis, which explores design strategies for distributed systems that leverage trusted execution environments (TEEs). We aim at achieving better security and privacy guarantees while maintaining or improving performance in comparison to existing equivalent approaches. To that end, we propose a few original s...
Malware attacks are a significant part of the new software security threats detected each year. Intel Software Guard Extensions (SGX) are a set of hardware instructions introduced by Intel in their recent lines of processors that are intended to provide a secure execution environment for user-developed applications. To our knowledge, there was no s...
Trust is arguably the most important challenge for critical services both deployed as well as accessed remotely over the network. These systems are exposed to a wide diversity of threats, ranging from bugs to exploits, active attacks, rogue operators, or simply careless administrators. To protect such applications, one needs to guarantee that they...
Security and privacy concerns in computer systems have grown in importance with the ubiquity of connected devices. Additionally, cloud computing boosts such distress as private data is stored and processed
in multi-tenant infrastructure providers. In recent years, trusted execution environments (TEEs) have
caught the attention of scientific and ind...
Using public cloud services for storing and sharing confidential data requires end users to cryptographically protect both the data and the access to the data. In some cases, the identity of end users needs to remain confidential against the cloud provider and fellow users accessing the data. As such, the underlying cryptographic access control mec...
Malware attacks represent a significant part of today's security threats. Software guard extensions (SGX) are a set of hardware instructions introduced by Intel in their recent lines of processors that are intended to provide a secure execution environment for user-developed applications. To our knowledge, there was no serious attempt yet to overco...
The deployment of large-scale distributed systems, e.g., publish-subscribe platforms, that operate over sensitive data using the infrastructure of public cloud providers, is nowadays heavily hindered by the surging lack of trust toward the cloud operators. Although purely software-based solutions exist to protect the confidentiality of data and the...
The deployment of large-scale distributed systems, e.g., publish-subscribe platforms, that operate over sensitive data using the infrastructure of public cloud providers, is nowadays heavily hindered by the surging lack of trust toward the cloud operators. Although purely software-based solutions exist to protect the confidentiality of data and the...
By regularly querying Web search engines, users (unconsciously) disclose large amounts of their personal data as part of their search queries, among which some might reveal sensitive information (e.g. health issues, sexual, political or religious preferences). Several solutions exist to allow users querying search engines while improving privacy pr...
While many cloud storage systems allow users to protect their data by making use of encryption, only few support collaborative editing on that data. A major challenge for enabling such collaboration is the need to enforce cryptographic access control policies in a secure and efficient manner. In this paper, we introduce IBBE-SGX, a new cryptographi...
Containers are becoming the de facto standard to package and deploy applications and micro-services in the cloud. Several cloud providers (e.g., Amazon, Google, Microsoft) begin to offer native support on their infrastructure by integrating container orchestration tools within their cloud offering. At the same time, the security guarantees that con...
The exploitation of user search queries by search engines is at the heart of their economic model. As consequence, offering private Web search functionalities is essential to the users who care about their privacy. Nowadays, there exists no satisfactory approach to enable users to access search engines in a privacy-preserving way. Existing solution...
The growing adoption of distributed data processing frameworks in a wide diversity of application domains challenges end-to-end integration of properties like security, in particular when considering deployments in the context of large-scale clusters or multi-tenant Cloud infrastructures. This paper therefore introduces SecureStreams, a reactive mi...
We present the SecureCloud EU Horizon 2020 project, whose goal is to enable new big data applications that use sensitive data in the cloud without compromising data security and privacy. For this, SecureCloud designs and develops a layered architecture that allows for (i) the secure creation and deployment of secure micro-services; (ii) the secure...
While many cloud storage systems allow users to protect their data by making use of encryption, only few support collaborative editing on that data. A major challenge for enabling such collaboration is the need to enforce cryptographic access control policies in a secure and efficient manner. In this paper, we introduce IBBE-SGX, a new cryptographi...
By regularly querying Web search engines, users (unconsciously) disclose large amounts of their personal data as part of their search queries, among which some might reveal sensitive information (e.g. health issues, sexual, political or religious preferences). Several solutions exist to allow users querying search engines while improving privacy pr...
The exploitation of user search queries by search engines is at the heart of their economic model. As consequence, offering private Web search functionalities is essential to the users who care about their privacy. Nowadays, there exists no satisfactory approach to enable users to access search engines in a privacy-preserving way. Existing solution...
The growing adoption of distributed data processing frameworks in a wide diversity of application domains challenges end-to-end integration of properties like security, in particular when considering deployments in the context of large-scale clusters or multi-tenant Cloud infrastructures.
This paper therefore introduces SecureStreams, a reactive mi...
Resumo Soldagem em ângulo de componentes estruturais com espessuras dissimilares por tradicionais procedimentos, manuais ou automáticos, de soldagem podem apresentar falta de penetração, mordeduras e perfurações. A ocorrência destes defeitos se deve ao uso de uma incorreta corrente de soldagem e à falta de robustez do procedimento de soldagem diant...
MapReduce is a programming model used extensively for parallel data processing in distributed environments. A wide range of algorithms were implemented using MapReduce, from simple tasks like sorting and searching up to complex clustering and machine learning operations. Many of these implementations are part of services externalized to cloud infra...
MapReduce is a programming model used extensively for parallel data processing in distributed environments. A wide range of algorithms were implemented using MapReduce, from simple tasks like sorting and searching up to complex clustering and machine learning operations. Many of these implementations are part of services externalized to cloud infra...
We present the SecureCloud EU Horizon 2020 project, whose goal is to enable new big data applications that use sensitive data in the cloud without compromising data security and privacy. For this, SecureCloud designs and develops a layered architecture that allows for (i) the secure creation and deployment of secure micro-services; (ii) the secure...
We present the SecureCloud EU Horizon 2020 project, whose goal is to enable new big data applications that use sensitive data in the cloud without compromising data security and privacy. For this, SecureCloud designs and develops a layered architecture that allows for (i) the secure creation and deployment of secure micro-services; (ii) the secure...
Content-based routing (CBR) is a powerful model that supports scalable asynchronous communication among large sets of geographically distributed nodes. Yet, preserving privacy represents a major limitation for the wide adoption of CBR, notably when the routers are located in public clouds. Indeed, a CBR router must see the content of the messages s...
Content-based routing (CBR) is a powerful model that supports scalable asynchronous communication among large sets of geographically distributed nodes. Yet, preserving privacy represents a major limitation for the wide adoption of CBR, notably when the routers are located in public clouds. Indeed, a CBR router must see the content of the messages s...
Este artigo descreve a relevância, a metodologia e os resultados obtidos do trabalho de iniciação científica desenvolvido pelo grupo de alunos do Programa de Educação Tutorial (PET) do curso de Engenharia Mecatrônica do Instituto Federal de Santa Catarina (IFSC). O projeto e a construção de uma interface homem-máquina (IHM) para um manipulador de s...
Industrial robots and welding manipulators play an essential role in the industry by automating a manual slow and unhealthy process with quality, speed and repeatability. Such importance is reflected in the equipment diversity offered by the manufacturers. These devices, however, still have high acquisition and maintenance costs, besides some limit...
O presente artigo trata do projeto e construção de um braço robótico cartesiano dedicado a execução de procedimentos tradicionais e avançados de soldagem a arco elétrico. Este equipamento mecatrônico possui uma cadeia cinemática mista de cinco graus de liberdade. Os três primeiros eixos do robô (X, Y e Z) são lineares com conexões do tipo série e o...
O sucesso nos procedimentos automáticos de união de peças metálicas e de revestimento de superfícies depende basicamente da correta parametrização das variáveis de soldagem e da respectiva trajetória da tocha. Na maioria das vezes, a execução de cordões de solda filetados não é suficiente para garantir a especificada qualidade e repetibilidade. As...
Position awareness is a desirable feature for many applications of Wireless Sensor Networks. The Received Signal Strength Indication of a radio channel provides a feasible way of estimating distance between nodes because its use doesn't require any additional hardware but a radio transceiver. The main drawback of using RSSI is its instability and i...
A great number of routing algorithms for wireless ad hoc networks were proposed. Each one shows some advantages in specific situations. In this work, we present a system where it is possible to assem-ble a routing protocol by choosing and configuring some of the many proposed strategies. We drawn two distinct scenarios with different parameters and...
Ao longo dos últimos anos as empresas de distribuição de energia elétrica têm considerado cada vez mais a construção de redes subterrâneas para a realização da expansão dos seus sistemas, principalmente nos centros das grandes cidades. Em razão dos maiores custos destes equipamentos e do atendimento aos consumidores prioritários da distribuidora, a...
Position awareness is a desirable feature for many applications of Wireless Sensor Networks. The Received Signal Strength Indication of a radio channel provides a feasible way of estimating distance between nodes because its use doesnpsilat require any additional hardware but a radio transceiver. The main drawback of using RSSI is its instability a...
Este trabalho apresenta a monitoração da qualidade de fornecimento de redes subterrâneas de distribuição, com uso de novas tecnologias de medição e transmissão de dados, viável técnica e economicamente. A partir do embasamento técnico que alicerça o processo de avaliação dos dados medidos na câmara subterrânea, como tensões, correntes e temperatura...
Este trabalho descreve a elaboração de um serviço de comunicação consciente do estado da rede para dar suporte às aplicações do projeto pBuy. O projeto pBuy busca introduzir características de um ambiente pervasivo a um sistema legado, chamado Portal de Compras, instalado na UFSM. Considerando a instabilidade na comunicação inerente à comunicação s...
The pervasive computing can be summarized by 3 A's: Anywhere, Anytime and Any device because it intends to make the computational environment available anytime, anywhere and be accessible from any device. The GMob/UFSM group develops a project that adds these features in an existent system. This paper describes the architecture and services require...
The computational setting of Pervasive Computing, where the computation is always-on, available anytime, anywhere and accessible with any device, require the development of specific solutions to this environment. In this environment, the communication is I-centric. This paper discusses the involved aspects and it describes the main current limitati...
This paper provides an overview of our on-going work in the GRADEp middleware. GRADEp research is being developed by the GRADEp Working Group, sponsored by RNP, and aims at extending the traditional grid computing proposal with the notion of "pervasive grid executions" by incorpo-rating aspects of mobility of devices, users and application componen...