Sites Inria

Version française

PETRUS Research team

Personal Trusted cloud

Team presentation

We are witnessing an exponential accumulation of personal data on central servers: data automatically gathered by administrations and companies but also data produced by individuals themselves (e.g., photos, agendas, data produced by smart appliances and quantified-self devices) and deliberately stored in the cloud for convenience. The net effect is, on the one hand, an unprecedented threat on data privacy due to abusive usage and attacks and, on the other hand, difficulties in providing powerful user-centric services (e.g. personal big data) which require crossing data stored today in isolated silos.

The Personal Cloud paradigm holds the promise of a Privacy-by-Design storage and computing platform, where each individual can gather her complete digital environment in one place and share it with applications and users, while preserving her control. However, this paradigm leaves the privacy and security issues in user's hands, which leads to a paradox if we consider the weaknesses of individuals' autonomy in terms of computer security, ability and willingness to administer sharing policies. The challenge is however paramount in a society where emerging economic models are all based - directly or indirectly - on exploiting personal data. While many research works tackle the organization of the user's workspace, the semantic unification of personal information, the personal data analytics problems, the objective of the PETRUS project-team is to tackle the privacy and security challenges from an architectural point of view.

Research themes

We identify four main lines of research in the PETRUS team, linked to the challenges of the secure personal cloud:

Axis 1: Personal cloud server architectures. Based on the intuition that user control, security and privacy are key properties in the definition of trusted personal cloud solutions, our objective is to study how and to which extent technical architectural choices influence them.

Axis 2: Privacy preserving administration models and enforcement. This research axis is devoted to the definition of sharing rules that are easily manageable for the individual and enforced by default (i.e., secure implementation). Complementary to the definition of sharing policies, it is mandatory to help the average user regulate the complete lifecycle of her data, from its capture, to its dissemination and up to its deletion. This encompasses principles like limited data collection, secure storage, enforcement of sharing and usage policies and finally sustainability.

Axis 3: Global query evaluation. The goal of this line of research is to provide capabilities for crossing data belonging to multiple individuals (e.g., performing statistical queries over personal data, computing queries on social graphs or organizing participatory data collection) in a fully decentralized setting while providing strong and personalized privacy guarantees.

Axis 4: Economic, legal and societal issues. This research axis is more transversal and entails multidisciplinary research, addressing the links between economic, legal, societal and technological aspects.

International and industrial relations

International collaborations. Outside France, we collaborate with ITU (Danemark), NJIT (US) and University of Yaoundé (Cameroon).

Industrial partners. Our industrial partners include Cozy Cloud, Hippocad and Orange.

Regulatory authorities. We also have interactions with regulatory and supervisory authorities like Trans Europ Expert (EU) and DGCCRF (FR).

Keywords: Database management systems Data confidentiality Privacy Trusted storage and computing architectures Personal cloud Privacy-by-Design Empowerment