Share on Facebook Tweet on Twitter Share on LinkedIn Share by email
Our research
Content type
+
Downloads (455)
+
Events (487)
 
Groups (150)
+
News (2849)
 
People (720)
 
Projects (1160)
+
Publications (13021)
+
Videos (6120)
Labs
Research areas
Algorithms and theory47205 (376)
Communication and collaboration47188 (251)
Computational linguistics47189 (275)
Computational sciences47190 (247)
Computer systems and networking47191 (847)
Computer vision208594 (953)
Data mining and data management208595 (168)
Economics and computation47192 (129)
Education47193 (91)
Gaming47194 (85)
Graphics and multimedia47195 (265)
Hardware and devices47196 (243)
Health and well-being47197 (117)
Human-computer interaction47198 (1018)
Machine learning and intelligence47200 (1032)
Mobile computing208596 (89)
Quantum computing208597 (45)
Search, information retrieval, and knowledge management47199 (756)
Security and privacy47202 (371)
Social media208598 (93)
Social sciences47203 (319)
Software development, programming principles, tools, and languages47204 (688)
Speech recognition, synthesis, and dialog systems208599 (176)
Technology for emerging markets208600 (64)
1–25 of 371
Sort
Show 25 | 50 | 100
1234567Next 
Samuel Haney, Ashwin Machanavajjhala, and Bolin Ding

The problem of designing error optimal differentially private algorithms is well studied. Recent work applying differential privacy to real world settings have used variants of differential privacy that appropriately modify the notion of neighboring databases. The problem of designing error optimal algorithms for such variants of differential privacy is open. In this paper, we show a novel transformational equivalence result that can turn the problem of query answering under differential privacy with a...

Publication details
Date: 1 September 2016
Type: Article
Publisher: VLDB – Very Large Data Bases
Julian Lettner, Benjamin Kollenda, Andrei Homescu, Per Larsen, Felix Schuster, Lucas Davi, Ahmad-Reza Sadeghi, Thorsten Holz, and Michael Franz
Publication details
Date: 22 June 2016
Type: Inproceeding
Publisher: USENIX Association
Rohit Sinha, Manuel Costa, Akash Lal, Nuno Lopes, Sanjit Seshia, Sriram Rajamani, and Kapil Vaswani

Hardware support for isolated execution (such as Intel SGX) enables development of applications that keep their code and data confidential even while running in a hostile or compromised host. However, automatically verifying that such applications satisfy confidentiality remains challenging. We present a methodology for designing such applications in a way that enables certifying their confidentiality. Our methodology consists of forcing the application to communicate with the external world through a...

Publication details
Date: 1 June 2016
Type: Inproceeding
Publisher: ACM – Association for Computing Machinery
Yuri Gurevich, Neta Haiby, Efim Hudis, Jeannette M. Wing, and Elad Ziklik

An item of your personal information is inversely private if some party has access to it but you do not. Inverse privacy is ubiquitous. Each interaction you have with commercial and other institutions generates inversely private data. The inverse privacy problem is unjustified inaccessibility of your inversely private data to you. Elsewhere a subset of these authors determined that the problem has a market-based solution that provides consumers with large amounts of their personal data to be mined and...

Publication details
Date: 24 May 2016
Type: Technical report
Publisher: MSR
Number: MSR-TR-2016-24
Patrick Longa and Michael Naehrig

The Number Theoretic Transform (NTT) provides efficient algorithms for cyclic and nega-cyclic convolutions, which have many applications in computer arithmetic, e.g., for multiplying large integers and large degree polynomials. It is commonly used in cryptographic schemes that are based on the hardness of the Ring Learning With Errors (R-LWE) problem to efficiently implement modular polynomial multiplication. We present a new modular reduction technique that is tailored for the special moduli required...

Publication details
Date: 23 May 2016
Type: Technical report
Number: MSR-TR-2016-23
Antoine Delignat-Lavaud, Cedric Fournet, Markulf Kohlweiss, and Bryan Parno

Despite advances in security engineering, authentication in applications such as email and the Web still primarily relies on the X.509 public key infrastructure introduced in 1988. This PKI has many issues but is nearly impossible to replace.

Leveraging recent progress in verifiable computation, we propose a novel use of existing X.509 certificates and infrastructure. Instead of receiving & validating chains of certificates, our applications receive & verify proofs of their...

Publication details
Date: 1 May 2016
Type: Inproceeding
Publisher: IEEE – Institute of Electrical and Electronics Engineers
Joost Renes, Craig Costello, and Lejla Batina

An elliptic curve addition law is said to be complete if it correctly computes the sum of any two points in the elliptic curve group. One of the main reasons for the increased popularity of Edwards curves in the ECG community is that they can allow a complete group law that is also relatively efficient (e.g., when compared to all known addition laws on Edwards curves). Such complete addition formulas can simplify the task of an ECG implementer and, at the same time, can greatly reduce the potential...

Publication details
Date: 1 May 2016
Type: Inproceeding
Publisher: Springer
robyn hicock

This paper provides Microsoft’s recommendations for password management based on current research and lessons from our own experience as one of the largest Identity Providers (IdPs) in the world. It covers recommendations for end users and identity administrators.

Microsoft sees over 10 million username/password pair attacks every day. This gives us a unique vantage point to understand the role of passwords in account takeover. The guidance in this paper is scoped to users of Microsoft’s...

Publication details
Date: 1 May 2016
Type: Article
Weidong Cui, Marcus Peinado, Sang Kil Cha, Yanick Fratantonio, and Vasileios P. Kemerlis

Many software providers operate crash reporting services to automatically collect crashes from millions of customers and file bug reports. Precisely triaging crashes is necessary and important for software providers because the millions of crashes that may be reported every day are critical in identifying high impact bugs. However, the triaging accuracy of existing systems is limited, as they rely only on the syntactic information of the stack trace at the moment of a crash without analyzing program...

Publication details
Date: 1 May 2016
Type: Inproceeding
Publisher: ACM – Association for Computing Machinery
Paul England, Andrey Marochko, Dennis Mattoon, Stefan Thom, and David Wooten

RIoT (Robust Internet-of-Things) is an architecture for providing foundational trust services to computing devices. The trust services include device identity, sealing, attestation, and data integrity. The term “Robust” is used because the minimal trusted computing base is tiny, and because RIoT capabilities can remotely re-establish trust in devices that have been compromised by malware. The term IoT is used because these services can be provided at low cost on even the tiniest of devices.

Publication details
Date: 21 April 2016
Type: Technical report
Publisher: Microsoft Research
Number: MSR-TR-2016-18
Nishanth Chandran, Srinivasan Raghuraman, and Dhinakaran Vinayagamurthy
Publication details
Date: 6 March 2016
Type: Inproceeding
Publisher: Springer
Trinabh Gupta, Natacha Crooks, Whitney Mulhern, Srinath Setty, Lorenzo Alvisi, and Michael Walfish
Publication details
Date: 1 March 2016
Type: Inproceeding
Publisher: USENIX – Advanced Computing Systems Association
Publication details
Date: 21 February 2016
Type: Inproceeding
Nathan Dowlin, Ran Gilad-Bachrach, Kim Laine, Kristin Lauter, Michael Naehrig, and John Wernsing

Applying machine learning to a problem which involves medical, financial, or other types of sensitive data, not only requires accurate predictions but also careful attention to maintaining data privacy and security. Legal and ethical requirements may prevent the use of cloud-based machine learning solutions for such tasks. In this work, we will present a method to convert learned neural networks to CryptoNets, neural networks that can be applied to encrypted data. This allows a data owner to...

Publication details
Date: 8 February 2016
Type: Technical report
Publisher: Microsoft Research
Number: MSR-TR-2016-3
panagiotis antonopoulos, arvind arasu, kedar dubhashi, ken eguro, joachim hammer, raghav kaushik, donald kossmann, bala neerumalla, ravi ramamurthy, and Jakub Szymaszek

There is a fundamental tradeoff between confidentiality and functionality

when state-of-the-art cryptography is combined with databases:

the more operations that are supported on encrypted data,

the more information that can be leaked unintentionally. There

has been a great deal of work studying these tradeoffs in the specific

context of property-preserving encryption techniques. For instance, deterministic

encryption can support equality predicates...

Publication details
Date: 1 February 2016
Type: Technical report
Publisher: Microsoft Research
Number: MSR-TR-2016-9
Bryan Parno, Craig Gentry, Jon Howell, and Mariana Raykova

To instill greater confidence in computations outsourced to the cloud, clients should be able to verify the correctness of the results returned. To this end, we introduce Pinocchio, a built system for efficiently verifying general computations while relying only on cryptographic assumptions. With Pinocchio, the client creates a public evaluation key to describe her computation; this setup is proportional to evaluating the computation once. The worker then evaluates the computation on a particular...

Publication details
Date: 1 February 2016
Type: Article
Publisher: ACM – Association for Computing Machinery
Awards: Research Highlight
Nishanth Chandran, Bhavana Kanukurthi, and Srinivasan Raghuraman
Publication details
Date: 10 January 2016
Type: Inproceeding
Publisher: Springer
Markulf Kohlweiss, Ueli Maurer, Cristina Onete, Björn Tackmann, and Daniele Venturi

SSL/TLS is one of the most widely deployed cryptographic protocols on the Internet. It is used to protect the confidentiality and integrity of transmitted data in various client-server applications. The currently specified version is TLS 1.2, and its security has been analysed extensively in the cryptographic literature. The IETF working group is actively developing a new version, TLS 1.3, which is designed to address several flaws inherent to previous versions.

In this paper, we analyze the...

Publication details
Date: 1 December 2015
Type: Inproceeding
Publication details
Date: 1 December 2015
Type: Inproceeding
Publisher: Springer
David Adrian, Karthikeyan Bhargavan, Zakir Durumeric, Pierrick Gaudry, Matthew Green, J. Alex Halderman, Nadia Heninger, Drew Springall, Emmanuel Thomé, Luke Valenta, Benjamin VanderSloot, Eric Wustrow, Santiago Zanella-Béguelin, and Paul Zimmermann

We investigate the security of Diffie-Hellman key exchange as used in popular Internet protocols and find it to be less secure than widely believed. First, we present Logjam, a novel flaw in TLS that lets a man-in-the-middle downgrade connections to "export-grade" Diffie-Hellman. To carry out this attack, we implement the number field sieve discrete log algorithm. After a week-long precomputation for a specified 512-bit group, we can compute arbitrary discrete logs in that group in about a minute. We...

Publication details
Date: 1 December 2015
Type: Inproceeding
Publisher: ACM
Nathan Dowlin, Ran Gilad-Bachrach, Kim Laine, Kristin Lauter, Michael Naehrig, and John Wernsing

Biological Data Science is an emerging field facing multiple challenges for hosting, sharing, computing on, and interacting with large data sets. Privacy regulations and concerns about the risks of leaking sensitive personal health and genomic data add another layer of complexity to the problem. Recent advances in cryptography over the last 5 years have yielded a tool, homomorphic encryption which can be used to encrypt data in such a way that storage can be outsourced to an untrusted cloud,...

Publication details
Date: 13 November 2015
Type: Technical report
Publisher: Microsoft Research
Number: MSR-TR-2015-87
Himanshu Raj, Stefan Saroiu, Alec Wolman, Ronald Aigner, Jeremiah Cox, Paul England, Chris Fenner, Kinshuman Kinshumann, Jork Loeser, Dennis Mattoon, Magnus Nystrom, David Robinson, Rob Spiger, Stefan Thom, and David Wooten

This paper presents the design and implementation of a firmware-based TPM 2.0 (fTPM) leveraging ARM TrustZone. The fTPM is the reference implementation used in millions of mobile devices, and was the first hardware or software implementation to support the newly released TPM 2.0 specification.

This paper describes the shortcomings of ARM's TrustZone for implementing secure services (such as our implementation), and presents three different approaches to overcome them. Additionally, the paper...

Publication details
Date: 5 November 2015
Type: Technical report
Publisher: Microsoft Research
Number: MSR-TR-2015-84
Bimal Viswanath, Muhammad Ahmad Bashir, Muhammad Bilal Zafar, Simon Bouget, Saikat Guha, Krishna Gummadi, Aniket Kate, and Alan Mislove
Publication details
Date: 1 November 2015
Type: Inproceeding
Jan Camenisch, Maria Dubovitskaya, Kristiyan Haralambiev, and Markulf Kohlweiss

It takes time for theoretical advances to get used in practical schemes. Anonymous credential schemes are no exception. For instance, existing schemes suited for real-world use lack formal, composable definitions, partly because they do not support straight-line extraction and rely on random oracles for their security arguments.

To address this gap, we propose unlinkable redactable signatures (URS), a new building block for privacy-enhancing protocols, which we use to construct the first...

Publication details
Date: 1 November 2015
Type: Inproceeding
Chris Hawblitzel, Jon Howell, Manos Kapritsos, Jacob R. Lorch, Bryan Parno, Michael L. Roberts, Srinath Setty, and Brian Zill

Distributed systems are notorious for harboring subtle bugs. Verification can, in principle, eliminate these bugs a priori, but verification has historically been difficult to apply at full-program scale, much less distributed-system scale.

We describe a methodology for building practical and provably correct distributed systems based on a unique blend of TLA-style state-machine refinement and Hoare-logic verification. We demonstrate the methodology on a complex implementation of a Paxos-based...

Publication details
Date: 5 October 2015
Type: Inproceeding
Publisher: ACM – Association for Computing Machinery
1–25 of 371
Sort
Show 25 | 50 | 100
1234567Next 
> Our research