Thomas Pasquier
Thomas Pasquier
Home
Experience
Joining my lab
Publications
Teaching
Service
Students
Contact
Light
Dark
Automatic
Publications
Type
Conference paper
Journal article
Report
Date
2024
2023
2022
2021
2020
2019
2018
2017
2016
2015
2014
SafeBPF: Hardware-assisted Defense-in-depth for eBPF Kernel Extensions
The eBPF framework enables execution of user-provided code in the Linux kernel. In the last few years, a large ecosystem of cloud …
SY Lim
,
T Prasad
,
X Han
,
T Pasquier
PDF
Cite
FetchBPF: Customizable Prefetching Policies in Linux with eBPF
Monolithic operating systems are infamously complex. Linux in particular has a tendency to intermingle policy and mechanisms in a …
X Cao
,
S Patel
,
SY Lim
,
X Han
,
T Pasquier
PDF
Cite
Computational Experiment Comprehension using Provenance Summarization
Scientists use complex multistep workflows to analyze data. However, reproducing computational experiments is often difficult as …
N Boufford
,
J Wonsil
,
A Pocock
,
J Sullivan
,
M Seltzer
,
T Pasquier
PDF
Cite
Kairos: Practical Intrusion Detection and Investigation using Whole-system Provenance
Provenance graphs are structured audit logs that describe the history of a system’s execution. Recent studies have explored a …
Z Cheng
,
Q Lv
,
J Liang
,
Y Wang
,
D Sun
,
T Pasquier
,
X Han
PDF
Cite
Kairos: Practical Intrusion Detection and Investigation using Whole-system Provenance (Supplementary Material)
This document is a companion contain materials supplementary to our paper published in the 43rd IEEE Symposium on Security and Privacy …
Z Cheng
,
Q Lv
,
J Liang
,
Y Wang
,
D Sun
,
T Pasquier
,
X Han
PDF
Cite
Unleashing Unprivileged eBPF Potential with Dynamic Sandboxing
For safety reasons, unprivileged users today have only limited ways to customize the kernel through the extended Berkeley Packet Filter …
SY Lim
,
X Han
,
T Pasquier
PDF
Cite
DOI
A large-scale study on research code quality and execution
This article presents a study on the quality and execution of research code from publicly-available replication datasets at the Harvard …
A Trisovic
,
M K Lau
,
T Pasquier
,
M Crosas
PDF
Cite
DOI
Secure Namespaced Kernel Audit for Containers
Despite the wide usage of container-based cloud computing, container auditing for security analysis relies mostly on built-in host …
SY Lim
,
B Stelea
,
X Han
,
T Pasquier
PDF
Cite
SIGL: Securing Software Installations Through Deep Graph Learning
Many users implicitly assume that software can only be exploited after it is installed. However, recent supply-chain attacks …
X Han
,
X Yu
,
T Pasquier
,
D Li
,
J Rhee
,
J Mickens
,
M Seltzer
,
C Haifeng
PDF
Cite
Accelerating the Configuration Tuning of Big Data Analytics with Similarity-aware Multitask Bayesian Optimization
One of the key challenges for data analytics deployment is configuration tuning. The existing approaches for configuration tuning are …
A Fekry
,
L Carata
,
T Pasquier
,
A Rice
PDF
Cite
Slides
Xanthus: Push-button Orchestration of Host Provenance Data Collection
Host-based anomaly detectors generate alarms by inspecting audit logs for suspicious behavior. Unfortunately, evaluating these anomaly …
X Han
,
J Mickens
,
A Gehani
,
M Seltzer
,
T Pasquier
PDF
Cite
To Tune or Not to Tune? In Search of Optimal Configurations for Data Analytics
This experimental study presents a number of issues that pose a challenge for practical configuration tuning and its deployment in data …
A Fekry
,
L Carata
,
T Pasquier
,
A Rice
,
A Hopper
PDF
Cite
UNICORN: Runtime Provenance-Based Detector for Advanced Persistent Threats
Advanced Persistent Threats (APTs) are difficult to detect due to their low-and-slow attack patterns and frequent use of zero-day …
X Han
,
T Pasquier
,
A Bates
,
J Mickens
,
M Seltzer
PDF
Cite
Rclean: A Tool for Writing Cleaner, More Transparent Code
The growth of programming in the sciences has been explosive in the last decade. This has facilitated the rapid advancement of science …
M K Lau
,
T Pasquier
,
M Seltzer
PDF
Cite
DOI
Facilitating plausible deniability for cloud providers regarding tenants' activities using trusted execution
A cloud provider that can technically determine tenants’ operations may be compelled to disclose such activities by law …
D O'Keeffe
,
A Vranaki
,
T Pasquier
,
D Eyers
PDF
Cite
Demonstrating the Practicality of Unikernels to Build a Serverless Platform at the Edge
The rise of IoT has led to large volumes of personal data being produced at the network’s edge. Most IoT applications process data in …
C Mistry
,
B Stelea
,
V Kumar
,
T Pasquier
PDF
Cite
Code
DOI
ProvMark: A Provenance Expressiveness Benchmarking System
System level provenance is of widespread interest for applications such as security enforcement and information protection. However, …
S C Chan
,
J Cheney
,
P Bhatotia
,
A Gehani
,
H Irshad
,
T Pasquier
,
L Carata
,
M Seltzer
PDF
Cite
From Here to Provtopia
Valuable, sensitive, and regulated data flow freely through distributed governing the collection, use, and management of such data? We …
T Pasquier
,
D Eyers
,
M Seltzer
PDF
Cite
Towards Seamless Configuration Tuning of Big Data Analytics
The execution of distributed data processing workloads (such as those running on top of Hadoop or Spark) in cloud environments presents …
A Fekry
,
L Carata
,
T Pasquier
,
Andrew Rice
,
Andy Hopper
PDF
Cite
DOI
Viewpoint | Personal Data and the Internet of Things: It is time to care about digital provenance
The Internet of Things promises a connected environment reacting to and addressing our every need, but based on the assumption that all …
T Pasquier
,
D Eyers
,
J Bacon
PDF
Cite
DOI
Runtime Analysis of Whole-System Provenance
Identifying the root cause and impact of a system intrusion remains a foundational challenge in computer security. Digital provenance …
T Pasquier
,
X Han
,
T Moyer
,
A Bates
,
O Hermant
,
D Eyers
,
J Bacon
,
M Seltzer
PDF
Cite
Code
DOI
Provenance-based Intrusion Detection: Opportunities and Challenges
Intrusion detection is an arms race; attackers evade intrusion detection systems by developing new attack vectors to sidestep known …
X Han
,
T Pasquier
,
M Seltzer
PDF
Cite
Sharing and Preserving Computational Analyses for Posterity with encapsulator
Open data and open-source software may be part of the solution to science’s “reproducibility crisis”, but they are insufficient to …
T Pasquier
,
M K Lau
,
X Han
,
E Fong
,
B Lerner
,
E Boose
,
M Crosas
,
A Ellison
,
M Seltzer
PDF
Cite
Code
DOI
Data provenance to audit compliance with privacy policy in the Internet of Things
Managing privacy in the IoT presents a significant challenge. We make the case that information obtained by auditing the flows of data …
T Pasquier
,
J Singh
,
J Powles
,
D Eyers
,
M Seltzer
,
J Bacon
PDF
Cite
DOI
Practical Whole-System Provenance Capture
Data provenance describes how data came to be in its present form. It includes data sources and the transformations that have been …
T Pasquier
,
X Han
,
M Goldstein
,
T Moyer
,
D Eyers
,
M Seltzer
,
J Bacon
PDF
Cite
Code
DOI
If these data could talk
In the last few decades, data-driven methods have come to dominate many fields of scientific inquiry. Open data and open-source …
T Pasquier
,
M K Lau
,
A Trisovic
,
E Boose
,
B Couturier
,
M Crosas
,
A Ellisson
,
V Gibson
,
C Jones
,
M Seltzer
PDF
Cite
DOI
FRAPpuccino: Fault-detection through Runtime Analysis of Provenance
We present FRAPpuccino (or FRAP), a provenance-based fault detection mechanism for Platform as a Service (PaaS) users, who run many …
X Han
,
T Pasquier
,
T Ranjan
,
M Goldstein
,
M Seltzer
PDF
Cite
PHP2Uni: Building Unikernels using Scripting Language Transpilation
Unikernels are a rapidly emerging technology in the world of cloud computing. Unikernels build on research on library operating systems …
T Pasquier
,
D Eyers
,
J Bacon
PDF
Cite
DOI
Big Ideas paper: Policy-driven middleware for a legally-compliant Internet of Things
Internet of Things (IoT) applications, systems and services are subject to law. We argue that for the IoT to develop lawfully, there …
J Singh
,
T Pasquier
,
J Bacon
,
J Powles
,
R Diaconu
,
D Eyers
PDF
Cite
DOI
Data-Centric Access Control for Cloud Computing
The usual approach to security for cloud-hosted applications is strong separation. However, it is often the case that the same data is …
T Pasquier
,
J Bacon
,
J Singh
,
D Eyers
PDF
Cite
DOI
Twenty security considerations for cloud-supported Internet of Things
To realize the broad vision of pervasive computing, underpinned by the “Internet of Things” (IoT), it is essential to break down …
J Singh
,
T Pasquier
,
J Bacon
,
H Ko
,
D Eyers
PDF
Cite
DOI
Information Flow Audit for Transparency and Compliance in the Handling of Personal Data
The adoption of cloud computing is increasing and its use is becoming widespread in many sectors. As the proportion of services …
T Pasquier
,
D Eyers
PDF
Cite
DOI
Information Flow Audit for PaaS clouds
With the rapid increase in uptake of cloud services, issues of data management are becoming increasingly prominent. There is a clear, …
T Pasquier
,
J Singh
,
J Bacon
,
D Eyers
PDF
Cite
DOI
Clouds of Things Need Information Flow Control with Hardware Roots of Trust
There is a clear, outstanding need for new security mechanisms that allow data to be managed and controlled within the cloud-enabled …
T Pasquier
,
J Singh
,
J Bacon
PDF
Cite
DOI
CamFlow: Managed Data-Sharing for Cloud Services
A model of cloud services is emerging whereby a few trusted providers manage the underlying hardware and communications whereas many …
T Pasquier
,
J Singh
,
D Eyers
,
J Bacon
PDF
Cite
DOI
Data Flow Management and Compliance in Cloud Computing
As cloud computing becomes an increasingly dominant means of providing computing resources, the legal and regulatory issues associated …
J Singh
,
J Powles
,
T Pasquier
,
J Bacon
PDF
Cite
DOI
Managing Big Data with Information Flow Control
Concern about data leakage is holding back more widespread adoption of cloud computing by companies and public institutions alike. To …
T Pasquier
,
J Singh
,
J Bacon
,
O Hermant
PDF
Cite
DOI
Securing Tags to Control Information Flows within the Internet of Things
To realise the full potential of the Internet of Things (loT), loT architectures are moving towards open and dynamic interoperability, …
J Singh
,
T Pasquier
,
J Bacon
PDF
Cite
DOI
Integrating Middleware with Information Flow Control
Security is an ongoing challenge in cloud computing. Currently, cloud consumers have few mechanisms for managing their data within the …
T Pasquier
,
J Singh
,
J Bacon
,
D Eyers
PDF
Cite
DOI
Information Flow Control for Strong Protection with Flexible Sharing in PaaS
The need to share data across applications is becoming increasingly evident. Current cloud isolation mechanisms focus solely on …
T Pasquier
,
J Singh
,
J Bacon
PDF
Cite
DOI
Expressing and Enforcing Location Requirements in the Cloud using Information Flow Control
The adoption of cloud computing is increasing and its use is becoming widespread in many sectors. As cloud service provision increases, …
T Pasquier
,
J Powles
PDF
Cite
DOI
FlowK: Information Flow Control for the Cloud
Security concerns are widely seen as an obstacle to the adoption of cloud computing solutions and although a wealth of law and …
T Pasquier
,
J Bacon
,
D Eyers
PDF
Cite
DOI
Regional clouds: technical considerations
The emergence and rapid uptake of cloud computing services raise a number of legal challenges. Recently, there have been calls for …
J Singh
,
J Bacon
,
J Crowcroft
,
A Madhavapeddy
,
T Pasquier
,
W Kuan Hon
,
C Millard
PDF
Cite
FlowR: Aspect Oriented Programming for Information Flow Control in Ruby
This paper reports on our experience with providing Information Flow Control (IFC) as a library. Our aim was to support the use of an …
T Pasquier
,
J Bacon
,
B Shand
PDF
Cite
DOI
Information Flow Control for Secure Cloud Computing
Security concerns are widely seen as an obstacle to the adoption of cloud computing solutions. Information Flow Control (IFC) is a well …
J Bacon
,
D Eyers
,
T Pasquier
,
J Singh
,
I Papagiannis
,
P Pietzuch
PDF
Cite
DOI
Cite
×
