EBSIS Summer School
on Distributed Event Based Systems
and Related Topics 2017

July 10—14, 2017 – Timmendorfer Strand, Germany

★ Lecture Abstract

Secure Global Computations, the case of SQL agregates

Benjamin Nguyen (INSA Centre-Val de Loire)

Current applications, from complex sensor systems (e.g. quantified self) to online e-markets acquire vast quantities of personal information which usually end-up on central servers where they are exposed to prying eyes. Conversely, decentralized architectures helping individuals keep full control of their data, complexify global treatments and queries, impeding the development of innovative services. In this presentation, we will show how to reconcile individual's privacy on one side and global benefits for the community and business perspectives on the other side. We promote the idea of pushing the security to secure hardware devices controlling the data at the place of their acquisition. Thanks to these tangible physical elements of trust, secure distributed querying protocols can reestablish the capacity to perform global computations, such as SQL aggregates, without revealing any sensitive information to central servers.

In this presentation, we will show how to secure the execution of such queries in the presence of honest-but-curious and malicious attackers. We will also discuss how the resulting querying protocols can be integrated in a concrete decentralized architecture. Cost models and experiments on SQL/AA, our distributed prototype running on real tamper-resistant hardware, demonstrate that this approach can scale to nationwide applications.

Speaker Bio

Benjamin Nguyen is professor at INSA Centre Val de Loire since 2014, head of digital affairs at INSA, and head of the Laboratoire d'Informatique Fondamentale d'Orléans (LIFO, EA4022). He is member of its Systems and Data Security (SDS) team and also associate member of the Inria Personal and Trusted Cloud (Petrus) team. He graduated from ENS Cachan in 2000, received his Ph.D. from University of Orsay in 2003, and his HDR from University of Versailles in 2013. His current research interests concern data security and privacy, in particular methods to enforce existing privacy models using secure hardware devices and the design, implementation of large scale privacy-by-design personal information management applications and studying new models to represent, quantify and enforce limited data collection. He is currently co-chair of the Privacy working group of CNRS préGDR Sécurité, and member of the steering committee of the Atelier sur la Protection de la Vie Privée (APVP) which regroups the French-speaking international community on privacy. He has published over 50 articles in international peer reviewed journals or conferences, and co-authored a book on teaching computer science to high school students, and co-authored two MOOCs on teaching databases. He has a long experience working with social sciences on data management and data security, through the participation or coordination of several multi-disciplinary projects with sociologists, economists and jurists: ANR WebStand, a sociological email analysis platform, ACI Normalisation en TIC on XML standardization, ANR Définir et Modéliser les Technologies de l'Information de Santé, on the secure and private management of medical data, with respect to French regulations, and PEPS Pour une Approche Pluridisciplinaire de la Privacy, a field experiment testing privacy adoption, with economists and jurists.