Share on Facebook Tweet on Twitter Share on LinkedIn Share by email
Our research
Content type
+
Downloads (449)
+
Events (439)
 
Groups (151)
+
News (2698)
 
People (745)
 
Projects (1091)
+
Publications (12446)
+
Videos (5587)
Labs
Research areas
Algorithms and theory47205 (329)
Communication and collaboration47188 (212)
Computational linguistics47189 (223)
Computational sciences47190 (213)
Computer systems and networking47191 (751)
Computer vision208594 (901)
Data mining and data management208595 (98)
Economics and computation47192 (100)
Education47193 (82)
Gaming47194 (73)
Graphics and multimedia47195 (229)
Hardware and devices47196 (210)
Health and well-being47197 (87)
Human-computer interaction47198 (868)
Machine learning and intelligence47200 (857)
Mobile computing208596 (48)
Quantum computing208597 (25)
Search, information retrieval, and knowledge management47199 (668)
Security and privacy47202 (300)
Social media208598 (39)
Social sciences47203 (260)
Software development, programming principles, tools, and languages47204 (615)
Speech recognition, synthesis, and dialog systems208599 (118)
Technology for emerging markets208600 (32)
1–25 of 300
Sort
Show 25 | 50 | 100
1234567Next 
Craig Costello, Cedric Fournet, Jon Howell, Markulf Kohlweiss, Benjamin Kreuter, Michael Naehrig, Bryan Parno, and Samee Zahur

Cloud computing sparked interest in Verifiable Computation protocols, which allow a weak client to securely outsource computations to remote parties. Recent work has dramatically reduced the client's cost to verify the correctness of their results, but the overhead to produce proofs remains largely impractical.

Geppetto introduces complementary techniques for reducing prover overhead and increasing prover flexibility. With MultiQAPs, Geppetto reduces the cost of sharing state between...

Publication details
Date: 18 May 2015
Type: Inproceeding
Publisher: IEEE – Institute of Electrical and Electronics Engineers
John Vilk, David Molnar, Benjamin Livshits, Eyal Ofek, Chris Rossbach, Alexander Moshchuk, Helen J. Wang, and Ran Gal

Immersive experiences that mix digital and real-world objects are becoming reality, but they raise serious privacy concerns as they require real-time sensor input. These experiences are already present on smartphones and game consoles via Kinect, and will eventually emerge on the web platform. However, browsers do not expose the display interfaces needed to render immersive experiences. Previous security research focuses on controlling application access to sensor input alone, and do not deal...

Publication details
Date: 18 May 2015
Type: Proceedings
Publisher: IEEE – Institute of Electrical and Electronics Engineers
Helen J. Wang, Alexander Moshchuk, Michael Gamon, Mona Haraty, Shamsi Iqbal, Eli T. Brown, Ashish Kapoor, Chris Meek, Eric Chen, Yuan Tian, Jaime Teevan, Mary Czerwinski, and Susan Dumais

In this paper, we advocate “activity” to be a central abstraction between people and computing instead of applications. We outline the vision of the activity platform as the next-generation social platform.

Publication details
Date: 8 May 2015
Type: Technical report
Publisher: Microsoft Research
Number: MSR-TR-2015-38
Christian Paquin and Lan Nguyen

This document extends the U-Prove Cryptographic Specification by specifying an efficient revocation mechanism based on a dynamic accumulator. This scheme requires a designated verifier that shares the Revocation Authority’s private key. Unlike many accumulator schemes based on bilinear pairings, this scheme is built using a prime-order group and is therefore suitable for system that require standard constructions used in the U-Prove protocol.

Publication details
Date: 1 May 2015
Type: Technical report
Publisher: Microsoft Research
Number: MSR-TR-2015-40
Yuanzhong Xu, Weidong Cui, and Marcus Peinado

The presence of large numbers of security vulnerabilities in popular feature-rich commodity operating systems has inspired a long line of work on excluding these operating systems from the trusted computing base of applications, while retaining many of their benefits. Legacy applications continue to run on the untrusted operating system, while a small hypervisor or trusted hardware prevents the operating system from accessing the applications’ memory.

In this paper, we introduce...

Publication details
Date: 1 May 2015
Type: Proceedings
Publisher: IEEE – Institute of Electrical and Electronics Engineers
Christopher Theisen, Kim Herzig, Patrick Morrison, Brendan Murphy, and Laurie Williams

Security testing and reviewing efforts are a necessity for software projects, but are time-consuming and expensive to apply. Identifying vulnerable code supports decision-making during all phases of software development. An approach for identifying vulnerable code is to identify its attack surface, the sum of all paths for untrusted data into and out of a system. Identifying the code that lies on the attack surface requires expertise and significant manual effort. This paper proposes an...

Publication details
Date: 1 May 2015
Type: Inproceeding
Publisher: IEEE – Institute of Electrical and Electronics Engineers
Yuri Gurevich, Efim Hudis, and Jeannette M. Wing

An item of your personal information is inversely private if some party has access to it but you do not. We analyze the provenance of inversely private information and its rise to dominance over other kinds of personal information. In a nutshell, the inverse privacy problem is unjustified inaccessibility to you of your inversely private information. We believe that the inverse privacy problem has a market-based solution.

Publication details
Date: 1 May 2015
Type: Technical report
Number: MSR-TR-2015-37
Felix Schuster, Manuel Costa, Cedric Fournet, Christos Gkantsidis, Marcus Peinado, Gloria Mainar-Ruiz, and Mark Russinovich

We present VC3, the first system that allows users to run distributed MapReduce computations in the cloud while keeping their code and data secret, and ensuring the correctness and completeness of their results. VC3 runs on unmodified Hadoop, but crucially keeps Hadoop, the operating system and the hypervisor out of the TCB; thus, confidentiality and integrity are preserved even if these large components are compromised. VC3 relies on SGX processors to isolate memory regions on individual computers, and...

Publication details
Date: 1 May 2015
Type: Inproceeding
Publisher: IEEE – Institute of Electrical and Electronics Engineers
Eric Chen, Shuo Chen, Shaz Qadeer, and Rui Wang

The prevalence of security flaws in multiparty online services (e.g., single-sign-on, third-party payment, etc.) calls for rigorous engineering supported by formal program verification. However, the adoption of program verification faces several hurdles in the real world: how to formally specify logic properties given that protocol specifications are often informal and vague; how to precisely model the attacker and the runtime platform; how to deal with the unbounded set of all potential...

Publication details
Date: 1 May 2015
Type: Inproceeding
Publisher: IEEE – Institute of Electrical and Electronics Engineers
Ewa Luger, Lachlan Urquhart, Tom Rodden, and Michael Golembewski

The regulatory climate is in a process of change. Design, having been implicated for some time, is now explicitly linked to law. This paper recognises the heightened role of designers in the regulation of ambient interactive technologies. Taking account of incumbent legal requirements is difficult. Legal rules are convoluted, uncertain, and not geared towards operationalisable heuristics or development guidelines for system designers. Privacy and data protection are a particular moral, social and legal...

Publication details
Date: 17 April 2015
Type: Inproceeding
Publisher: ACM – Association for Computing Machinery
Patrick Morrison, Kim Herzig, Brendan Murphy, and Laurie Williams

While Microsoft product teams have adopted defect prediction models, they have not adopted vulnerability prediction models (VPMs). Seeking to understand this discrepancy, we replicated a VPM for two releases of the Windows Operating System, varying model granularity and statistical learners. We reproduced binary-level prediction precision (~0.75) and recall (~0.2). However, binaries often exceed 1 million lines of code, too large to practically inspect, and engineers expressed preference for source file...

Publication details
Date: 1 April 2015
Type: Inproceeding
Publisher: ACM – Association for Computing Machinery
Arvind Arasu, Ken Eguro, Manas Joglekar, Raghav Kaushik, Donald Kossmann, and Ravi Ramamurthy

Cipherbase is a comprehensive database system that provides strong end-to-end data confidentiality through encryption. Cipherbase is based on a novel architecture that combines an industrial strength database engine (SQL Server) with lightweight processing over encrypted data that is performed in secure hardware. Cipherbase has the smallest trusted computing base (TCB) among comparable systems and provides significant benefits over the state-of-the-art in terms of security, performance, and...

Publication details
Date: 1 April 2015
Type: Inproceeding
Benjamin Dowling, Douglas Stebila, and Greg Zaverucha

This document describes ANTP, an authentication protocol designed to be built over the Network Time Protocol operating in client/server mode. ANTP's design meets the requirements of NTP and the Security Requirements of Time Protocols in Packet-Switched Networks, a TICTOC Working Draft. In particular, the server does not need to keep per-client state, and the authentication steps does not degrade timestamp accuracy when compared to unauthenticated NTP. This specification is meant to accompany a paper...

Publication details
Date: 27 February 2015
Type: Technical report
Publisher: Microsoft Research
Number: MSR-TR-2015-19
Ben Stock, Ben Livshits, and Ben Zorn

In recent years, the drive-by malware space has undergone significant consolidation. Today, the most common source of drive-by downloads are the so-called exploit kits. Exploit kits signify a drastic consolidation of the process of malware creation and delivery. This paper presents Kizzle, the first prevention technique specifically designed for finding exploit kits.

Our analysis of exploit kits shows that while the actual JavaScript delivered by kits varies greatly, the code observed after it is...

Publication details
Date: 13 February 2015
Type: Technical report
Number: MSR-TR-2015-12
Maria Christakis and Patrice Godefroid

We present IC-Cut, short for “Interface-Complexity based Cut”, a new compositional search strategy for systematically testing large programs. IC-Cut dynamically detects function interfaces that are simple enough to be cost-effective for summarization. IC-Cut then hierarchically decomposes the program into units defined by such functions and their sub-functions in the call graph. These units are tested independently, their test results are recorded as low-complexity function summaries, and the summaries...

Publication details
Date: 1 February 2015
Type: Technical report
Number: MSR-TR-2015-10
Nitesh Mor, Oriana Riva, Suman Nath, and John Kubiatowicz

We propose BloomCookies that encode a user's profile in a compact and privacy-preserving way, without preventing online services from using it for personalization purposes. The BloomCookies design is inspired by our analysis of a large set of web search logs that shows drawbacks of two profile obfuscation techniques, namely profile generalization and noise injection, today used by many privacy-preserving personalization systems. We find that profile generalization significantly hurts personalization and...

Publication details
Date: 1 February 2015
Type: Inproceeding
He Wang, Dimitrios Lymberopoulos, and Jie Liu

We study the feasibility of leveraging the sensors embedded on mobile devices to enable a user authentication mechanism that is easy for users to perform, but hard for attackers to bypass. The proposed approach lies on the fact that users perform gestures in a unique way that depends on how they hold the phone, and on their hand's geometry, size, and flexibility. Based on this observation, we introduce two new unlock gestures that have been designed to enable the phone's embedded sensors to properly...

Publication details
Date: 1 February 2015
Type: Inproceeding
Publisher: Springer
Tadayoshi Kohno, Joel Kollin, David Molnar, and Franziska Roesner

Transparent near-eye displays are shipping now for augmented reality applications. In addition to these applications, they promise a private display safe from shoulder surfing. Multiple researchers in the security and HCI communities have proposed systems building on the assumption these displays are private. Unfortunately, this assumption is not always true. We find multiple shipping displays suffer from display leakage: an adversary who observes a user wearing the display can reconstruct the contents...

Publication details
Date: 1 February 2015
Type: Technical report
Number: MSR-TR-2015-18
Publication details
Date: 1 January 2015
Type: Inproceeding
Publisher: ACM
Lucas Silva Figueiredo, Benjamin Livshits, David Molnar, and Margus Veanes
Publication details
Date: 14 November 2014
Type: Technical report
Number: MSR-TR-2014-146
Paul Pearce, Vacha Dave, Chris Grier, Kirill Levchenko, Saikat Guha, Damon McCoy, Vern Paxson, Stefan Savage, and Geoffrey M. Voelker
Publication details
Date: 2 November 2014
Type: Inproceeding
Publisher: ACM – Association for Computing Machinery
John Vilk, David Molnar, Eyal Ofek, Chris Rossbach, Benjamin Livshits, Alexander Moshchuk, Helen J. Wang, and Ran Gal

Immersive experiences that mix digital and real-world objects are becoming reality, but they raise serious privacy concerns as they require real-time sensor input. These experiences are already present on smartphones and game consoles via Kinect, and will eventually emerge on the web platform. However, browsers do not expose the display interfaces needed to render immersive experiences. Previous security research focuses on controlling application access to sensor input alone, and do not deal...

Publication details
Date: 1 November 2014
Type: Technical report
Number: MSR-TR-2014-147
Eric Chen, Yutong Pei, Shuo Chen, Yuan Tian, Robert Kotcher, and Patrick Tague

OAuth is undoubtedly a highly influential protocol today, because of its swift and wide adoption in the industry. The initial objective of the protocol was specific: it serves the authorization needs for websites. What motivates our work is the realization that the protocol has been significantly re-purposed and re-targeted over the years: (1) all major identity providers, e.g., Facebook, Google, Microsoft and Twitter, have re-purposed OAuth for user authentication; (2)...

Publication details
Date: 1 November 2014
Type: Inproceeding
Publisher: ACM – Association for Computing Machinery
Dinei Florencio ˆ, Cormac Herley, and Paul C. van Oorschot

The research literature on passwords is rich but little of it directly aids those charged with securing web-facing services or setting policies. With a view to improving this situation we examine questions of implementation choices, policy and administration using a combination of literature survey and first-principles reasoning to identify what works, what does not work, and what remains unknown. Some of our results are surprising. We find that offline attacks, the justification for great demands of...

Publication details
Date: 1 November 2014
Type: Article
Publisher: USENIX – Advanced Computing Systems Association
Andrew Baumann, Marcus Peinado, and Galen Hunt

Today's cloud computing infrastructure requires substantial trust. Cloud users rely on both the provider's staff and its globally-distributed software/hardware platform not to expose any of their private data.

We introduce the notion of shielded execution, which protects the confidentiality and integrity of a program and its data from the platform on which it runs (i.e., the cloud operator's OS, VM and firmware). Our prototype, Haven, is the first system to achieve shielded execution of...

Publication details
Date: 6 October 2014
Type: Inproceeding
Publisher: USENIX – Advanced Computing Systems Association
Awards: Best Paper Award
1–25 of 300
Sort
Show 25 | 50 | 100
1234567Next 
> Our research