Thomas Pasquier, Barbara Lerner, Emery Boose, Orenna Brand, Aaron M. Ellison [et alii], « Making Provenance Work for You », The R Journal, 2023
Thomas Pasquier, Ana Trisovic, Matthew K. Lau, Mercè Crosas, « A large-scale study on research code quality and execution », Scientific Data, 2022
Thomas Pasquier, Matthew Lau, Thomas F. J.-M. Pasquier, Margo Seltzer, « Rclean: A Tool for Writing Cleaner, More Transparent Code », Journal of Open Source Software, 2020
Thomas Pasquier, David Eyers, Jean Bacon, « Viewpoint | Personal Data and the Internet of Things », Communications of the ACM, 2019
The Internet of Things promises a connected environment reacting to and addressing our every need, but based on the assumption that all of our movements and words can be recorded and analysed to achieve this end. Ubiquitous surveillance is also a precondition for most dystopian societies, both real and fictional. How our personal data is processed and consumed in an ever more connected world must imperatively be made transparent, and more effective technical solutions than those currently on offer, to manage personal data must urgently be investigated.
Thomas Pasquier, Matthew K. Lau, Xueyuan Han, Elizabeth Fong, Barbara S. Lerner [et alii], « Sharing and preserving computational analyses for posterity with encapsulator », Computing in Science and Engineering, 2018
Open data and open source software might be part of the solution to sciences reproducibility crisis, but they are insufficient to guarantee reproducibility. Requiring minimal end-user expertise, the encapsulator system creates a time capsule with reproducible code in a self-contained computational environment. encapsulator provides end users with a fully featured desktop environment for reproducible research.
Thomas Pasquier, Thomas F. J.-M. Pasquier, Jatinder Singh, David Eyers, Jean Bacon, « Camflow: Managed Data-Sharing for Cloud Services », IEEE Transactions on Cloud Computing, 2017
Thomas Pasquier, Jean Bacon, Jatinder Singh, David Eyers, « CloudSafetyNet », Impact, 2017
Thomas Pasquier, Jatinder Singh, Julia Powles, David Eyers, Margo Seltzer [et alii], « Data provenance to audit compliance with privacy policy in the Internet of Things », Personal and Ubiquitous Computing, 2017
Thomas Pasquier, Matthew K. Lau, Ana Trisovic, Emery R. Boose, Ben Couturier [et alii], « If these data could talk », Scientific Data, 2017
Thomas Pasquier, Jatinder Singh, Jean Bacon, Hajoon Ko, David Eyers, « Twenty security considerations for cloud-supported Internet of Things », IEEE Internet of Things Journal, 2016
To realize the broad vision of pervasive computing, underpinned by the 'Internet of Things' (IoT), it is essential to break down application and technology-based silos and support broad connectivity and data sharing; the cloud being a natural enabler. Work in IoT tends toward the subsystem, often focusing on particular technical concerns or application domains, before offloading data to the cloud. As such, there has been little regard given to the security, privacy, and personal safety risks that arise beyond these subsystems; i.e., from the wide-scale, cross-platform openness that cloud services bring to IoT. In this paper, we focus on security considerations for IoT from the perspectives of cloud tenants, end-users, and cloud providers, in the context of wide-scale IoT proliferation, working across the range of IoT technologies (be they things or entire IoT subsystems). Our contribution is to analyze the current state of cloud-supported IoT to make explicit the security considerations that require further work.
Thomas Pasquier, Jatinder Singh, Julia Powles, Jean Bacon, « Data Flow Management and Compliance in Cloud Computing », IEEE Cloud Computing Magazine, 2015
As cloud computing becomes an increasingly dominant means of providing computing resources, legal and regulatory issues associated with the cloud also become more pronounced. In particular, there is a heightened focus on ensuring the privacy and integrity of users' personal data. At present, the cloud is opaque, a black box. The technical means for enforcing and demonstrating compliance with data management practices lag behind legal and regulatory aspirations. Information flow control (IFC) enables auditable, fine-grained management as data moves throughout systems. IFC offers the potential to improve the visibility and control over data flows within and between cloud services and cloud-hosted applications. The authors use real-world legal/regulatory examples to show how IFC can help satisfy data management obligations and improve the accountability of responsible parties.
Thomas Pasquier, « CamFlow: Managed Data-Sharing for Cloud Services », IEEE Transactions on Cloud Computing, 2015
Thomas Pasquier, « FlowK: Information Flow Control for the Cloud », IEEE 6th International Conference on Cloud Computing Technology and Science, 2014
Thomas Pasquier, Jean Bacon, David Eyers, Jatinder Singh, Ioannis Papagiannis [et alii], « Information Flow Control for Secure Cloud Computing », IEEE Transactions on Network and System Management, SI Cloud Service Management, 2014
Security concerns are widely seen as an obstacle to the adoption of cloud computing solutions. Information Flow Control (IFC) is a well understood Mandatory Access Control methodology. The earliest IFC models targeted security in a centralised environment, but decentralised forms of IFC have been designed and implemented, often within academic research projects. As a result, there is potential for decentralised IFC to achieve better cloud security than is available today. In this paper we describe the properties of cloud computing - Platform-as-a-Service clouds in particular - and review a range of IFC models and implementations to identify opportunities for using IFC within a cloud computing context. Since IFC security is linked to the data that it protects, both tenants and providers of cloud services can agree on security policy, in a manner that does not require them to understand and rely on the particulars of the cloud software stack in order to effect enforcement.
Thomas Pasquier, Nichole Boufford, Joseph Wonsil, Adam Pocock, Jack Sullivan [et alii], « Computational Experiment Comprehension using Provenance Summarization », le 01 janvier 2024
Thomas Pasquier, « Politisations et émancipations à l’âge des révolutions, 1770-1830 », le 24 mars 2023
Organisé par la Société des études robespierristes et l'IRHIS, Université Paris 1 Panthéon Sorbonne
Thomas Pasquier, « Travailler pour quelqu’un : indépendance, subordination, bénévolat », le 23 février 2023
Organisée par l'Institut Jean Carbonnier, Université de Poitiers dans le cadre des Vespérales de l’Institut Jean Carbonnier, Cycle "Les représentations en droit du travail"
Thomas Pasquier, Soo Yee Lim, Xueyuan Han, « Unleashing Unprivileged eBPF Potential with Dynamic Sandboxing », le 01 janvier 2023
Thomas Pasquier, Mashal Abbas, Shahpar Khan, Abdul Monum, Fareed Zaffar [et alii], « PACED: Provenance-based Automated Container Escape Detection », le 01 janvier 2022
Thomas Pasquier, « Quel(s) droit(s) du travail pour les travailleurs des plateformes numériques », le 31 mars 2021
Organisé par l’équipe du Master de Droit Social, Université Paris-Nanterre
Thomas Pasquier, Soo Yee Lim, Bogdan Stelea, Xueyuan Han, « SIGL: Securing Software Installations Through Deep Graph Learning », le 01 janvier 2021
Thomas Pasquier, « Les mutations de la figure du travailleur au prisme de l’internationalisation du droit du travail », le 04 décembre 2020
Colloque en ligne organisé par le LEJEP de CY Cergy Paris Université et l'IRERP de l'Université Paris Nanterre
Thomas Pasquier, « L’émergence d'un droit des plateformes », le 21 octobre 2020
Organisé par l’Equipe de recherche Louis Josserand, sous la direction scientifique de Xavier Delpech, Professeur associé, Université́ Jean Moulin Lyon 3, Centre de droit de l’entreprise
Thomas Pasquier, « Repenser le travail en prison - Contenu, organisation et droits des travailleurs en prison », le 27 février 2020
Organisé par l’IFG, Université de Lorraine, le Comptrasec, Université de Bordeaux - CNRS, l'IRERP, Université Paris Nanterre, et le CERCRID, Université Jean-Monnet Saint-Etienne - CNRS.
Thomas Pasquier, Xueyuan Han, Adam Bates, James Mickens, Margo Seltzer [et alii], « Facilitating plausible deniability for cloud providers regarding tenants' activities using trusted execution », le 01 janvier 2020
Advanced Persistent Threats (APTs) are difficult to detect due to their low-and-slow attack patterns and frequent use of zero-day exploits. We present UNICORN, an anomaly-based APT detector that effectively leverages data provenance analysis. From modeling to detection, UNICORN tailors its design specifically for the unique characteristics of APTs. Through extensive yet time-efficient graph analysis, UNICORN explores provenance graphs that provide rich contextual and historical information to identify stealthy anomalous activities without pre-defined attack signatures. Using a graph sketching technique, it summarizes long-running system execution with space efficiency to combat slow-acting attacks that take place over a long time span. UNICORN further improves its detection capability using a novel modeling approach to understand long-term behavior as the system evolves. Our evaluation shows that UNICORN outperforms an existing state-of-the-art APT detection system and detects real-life APT scenarios with high accuracy.
Thomas Pasquier, « Discriminations, santé et conflictualité au travail », le 07 novembre 2019
1ère Journée d’études « DISPROSAC » organisé par l’IETL, Lyon 2
Thomas Pasquier, « Dynamique (s) et devenir (s) du travail humain », le 26 juin 2019
Organisées par l'Institut d'Etudes du Travail de Lyon
Thomas Pasquier, « Données numériques, plateformes et transports », le 14 mars 2019
Organisée par l’Université Lumière Lyon 2
Thomas Pasquier, « Les barèmes d'indemnisation dans la tourmente ? Mythe et réalité », le 28 février 2019
Conférence-débat du cycle « Les séances d'actualité de l'IETL » organisée par l'Institut d'Etudes du Travail de Lyon et l'équipe "Mutations du travail et des organisations en temps de crise" du CERCRID (UMR 5137)
Thomas Pasquier, David Eyers, Margo Seltzer, Ayat Fekry, Lucian Carata [et alii], « Towards Seamless Configuration Tuning of Big Data Analytics », le 01 janvier 2019
The execution of distributed data processing workloads (such as those running on top of Hadoop or Spark) in cloud environments presents a unique opportunity to explore multiple trade-offs between elasticity (and types of resources being allocated), overall runtime and total costs. However, beyond high-level constraints and objectives, it's not the end-users who should be mainly concerned with those optimizations, but the cloud providers. They have both the vantage point to collect actionable information, economies of scale and position to adjust parameters when dynamic conditions change, in order to fulfil SLOs that go beyond classic measures of latency and throughput.This is at odds with the existing approach of making software (including the interfaces to the cloud and the processing frameworks) as configurable as possible. We propose that rather than configurability, self-tunability (or the illusion of it as far as the end-user is concerned) is a better long-term goal.
Thomas Pasquier, « Travail et innovations technologiques », le 02 juillet 2018
Thomas Pasquier, « Quelle place pour les salariés dans l'entreprise ? », le 28 juin 2018
Organisé par l'équipe "Mutations du travail et des organisations en temps de crise" du CERCRID (CEntre de Recherches CRItiques sur le Droit)
Thomas Pasquier, Xueyuan Han, Thomas Moyer, Adam Bates, Olivier Hermant [et alii], « Provenance-based intrusion detection: Opportunities and challenges », le 01 janvier 2018
Identifying the root cause and impact of a system intrusion remains a foundational challenge in computer security. Digital provenance provides a detailed history of the flow of information within a computing system, connecting suspicious events to their root causes. Although existing provenance-based auditing techniques provide value in forensic analysis, they assume that such analysis takes place only retrospectively. Such post-hoc analysis is insufficient for realtime security applications; moreover, even for forensic tasks, prior provenance collection systems exhibited poor performance and scalability, jeopardizing the timeliness of query responses. We present CamQuery, which provides inline, realtime provenance analysis, making it suitable for implementing security applications. CamQuery is a Linux Security Module that offers support for both userspace and in-kernel execution of analysis applications.We demonstrate the applicability of CamQuery to a variety of runtime security applications including data loss prevention, intrusion detection, and regulatory compliance. In evaluation, we demonstrate that CamQuery reduces the latency of realtime query mechanisms, while imposing minimal overheads on system execution. CamQuery thus enables the further deployment of provenance-based technologies to address central challenges in computer security.
Thomas Pasquier, « Autour des ordonnances Macron : Le droit du travail en changement, essai de mesure - Le nouveau droit des ruptures du contrat de travail », le 23 novembre 2017
Organisé par de l'équipe "Mutations du travail et des organisations en temps de crise" du CERCRID (UMR 5137)
Thomas Pasquier, « Un salaire minimum pour l’Europe ? », le 16 novembre 2017
Organisée par l’Université de Bordeaux, le GEFACT, le CIERA et le COMPTRASEC
Thomas Pasquier, David Eyers, Jean Bacon, « PHP2Uni: Building Unikernels Using Scripting Language Transpilation », le 01 janvier 2017
Thomas Pasquier, « L'ubérisation », le 02 décembre 2016
Sous la direction scientifique de Mme Nathalie Martial-Braz, avec la participation des Master 2 Droit et Obligations Civiles et Commerciales, et Droit des Activités Numériques
Thomas Pasquier, Jean Bacon, Jatinder Singh, David Eyers, Hajoon Ko [et alii], « Information Flow Audit for Transparency and Compliance in the Handling of Personal Data », le 01 janvier 2016
Information Flow Control (IFC) extends conventional access control beyond application boundaries, and allows control of data flows after a point of authorised data disclosure. In a deployment of IFC within a cloud operating system (OS), the IFC implementation can be trusted by applications running over the same OS instance. In an IFC deployment within a widely distributed system, such as in the Internet of Things, the potential for trustworthy enforcement of IFC must be ascertained during connection establishment. IFC is based on tagging data in line with data management requirements. When audit is included as part of IFC, it can be shown that a system complies with these requirements. In this paper, we consider the possibility that some tags may be sensitive and discuss the use of Private Set Intersection (PSI) to prevent unnecessary disclosure of IFC tags during the establishment of communication channels. The proposed approach guarantees that on authorised flows, only the tags necessary for that interaction are disclosed and that no tags are disclosed for prevented flows. This functionality is particularly important in contexts such as healthcare, where privacy and confidentiality are paramount.
Thomas Pasquier, Jatinder Singh, Jean Bacon, Olivier Hermant, Thomas F. J.-M. Pasquier [et alii], « Expressing and Enforcing Location Requirements in the Cloud using Information Flow Control », le 01 janvier 2015
Concern about data leakage is holding back more widespread adoption of cloud computing by companies and public institutions alike. To address this, cloud tenants/applications are traditionally isolated in virtual machines or containers. But an emerging requirement is for cross-application sharing of data, for example, when cloud services form part of an IoT architecture. Information Flow Control (IFC) is ideally suited to achieving both isolation and data sharing as required. IFC enhances traditional Access Control by providing continuous, data-centric, cross-application, end-to-end control of data flows. However, large-scale data processing is a major requirement of cloud computing and is infeasible under standard IFC. We present a novel, enhanced IFC model that subsumes standard models. Our IFC model supports 'Big Data' processing, while retaining the simplicity of standard IFC and enabling more concise, accurate and maintainable expression of policy.
Thomas Pasquier, Jean Bacon, Brian Shand, « FlowR: aspect oriented programming for information flow control in ruby », le 01 janvier 2014
This paper reports on our experience with providing Information Flow Control (IFC) as a library. Our aim was to support the use of an unmodified Platform as a Service (PaaS) cloud infrastructure by IFC-aware web applications. We discuss how Aspect Oriented Programming (AOP) overcomes the limitations of RubyTrack, our first approach. Although use of AOP has been mentioned as a possibility in past IFC literature we believe this paper to be the first illustration of how such an implementation can be attempted. We discuss how we built FlowR (Information Flow Control for Ruby), a library extending Ruby to provide IFC primitives using AOP via the Aquarium open source library. Previous attempts at providing IFC as a language extension required either modification of an interpreter or significant code rewriting. FlowR provides a strong separation between functional implementation and security constraints which supports easier development and maintenance; we illustrate with practical examples. In addition, we provide new primitives to describe IFC constraints on objects, classes and methods that, to our knowledge, are not present in related work and take full advantage of an object oriented language (OO language). The experience reported here makes us confident that the techniques we use for Ruby can be applied to provide IFC for any Object Oriented Program (OOP) whose implementation language has an AOP library.
Thomas Pasquier, « Practical whole-system provenance capture », le 30 novembre -0001