Stéphane Betgé-Brezetz

End-to-end privacy policy enforcement in cloud infrastructure

Privacy in the cloud is still a strong issue for the large adoption of cloud technologies by enterprises which fear to actually put their sensitive data in the cloud. There is indeed a need to have an efficient access control on the data stored and processed in the cloud infrastructure allowing to support the various business and country-based regulation constraints (e.g., on data location and co-location, data retention duration, data processing, node security level, tracing and audit). In this perspective, this paper presents a novel approach of end-to-end privacy policy enforcement over the cloud infrastructure and based on the sticky policy paradigm (a policy being bound to each sensitive data). In our approach the data protection is performed within the cloud nodes (e.g., within the internal file system of a VM or its attached volume) and is completely transparent for the applications (no need to modify the applications). This paper describes the concept and the proposed end-to-end architecture (from the client to the cloud nodes) as well as an implementation based on the FUSE (Filesystem in Userspace) technology. This implementation is executed on a scenario of data access and transfer control, and is also used to achieve performance evaluations. These evaluations show that, with a reasonable additional computation cost, this approach offers a flexible and transparent way to enforce various privacy constraints within the cloud infrastructure.

A personalized access model: concepts and services for content delivery platforms

Access to relevant information, adapted to users needs, preferences and environment, is a challenge in many applications running in content delivery platforms, like IPTV, VoD and mobile Video. In order to provide users with personalized content, applications use various techniques such as content recommendation, content filtering, preference-driven queries, etc. These techniques exploit different knowledge organized into profiles and contexts. However, there is not a common understanding of these concepts and there is no clear foundation of what a personalized access model should be. This paper contributes to this concern by providing, through a meta model, a clear distinction between profile and context, and by providing a set of services which constitutes a basement to the definition of a personalized access model (PAM). Our PAM definition allows applications to interoperate in multiple personalization scenarios, including, preference-based recommendation, context-aware content delivery, personalized access to multiple contents, etc. Concepts and services proposed are tightly defined with respect to real applications requirements provided by Alcatel-Lucent.

Privacy control in the cloud based on multilevel policy enforcement

The cloud computing paradigm is revolutionizing the delivery of information services as it offers several advantages in terms of cost reduction, time-to-market and flexibility. However, such flexibility raises many concerns related to security and privacy which are strong obstacles for the large adoption of the cloud by users who have to delegate too much control to the cloud provider. In this paper, we propose a new privacy control approach notably based on multilevel privacy policies bound to user data and enforced in the cloud at different levels (application and infrastructure). This approach allows the cloud users to control their data stored, processed and moved in the cloud.

Privacy Data Envelope: Concept and implementation

In this paper, we present a privacy control mechanism called PDE (Privacy Data Envelope) allowing users to protect their privacy sensitive content travelling over social and communication networks. Our solution is based on privacy policies expressed by the user and associated with his content. This approach makes use of a decentralized architecture carried out through a PDE feature that has to be added to the existing application access tools like email clients and web browsers. A prototype has been developed to embody the PDE paradigm and to illustrate a scenario where such envelopes cross the boundaries of enterprise social networks and other communications tools. Preliminary performance evaluations were done helping the understanding of the PDE plug-in behaviors and computation overhead.

Privacy Control in Cloud VM File Systems

Cloud Computing offers great benefits such as reduced IT costs and an improved business agility. Nevertheless, enterprises are still hesitant to put their sensitive data in the cloud as they notably fear privacy issues (e.g., violation of country-based regulations regarding the storage location of a sensitive data). In this context, this paper presents the demonstration of a privacy control technology that allows to protect sensitive files stored, processed, and moved in an IaaS cloud. In our approach, the privacy control is performed within the file system of the Virtual Machines (VM) and allows to control the access done by any application to each sensitive file. It notably covers business applications (e.g., provided by the cloud user) and system applications such as FTP (e.g., to prevent the transfer of a sensitive file in a not authorized country). Moreover, our technology allows to generate tamper-proof traces for any action performed on a sensitive file. In the demonstration, we then also show how the cloud user has a full view of the usage of his sensitive files (e.g., number of copies, storage locations, performed actions). Finally, the demonstration shows these different capabilities through a scenario of file access and cross-country transfer in a multi-platform cloud environment.

FORPS: friends-oriented reputation privacy score

The Friends-Oriented Reputation Privacy Score (FORPS) system provides a smart and simple way to help end-users managing their privacy in a social network. It aims to prevent a non-desirable propagation of personal sensitive data. FORPS built privacy sensitivity profile by understanding what are the category of themes, the category of objects and the behavioral factors that are important to social network users. FORPS takes full advantage of the knowledge available in a social network from the perspective of a given user, in particular extracted from the data accessible via his friends. More precisely, our approach consists in making a deep analysis of the behavior of somebody who would like to establish connection with the given user in order to estimate the risk of potential violation of his privacy.

Control of sensitive traffic in the cloud based on OpenFlow

Security of sensitive data in the cloud is a critical issue as they can easily be transferred between different locations and then violate some constraints such as country-based regulations. There is notably a specific need to control the path followed by the data when they are transferred within the cloud. This paper is then presenting a new approach using OpenFlow and allowing to enforce in the network a Trusted Path compliant with the policy applicable on a sensitive data to transfer. This approach has been implemented within a SDN controller and experimented on a test-bed of physical OpenFlow switches. It is then shown how a sensitive traffic can actually follow a compliant trusted path in the network.

Adaptive notification framework for smart nursing home

This paper presents an adaptive notification framework which allows to optimally deliver and handle multimedia requests and alerts in a nursing home. This framework is operated with various applications (e.g., health alert, medicine reminder, and activity proposition) and has been evaluated with different real end-users (elderly resident and medical staff) in a pilot site. Results of these evaluations are presented and highlight the added value of the framework technology to enhance the quality of life of elderly people as well as the efficiency of the medical staff.

SDN-Based Trusted Path in a Multi-domain Network

The flexibility and dynamicty of the Cloud and SDN-based network infrastructures raise strong issues for sensitive data which can easily be transferred between different locations and then violate some constraints such as country-based regulations. This paper tackles the critical issue related to the path followed by sensitive data transferred in such virtualized environments and which have specific security & regulatory constraints (e.g., avoid some given untrusted domains). We are therefore proposing a new approach aiming to automatically configure in a multi-domain SDN network such a trusted path satisfying the required constraints. This approach relies on a Multi-Domain Trusted Path Application (MD-TPA) based on OpenFlow and deployed upon the SDN controller of each domain. This approach has been implemented within SDN controllers and experimented on a testbed composed of physical OpenFlow switches. It is then shown how such an end-to-end trusted path, compliant with the constraints, can be enforced in a multi-domain SDN network.

Intelligent Reactive Access Control for Moving User Data

With the boom of social media, it has become increasingly easier for ordinary people to not only post their own content but share other peoples content on the Internet. In this paper, we conceptualize a growing problem of moving user data - once a user posts some content on the Internet, the data is largely out of her control, the content can be forwarded to or shared with other people, applications or websites, potentially causing various privacy issues. We present a technical solution that aims to provide users flexible fine-grained control over their moving data. Our system builds upon the ideas of data envelope with sticky policy, reactive access control, and privacy scores. Users can specify and enforce sticky policies of their data through our data envelope plug-ins. Our reactive access control mechanism allows users to grant access to their data on the fly, extending the pre-defined sticky policies to better fit with the dynamic nature of peoples sharing practices. Finally, the privacy score helps users make decisions about data requests by providing relevant privacy risk assessment information about the requesters.