Se ha denunciado esta presentación.
Utilizamos tu perfil de LinkedIn y tus datos de actividad para personalizar los anuncios y mostrarte publicidad más relevante. Puedes cambiar tus preferencias de publicidad en cualquier momento.

Personal & Trusted cloud

40 visualizaciones

Publicado el

Nicolas Anciaux (Researcher, Inria)

Publicado en: Datos y análisis
  • Sie können Hilfe bekommen bei ⇒ www.WritersHilfe.com ⇐. Erfolg und Grüße!
       Responder 
    ¿Estás seguro?    No
    Tu mensaje aparecerá aquí
  • I can advise you this service - HelpWriting.net Bought essay here. No problem.
       Responder 
    ¿Estás seguro?    No
    Tu mensaje aparecerá aquí
  • There is a REAL system that is helping thousands of people, just like you, earn REAL money right from the comfort of their own homes. The entire system is made up with PROVEN ways for regular people just like you to get started making money online... the RIGHT way... the REAL way. ▲▲▲ http://ishbv.com/ezpayjobs/pdf
       Responder 
    ¿Estás seguro?    No
    Tu mensaje aparecerá aquí
  • Sé el primero en recomendar esto

Personal & Trusted cloud

  1. 1. PETRUS PErsonal & TRUSted cloud Nicolas Anciaux, Inria researcher, leader of the PETRUS team EU Big Data Value, Helsinki Personal Data Spaces panel 15 October 2019
  2. 2. PETRUS goals A main challenge for privacy: give control back to individuals on their data First Act is legal (GDPR, …) Data Portability: the right for citizen to retrieve their data Information and consent: control data usages Second Act is technological: PDMS Personal Data Management Systems (PDMS) … retrieve, store and use personal data under control PETRUS goals: contribute to secure & extensive PDMSs Q1: How to provide advanced data management to non experts users with high security? Q2: How to compute global results involving large populations of users? Q3: How to make PDMS adoptable from legal-economical-technological perspective? Personal data Big Data & AI Individual agency PDMS 2
  3. 3. PETRUS research Approach  Database techniques  trusted computing hardware (now everywhere at the network edges) Three research axes  PDMS Architecture, data structure and algorithms  Global query evaluation at a large scalable  Legal-technical framework : responsibilities, agency and collective portability … and concrete systems (demo on request )  Deployment of PDMS boxes dedicated to home care (social-medical context) 3 Trusted computing HW Intel SGX (PCs) ARM TZ (android smartphones) AMD PSP
  4. 4. PDMS architecture (and administration) Functionality and trust assumptions in PDMS solutions [VLDB’19 Tutorial] Various architectures: online solutions, no knowledge, self-hosted, tamper resistant HW, etc. Functionality consensus: cover personal data life-cycle (collect, storage, usage, sharing…) Various threats (all make sense): data snooping, secondary uses, over-priv. apps, ransomwares… We cannot unify the different solutions to cover all functionalities & threats ! Problem statement: tension between extensibility and security Conflictual constraints: security (small/proven code) vs. advanced processing (big/unsecure code) Traditional DBMS trust assumption becomes invalid: corrupted host, non expert users (vs. DBA) Trusted computing HW now in every users’ devices (PCs, smartphones, tablets, home boxes…)  New problem: deeply revisit the DBMS architecture 4
  5. 5. 5 Axes 1&2: PDMS architecture & administration Problem statement  Trusted computing HW (in every user devices): secure chips, Intel SGX, ARM TZ, ADM secure…  Conflictual constraints: security (small/proven code) vs. extensive data management (volume/unsecure code)  Traditional assumption of ‘trusted DBMS’ becomes invalid: corrupted host, non expert users (vs. DBA)  Deeply revisit the DBMS architecture Main contributors  Personal data architectures: MIT (Solid/PODS), Cambridge (Databox, BBC box), Rutgers (YourDigitalSelf)…  Privacy models & administration: Harvard (Data privacy Lab), Priv@tics (+ many groups on access control) PETRUS positioning  Solution based on trusted computing HW at client side  Formal security expertize  Collaboration with P. Bonnet (ITU) Design of the ‘core’ modules of a secure PDMS architecture [IS’17] SMC from SGX [FC’17] Isolating by-Design the decisions from an untrusted sharing model [ISD’17, EDBT’18…] 5 security properties of PDMSs + architecture to enforce them [IS’19]  Piped data collection  Mutual data at rest protection,  Bilaterally trusted personal computation,  Mutually trusted collective computation,  Controlled data dissemination.  Uses ‘big’ untrusted code (Scrapy lib.),  access to users’ credentials (Bank login),  running on untrusted host. vs. basic operation predefined set of APIs, audited and patched by the admins TCP/IP DNS Apps Untrusted modules Core (proven code) Isolated data task Untrusted module/app Protected databases Code isolation Attestation Confidentiality Peripheral isolation Isolated Data-Tasks Data Collector Personal computation Collective computation Decision making Core modules (proven) Credentials,policies, manifests,tasks, etc. User’s & external user’s data, derived data Communication - TLS-trusted - Authentication Policy enforcement - Reference monitor - Attestation - Audit Data storage - Data storage & access - Backup & recovery 5 security properties for a PDMS (very different from DBMS!) [IS’19] based on security primitives of trusted computing hardware
  6. 6. 6 Global query evaluation (Big Personal Data) Objective: Big Data computations while enforcing “mutual trust” A (large) group of individual with a PDMS collectively compute a result on their personal data Trust for the querier: result computed as expected with appropriate data, nb participants, code… Trust for the participants: only needed data is accessed and raw personal data is kept confidential Problem statement Confidential processing (expose only results) & correct result & generic queries & scalable Difficulty is to achieve all, e.g., MPC-based and gossip-based security is either scalable or generic Trusted computing HW now in every user devices (Intel SGX, ARM TZ, ADM secure…) Tolerate a (small) set of corrupted participants  New execution model to evaluate queries based on PDMS trust assumptions
  7. 7. 7 Manifest-based collective computations Distributed computations with “mutual trust” guarantees Global Manifest: purpose + collection rules + computation code + identity of the querier Local validity: each participant checks locally that others behave honestly (if not, no result produced) Global integrity: certify through attestation each result (result attestation obtained in cascade) Side-channel attacks resiliency: (1) circumscribe leakage and (2) prevent targeting [Trustcom’19, ISD’19, EDBT’19, VLDB’19] Querier (health agency, …) Validation (regulatory body) Manifest Random assignment of agents and secure execution ResultDownload manifest & consent
  8. 8. [CCC’17, DALLOZ’19] Co-construction of legal-technical framework Adoption goes beyond pure technical aspects  Investigate technical, legal and economical aspects  Analyzed in isolation, and highly difficult to combine  New legal-technical co-constructions (establish responsibilities, preserve individuals’ agency) Common work with jurists and economists  Co-conception approach for designing/testing PETS  In interaction with regulatory bodies (EU Commission, TransEuropExpert, CNNum, CERNA…) GDP-ERE project - https://tinyurl.com/y2r7yqnf  Analysis of the equation: Data Portability x PDMS = Empowerment …. Inject the notion of Agency [DALLOZ’19]  Study the potential boomerang effects behind data portability and PDMSs  Co-construct the concepts and a framework to exercise data portability collectively 8
  9. 9. And concretely ? 8 000 home 262 cities 10 000 patients Sigfox PlugDB inside Transfer and innovation HW/SW Platform based on PlugDB  PlugDB: full DBMS in a secure HW component  Developed by PETRUS  Used in education (INSA, ENSIIE, UVSQ…) II-Lab ‘OwnCare’ with Hippocad (2018)  PDMS ‘core’ for home care based on PlugDB  Social-Health folder at home  No direct connection (privacy/energy/money)  DomYcile (CD78): 10.000 home-boxes 9
  10. 10. Objectives for the next period PDMS Architecture  Formal security of the PDMS  Data structures and algorithms for a PDMS equipped with Trusted Execution Environments Global computations  Secure decentralized Big Data analysis and Machine learning  Secure participatory sensing systems and compliance Legal-technical-economical co-constructions  Collective data portability preserving individuals’ agency  Decentralized Big Data analysis in weakly connected home-boxes Owncare product  Enlarge to other departments in France, enlarge to other countries in Europe (any suggestion welcome ) 10
  11. 11. References (all is accessible on HAL-Inria): [IS’19] Personal Data Management Systems: The security and functionality standpoint. [VLDB’19 Tutorial] Personal Database Security and Trusted Execution Environments: A Tutorial at the Crossroads [TrustCom’19] Trustworthy Distributed Computations on Personal Data Using Trusted Execution Environments [ISD’19] A manifest-based framework for organizing the management of personal data at the edge of the network [EDBT’19] SEP2P: Secure and Efficient P2P Personal Data Processing [VLDB’19 demo] DISPERS: Securing Highly Distributed Queries on Personal Data Management Systems [DALLOZ’19] Empowerment et Big Data sur données personnelles : de la portabilité à l’agentivité (english version soon…) Nicolas Anciaux PETRUS Project – team Inria Saclay and UVSQ https://team.inria.fr/petrus/

×