Program 2026

Title

Abstract:  

Bio: 

A Decade of Research on Cloud Systems: A Retrospective 

Abstract: This presentation looks back on ten years of research on cloud systems. It explores how to improve the management of data and task placement across diverse and heterogeneous environments combining different types of storage and computing resources. The work focuses on developing methods to monitor, analyze, and optimize the use of these resources, relying on models of cost, performance, and prediction. By integrating approaches from operation research and artificial intelligence, the research aims to make cloud infrastructures more efficient, adaptive, and sustainable. 

Bio: Jalil Boukhobza (Senior Member, IEEE) received the electrical engineering (with Hons.) degree from the Institut Nationale d’Electricite et d’electronique (I.N.E.L.E.C) Boumerdes, Algeria, in 1999, and the M.Sc. and Ph.D. degrees in computer science from the University of Versailles, France, in 2000 and 2004, respectively. He is a Full Professor with the ENSTA, a French State Graduate, Post-Graduate and Research Institute part of Institut Polytechnique de Paris. He was a research fellow with the PRiSM Laboratory (University of Versailles) from 2004 to 2006. He was an associate professor with the University Bretagne Occidentale, Brest, France, from 2006 to 2020 and is a member of Lab-STICC lab. He has also been working with the Technology Research Institute (IRT) bcom since 2013. He is leading the  SHAKER (Software/HArdware and unKnown Environment inteRactions) team of the Lab-STICC (more than 50 staff members) working on various topics related to optimization of software / hardware systems according to the constraints and hazards related to their environment. He lead more than 10 projects related to storage systems and published over a hundred papers on the topic.

His main research interests include storage system design, performance evaluation and energy optimization, and operating system design. He works on different application domains such as embedded systems, cloud computing, database systems and high performance computing.

Privacy-preserving computation of spectral centrality measures over distributed graphs: to perturb, or to encrypt, is that the question?

Abstract: Graph datasets, representing entities and their relationships, are now pervasive. Many graphs contain personal data and are partitioned across multiple data centers according to the geographical locations of users or to the entity in charge of storing and managing the data. For example, financial transaction graphs are spread over different institutions (banks or financial entities), and large-scale social networks are managed centrally but stored in geographically distributed infrastructures. Computing centrality measures, e.g., for identifying the most important nodes in a graph, is useful for a wide range of applications, including fake news prevention, disease spreading prevention, or fraud detection. However, when the graph is distributed over mutually distrustful parties or falls under data protection laws (e.g., the GDPR in EU, the CCPA in California), centralizing it for performing global computation is restricted by legal, contractual, or reputation constraints. The goal of this talk is to show how computing spectral centrality measures over such distributed graphs can be performed while providing strong privacy guarantees, high utility, and affordable performances. Secure multi-party computation is a common approach to this problem but hardly scales with the number of parties. Alternative approaches based on additively-homomorphic encryption lack generality and can support only a few spectral centrality measures. We overcome these limitations by proposing two novel approaches. When performances prevail over utility and privacy, we propose PGPregel, the first approach based on differentially private perturbation mechanisms for computing spectral centrality measures over a partitioned graph. When utility and privacy prevail over performances, we propose POPPY, the first approach to the same problem based on the CKKS fully homomorphic encryption scheme. In this talk, we will discuss both approaches and their respective tradeoffs, and, stepping back, analyze how the use of differential privacy and homomorphic encryption as security building blocks impact graph processing.

Bio: Tristan Allard is a maître de conférences since September 2014 at Univ Rennes, IRISA. He defended his habilitation à diriger les recherches thesis (HDR for short) in April 2024 about his contributions to privacy-preserving data intensive systems. Before that, he was a postdoctoral researcher at the Inria Zenith team in Montpellier. He conducted his Ph.D. thesis in Computer Science in the Inria SMIS team and received it from the University of Versailles in December 2011. The volume, variety, and velocity of digital personal data are increasing at a fast pace. Enabling both daily uses and large-scale analysis of personal data while preserving individuals' privacy is a key challenge in building a knowledge society. His research interests lie within this wide field. He is particularly interested in the combination of differential privacy with cryptography (privacy-preserving data querying, privacy-preserving crowdsourcing, privacy-preserving data mining) and has been diverted a few years ago by the study of browser fingerprints for web authentication.

LPWAN Challenges

Abstract: LPWAN (Low Power Wide Area Networks) are a relatively new type of communication technology characterized by i) low power consumption of the devices, ii) low cost, iii) cellular-like communication range and iv) extremely low data rates (you knew there was catch, right?). We will talk about the various available technologies in this field and see what kind of research we can make in this area. For instance, one important question is capacity: how many nodes can a gateway accommodate before too many packets are lost? But what is too many losses, for a start? Even though LPWAN networks are simple technologies, they raise many research questions.

Bio: Martin Heusse is Professor at Grenoble INP Graduate schools of Engineering and Management, Université Grenoble Alpes, since 2010 and a member of the LIG (Grenoble Computer Science Laboratory) laboratory. He graduated from Telecom Bretagne engineering school in 1996, received his PhD in 2001 and Habilitation (HDR) in 2009 from Université Joseph Fourier (Grenoble). His main research interests are wireless LANs, sensor networks, LPWAN, Routing in data networks and transport protocols performance. M. Heusse has published more than 80 research papers in journals or peer-reviewed conferences. 

On the Security and Privacy Risks of Browser Extensions

Abstract: Browser extensions are popular to enhance user browsing experience: they offer additional functionality to Web users, such as ad blocking, grammar checks, or password management. To operate, browser extensions need **elevated privileges** compared to Web pages, making them an attractive target for attackers and a significant threat to Web users' security and privacy.

However, many aspects of browser extensions have not been investigated yet. For instance: how can extensions put the security and privacy of Web users at risk? How many dangerous extensions have been in the Chrome Web Store? How can we detect dangerous extensions?

In this presentation, I will address these questions by first defining several classes of "dangerous extensions" and the ways they can harm users. In particular, I will focus on detecting _vulnerable_ extensions, i.e., those that may unintentionally expose sensitive user data. Then, I will consider _malicious_ extensions, i.e., those which deliberately engage in malicious activities like malware distribution, and discuss the underlying challenges of machine learning-based detection systems. Finally, I will show how browser extensions can be _fingerprinted_: simply using an extension can introduce observable side effects, which can be abused to track users on the Web.

Overall, this talk aims to raise awareness about the security and privacy risks posed by browser extensions and to discuss strategies for mitigating these threats.

Bio: Aurore Fass is a Tenured Researcher at the Inria Centre at University Côte d'Azur (France). She got her Ph.D. from CISPA Helmholtz Center for Information Security & Saarland University (Germany) in 2021. From 2021--2023, she was a Visiting Assistant Professor of Computer Science at Stanford University (U.S.); from 2023--2025, she was a Tenure-Track Faculty at CISPA.

Aurore's research broadly focuses on Web Security & Privacy and Web Measurements. Specifically, she designs practical approaches to protect the security and privacy of Web users. She builds systems to proactively detect malicious JavaScript code and suspicious browser extensions.

Aurore is currently serving as USENIX Security 2026 Artifact Evaluation co-chair. She also co-chaired the MADWeb 2024 & 2023 workshop editions, co-located with NDSS. In addition, she has served on the program committees of the leading security and privacy conferences and has received Distinguished Reviewer Awards and Recognitions at ACM CCS 2025 & 2023 & 2022, USENIX Security 2025, ACSAC 2024 & 2023, EuroS&P 2024, and TheWebConf 2022.

IA & ML : Comprendre, Expliquer et S'adapter au Temps

Abstract: Je commencerai par replacer l’apprentissage automatique dans son contexte historique, avant d’aborder deux défis majeurs qui limitent aujourd’hui sa confiance et son adoption : l’explicabilité des modèles et leur capacité à s’adapter à des données qui évoluent dans le temps. Je vous expliquerai comment rendre les décisions d’un algorithme plus compréhensibles, notamment grâce à des méthodes post-hoc comme LIME ou SHAP. Ensuite, je vous montrerai comment concevoir des systèmes capables d’apprendre en continu sans oublier leurs connaissances passées, tout en gérant les dérives conceptuelles. À travers des exemples concrets, je vous ferai découvrir ces enjeux clés du machine learning moderne, entre transparence, efficacité et adaptation dynamique. 

Bio: 

LLMs, Agents, and their adoption in Software Engineering

Abstract: Since the arrival of ChatGPT three years ago, Large Language Models (LLMs) are having a large impact on our lives. Since 2025, we see the signs of a transition from base LLMs to more autonomous reasoning models and agents; this is particularly visible in Software Engineering, where the past year saw the release of a large number of coding agents. The talk will start with a high-level introduction of how LLMs work, covering the various training stages (pre-training, instruction following, reasoning) and the inference phase (including some optimizations). I will then explain how LLM-based agents work, covering topics such as harnesses, tool calling, and the agentic loop, and taking coding agents as an example. Finally, I will talk about a recent empirical study in which we study the adoption of coding agents on GitHub. In this study, we mine more than 100,000 GitHub repositories to identify traces of coding agents, allowing us to quantify the adoption, as well as finding out in which contexts adoption is more prevalent.

Bio: I am a Senior Scientist (Directeur de Recherche) at the CNRS, working at the LaBRI and hosted by the University of Bordeaux, since February 2023. Before that I was: an Associate Professor at the Free University of Bozen-Bolzano, (2017–2023); an Assistant, then Associate Professor at the University of Chile’s Computer Science Department (2010–2017); a Ph.D. student, then post-doc, at the University of Lugano (2004–2009). My research interests are in Empirical Software Engineering, Mining Software Repositories, Software Maintenance and Evolution, and the intersection of Machine Learning with Programming Languages and Software Engineering. Find out more about me here.