Contributions to Privacy-Preserving Data Intensive Systems

Defense type
HDR
Starting date
End date
Location
IRISA Rennes
Room
Petri-Turing
Speaker
Tristan ALLARD (SPICY)
Theme

"Personal data is the new oil of the internet and the new
currency of the digital world."  claimed in March 2009 M. Kouneva,
European Commissioner for Consumer Protection. More than a decade
later, the collection of personal data has increased at a fast pace,
fueled by the growth of digital services. Social networks, geolocation
data, search queries on the web, smart metering, browsing patterns,
chats, e-shopping, health services, speech recognition... A large part
of the daily life of billions of individuals generates bytes. Given
the ongoing massive personal data collection and the resulting massive
personal data breaches, does this mean that "privacy is dead"? Strong
tendencies suggest the opposite: personal data protection laws are
flourishing worldwide, guaranteing privacy is often both a selling
argument and a legal requirement for industrial products or public
organisation projects, and elaborate privacy-preserving techniques are
being designed and implemented by academia and industries.

The design of privacy-preserving personal data management and analysis
systems, called data intensive systems below for simplicity, is
especially challenging. These systems have to cope with large volumes
of data and may be required to support rich functionalities (e.g., SQL
queries, analytical algorithms). Additionally, the infrastructure
(i.e., servers, clients, peers) may be partially or completely
untrusted, which leads to distributing the computation possibly over a
large number of autonomous nodes (e.g., in a peer-to-peer fashion). In
this context, although cryptography can bring necessary building
blocks for reaching sound security guarantees, it might fail to cope
with the large amount of data, with the required functionalities, or
with the autonomy of clients/nodes. This thesis argues that combining
cryptography with techniques that tolerate a controlled amount of
information disclosure (typically, e.g., differentially private
algorithms) is a promising track for coping with the requirements of
privacy-preserving data intensive systems.

Composition of the jury
Sihem Amer-Yahia, CNRS Senior Researcher, LIG, France.
Sonia Ben Mokhtar, CNRS Senior Researcher, LIRIS, France.
Josep Domingo-Ferrer, Professor, Universitat Rovirai Virgili, Espagne.
Themis Palpanas, Professeur des Universités, Université Paris Cité, France.
Élisa Fromont, Professeure des Universités, Université de Rennes, France.