Share on Facebook Tweet on Twitter Share on LinkedIn Share by email
Our research
Content type
+
Downloads (454)
+
Events (444)
 
Groups (151)
+
News (2727)
 
People (738)
 
Projects (1102)
+
Publications (12540)
+
Videos (5665)
Labs
Research areas
Algorithms and theory47205 (335)
Communication and collaboration47188 (214)
Computational linguistics47189 (238)
Computational sciences47190 (220)
Computer systems and networking47191 (758)
Computer vision208594 (907)
Data mining and data management208595 (105)
Economics and computation47192 (104)
Education47193 (82)
Gaming47194 (76)
Graphics and multimedia47195 (233)
Hardware and devices47196 (215)
Health and well-being47197 (91)
Human-computer interaction47198 (887)
Machine learning and intelligence47200 (881)
Mobile computing208596 (54)
Quantum computing208597 (32)
Search, information retrieval, and knowledge management47199 (682)
Security and privacy47202 (309)
Social media208598 (44)
Social sciences47203 (261)
Software development, programming principles, tools, and languages47204 (620)
Speech recognition, synthesis, and dialog systems208599 (129)
Technology for emerging markets208600 (32)
1–25 of 309
Sort
Show 25 | 50 | 100
1234567Next 
Stuart Schechter and Joseph Bonneau

Nearly all smartphones and tablets support unlocking with a short user-chosen secret: e.g., a numeric PIN or a pattern. To address users’ tendency to choose guessable PINs and patterns, we compare two approaches for helping users learn assigned random secrets. In one approach, built on our prior work [16], we assign users a second numeric PIN and, during each login, we require them to enter it after their chosen PIN. In a new approach, we re-arrange the digits on the keypad so that the user’s...

Publication details
Date: 22 July 2015
Type: Inproceeding
Publisher: USENIX – Advanced Computing Systems Association
Joppe Bos, Craig Costello, Patrick Longa, and Michael Naehrig

This document explains the details of the curve generation algorithms and provides the parameters for the NUMS (Nothing Up My Sleeve) curves. These curves are supported in the MSR Elliptic Curve Cryptography Library (MSR ECCLib).

Publication details
Date: 9 June 2015
Type: Technical report
Publisher: Microsoft Research
Number: MSR-TR-2015-49
Craig Costello, Patrick Longa, and Michael Naehrig

This position paper summarizes our perspectives on the selection of next-generation elliptic curves for standardization. It also contains generation algorithms intended as a foundation for choosing elliptic curves for cryptography in a simple, consistent and rigid way.

Publication details
Date: 8 June 2015
Type: Technical report
Number: MSR-TR-2015-46
Craig Costello and Patrick Longa

We introduce FourQ, a high-security, high-performance elliptic curve that targets the 128-bit security level. At the highest level, cryptographic scalar multiplications on FourQ can use a four-dimensional Gallant-Lambert-Vanstone decomposition to minimize the total number of elliptic curve group operations. At the group arithmetic level, FourQ admits the use of extended twisted Edwards coordinates and can therefore exploit the fastest known elliptic curve addition formulas over large characteristic...

Publication details
Date: 8 June 2015
Type: Technical report
Number: MSR-TR-2015-47
Craig Costello, Cedric Fournet, Jon Howell, Markulf Kohlweiss, Benjamin Kreuter, Michael Naehrig, Bryan Parno, and Samee Zahur

Cloud computing sparked interest in Verifiable Computation protocols, which allow a weak client to securely outsource computations to remote parties. Recent work has dramatically reduced the client's cost to verify the correctness of their results, but the overhead to produce proofs remains largely impractical.

Geppetto introduces complementary techniques for reducing prover overhead and increasing prover flexibility. With MultiQAPs, Geppetto reduces the cost of sharing state between...

Publication details
Date: 18 May 2015
Type: Inproceeding
Publisher: IEEE – Institute of Electrical and Electronics Engineers
John Vilk, David Molnar, Benjamin Livshits, Eyal Ofek, Chris Rossbach, Alexander Moshchuk, Helen J. Wang, and Ran Gal

Immersive experiences that mix digital and real-world objects are becoming reality, but they raise serious privacy concerns as they require real-time sensor input. These experiences are already present on smartphones and game consoles via Kinect, and will eventually emerge on the web platform. However, browsers do not expose the display interfaces needed to render immersive experiences. Previous security research focuses on controlling application access to sensor input alone, and do not deal...

Publication details
Date: 18 May 2015
Type: Proceedings
Publisher: IEEE – Institute of Electrical and Electronics Engineers
Joppe W. Bos, Craig Costello, Michael Naehrig, and Douglas Stebila

Lattice-based cryptographic primitives are believed to offer resilience against attacks by quantum computers. We demonstrate the practicality of post-quantum key exchange by constructing ciphersuites for the Transport Layer Security (TLS) protocol that provide key exchange based on the ring learning with errors (R-LWE) problem; we accompany these ciphersuites with a rigorous proof of security. Our approach ties lattice-based key exchange together...

Publication details
Date: 18 May 2015
Type: Inproceeding
Publisher: IEEE – Institute of Electrical and Electronics Engineers
Helen J. Wang, Alexander Moshchuk, Michael Gamon, Mona Haraty, Shamsi Iqbal, Eli T. Brown, Ashish Kapoor, Chris Meek, Eric Chen, Yuan Tian, Jaime Teevan, Mary Czerwinski, and Susan Dumais

In this paper, we advocate “activity” to be a central abstraction between people and computing instead of applications. We outline the vision of the activity platform as the next-generation social platform.

Publication details
Date: 8 May 2015
Type: Technical report
Publisher: Microsoft Research
Number: MSR-TR-2015-38
Yuanzhong Xu, Weidong Cui, and Marcus Peinado

The presence of large numbers of security vulnerabilities in popular feature-rich commodity operating systems has inspired a long line of work on excluding these operating systems from the trusted computing base of applications, while retaining many of their benefits. Legacy applications continue to run on the untrusted operating system, while a small hypervisor or trusted hardware prevents the operating system from accessing the applications’ memory.

In this paper, we introduce...

Publication details
Date: 1 May 2015
Type: Proceedings
Publisher: IEEE – Institute of Electrical and Electronics Engineers
Felix Schuster, Manuel Costa, Cedric Fournet, Christos Gkantsidis, Marcus Peinado, Gloria Mainar-Ruiz, and Mark Russinovich

We present VC3, the first system that allows users to run distributed MapReduce computations in the cloud while keeping their code and data secret, and ensuring the correctness and completeness of their results. VC3 runs on unmodified Hadoop, but crucially keeps Hadoop, the operating system and the hypervisor out of the TCB; thus, confidentiality and integrity are preserved even if these large components are compromised. VC3 relies on SGX processors to isolate memory regions on individual computers, and...

Publication details
Date: 1 May 2015
Type: Inproceeding
Publisher: IEEE – Institute of Electrical and Electronics Engineers
Yuri Gurevich, Efim Hudis, and Jeannette M. Wing

An item of your personal information is inversely private if some party has access to it but you do not. We analyze the provenance of inversely private information and its rise to dominance over other kinds of personal information. In a nutshell, the inverse privacy problem is unjustified inaccessibility to you of your inversely private information. We believe that the inverse privacy problem has a market-based solution.

Publication details
Date: 1 May 2015
Type: Technical report
Number: MSR-TR-2015-37
Eric Chen, Shuo Chen, Shaz Qadeer, and Rui Wang

The prevalence of security flaws in multiparty online services (e.g., single-sign-on, third-party payment, etc.) calls for rigorous engineering supported by formal program verification. However, the adoption of program verification faces several hurdles in the real world: how to formally specify logic properties given that protocol specifications are often informal and vague; how to precisely model the attacker and the runtime platform; how to deal with the unbounded set of all potential...

Publication details
Date: 1 May 2015
Type: Inproceeding
Publisher: IEEE – Institute of Electrical and Electronics Engineers
Christian Paquin and Lan Nguyen

This document extends the U-Prove Cryptographic Specification by specifying an efficient revocation mechanism based on a dynamic accumulator. This scheme requires a designated verifier that shares the Revocation Authority’s private key. Unlike many accumulator schemes based on bilinear pairings, this scheme is built using a prime-order group and is therefore suitable for system that require standard constructions used in the U-Prove protocol.

Publication details
Date: 1 May 2015
Type: Technical report
Publisher: Microsoft Research
Number: MSR-TR-2015-40
Joppe W. Bos, Craig Costello, Patrick Longa, and Michael Naehrig

We select a set of elliptic curves for cryptography and analyze our selection from a performance and security perspective. This analysis complements recent curve proposals that suggest (twisted) Edwards curves by also considering the Weierstrass model. Working with both Montgomery-friendly and pseudo-Mersenne primes allows us to consider more possibilities which help to improve the overall efficiency of base field arithmetic. Our Weierstrass...

Publication details
Date: 1 May 2015
Type: Article
Publisher: Springer
Christopher Theisen, Kim Herzig, Patrick Morrison, Brendan Murphy, and Laurie Williams

Security testing and reviewing efforts are a necessity for software projects, but are time-consuming and expensive to apply. Identifying vulnerable code supports decision-making during all phases of software development. An approach for identifying vulnerable code is to identify its attack surface, the sum of all paths for untrusted data into and out of a system. Identifying the code that lies on the attack surface requires expertise and significant manual effort. This paper proposes an...

Publication details
Date: 1 May 2015
Type: Inproceeding
Publisher: IEEE – Institute of Electrical and Electronics Engineers
Ewa Luger, Lachlan Urquhart, Tom Rodden, and Michael Golembewski

The regulatory climate is in a process of change. Design, having been implicated for some time, is now explicitly linked to law. This paper recognises the heightened role of designers in the regulation of ambient interactive technologies. Taking account of incumbent legal requirements is difficult. Legal rules are convoluted, uncertain, and not geared towards operationalisable heuristics or development guidelines for system designers. Privacy and data protection are a particular moral, social and legal...

Publication details
Date: 17 April 2015
Type: Inproceeding
Publisher: ACM – Association for Computing Machinery
Patrick Morrison, Kim Herzig, Brendan Murphy, and Laurie Williams

While Microsoft product teams have adopted defect prediction models, they have not adopted vulnerability prediction models (VPMs). Seeking to understand this discrepancy, we replicated a VPM for two releases of the Windows Operating System, varying model granularity and statistical learners. We reproduced binary-level prediction precision (~0.75) and recall (~0.2). However, binaries often exceed 1 million lines of code, too large to practically inspect, and engineers expressed preference for source file...

Publication details
Date: 1 April 2015
Type: Inproceeding
Publisher: ACM – Association for Computing Machinery
Arvind Arasu, Ken Eguro, Manas Joglekar, Raghav Kaushik, Donald Kossmann, and Ravi Ramamurthy

Cipherbase is a comprehensive database system that provides strong end-to-end data confidentiality through encryption. Cipherbase is based on a novel architecture that combines an industrial strength database engine (SQL Server) with lightweight processing over encrypted data that is performed in secure hardware. Cipherbase has the smallest trusted computing base (TCB) among comparable systems and provides significant benefits over the state-of-the-art in terms of security, performance, and...

Publication details
Date: 1 April 2015
Type: Inproceeding
Ravishankar Ramanathan, Fernando G.S.L. Brandão, Karol Horodecki, Michał Horodecki, Paweł Horodecki, and Hanna Wojewódka
Publication details
Date: 1 April 2015
Type: Article
Razvan Pascanu, Jack W. Stokes, Hermineh Sanossian, Mady Marinescu, and Anil Thomas

Attackers often create systems that automatically rewrite and reorder their malware to avoid detection. Typical machine learning approaches, which learn a classifier based on a handcrafted feature vector, are not sufficiently robust to such reorderings. We propose a different approach, which, similar to natural language modeling, learns the language of malware spoken through the executed instructions and extracts robust, time domain features. Echo state networks (ESNs) and recurrent neural networks...

Publication details
Date: 1 April 2015
Type: Proceedings
Publisher: IEEE – Institute of Electrical and Electronics Engineers
Benjamin Dowling, Douglas Stebila, and Greg Zaverucha

This document describes ANTP, an authentication protocol designed to be built over the Network Time Protocol operating in client/server mode. ANTP's design meets the requirements of NTP and the Security Requirements of Time Protocols in Packet-Switched Networks, a TICTOC Working Draft. In particular, the server does not need to keep per-client state, and the authentication steps does not degrade timestamp accuracy when compared to unauthenticated NTP. This specification is meant to accompany a paper...

Publication details
Date: 27 February 2015
Type: Technical report
Publisher: Microsoft Research
Number: MSR-TR-2015-19
Ben Stock, Ben Livshits, and Ben Zorn

In recent years, the drive-by malware space has undergone significant consolidation. Today, the most common source of drive-by downloads are the so-called exploit kits. Exploit kits signify a drastic consolidation of the process of malware creation and delivery. This paper presents Kizzle, the first prevention technique specifically designed for finding exploit kits.

Our analysis of exploit kits shows that while the actual JavaScript delivered by kits varies greatly, the code observed after it is...

Publication details
Date: 13 February 2015
Type: Technical report
Number: MSR-TR-2015-12
Tadayoshi Kohno, Joel Kollin, David Molnar, and Franziska Roesner

Transparent near-eye displays are shipping now for augmented reality applications. In addition to these applications, they promise a private display safe from shoulder surfing. Multiple researchers in the security and HCI communities have proposed systems building on the assumption these displays are private. Unfortunately, this assumption is not always true. We find multiple shipping displays suffer from display leakage: an adversary who observes a user wearing the display can reconstruct the contents...

Publication details
Date: 1 February 2015
Type: Technical report
Number: MSR-TR-2015-18
He Wang, Dimitrios Lymberopoulos, and Jie Liu

We study the feasibility of leveraging the sensors embedded on mobile devices to enable a user authentication mechanism that is easy for users to perform, but hard for attackers to bypass. The proposed approach lies on the fact that users perform gestures in a unique way that depends on how they hold the phone, and on their hand's geometry, size, and flexibility. Based on this observation, we introduce two new unlock gestures that have been designed to enable the phone's embedded sensors to properly...

Publication details
Date: 1 February 2015
Type: Inproceeding
Publisher: Springer
Maria Christakis and Patrice Godefroid

We present IC-Cut, short for “Interface-Complexity based Cut”, a new compositional search strategy for systematically testing large programs. IC-Cut dynamically detects function interfaces that are simple enough to be cost-effective for summarization. IC-Cut then hierarchically decomposes the program into units defined by such functions and their sub-functions in the call graph. These units are tested independently, their test results are recorded as low-complexity function summaries, and the summaries...

Publication details
Date: 1 February 2015
Type: Technical report
Number: MSR-TR-2015-10
1–25 of 309
Sort
Show 25 | 50 | 100
1234567Next 
> Our research