Publications | Thomas Pasquier

SIGL: Securing Software Installations Through Deep Graph Learning

Many users implicitly assume that software can only be exploited after it is installed. However, recent supply-chain attacks …

X Han, X Yu, T Pasquier, D Li, J Rhee, J Mickens, M Seltzer, C Haifeng

SIGL: Securing Software Installations Through Deep Graph Learning

Demonstrating the Practicality of Unikernels to Build a Serverless Platform at the Edge

The rise of IoT has led to large volumes of personal data being produced at the network’s edge. Most IoT applications process data in …

C Mistry, B Stelea, V Kumar, T Pasquier

Accelerating the Configuration Tuning of Big Data Analytics with Similarity-aware Multitask Bayesian Optimization

One of the key challenges for data analytics deployment is configuration tuning. The existing approaches for configuration tuning are …

A Fekry, L Carata, T Pasquier, A Rice

Accelerating the Configuration Tuning of Big Data Analytics with Similarity-aware Multitask Bayesian Optimization

Xanthus: Push-button Orchestration of Host Provenance Data Collection

Host-based anomaly detectors generate alarms by inspecting audit logs for suspicious behavior. Unfortunately, evaluating these anomaly …

X Han, J Mickens, A Gehani, M Seltzer, T Pasquier

Xanthus: Push-button Orchestration of Host Provenance Data Collection

To Tune or Not to Tune? In Search of Optimal Configurations for Data Analytics

This experimental study presents a number of issues that pose a challenge for practical configuration tuning and its deployment in data …

A Fekry, L Carata, T Pasquier, A Rice, A Hopper

To Tune or Not to Tune? In Search of Optimal Configurations for Data Analytics

UNICORN: Runtime Provenance-Based Detector for Advanced Persistent Threats

Advanced Persistent Threats (APTs) are difficult to detect due to their low-and-slow attack patterns and frequent use of zero-day …

X Han, T Pasquier, A Bates, J Mickens, M Seltzer

UNICORN: Runtime Provenance-Based Detector for Advanced Persistent Threats

Rclean: A Tool for Writing Cleaner, More Transparent Code

The growth of programming in the sciences has been explosive in the last decade. This has facilitated the rapid advancement of science …

M K Lau, T Pasquier, M Seltzer

Facilitating plausible deniability for cloud providers regarding tenants' activities using trusted execution

A cloud provider that can technically determine tenants' operations may be compelled to disclose such activities by law enforcement …

D O'Keeffe, A Vranaki, T Pasquier, D Eyers

ProvMark: A Provenance Expressiveness Benchmarking System

System level provenance is of widespread interest for applications such as security enforcement and information protection. However, …

S C Chan, J Cheney, P Bhatotia, A Gehani, H Irshad, T Pasquier, L Carata, M Seltzer

ProvMark: A Provenance Expressiveness Benchmarking System

From Here to Provtopia

Valuable, sensitive, and regulated data flow freely through distributed governing the collection, use, and management of such data? We …

T Pasquier, D Eyers, M Seltzer

Towards Seamless Configuration Tuning of Big Data Analytics

The execution of distributed data processing workloads (such as those running on top of Hadoop or Spark) in cloud environments presents …

A Fekry, L Carata, T Pasquier, Andrew Rice, Andy Hopper

Viewpoint | Personal Data and the Internet of Things: It is time to care about digital provenance

The Internet of Things promises a connected environment reacting to and addressing our every need, but based on the assumption that all …

T Pasquier, D Eyers, J Bacon

Runtime Analysis of Whole-System Provenance

Identifying the root cause and impact of a system intrusion remains a foundational challenge in computer security. Digital provenance …

T Pasquier, X Han, T Moyer, A Bates, O Hermant, D Eyers, J Bacon, M Seltzer

Runtime Analysis of Whole-System Provenance

Provenance-based Intrusion Detection: Opportunities and Challenges

Intrusion detection is an arms race; attackers evade intrusion detection systems by developing new attack vectors to sidestep known …

X Han, T Pasquier, M Seltzer

Sharing and Preserving Computational Analyses for Posterity with encapsulator

Open data and open-source software may be part of the solution to science’s “reproducibility crisis”, but they are insufficient to …

T Pasquier, M K Lau, X Han, E Fong, B Lerner, E Boose, M Crosas, A Ellison, M Seltzer

Data provenance to audit compliance with privacy policy in the Internet of Things

Managing privacy in the IoT presents a significant challenge. We make the case that information obtained by auditing the flows of data …

T Pasquier, J Singh, J Powles, D Eyers, M Seltzer, J Bacon

Practical Whole-System Provenance Capture

Data provenance describes how data came to be in its present form. It includes data sources and the transformations that have been …

T Pasquier, X Han, M Goldstein, T Moyer, D Eyers, M Seltzer, J Bacon

Practical Whole-System Provenance Capture

If these data could talk

In the last few decades, data-driven methods have come to dominate many fields of scientific inquiry. Open data and open-source …

T Pasquier, M K Lau, A Trisovic, E Boose, B Couturier, M Crosas, A Ellisson, V Gibson, C Jones, M Seltzer

FRAPpuccino: Fault-detection through Runtime Analysis of Provenance

We present FRAPpuccino (or FRAP), a provenance-based fault detection mechanism for Platform as a Service (PaaS) users, who run many …

X Han, T Pasquier, T Ranjan, M Goldstein, M Seltzer

FRAPpuccino: Fault-detection through Runtime Analysis of Provenance

PHP2Uni: Building Unikernels using Scripting Language Transpilation

Unikernels are a rapidly emerging technology in the world of cloud computing. Unikernels build on research on library operating systems …

T Pasquier, D Eyers, J Bacon

Big Ideas paper: Policy-driven middleware for a legally-compliant Internet of Things

Internet of Things (IoT) applications, systems and services are subject to law. We argue that for the IoT to develop lawfully, there …

J Singh, T Pasquier, J Bacon, J Powles, R Diaconu, D Eyers

Data-Centric Access Control for Cloud Computing

The usual approach to security for cloud-hosted applications is strong separation. However, it is often the case that the same data is …

T Pasquier, J Bacon, J Singh, D Eyers

Twenty security considerations for cloud-supported Internet of Things

To realize the broad vision of pervasive computing, underpinned by the “Internet of Things” (IoT), it is essential to break down …

J Singh, T Pasquier, J Bacon, H Ko, D Eyers

Information Flow Audit for Transparency and Compliance in the Handling of Personal Data

The adoption of cloud computing is increasing and its use is becoming widespread in many sectors. As the proportion of services …

T Pasquier, D Eyers

Information Flow Audit for PaaS clouds

With the rapid increase in uptake of cloud services, issues of data management are becoming increasingly prominent. There is a clear, …

T Pasquier, J Singh, J Bacon, D Eyers

Clouds of Things Need Information Flow Control with Hardware Roots of Trust

There is a clear, outstanding need for new security mechanisms that allow data to be managed and controlled within the cloud-enabled …

T Pasquier, J Singh, J Bacon

CamFlow: Managed Data-Sharing for Cloud Services

A model of cloud services is emerging whereby a few trusted providers manage the underlying hardware and communications whereas many …

T Pasquier, J Singh, D Eyers, J Bacon

Data Flow Management and Compliance in Cloud Computing

As cloud computing becomes an increasingly dominant means of providing computing resources, the legal and regulatory issues associated …

J Singh, J Powles, T Pasquier, J Bacon

Data Flow Management and Compliance in Cloud Computing

Managing Big Data with Information Flow Control

Concern about data leakage is holding back more widespread adoption of cloud computing by companies and public institutions alike. To …

T Pasquier, J Singh, J Bacon, O Hermant

Securing Tags to Control Information Flows within the Internet of Things

To realise the full potential of the Internet of Things (loT), loT architectures are moving towards open and dynamic interoperability, …

J Singh, T Pasquier, J Bacon

Integrating Middleware with Information Flow Control

Security is an ongoing challenge in cloud computing. Currently, cloud consumers have few mechanisms for managing their data within the …

T Pasquier, J Singh, J Bacon, D Eyers

Information Flow Control for Strong Protection with Flexible Sharing in PaaS

The need to share data across applications is becoming increasingly evident. Current cloud isolation mechanisms focus solely on …

T Pasquier, J Singh, J Bacon

Expressing and Enforcing Location Requirements in the Cloud using Information Flow Control

The adoption of cloud computing is increasing and its use is becoming widespread in many sectors. As cloud service provision increases, …

T Pasquier, J Powles

FlowK: Information Flow Control for the Cloud

Security concerns are widely seen as an obstacle to the adoption of cloud computing solutions and although a wealth of law and …

T Pasquier, J Bacon, D Eyers

Regional clouds: technical considerations

The emergence and rapid uptake of cloud computing services raise a number of legal challenges. Recently, there have been calls for …

J Singh, J Bacon, J Crowcroft, A Madhavapeddy, T Pasquier, W Kuan Hon, C Millard

FlowR: Aspect Oriented Programming for Information Flow Control in Ruby

This paper reports on our experience with providing Information Flow Control (IFC) as a library. Our aim was to support the use of an …

T Pasquier, J Bacon, B Shand

Information Flow Control for Secure Cloud Computing

Security concerns are widely seen as an obstacle to the adoption of cloud computing solutions. Information Flow Control (IFC) is a well …

J Bacon, D Eyers, T Pasquier, J Singh, I Papagiannis, P Pietzuch