Interview with Philippe Pucheral, head of SMIS project-team
The SMIS project-team became part of Inria Saclay - Île-de-France research centre on 1 January 2016. It is a joint Inria - Université de Versailles Saint-Quentin-en-Yvelines team located on the Versailles campus and part of the Laboratoire DAVID. SMIS researches databases, database security and database mobility. Interview with Philippe Pucheral, who explained his team’s research.
Created in January 2005, the SMIS project-team typically has twelve members. At the beginning of the project, the team created the first relational database engine that can be embedded on a smart card: a remarkable achievement! A database is a complex piece of software that structures, describes, protects and queries a very large amount of data. Embedding it in an environment as limited as a smart card was a real challenge.
The smart card has an essential characteristic: security. Naturally, we used it for our work on secure databases, particularly for personal data
The team’s activity is currently structured around three major interconnected issues:
- Given the proliferation of smart objects and the explosion of storage capacity, can we design advanced data management tools embedded in these objects?
- These smart objects will capture, accumulate and interpret a large amount of personal data. Can we then make them less intrusive and include primitives to protect privacy?
- Finally, if we know how to embed smart data management technologies in small objects and make them secure, can we design comprehensive information systems that respect privacy and leave this data where it was captured rather than centralising it on servers as Google and Apple have done?
Ideal data management using limited architectures
“In a context where real computers are now present in a multitude of objects, is it possible to build very sophisticated embedded data management tools? These computers have a hardware architecture that is very different from that of a conventional computer and thus pose many new problems in terms of data management. The first topic represents a third of the team’s work."
Research on access models and limiting data use
“The first type of data that these smart objects will capture is personal (e.g., a smartphone that records our movements or a smart electric meter that records home power consumption). Can we make these objects less intrusive by including primitives to protect privacy? It starts with access control: include algorithms in the object that will allow or prohibit access to certain types of data to certain categories of persons. Next, our team works on limiting how the data is used. Once someone is authorised to consult data, it must be possible to control what is done with it afterwards. Using secure hardware is part of solving this difficult problem.”
“We assume that the best way to treat personal data is by leaving it where it was captured rather than go to a server each time that it’s possible. It is an issue that is often termed “privacy by design”. One of the principles of privacy by design is to ensure privacy protection throughout the engineering process. For us, this principle results in designing an information system which is completely decentralized. In this context, however, we must be able to restore the sovereign functions of information systems: set-theoretic querying and calculations and protection against loss and faults while preventing data breaches."
“If we know how to embed smart data management technologies in small objects, how to secure data and share it while controlling access and use, and how to do the distributed algorithm, we have the three elements to build a concrete, practical solution of personal databases management with a performance that is potentially equivalent to the solutions proposed by Google and Apple, but with privacy protection guarantees that are superior.”
“In the field we have experimented with actual medical files for 120 patients and health professionals in conjunction with the Yvelines departmental council. We’ve designed a prototype of a secure personal server including a programmable smart card in which you insert a part of our software, a microcontroller in which the rest of our software operates, the database engine, a micro-SD card to store the data and optionally a Bluetooth module, a fingerprint reader and a microphone. The prototype can be used as either a portable and secure personal file or a security key for a personal cloud hosted on a server. In the first case, it replaces the traditional paper log at the patient’s bedside with an electronic file which remains in the patient’s possession. The prototype is connected to an application installed on the tablet or smartphone of the health care professional who connects to the patient’s server using Bluetooth, provides credentials that are recognized and accesses the patient data depending on the professional’s profile. In the second case, the data remains encrypted on a server and the embedded software manages the description of the metadata, encryption keys and authorises or prohibits access to remote data.
The technology has been in development and testing for seven years.
The prototype is our flagship software. From the point of view of research, it provides the structure for the team: a number of our publications concern it and the software has been the fruit of each person’s contribution over the years.”
“We are working on the deployment of a larger medical file with the same approach and hope to reach a larger target: several tens of thousands of people. A solution adapted to developing countries is also in the works. We are also starting to lay the foundations of a future Inria project team that will pursue our quest for the protection of personal data."