A5005580571- Scientific Computing and Data Management
- Cloud Data Security Solutions
- Security and Verification in Computing
- Network Security and Intrusion Detection
- Advanced Malware Detection Techniques
- Software System Performance and Reliability
- Advanced Data Storage Technologies
- Blockchain Technology Applications and Security
- Research Data Management Practices
- Cloud Computing and Resource Management
- Distributed and Parallel Computing Systems
- IoT and Edge/Fog Computing
- Data Quality and Management
- Access Control and Trust
- Cryptography and Data Security
- Machine Learning and Data Classification
- Parallel Computing and Optimization Techniques
- Distributed systems and fault tolerance
- Data Stream Mining Techniques
- Information and Cyber Security
- Graph Theory and Algorithms
- Data Analysis with R
- Business Process Modeling and Analysis
- Adversarial Robustness in Machine Learning
- Internet Traffic Analysis and Secure E-voting
Institute of Nuclear Physics of Lyon
2025
Institut de Physique des 2 Infinis de Lyon
2025
University of British Columbia
2021-2024
University of California System
2022
University of Bristol
2018-2020
University of Cambridge
2014-2019
Harvard University Press
2016-2017
Harvard University
2017
Pearson (United Kingdom)
2016
To realize the broad vision of pervasive computing, underpinned by "Internet Things" (IoT), it is essential to break down application and technology-based silos support connectivity data sharing; cloud being a natural enabler. Work in IoT tends toward subsystem, often focusing on particular technical concerns or domains, before offloading cloud. As such, there has been little regard given security, privacy, personal safety risks that arise beyond these subsystems; i.e., from wide-scale,...
This article presents a study on the quality and execution of research code from publicly-available replication datasets at Harvard Dataverse repository. Research is typically created by group scientists published together with academic papers to facilitate transparency reproducibility. For this study, we define ten questions address aspects impacting reproducibility reuse. First, retrieve analyze more than 2000 over 9000 unique R files 2010 2020. Second, execute in clean runtime environment...
Security concerns are widely seen as an obstacle to the adoption of cloud computing solutions. Information Flow Control (IFC) is a well understood Mandatory Access methodology. The earliest IFC models targeted security in centralised environment, but decentralised forms have been designed and implemented, often within academic research projects. As result, there potential for achieve better than available today. In this paper we describe properties computing-Platform-as-a-Service clouds...
Advanced Persistent Threats (APTs) are difficult to detect due their "low-and-slow" attack patterns and frequent use of zero-day exploits.We present UNICORN, an anomalybased APT detector that effectively leverages data provenance analysis.From modeling detection, UNICORN tailors its design specifically for the unique characteristics APTs.Through extensive yet time-efficient graph analysis, explores graphs provide rich contextual historical information identify stealthy anomalous activities...
A model of cloud services is emerging whereby a few trusted providers manage the underlying hardware and communications whereas many companies build on this infrastructure to offer higher level, cloud-hosted PaaS and/or SaaS applications. From start, strong isolation between tenants was seen be paramount importance, provided first by virtual machines (VM) later containers, which share operating system (OS) kernel. Increasingly it case that applications also require facilities effect...
Identifying the root cause and impact of a system intrusion remains foundational challenge in computer security. Digital provenance provides detailed history flow information within computing system, connecting suspicious events to their causes. Although existing provenance-based auditing techniques provide value forensic analysis, they assume that such analysis takes place only retrospectively. Such post-hoc is insufficient for realtime security applications; moreover, even tasks, prior...
Data provenance describes how data came to be in its present form. It includes sources and the transformations that have been applied them. has many uses, from forensics security aiding reproducibility of scientific experiments. We CamFlow, a whole-system capture mechanism integrates easily into PaaS offering. While there several prior systems captured comprehensive, systemic ubiquitous record system's behavior, none widely adopted. They either A) impose too much overhead, B) are designed...
As cloud computing becomes an increasingly dominant means of providing resources, the legal and regulatory issues associated with data in become more pronounced. These derive primarily from four areas: contract, protection, law enforcement, common protections for particularly sensitive domains such as health, finance, fiduciary relations, intellectual property assets. From a technical perspective, these requirements all impose information management obligations on sharing transmission within...
Abstract In the last few decades, data-driven methods have come to dominate many fields of scientific inquiry. Open data and open-source software enabled rapid implementation novel manage analyze growing flood data. However, it has become apparent that exhibit distressingly low rates reproducibility. Although there are dimensions this issue, we believe is a lack formalism used when describing end-to-end published results, from source analysis final results. Even authors do their best make...
This experimental study presents a number of issues that pose challenge for practical configuration tuning and its deployment in data analytics frameworks. These include: 1) the assumption static workload or environment, ignoring dynamic characteristics environment (e.g., increase input size, changes allocation resources). 2) amortization costs how this influences what workloads can be tuned practice cost-effective manner. 3) need comprehensive incremental solution diverse set workloads. We...
The CALICE technological RPC-based SDHCAL prototype that fullfils all the requirements of compactness, hermeticity and power budget future lepton accelerator experiments, has been extensively tested provided excellent results in terms energy resolution shower separation. A new phase R&D to validate completely option for International Linear Detector (ILD) project ILC also Circular Electron Positron Collider (CEPC FCCee) started with conception realization prototypes. proposes exploit time...
Internet of Things (IoT) applications, systems and services are subject to law. We argue that for the IoT develop lawfully, there must be technical mechanisms allow enforcement specified policy, such align with legal realities. The audit policy assist apportionment liability, demonstrate compliance regulation, indicate whether correctly captures responsibilities. As both obligations evolve dynamically, this cycle continuously maintained.
This document aims to agree on a broad, international strategy for the implementation of open scholarship that meets needs different national and regional communities but works globally.Scholarly research can be idealised as an inspirational process advancing our collective knowledge benefit all humankind. However, current practices often struggle with range tensions, in part due fact this (or “commons”) ideal conflicts competitive system which most scholars work, because much infrastructure...
We present FRAPpuccino (or FRAP), a provenance-based fault detection mechanism for Platform as Service (PaaS) users, who run many instances of an application on large cluster machines. FRAP models, records, and analyzes the behavior its impact system directed acyclic provenance graph. It assumes that most behave normally uses their to construct model legitimate behavior. Given behavior, dynamic sliding window algorithm compare new instance's execution model. Any instance does not conform is...
With the rapid increase in uptake of cloud services, issues data management are becoming increasingly prominent. There is a clear, outstanding need for ability specified policy to control and track as it flows throughout infrastructure, ensure that those responsible meeting their obligations. This paper introduces Information Flow Audit, an approach tracking information within infrastructure. builds upon CamFlow (Cambridge Control Architecture), prototype implementation our model...
The adoption of cloud computing is increasing and its use becoming widespread in many sectors. As service provision increases, legal regulatory issues become more significant. In particular, the international nature raises concerns over location data laws to which they are subject. this paper we investigate Information Flow Control (IFC) as a possible technical solution expressing, enforcing demonstrating compliance systems with policy requirements inspired by protection other laws. We focus...
The usual approach to security for cloud-hosted applications is strong separation. However, it often the case that same data used by different applications, particularly given increase in data-driven (`big data' and IoT) applications. We argue access control cloud should no longer be application-specific but data-centric, associated with can flow between Indeed, may originate outside services from diverse sources such as medical monitoring, environmental sensing etc. Information Flow Control...
Security concerns are widely seen as an obstacle to the adoption of cloud computing solutions and although a wealth law regulation has emerged, technical basis for enforcing demonstrating compliance lags behind. Our Cloud Safety Net project aims show that Information Flow Control (IFC) can augment existing security mechanisms provide continuous enforcement extended. Finer-grained application-level policy in cloud. We present FlowK, loadable kernel module Linux, part proof concept IFC be...
Security is an ongoing challenge in cloud computing. Currently, consumers have few mechanisms for managing their data within the provider's infrastructure. Information Flow Control (IFC) involves attaching labels to data, govern its flow throughout a system. We worked on kernel-level IFC enforcement protect flows virtual machine (VM). This paper makes case for, and demonstrates feasibility of IFC-enabled messaging middleware, enforce across applications, containers, VMs, hosts. detail how...
Intrusion detection is an arms race; attackers evade intrusion systems by developing new attack vectors to sidestep known defense mechanisms. Provenance provides a detailed, structured history of the interactions digital objects within system. It ideal for detection, because it offers holistic, attack-vector-agnostic view system execution. As such, provenance graph analysis fundamentally strengthens robustness. We discuss opportunities and challenges associated with provenance-based provide...
Open data and open source software might be part of the solution to sciences reproducibility crisis, but they are insufficient guarantee reproducibility. Requiring minimal end-user expertise, encapsulator system creates a time capsule with reproducible code in self-contained computational environment. provides end users fully featured desktop environment for research.
The need to share data across applications is becoming increasingly evident. Current cloud isolation mechanisms focus solely on protection, such as containers that isolate at the OS-level, and virtual machines through hypervisor. However, by focusing rigidly these approaches do not provide for controlled sharing. This paper presents how Information Flow Control (IFC) offers a flexible alternative. As data-centric mechanism it enables strong when required, while providing continuous, fine...