Table of contents

  • This session has been presented October 25, 2019.

Description

  • Speaker

    Cédric Lauradoux (INRIA Rhône-Alpes)

The GDPR (General Data Protection Regulation) provides rights on our data: access, rectification, objection, etc. However, this regulation is not binding on how we can exercise these rights. Data controllers have therefore deployed various methods to authenticate subject requests. We have analyzed how this authentication process can fail and examined its consequences. Our study shows that a key concept is missing in the GDPR: Proof of ownership for our data.

Practical infos

Next sessions

  • The Design and Implementation of a Virtual Firmware Monitor

    • January 30, 2026 (11:00 - 12:00)

    • Inria Centre of the University of Rennes - Room Petri/Turing

    Speaker : Charly Castes - EPFL

    Low level software is often granted high privilege, yet this need not be the case. Although vendor firmware plays a critical role in the operation and management of the machine, most of its functionality does not require unfettered access to security critical software and data. In this paper we demonstrate that vendor firmware can be safely and efficiently deprivileged, decoupling its[…]

    • SoSysec

    • Compartmentalization

    • Operating system and virtualization

Show previous sessions
Page top