PhD Position F/M Securing Personal Data Computations Using Trusted Execution Environments

December 31, 2022
Offerd Salary:Negotiation
Working address:N/A
Contract Type:Other
Working Time:Negotigation
Working type:N/A
Job Ref.:N/A

2022-05573 - PhD Position F/M Securing Personal Data Computations Using Trusted Execution Environments

Contract type : Fixed-term contract

Level of qualifications required : Graduate degree or equivalent

Fonction : PhD Position

About the research centre or Inria department

The Inria Saclay-Île-de-France Research Centre was established in 2008. It has developed as part of the Saclay site in partnership with Paris-Saclay University and with the Institut Polytechnique de Paris .

The centre has 34 project teams , 27 of which operate jointly with Paris- Saclay University (15 teams) and the Institut Polytechnique de Paris (12 teams). Its activities occupy over 600 people, scientists and research and innovation support staff, including 44 different nationalities.

The centre also hosts the Institut DATAIA , dedicated to data sciences and their disciplinary and application interfaces.


This thesis takes place within the framework of the PEPR (Priority Research Program and Equipment) Cybersecurity iPoP (interdisciplinary Project on Privacy) project involving several internationally recognized French research teams working on data protection, from universities, engineering schools and national research organizations, as well as the CNIL (French National Commission on Information Technology and Civil Liberties).


Context. The PETRUS team designs and implements decentralized personal data management techniques for the individual, with the ambition to allow users to manage their data for their personal use and to collectively contribute to statistical calculations with their data, while ensuring data confidentiality , the integrity of the calculation performed, and the minimization of data exposure in case of attack, all this in accordance with the new European general data protection regulation (GDPR). To this end, the team proposes new architectures and secure computing techniques 1. These proposals are based on the hypothesis of personal computing devices, called PDMS (Personal Data Management System), equipped with secure hardware (e.g., current Intel processors that integrate "Software Guard Extensions" (SGX), AMD processors equipped with a "Platform Security Processor" (PSP), ARM processors equipped with TrustZone, etc.). Such hardware is now present on most existing platforms. It offers primitives for protecting data and code from the execution environment (including the operating system) running on the host machine.

Objectives of the thesis. The PDMS approach leads to a major paradigm shift because the processing of the user's data is done in their PDMS. However, this is not enough to guarantee the security of the processing. The objective of this thesis is to design and implement strategies for executing computations on personal data in a PDMS (e.g., statistical computations on time series data, e.g., GPS traces or power consumption traces). These strategies must guarantee an upper bound on leakage (e.g., quantifiable according to the type of computation or data) while ensuring the efficiency of the treatments. To address this problem, we use an architectural model 1 that relies on the execution of a trusted enclave (called Core) as well as processing enclaves (called Data Tasks) on which no security assumptions are made (i.e., potentially malicious). Data Tasks are executed under constraints (e.g., without allowing to maintain a state between successive executions 2, without having access to random sources) and under the supervision of the Core in order to guarantee a minimal data leakage in case of malicious code execution within the PDMS 3. Another challenging related problem is data indexing considering this architecture and its constraints. The classical approach which considers the index code as part of the trusted computing base (e.g., see 4) cannot systematically be apply in the PDMS context. That is, the indexing mechanisms can only exceptionally be part of the Core and have to be implemented as Data tasks in general. This also leads to a tension between the leakage risk with untrusted indexing code and indexing efficiency. Currently, the PETRUS team is designing a prototype PDMS on an Intel SGX platform 5 based on the execution of code within SGX enclaves and this prototype can be used in this thesis.


1 Nicolas Anciaux, Philippe Bonnet, Luc Bouganim, Benjamin Nguyen, Philippe Pucheral, Iulian Sandu Popa, Guillaume Scerri. Personal Data Management Systems: The security and functionality standpoint. Information Systems n°80, 2019. pdf https: //

2 Tyler Hunt, Zhiting Zhu, Yuanzhong Xu, Simon Peter, Emmett Witchel: Ryoan: A Distributed Sandbox for Untrusted Computation on Secret Data. ACM Trans. Comput. Syst. 35(4): 13:1-13:32 (2018). pdf https: //

3 Robin Carpentier, Iulian Sandu Popa, Nicolas Anciaux: Data Leakage Mitigation of User-Defined Functions on Secure Personal Data Management Systems. SSDBM 2022. pdf https: //

4 Benny Fuhry, Raad Bahmani, Ferdinand Brasser, Florian Hahn, Florian Kerschbaum, Ahmad-Reza Sadeghi: HardIDX: Practical and secure index with SGX in a malicious environment. J. Comput. Secur. 26(5): 677-706 (2018).

5 Robin Carpentier, Floris Thiant, Iulian Sandu Popa, Nicolas Anciaux, Luc Bouganim: An Extensive and Secure Personal Data Management System Using SGX. EDBT 2022. pdf https: //

Main activities

Main activities (5 maximum) :

  • state of the art of data management within Trusted Execution Environments
  • design and implement strategies for executing computations on personal data
  • write and present research papers
  • Skills

    Technical skills and level required :

    Languages :

    Relational skills :

    Other valued appreciated :

    Benefits package
  • Subsidized meals
  • Partial reimbursement of public transport costs
  • Leave: 7 weeks of annual leave + 10 extra days off due to RTT (statutory reduction in working hours) + possibility of exceptional leave (sick children, moving home, etc.)
  • Possibility of teleworking (after 6 months of employment) and flexible organization of working hours
  • Professional equipment available (videoconferencing, loan of computer equipment, etc.)
  • Social, cultural and sports events and activities
  • Access to vocational training
  • Social security coverage
  • Remuneration

    First and second year :2.051 euros/month

    Third year : 2.158 euros/month

    General Information
  • Theme/Domain : Security and Confidentiality Information system (BAP E)

  • Town/city : Versailles

  • Inria Center : Centre Inria de Saclay
  • Starting date : 2023-01-02
  • Duration of contract : 3 years
  • Deadline to apply : 2022-12-31
  • Contacts
  • Inria Team : PETRUS (DRH)
  • PhD Supervisor : Sandu Popa Iulian /
  • The keys to success

    There you can provide a "broad outline" of the collaborator you are looking for what you consider to be necessary and sufficient, and which may combine :

  • tastes and appetencies,
  • area of excellence,
  • personality or character traits,
  • cross-disciplinary knowledge and expertise...
  • This section enables the more formal list of skills to be completed and 'lightened' (reduced) :

  • "Essential qualities in order to fulfil this assignment are feeling at ease in an environment of scientific dynamics and wanting to learn and listen."
  • " Passionate about innovation, with expertise in Ruby on Rails development and strong influencing skills. A thesis in the field of is a real asset."
  • About Inria

    Inria is the French national research institute dedicated to digital science and technology. It employs 2,600 people. Its 200 agile project teams, generally run jointly with academic partners, include more than 3,500 scientists and engineers working to meet the challenges of digital technology, often at the interface with other disciplines. The Institute also employs numerous talents in over forty different professions. 900 research support staff contribute to the preparation and development of scientific and entrepreneurial projects that have a worldwide impact.

    Instruction to apply

    Defence Security : This position is likely to be situated in a restricted area (ZRR), as defined in Decree No. 2011-1425 relating to the protection of national scientific and technical potential (PPST).Authorisation to enter an area is granted by the director of the unit, following a favourable Ministerial decision, as defined in the decree of 3 July 2012 relating to the PPST. An unfavourable Ministerial decision in respect of a position situated in a ZRR would result in the cancellation of the appointment.

    Recruitment Policy : As part of its diversity policy, all Inria positions are accessible to people with disabilities.

    Warning : you must enter your e-mail address in order to save your application to Inria. Applications must be submitted online on the Inria website. Processing of applications sent from other channels is not guaranteed.

    From this employer

    Recent blogs

    Recent news