Thomas Pasquier
Thomas Pasquier
Home
Working with me
Experience
Publications
Talks
Projects
Teaching & Service
Contact
Light
Dark
Automatic
Publications
Type
Conference paper
Journal article
Report
Date
2021
2020
2019
2018
2017
2016
2015
2014
SIGL: Securing Software Installations Through Deep Graph Learning
Many users implicitly assume that software can only be exploited after it is installed. However, recent supply-chain attacks demonstrate that application integrity must be ensured during installation …
X Han
,
X Yu
,
T Pasquier
,
D Li
,
J Rhee
,
J Mickens
,
M Seltzer
,
C Haifeng
PDF
Cite
Demonstrating the Practicality of Unikernels to Build a Serverless Platform at the Edge
The rise of IoT has led to large volumes of personal data being produced at the network’s edge. Most IoT applications process data in the cloud raising concerns over privacy and security. As many IoT …
C Mistry
,
B Stelea
,
V Kumar
,
T Pasquier
PDF
Cite
Code
DOI
Accelerating the Configuration Tuning of Big Data Analytics with Similarity-aware Multitask Bayesian Optimization
One of the key challenges for data analytics deployment is configuration tuning. The existing approaches for configuration tuning are expensive and overlook the dynamic characteristics of the …
A Fekry
,
L Carata
,
T Pasquier
,
A Rice
PDF
Cite
Project
Slides
Xanthus: Push-button Orchestration of Host Provenance Data Collection
Host-based anomaly detectors generate alarms by inspecting audit logs for suspicious behavior. Unfortunately, evaluating these anomaly detectors is hard. There are few high-quality, publiclyavailable …
X Han
,
J Mickens
,
A Gehani
,
M Seltzer
,
T Pasquier
PDF
Cite
Project
To Tune or Not to Tune? In Search of Optimal Configurations for Data Analytics
This experimental study presents a number of issues that pose a challenge for practical configuration tuning and its deployment in data analytics frameworks. These issues include: 1) the assumption of …
A Fekry
,
L Carata
,
T Pasquier
,
A Rice
,
A Hopper
PDF
Cite
Project
UNICORN: Runtime Provenance-Based Detector for Advanced Persistent Threats
Advanced Persistent Threats (APTs) are difficult to detect due to their low-and-slow attack patterns and frequent use of zero-day exploits. We present UNICORN, an anomaly-based APT detector that …
X Han
,
T Pasquier
,
A Bates
,
J Mickens
,
M Seltzer
PDF
Cite
Project
Rclean: A Tool for Writing Cleaner, More Transparent Code
The growth of programming in the sciences has been explosive in the last decade. This has facilitated the rapid advancement of science through the agile development of computational tools. However, …
M K Lau
,
T Pasquier
,
M Seltzer
PDF
Cite
Code
Project
DOI
Facilitating plausible deniability for cloud providers regarding tenants' activities using trusted execution
A cloud provider that can technically determine tenants' operations may be compelled to disclose such activities by law enforcement agencies (LEAs). The situation gets even more complex when multiple …
D O'Keeffe
,
A Vranaki
,
T Pasquier
,
D Eyers
PDF
Cite
Project
ProvMark: A Provenance Expressiveness Benchmarking System
System level provenance is of widespread interest for applications such as security enforcement and information protection. However, testing the correctness or completeness of provenance capture tools …
S C Chan
,
J Cheney
,
P Bhatotia
,
A Gehani
,
H Irshad
,
T Pasquier
,
L Carata
,
M Seltzer
PDF
Cite
Project
From Here to Provtopia
Valuable, sensitive, and regulated data flow freely through distributed governing the collection, use, and management of such data? We claim that distributed data provenance, the directed acyclic …
T Pasquier
,
D Eyers
,
M Seltzer
PDF
Cite
Project
Towards Seamless Configuration Tuning of Big Data Analytics
The execution of distributed data processing workloads (such as those running on top of Hadoop or Spark) in cloud environments presents a unique opportunity to explore multiple trade-offs between …
A Fekry
,
L Carata
,
T Pasquier
,
Andrew Rice
,
Andy Hopper
PDF
Cite
Project
DOI
Viewpoint | Personal Data and the Internet of Things: It is time to care about digital provenance
The Internet of Things promises a connected environment reacting to and addressing our every need, but based on the assumption that all of our movements and words can be recorded and analysed to …
T Pasquier
,
D Eyers
,
J Bacon
PDF
Cite
Project
DOI
Runtime Analysis of Whole-System Provenance
Identifying the root cause and impact of a system intrusion remains a foundational challenge in computer security. Digital provenance provides a detailed history of the flow of information within a …
T Pasquier
,
X Han
,
T Moyer
,
A Bates
,
O Hermant
,
D Eyers
,
J Bacon
,
M Seltzer
PDF
Cite
Code
Project
DOI
Provenance-based Intrusion Detection: Opportunities and Challenges
Intrusion detection is an arms race; attackers evade intrusion detection systems by developing new attack vectors to sidestep known defense mechanisms. Provenance provides a detailed, structured …
X Han
,
T Pasquier
,
M Seltzer
PDF
Cite
Project
Sharing and Preserving Computational Analyses for Posterity with encapsulator
Open data and open-source software may be part of the solution to science’s “reproducibility crisis”, but they are insufficient to guarantee reproducibility. Requiring minimal end-user expertise, …
T Pasquier
,
M K Lau
,
X Han
,
E Fong
,
B Lerner
,
E Boose
,
M Crosas
,
A Ellison
,
M Seltzer
PDF
Cite
Code
Project
DOI
Data provenance to audit compliance with privacy policy in the Internet of Things
Managing privacy in the IoT presents a significant challenge. We make the case that information obtained by auditing the flows of data can assist in demonstrating that the systems handling personal …
T Pasquier
,
J Singh
,
J Powles
,
D Eyers
,
M Seltzer
,
J Bacon
PDF
Cite
Project
DOI
Practical Whole-System Provenance Capture
Data provenance describes how data came to be in its present form. It includes data sources and the transformations that have been applied to them. Data provenance has many uses, from forensics and …
T Pasquier
,
X Han
,
M Goldstein
,
T Moyer
,
D Eyers
,
M Seltzer
,
J Bacon
PDF
Cite
Code
Project
DOI
If these data could talk
In the last few decades, data-driven methods have come to dominate many fields of scientific inquiry. Open data and open-source software have enabled the rapid implementation of novel methods to …
T Pasquier
,
M K Lau
,
A Trisovic
,
E Boose
,
B Couturier
,
M Crosas
,
A Ellisson
,
V Gibson
,
C Jones
,
M Seltzer
PDF
Cite
Project
DOI
FRAPpuccino: Fault-detection through Runtime Analysis of Provenance
We present FRAPpuccino (or FRAP), a provenance-based fault detection mechanism for Platform as a Service (PaaS) users, who run many instances of an application on a large cluster of machines. FRAP …
X Han
,
T Pasquier
,
T Ranjan
,
M Goldstein
,
M Seltzer
PDF
Cite
Project
PHP2Uni: Building Unikernels using Scripting Language Transpilation
Unikernels are a rapidly emerging technology in the world of cloud computing. Unikernels build on research on library operating systems to deliver smaller, faster and more secure virtual machines, …
T Pasquier
,
D Eyers
,
J Bacon
PDF
Cite
DOI
Big Ideas paper: Policy-driven middleware for a legally-compliant Internet of Things
Internet of Things (IoT) applications, systems and services are subject to law. We argue that for the IoT to develop lawfully, there must be technical mechanisms that allow the enforcement of …
J Singh
,
T Pasquier
,
J Bacon
,
J Powles
,
R Diaconu
,
D Eyers
PDF
Cite
Project
DOI
Data-Centric Access Control for Cloud Computing
The usual approach to security for cloud-hosted applications is strong separation. However, it is often the case that the same data is used by different applications, particularly given the increase …
T Pasquier
,
J Bacon
,
J Singh
,
D Eyers
PDF
Cite
Project
DOI
Twenty security considerations for cloud-supported Internet of Things
To realize the broad vision of pervasive computing, underpinned by the “Internet of Things” (IoT), it is essential to break down application and technology-based silos and support broad connectivity …
J Singh
,
T Pasquier
,
J Bacon
,
H Ko
,
D Eyers
PDF
Cite
Project
DOI
Information Flow Audit for Transparency and Compliance in the Handling of Personal Data
The adoption of cloud computing is increasing and its use is becoming widespread in many sectors. As the proportion of services provided using cloud computing increases, legal and regulatory issues …
T Pasquier
,
D Eyers
PDF
Cite
Project
DOI
Information Flow Audit for PaaS clouds
With the rapid increase in uptake of cloud services, issues of data management are becoming increasingly prominent. There is a clear, outstanding need for the ability for specified policy to control …
T Pasquier
,
J Singh
,
J Bacon
,
D Eyers
PDF
Cite
Project
DOI
Clouds of Things Need Information Flow Control with Hardware Roots of Trust
There is a clear, outstanding need for new security mechanisms that allow data to be managed and controlled within the cloud-enabled Internet of Things. Towards this, we propose an approach based on …
T Pasquier
,
J Singh
,
J Bacon
PDF
Cite
Project
DOI
CamFlow: Managed Data-Sharing for Cloud Services
A model of cloud services is emerging whereby a few trusted providers manage the underlying hardware and communications whereas many companies build on this infrastructure to offer higher level, …
T Pasquier
,
J Singh
,
D Eyers
,
J Bacon
PDF
Cite
Project
DOI
Data Flow Management and Compliance in Cloud Computing
As cloud computing becomes an increasingly dominant means of providing computing resources, the legal and regulatory issues associated with data in the cloud become more pronounced. These issues …
J Singh
,
J Powles
,
T Pasquier
,
J Bacon
PDF
Cite
Project
DOI
Managing Big Data with Information Flow Control
Concern about data leakage is holding back more widespread adoption of cloud computing by companies and public institutions alike. To address this, cloud tenants/applications are traditionally …
T Pasquier
,
J Singh
,
J Bacon
,
O Hermant
PDF
Cite
Project
DOI
Securing Tags to Control Information Flows within the Internet of Things
To realise the full potential of the Internet of Things (loT), loT architectures are moving towards open and dynamic interoperability, as opposed to closed application silos. This is because …
J Singh
,
T Pasquier
,
J Bacon
PDF
Cite
Project
DOI
Integrating Middleware with Information Flow Control
Security is an ongoing challenge in cloud computing. Currently, cloud consumers have few mechanisms for managing their data within the cloud provider’s infrastructure. Information Flow Control …
T Pasquier
,
J Singh
,
J Bacon
,
D Eyers
PDF
Cite
Project
DOI
Information Flow Control for Strong Protection with Flexible Sharing in PaaS
The need to share data across applications is becoming increasingly evident. Current cloud isolation mechanisms focus solely on protection, such as containers that isolate at the OS-level, and virtual …
T Pasquier
,
J Singh
,
J Bacon
PDF
Cite
Project
DOI
Expressing and Enforcing Location Requirements in the Cloud using Information Flow Control
The adoption of cloud computing is increasing and its use is becoming widespread in many sectors. As cloud service provision increases, legal and regulatory issues become more significant. In …
T Pasquier
,
J Powles
PDF
Cite
Project
DOI
FlowK: Information Flow Control for the Cloud
Security concerns are widely seen as an obstacle to the adoption of cloud computing solutions and although a wealth of law and regulation has emerged, the technical basis for enforcing and …
T Pasquier
,
J Bacon
,
D Eyers
PDF
Cite
Project
DOI
Regional clouds: technical considerations
The emergence and rapid uptake of cloud computing services raise a number of legal challenges. Recently, there have been calls for regional clouds; where policy makers from various states have …
J Singh
,
J Bacon
,
J Crowcroft
,
A Madhavapeddy
,
T Pasquier
,
W Kuan Hon
,
C Millard
PDF
Cite
Project
FlowR: Aspect Oriented Programming for Information Flow Control in Ruby
This paper reports on our experience with providing Information Flow Control (IFC) as a library. Our aim was to support the use of an unmodified Platform as a Service (PaaS) cloud infrastructure by …
T Pasquier
,
J Bacon
,
B Shand
PDF
Cite
Project
DOI
Information Flow Control for Secure Cloud Computing
Security concerns are widely seen as an obstacle to the adoption of cloud computing solutions. Information Flow Control (IFC) is a well understood Mandatory Access Control methodology. The earliest …
J Bacon
,
D Eyers
,
T Pasquier
,
J Singh
,
I Papagiannis
,
P Pietzuch
PDF
Cite
Project
DOI
Cite
×
