Jean-Sébastien Légaré

jslegare at cs dot ubc dot ca  [pubkey]


X410D (NSS Lab)

mailing address
UBC Department of Computer Science
201-2366 Main Mall
Vancouver   BC
V6T 1Z4


I am a doctoral candidate in the Department of Computer Science at the University of British Columbia. I am a member of the Networks, Systems, and Security (NSS) Lab under the supervision of Dr. William Aiello and Dr. Andrew Warfield.

Research Interests


Anti-Exfiltration platform for Web Applications

If a messaging service offered confidential channels, how would users know whether their keys, or indeed even their plaintext, was not being exfiltrated? What does end-to-end crypto really mean when it is so difficult to make guarantees about the code installed/running? There is variety of applications offering confidentiality. But why are we (users) forced to trust all of them one by one?

In this project, we have built a client-side platform, Beeswax, to build "private web applications". It features a nice secure protocol to exchange public keys in-band, which makes it a complete solution. Private applications are applications that exchange private/confidential data between its users, through a narrow set of APIs. Many file exchange, and messaging applications fall in that set. When we (users) run an application developed with the Beeswax APIs, we can make strong technical guarantees as to where our data is going. In particular, it allows keeping the application providers in check with their SLA policies such as "we don't look at your data", while giving the provider a lot of freedom in the way the application is implemented.

What we want, at the same time, is rather than having to repeat an auditing and trust process for every app, we bundle the privacy-preserving primitives in a reusable package (this is what Beeswax is), and any application which uses it will inherit its nice properties. This focuses scrutiny and trust on the platform itself, rather than on all the applications using it.

Tolerating Business Failures in Hosted Applications

All but the largest web applications present a risk to customers: if the provider’s business fails, customers may lose all of their own content, as well as references to that of other users. We present Micasa, a framework that allows developers to build social, web-based applications that enjoy the benefits of a centralized service while the provider remains in business, and that preserve user data and collaborative functionality after service end-of-life (EOL).

In Micasa, a user’s application content is stored on an augmented commodity cloud-based storage provider of his or her choice, and a capability protocol between these stores and clients is employed to share data between users. In order for users to gain confidence in a provider’s claims about post-EOL functionality, the framework includes a client-side monitor that helps users audit the dependence of the application on the provider’s resources.

Building Private Applications on the Personal Web

Users of the web trust third-party application providers with the safe keeping of their data. As the wealth of quality application services grows, so too does the volume of data that users disclose and entrust to others. This trust is precarious: services may go out of business or fail, while application provides may not take sufficient care of sensitive personal data, leading to data loss or unauthorized access. We argue for a web application model that treats personal data differently.

We first observe that the best practical backup of a user’s data is to collect and store a complete log of their browser- website interactions, allowing them to search their browsing history for content and application state that they have viewed in the past. After showing that the collection and storage of this history is prac- tical, we argue that many services that access personal data would be better implemented with access to the log, and in isolation from the Internet at large. This approach allows applications to be trusted with access to personal data without concerns over the leakage or unauthorized disclosure of that information.

Other Publications

Quality-Adaptive Video Streaming

Despite its success, streaming video delivery still suffers from significant limitations with respect to reliability, quality and navigation features in comparison to other modes of video delivery, namely downloads or DVDs (and other portable storage). In this paper and in our previous work, we describe our QStream streaming system. In broad terms, the goal of the project is to investigate system and networking techniques which narrow the performance gaps between streaming and other modes of video delivery

Master's Thesis

In this thesis, we present a system that combines the quality-adaptive video streaming of QStream with editing features (chaining effects, and movie clips), with the end-goal of creating a collaborative video editing platform.