Da ouaib page

Romuald THION

romuald DOT thion AT inrialpes DOT fr
INRIA Grenoble - Rhône-Alpes,
655, avenue de l’Europe, 38334 Saint Ismier Cedex, FRANCE
+33 (0)4.76.61.53.78

1  Personal information

I’m a postdoctoral research fellow in the licit exploratory action at inria Grenoble. I received my PhD in June 2008 from insa Lyon at the liris lab. Defense was June 18th 2008.

My PhD dissertation (in french) [1] proposes a framework for the design, organization and formalization of access control models. The framework is built upon data dependencies: fragments of first-order logic dedicated to express constraints between relational data.

1.1  Academic path

2004–2008
PhD thesis “Structuration relationnelle des politiques de contrôle d’accès” [1], supervision by André Flory and Stéphane Coulondre. liris, insa Lyon.

2003–2004
Master of Science (research) “Contrôle d’accès pour les modèles à classes en environnement pervasif”, mention “Très Bien”, 1/55, supervision by de Robert Laurini and Stéphane Coulondre. liris, insa Lyon.

1999–2004
Master of Science (engineering) Engineering degrees in computer science. insa Lyon.

1.2  Positions

2008–2010
Postdoctoral research fellow Legal Issues in Communication and Information Technologies (licit). inria Grenoble.
2007-2008
Research and teaching (96h) assistant Attaché temporaire d’enseignement et de recherche (ater). Computer science dpt. of insa Lyon.
2004–2007
Research and teaching (196h) assistant Moniteur de l’enseignement supérieur (teaching), allocation ministérielle de recherche (research). First cycle of insa Lyon.

2  Research interest

2.1  licit research team

Since September 2008, I am a postdoctoral research fellow in the licit exploratory action at inria Grenoble. The licit team is headed by Daniel Le Métayer.

The licit action uses formal methods to bridge the gap between information technology and law. Thus, my research activities are (not limited to) formal approaches for :

2.2  PhD thesis

Access control is a mechanism which defines and controls the privileges of users in a system. Nowadays, it is one of the most common and pervasive mechanisms used for security enforcement in information systems. Access control policies are sets of facts and rules organized by mean of access control models. Since the role-based access control initiative, several access control models have been proposed in the literature. The policies and models have become larger and more complex, and several issues on formalization, verification and administration have appeared.

My thesis proposes a relational structuration for the design, organization and formalization of privileges. The framework is built upon data dependencies: fragments of first-order logic dedicated to express constraints between relational data. Some results from the databases community benefit the approach by helping address current issues on expression, verification, and reasoning on access control policies. The thesis focus on the integrity property of policies: guaranteeing that the policies enforce the properties defined in the model.

2.3  Other (scientific) interests

During my PhD, i’ve touched formal representation of knowledge via formal concept analysis [7] (a binary relation analysis technique, half-way between conceptual knowledge and data-mining) and conceptual graphs [11] (formal graphical representation tighted to Pierce’s graphs and to logic).

I’m found of computer security and (whitehat) hacking, mainly network stuff (nmap rulez) [3, 4]. I’ve also been interested in C++ programming (mainly template-based programming and design patterns). In a more formal and larger perspective, mathematical logic and category theory are big centre of interest.

3  Resources

Here a are a few electronic resources, most of them have been written for lectures at insa in the fas group. Please feel free to ask for sources if you’re interested in.

3.1  Resources for the fas group in first cycle of insa Lyon

3.1.1  Introduction to programming

A crash course on programming. It uses the Pascal programming language but it should translated into any procedural language very easily.

  1. Introduction, a few exercices pdf. Source codes can be downloaded here,
  2. Other exercices pdf,
  3. A tutorial on the game of life with source code and a project on Wolfram’s variation,
  4. Sample exams 2006/2007 with answers and final exam.

3.1.2  Card shuffle and probabilities

Une situation-exemple sur le mélange des cartes et les probabilités : un projet pédagogique où l’objectif est de motiver l’étudiant en le mettant devant un problème qu’il ne sait, pour l’instant, pas résoudre.

Le sujet s’appuie sur un article de Persi Diaconis et est conçu en deux parties :

Un jour où il pleuvait j’ai écrit un petit programme Haskell qui mélange selon le modèle GSR et qui compte les suites montantes.

3.1.3  Introduction to Linux and OpenOffice suit

La "journée de la bureautique" : une journée dédiée à la découverte de l’environnement Linux et des outils de bases.

3.2  Other resources

3.2.1  Lectures on security

I gave a few classes on security and access control :

3.2.2  A tutorial on (almost formal) specification in C++

Dans le cadre du TP C++ “réalisation d’une classe simple” en 2007–2008, j’ai proposé un exemple de spécification et réalisation d’une classe générique simple qui s’appuye sur la classe pair<> de la stl. Les sources du document sont également disponibles.

3.2.3  LATEX template for PhD dissertation

My PhD dissertation was typeset thanks to LATEX. I had to spend many (too much) hours on the Comprehensive TeX Archive Network, thus, I provide a kind of a template of my own. Actually, it’s not a clean .sty package, but it’s not a bug, it’s a feature. The package can be downloaded here.

4  Weblinks

5  List of publications

Thesis

[1]
Romuald Thion. Structuration relationnelle des politiques de contrôle d’accès : représentation, raisonnement et vérification logiques. PhD thesis, INSA Lyon, Laboratoire LIRIS, 17 Juin 2008. Sous la direction de André Flory et Stéphane Coulondre.

Books chapters

[2]
Tristan Allard, Nicolas Anciaux, Luc Bouganim, Philippe Pucheral, and Romuald Thion. Pervasive and Smart Technologies for Healthcare: Ubiquitous Methodologies and Tools, chapter Trustworthiness of Pervasive Healthcare Folders. IGI Global Edition, 2009. À paraître.
[3]
Romuald Thion. Cyber Warfare and Cyber Terrorism, chapter XVI – Network-Based Passive Information Gathering, pages 120–128. Information Science Reference. IDEA Group Publishing, Pennsylvania, may 2007. Colarik Andrew M. and Janczewski Lech eds., ISBN 978-1-59140-991-5.
[4]
Romuald Thion. Cyber Warfare and Cyber Terrorism, chapter XXXVII – Access Control Models, pages 318–326. Information Science Reference. IDEA Group Publishing, Pennsylvania, may 2007. ISBN 978-1-59140-991-5.

International journals

[5]
Romuald Thion and Stéphane Coulondre. Integration of Access Control in Information Systems: From Role Engineering to Implementation. Informatica, 30(1):87–95, January 2006.

French journals

[6]
Romuald Thion and Stéphane Coulondre. Intégration du contexte spatio-temporel dans le contrôle d’accès basé sur les rôles. Revue Sciences et Technologies de l’Information (STI), série Ingénierie des Systèmes d’Information (ISI), 10 (Système d’information spatio-temporels)(4):89–117, 2005.
[7]
Romuald Thion and Stéphane Coulondre. Découverte automatisée de hiérarchies de rôles pour les politiques de contrôle d’accès. Revue Sciences et Technologies de l’Information (STI), série Ingénierie des Systèmes d’Information (ISI), 13 (Modèles, Formalismes et Outils pour les Systèmes d’Information)(4):107–131, 2008.
[8]
Romuald Thion, Stéphane Coulondre, and André Flory. Contrôle d’accès logique au dossier patient informatisé. Revue Santé et Systémique, 10 (Systèmes d’information en santé)(1–2):83–104, oct 2007.

International proceedings

[9]
Romuald Thion. Conception de modèles de contrôle d’accès dédiés pour les systèmes d’information de santé. In 9th International Conference on System Science in Health Care (ICSSHC’08), pages 1–6, 2008.
[10]
Romuald Thion and Stéphane Coulondre. Modeling and inferring on role-based access control policies using data dependencies. In 17th International Conference on Database and Expert Systems Applications (DEXA’06), Krakow, Poland, volume 4080 of Lecture Notes in Computer Science, pages 914–923, 2006. Taux de sélection des papiers longs : 90 sur 296 (30%).
[11]
Romuald Thion and Stéphane Coulondre. Representation and reasoning on role-based access control policies with conceptual graphs. In 14th International Conference on Conceptual Structures (ICCS’06), Aalborg, Denmark, volume 4068 of Lecture Notes in Computer Science, pages 427–440, 2006. Taux de sélection des papiers longs : 24 sur 62 (39%).

French proceedings

[12]
Julien Gossa and Romuald Thion. Gestion de la sécurité des utilisateurs mobiles : une adaptation du filtrage de paquet. In 3èmes Journées Francophones Mobilité et Ubiquité (UbiMob’06), Paris, France, pages 119–122, 2006.
[13]
Romuald Thion. Découverte automatisée de hiérarchies de rôles pour les politiques de contrôle d’accès. In Hermes, editor, 25ème congrès INFORSID (INFORSID’07), Perros-Guirec, France, pages 139–154, may 2007. Taux de sélection des papiers longs : 31 sur 94 (33%). Prix du meilleur article Jeune Chercheur.
[14]
Romuald Thion and Stéphane Coulondre. Un modèle homogène pour la confidentialité et l’intégrité des données relationnelles. In Dominique Laurent, editor, 22èmes Journées Bases de Données Avancées (BDA’06), Lille, France, Octobre (17–20) 2006. Taux de sélection des papiers longs : 23 sur 79 (29%).
Ce document a été traduit de LATEX par HEVEA