I am working at Microsoft Research since 2004. In 2010, I joined the Languages and Tools team at European Microsoft Innovation Center (EMIC) in Munich, Germany. Before, I was part of the Security and Privacy team at EMIC and was mainly involved in European collaborative research projects. In 2004, I finished my PhD in network security at Eurecom Institute (Sophia-Antipolis, France) and ENST (Paris) with Prof. Refik Molva as supervisor. The main topic of this work was security of pervasive computing environments in terms of access control, trust establishment, and privacy. I received my Master of Science in networks and distributed systems (DEA-RSD) from the Polytech Nice-Sophia (former ESSI) and INRIA Sophia in 2000. From 1995 to 1999, I worked as an engineer in software development at Siemens in Switzerland. I was mainly involved in projects related to the telecommunication management network. Before, I studied telecommunication at HEIG-VD (former EIVD) in Yverdon, Switzerland.
Contributions to Internal Research Projects
- FORMULA - Modeling Foundations: FORMULA (Formal Modeling Using Logic Programming and Analysis) is a modern formal specification language targeting model-based development (MBD). It is based on algebraic data types (ADTs) and strongly-typed constraint logic programming (CLP), which support concise specifications of abstractions and model transformations. Around this core is a set of composition operators for composing specifications in the style of MBD.
- Data Usage and Privacy Policies: This project involves developing a new language for specifying data usage and privacy policies in the context of distributed web services, using SecPAL as a starting point. The new language lets services specify how they will handle user data and to which third parties this data may be disclosed. On the user side, the language specifies restrictions and obligations on data usage and forwarding.
- Applications of logical inference to policies and management.
- Specification and enforcement of privacy. Usage control in terms of authorizations, delegations and obligations.
- Credentials combining unlinkability and non-transferability
- Proof of proximity and location
- Scalable application of inference engines to real problems.
- Security of distributed systems (Web Services, STS, WCF)
- Secure software engineering, threat modeling.
- Project management, agile development.
- Other interests: Trusted Computing Platforms, Rights Managements.
Collaborative Research Projects
- PrimeLife: Bringing sustainable privacy and identity management to future networks and services
- SeCSE: Service Centric System Engineering
- FIDIS: Future of Identity in the Information Society (Network of Excellence)
- MOSQUITO: Mobile Workers’ Secure Business Applications in Ubiquitous Environments (STREP FP6)
- WiTness: WIreless Trust for mobile busiNESS (STREP FP5)
- SAR-SSI 2012 Conf. on Network Architectures and Information Systems Security.
- SAR-SSI 2011
- SAR-SSI 2010
- SEC 2010, 25th IFIP International Information Security Conference - Security & Privacy − Silver Linings in the Cloud.
- W3C Workshop on Access Control Application Scenarios, November 2009 -- Luxembourg.
- Privacy on the Web special track at SAC 2010
- PESOS 2009, Principles of Engineering Service Oriented Systems.
- SAR-SSI 2008
- SAR SSI 2007
- SecureComm 2007, International Conference on Security and Privacy in Communication Networks.
- CANS'06, International Conference on Cryptology and Network Security.
- ESAS 2005, European Workshop on Security and Privacy in Ad hoc and Sensor Networks.
- Moritz Y. Becker, Alexander Malkis, and Laurent Bussard, A Practical Generic Privacy Language, in Sixth International Conference on Information Systems Security (ICISS 2010), Springer Verlag, December 2010.
- Moritz Y. Becker, Alexander Malkis, and Laurent Bussard, S4P: A Generic Language for Specifying Privacy Preferences and Policies, no. MSR-TR-2010-32, April 2010.
- Muhammad Ali, Laurent Bussard, and Ulrich Pinsdorf, Obligation Language and Framework to Enable Privacy-aware SOA, in Data Privacy Management and Autonomous Spontaneous Security, Springer, March 2010.
- Laurent Bussard, Anna Nano, and Ulrich Pinsdorf, Delegation of access rights in multi-domain service compositions, in Identity in the Information Society, vol. OnlineFirst, Springer Verlag, December 2009.
- Laurent Bussard and Moritz Y. Becker, Can Access Control be Extended to Deal with Data Handling in Privacy Scenarios?, in W3C Workshop on Access Control Application Scenarios, November 2009.
- Moritz Y. Becker, Alexander Malkis, and Laurent Bussard, A Framework for Privacy Preferences and Data-Handling Policies, no. MSR-TR-2009-128, September 2009.
- Stefan Brands, Laurent Bussard, Joris Claessens, Christian Geuer-Pollmann, and Ulrich Pinsdorf, Identity Management in Service Oriented Architectures, in The Future of Identity in the Information Society, pp. 167–171, Springer, June 2009.
 Laurent Bussard, Gregory Neven, and Franz-Stefan Preiss. Matching Privacy Policies and Preferences: Access Control, Obligations, Authorisations, and Downstream Usage. Chapter in Privacy and Identity Management for Life. Pages 313-326. June 2011. Springer. ISBN 978-3-642-20316-9
 Ulrich Pinsdorf, Laurent Bussard, Sebastian Meissner, Jan Schallaböck, and Stuart Short. Privacy for Service Oriented Architectures. Chapter in Privacy and Identity Management for Life. Pages 383-412. June 2011. Springer. ISBN 978-3-642-20316-9
 Moritz Y. Becker, Alexander Malkis, and Laurent Bussard. A Practical Generic Privacy Language. In Sixth International Conference on Information Systems Security (ICISS 2010). December 2010. [full text]
 Laurent Bussard, Gregory Neven, and Jan Schallaböck. Data Handling: Dependencies between Authorizations and Obligations. Position paper at W3C Workshop on Privacy and data usage control. October 2010. [full text]
 Moritz Y. Becker, Alexander Malkis, and Laurent Bussard. S4P: A Generic Language for Specifying Privacy Preferences and Policies, Microsoft Tech. Report MSR-TR-2010-32. April 2010. [full text]
 Laurent Bussard and Moritz Y. Becker. Can Access Control be Extended to Deal with Data Handling in Privacy Scenarios? Position paper at W3C Workshop on Access Control Application Scenarios. November 2009. [full text]
 C.A. Ardagna, E. Pedrini, S. De Capitani di Vimercati, P. Samarati, L. Bussard, G. Neven, F-S. Preiss, S. Paraboschi, M. Verdicchio, D. Raggett, and S. Trabelsi. PrimeLife Policy Language, Project's position paper at W3C Workshop on Access Control Application Scenarios. November 2009.
 L. Bussard, A. Nano, and U. Pinsdorf. Delegation of Access Rights in Multi-Domain Service Compositions. In IDIS Journal (Identity in the Information Society). Volume 2, number 2. [full text]
 Moritz Y. Becker, Alexander Malkis, and Laurent Bussard. A Framework for Privacy Preferences and Data-Handling Policies, Microsoft Tech. Report MSR-TR-2009-128. September 2009. [full text]
 S. Brands, L. Bussard, J. Claessens, C. Geuer-Pollmann, and U. Pinsdorf. High-Tech ID and Emerging Technologies, Contributions to chapter in book, The Future of Identity in the Information Society, Springer, ISBN: 978-3-540-88480-4
 S. Lachmund, L. Bussard, E. Olk, and F. Fransen. An Infrastructure for Gaining Trust in Context Information. Context Information. Workshop on The Value of Security through Collaboration (SECOVAL'06) at IEEE SECURECOMM conference, Baltimore, MD, USA. September 2006.
 S. Lachmund, T. Walter, L. Bussard, L. Gomez, and E. Olk. Context-Aware Access Control - Making Access Control Decisions Based on Context Information. International Workshop on Ubiquitous Access Control (IWUAC 2006). San Jose, California, USA. July 17, 2006.
 L. Bussard and F. Fransen. From Location-Awareness to Provable Location. Presented at the 15th IST Mobile & Wireless Communications Summit. June 2006.
 L. Bussard, J. Claessens, S. Crosta, Y. Roudier, A. Zugenmaier. Can we take this off-line? - Credentials for Web services supported nomadic applications. In Proceedings of 4th Conference on Security and Network Architectures (SAR'05), Batz sur Mer, France, June 2005. [full text]
 L. Bussard and W. Bagga. Distance-bounding proof of knowledge to avoid real-time attacks. In proceedings of (IFIP/SEC2005), 20th IFIP International Information Security Conference. Chiba, Japan. June 2005. [full text]
 T. Walter, L. Bussard, Y. Roudier, J. Haller, R. Kilian-Kehr, J. Posegga, and P. Robinson. Secure Mobile Business Applications - Framework, Architecture, and Implementation. In Information Security Technical Report, vol. 9, no. 4, special issue on Mobile Security, Elsevier, 2004, pages 6-21. [full text]
 L. Bussard. Trust Establishment Protocols for Communicating Devices. PhD Thesis, Eurecom-ENST, September 2004. [full text]
A summary in French is available at the end of this document.
 L. Bussard and Y. Roudier. Protecting Applications and Devices in Nomadic Business Environments. In Proceedings of 3rd Conference on Security and Network Architectures (SAR'04), La Londe, France, June 2004. [full text]
 L. Bussard, W. Bagga. Distance-bounding proof of knowledge protocols to avoid terrorist fraud attacks. Eurecom Research Report RR-04-109. [full text]
 L. Bussard and R. Molva. Establishing Trust with Privacy. In proceedings of the twelve international workshop on security protocols (SP'04), Cambridge, UK, April 2004. [full text]
 L. Bussard, R. Molva, Y. Roudier. Combining history-based trust establishment with distance-bounding protocols.
Eurecom Research Report RR-04-100. [full text]
 L. Bussard, R. Molva, Y. Roudier. Protecting applications and devices in nomadic business environments. Eurecom Research Report RR-04-101. [full text]
 L. Bussard, R. Molva, and Y. Roudier. History-Based Signature or How to Trust Anonymous Documents. In Proceedings of the Second Conference on Trust Management (iTrust'04), LNCS 2995, pages 78-92, Oxford, UK, March 2004. [full text]
 L. Bussard, Y. Roudier, and R. Molva. Untraceable Secret Credentials: Trust Establishment with Privacy. In Proceedings of the Workshop on Pervasive Computing and Communications Security (PerSec'04) at PerCom'04, pages 122-126, Orlando, USA, March 2004. [full text]
 L. Bussard and R. Molva. One-Time Capabilities for Authorizations without Trust. In Proceedings of the second IEEE conference on Pervasive Computing and Communications (PerCom'04), pages 351-355, Orlando, USA, March 2004. [full text]
 T. Walter, L. Bussard, P. Robinson, and Y. Roudier. Security and trust issues in ubiquitous environments - the business-to-employee dimension. In Workshop on Ubiquitous Services and Networking in at SAINT'04, Tokyo, Japan, January 2004. [full text]
 L. Bussard, Y. Roudier, R. Kilian Kehr, and S. Crosta. Trust and Authorization in Pervasive B2E Scenarios. In Proceedings of the 6th Information Security Conference (ISC'03), LNCS 2851, pages 295-309, Bristol, UK, October 2003. [full text]
 L. Bussard, Y. Roudier. Background signature for sensor networks.
Eurecom Research Report RR-03-076. [full text]
 L. Bussard, R. Molva. One-time authorization for off-line interactions. Eurecom Research Report RR-03-077. [full text]
 L. Bussard and Y. Roudier. Embedding Distance-Bounding Protocols within Intuitive Interactions. In Proceedings of Conference on Security in Pervasive Computing (SPC'03), LNCS 2802, pages 143-156, Boppard, Germany, March 2003. [full text]
 S. Loureiro, L. Bussard, and Y. Roudier. Extending Tamper-Proof Hardware Security to Untrusted Execution Environments. In Proceedings of the Fifth Smart Card Research and Advanced Application Conference (CARDIS'02) - USENIX - IFIP working group 8.8 (smart cards), pages 111-124, San Jose, California, November 2002. [full text]
 L. Bussard, L. Carver, E. Ernst, M. Jung, M. Robillard, and Andreas Speck. Safe Aspect Composition. Workshop on Aspects and Dimensions of Concern at ECOOP'2000, Cannes, France, June 2000.
 L. Bussard. Towards a pragmatic composition model of Corba services based on AspectJ. Master thesis, ESSI-I3S, 2000.
 L. Bussard. Towards a Pragmatic Composition Model of CORBA Services Based on AspectJ. In Workshop on Aspects and Dimensions of Concern at ECOOP'2000, Cannes, France, June 2000.