Share on Facebook Tweet on Twitter Share on LinkedIn Share by email


Baaz is a tool to find access control misconfigurations in shared resources such as file shares, sharepoints and wikis. In our demonstration, we show how to use B aaz's statistical techniques to detect stale and wrong access control by correlating access permissions to group membership in Active Directory.

Position-Based Cryptography

Typical examples of identities in the electronic world include your name, or your fingerprint/iris-scan, or your address, or your public-key coming from some trusted public-key infrastructure. In many situations, however, where you are defines your identity. For example, we know the role of a bank-teller behind a bullet-proof bank window not because she shows us her credentials but by merely knowing her location. In this work, we initiate the study of cryptographic protocols where the identity (or other credentials and inputs) of a party are derived from its geographic location.

We start by considering the central task in this setting, i.e., securely verifying the position of a device. Despite much work on this problem, we show that in the most natural model, the above task (i.e., of secure positioning) is impossible to achieve. In light of the above impossibility result, we then turn to a model where we assume some bound on how much information the adversary can download from a stream of information passing by. We construct unconditionally secure protocols for two fundamental tasks: Secure Positioning and Position Based Key Exchange.

We show how these basic tasks can be used to realize a number of more advanced ones. A few examples are:

  • Restricting access to a resource (e.g., printer) to someone at a particular position.
  • Sending an encrypted message such that only a person at a particular position can decrypt it.
  • Receiving a message such that we have a guarantee on the position of the sender.

SEAL: A Logic Programming Language for Automated Analysis of Access Control Safety

SEAL is a logic-programming language for expressing state-of the art label-based access control models, such as Windows 7. Augmenting traditional relational abstractions of access control, a SEAL program defines an infinite state-transition system over relations and allows the expression and automated verification of temporal queries. While the general reachability query in this context is undecidable, we present a sound abstraction that has enough precision in practice, to generate meaningful feedback. Counter-examples produced by SEAL can further be used to implement reference monitors and prevent these unsafe transitions. We show how SEAL can be used to study various design choices and validate/expose vulnerabilities in access control safety in a range of models from the traditional Graham-Denning DAC models to more contemporary designs such as Windows 7, Asbestos and IFFEDAC.

Write in the Air

This is a proof-of-concept demo for recognizing characters and gestures drawn in the air. In order to input characters into devices such as Xbox and Internet TV equipped with a low-cost Webcam but no keyboard, one can just face the camera and write the intended character in the air by using a handy colored object. The video sequence captured by the camera will be analyzed to track the movement of the colored object. The derived trajectory will then be fed into a handwriting recognizer. A short list of recognition results will be displayed on the screen for final selection. The vocabulary of our handwriting recognizer consists of Chinese, Japanese, and Korean characters, English letters, and numerical digits. Similarly, one can also do command and control (C&C) via recognizing gestures drawn in the air. The vocabulary of our gesture recognizer consists of a dozen pre-defined gestures. By combining the above two technologies, interesting application scenarios such as playing interactive games on Xbox or surfing the Web on Internet TV can be enabled.


Finding photos based on text tags often doesn’t provide a sufficiently rich way to find the photo that one is looking for. At MSR Asia, we have carried out work on searching for images based on the visual attributes of the image in the past several years. SkyFinder is a technology demonstration which leverages detailed analysis of 500,000 photographs to allow users to select photos with the desired sky lighting conditions. It demonstrates that we can select photos based on attributes such as the density of the cloud, the location of the sun, and the color of the sky.

Enabling Sharing During Mobile Calls

Ever called someone on the phone and wished you could easily share context, like your location, or content, photos and web pages, with them? We will demo Newport, a mobile phone application that makes it easy to share information while you are on a call and ends the sharing when the call is over. Recognizing that phones and computers are often used in isolation, Newport also bridges the gap between phones and computers, recognizing via Bluetooth when you are on a mobile phone call and providing additional functionality on the computer to support sharing and collaboration during your call.

Cell Phone as a Platform for Healthcare in Underserved Communities

This booth contains three demonstrations for providing better rural point-of-care treatment using a mobile phone. One demo is a mobile phone cellular microscopy system designed to provide in-the-field detection of blood/sputum detected diseases such as malaria, sickle cell anemia and tuberculosis. The second demonstration is a mobile phone based ultrasound system. The UI enables excellent field image creation and capture which can either be interpreted by a clinician on site or e-mailed by a field worker to a remote clinician. The third demonstration is a sleep apnea collar that enables remote monitoring of sleep disorder candidates in their own home. Multiple sensors on the collar are streamed through Bluetooth to a nearby cell phone. The data is remotely forwarded to the patient’s doctor for further analysis. Longer term, we hope to provide subject classification on the mobile device directly. The purpose of these featured project and others funded through Microsoft External Research is to raise the quality of care and promote better public health.

Collage: A Presentation Tool for K-12 Classroom

Collage is a software presentation tool that has been created exclusively to support instruction in a K-12 classroom. The tool enables teachers to display digital scans of textbook pages along with digital multimedia, while performing simple mouse-driven operations like overlaying images on top of each other, selecting and enlarging regions within an image or a video, zooming in and out and performing digital annotations. We have field tested Collage in at least 40 different K-12 classes and found that in comparison to traditional presentation tools (like PowerPoint), Collage reduces preparation time for teachers considerably and enables them to conduct presentations in a more flexible manner. Our experiments also show that Collage is preferred by students for viewing digital content during lessons and that it significantly improves their post-class retention of such content.

The Path of Go: A Microsoft Research Game for Xbox 360

This demo showcases an Xbox 360 game, based on the game of Go, produced in-house at Microsoft Research Cambridge. Go is one of the most famous board games in East Asia, it originated in China 4000 years ago. Behind the deceptive simplicity of the game hides great complexity. It only takes minutes to learn, but it takes a lifetime to master. Although computers have surpassed human skills at Chess, implementing a competitive AI for Go remains a research challenge. The game is powered by three technologies developed at Microsoft Research Cambridge: an AI capable of playing Go, the F# language, and TrueSkill™ to match online players. The AI is implemented in F# and meets the challenge of running efficiently in the .net compact framework on Xbox 360. This game places you in a number of visually stunning 3D scenes. It was fully developed in managed code using the XNA environment.


Holmes is a statistical toolkit that automatically finds the most likely root cause of test failures. Holmes collects and analyzes fine-grained path coverage data and identifies code paths that strongly correlate with failure. In addition to finding the code paths that strongly correlate with failure, the analysis is designed to detect and eliminate code paths that just happen to correlate with failure but are not the actual cause (such as error handling code). The final result of the analysis is a set of bug predictors, code paths that are likely to be the cause of failures.

Holmes is particularly suited for a scenario where the application has a large test suite and the cause of failing tests needs to be found. At Microsoft PDC 2009, Holmes Beta 1.0 was made available to developers and testers to root cause software developed on the .Net platform. Holmes installs as a Microsoft Visual Studio 2010 package and comes with a rich set of features including root cause path viewing, integrated instrumentation and also connects with other applications like Microsoft Visual Studio Test Elements and Team Foundation Server. Holmes supports analysis of both automated units tests and manual tests (run through Microsoft Visual Studio Test Elements).

Learn more about Holmes and try it out

Stratus: Efficient Mobile Communication Using Cloud

Stratus is a system for increasing the battery life on smartphones by reducing the energy consumed for cellular data communication, which is a major source of energy drain on these devices. Stratus employs optimizations that leverage resources in the cloud to achieve energy savings by modulating incoming and outgoing traffic to the smartphone to better match the energy characteristics of the radio interface. The optimizations include message aggregation, asymmetric data compression, and opportunistic packet scheduling based on dynamically-varying signal quality. We will demonstrate the Stratus prototype comprising two components, a cloud based proxy server and a lightweight client-side proxy on a Windows Mobile phone. Using Stratus, we will show energy savings of up to 50% for mobile Web browsing.

Dryad and DryadLINQ

DryadLINQ is a Microsoft Research project, which aims to make distributed computing on clusters of computers simple enough for all programmers. DryadLINQ combines another Microsoft Research technology, Dryad, with the familiar LINQ technology from the Microsoft .NET framework.

Dryad is a high-performance, general-purpose distributed computing engine that handles some of the most difficult aspects of cluster-based distributed computing such as automatic scheduling of processes on the cluster machines, monitoring, fault-tolerance, and support for efficient data-transfer between processes. Dryad provides excellent performance and scalability, and can handle very large-scale data-parallel computations. Microsoft routinely uses Dryad to analyze petabytes of data on cluster of thousands of computers.

DryadLINQ extends the Language Integrated Query (LINQ) programming model to dramatically simplify the task of writing Dryad applications. With DryadLINQ, the code for a program that can run on hundreds of computers to process terabytes of data looks just like the code of a sequential .NET program using LINQ. Behind the scenes however, the DryadLINQ provider transparently converts a LINQ query into a distributed Dryad application and executes it on a cluster.

Learn more about DryadLINQ

Learn more about Dryad

Project Trident: A Scientific Workflow Workbench

Project Trident: A Scientific Workflow Workbench is a set of tools—based on the Windows Workflow Foundation—for creating and running scientific workflows.

  • Trident Composer provides graphical tools for creating workflows.
  • Trident Management Studio provides graphical tools for running, managing, and sharing workflows.
  • Trident can run multiple workflows in parallel on a Windows HPC Server 2008 cluster.
  • The Silverlight version of the Trident Workflow Application enables users to run workflows remotely using a Silverlight-enabled browser, available for a variety of operating systems.
  • Trident provides a framework to add runtime services and comes with services such as provenance and workflow monitoring.
  • Trident is integrated with the myExperiment Web site—a workflow collaboration portal—so scientists can easily share their Trident workflows with colleagues.
  • The Trident security model supports users and roles that allows scientists to control access rights to their workflows.

Learn more about Project Trident

Technologies for the Scholarly Communications Lifecycle

The Microsoft External Research vision includes support for the scholarly communication lifecycle through software and services so that data and information flow in a coordinated and seamless fashion, from authoring through publication to long term information preservation.

A couple of examples include Chem4Word and the Research Information Centre (RIC).

The Chem4Word project aims to simplify the authoring of chemical information in Word—specifically the inclusion of chemical structures. This project will also demonstrate how semantic information can be captured at authoring time as the way to more accurately represent the chemical content, create high quality depictions, contribute to simpler pre-publication processes and richer information discovery scenarios, as well as to preserve chemical information for archival purposes.

The Research Information Centre (RIC) is a virtual research environment framework being jointly developed by Microsoft External Research and The British Library. We view researchers as extreme information workers and the purpose of the RIC is to support researchers in managing the increasingly complex range of tasks involved in carrying out research. Built on top of Microsoft Office SharePoint Server (MOSS) 2007, the RIC extends the core MOSS functionality to meet the needs to academic researchers engaged in collaborative research projects.

Learn more about Technologies for the Scholarly Communications Lifecycle