Portrait of Kapil Vaswani

Kapil Vaswani



I am a researcher with the Systems and Networking group at Microsoft Research. I am broadly interested in secure and robust systems. I graduated from the department of Computer Science and Automation at the Indian Institute of Science where I worked on efficient and accurate profiling and performance modelling techniques.


Always Encrypted

Always Encrypted is a feature designed to protect sensitive data, such as credit card numbers or national identification numbers (e.g. U.S. social security numbers), stored in Azure SQL Database or SQL Server databases. Always Encrypted allows clients to encrypt sensitive data inside client applications and never reveal the encryption keys to the Database Engine ( SQL Database or SQL Server). As a result, Always Encrypted provides a separation between those who own the data (and…

Trusted Cloud

Established: August 31, 2015

The Trusted Cloud project at Microsoft Research aims to provide customers of cloud computing complete control over their data: no one should be able to access the data without the customer’s permission. Even if there are malicious employees in the cloud service provider, or hackers break into the data center, they still should not be able to get access to customer data. Trust model: We use a non-hierarchical trust model. That is, we don’t want…
















Current Research

Always Encrypted/Cipherbase

One of the barriers to adoption cloud database technologies such as SQL Azure is data security and privacy. Data is a valuable asset to most organizations and storing the data in the cloud is often perceived as a security risk. This project investigates encryption as a mechanism to address such data security concerns. In particular, the goal of the project is to research, design, and build a comprehensive database system that supports encryption as a first class citizen. The desired functionality includes: (1) storing encrypted data, (2) issuing encrypted queries and getting back encrypted results. Our goal is to support all sophisticated features of a DBMS such as complex queries, indexes, transactions and stored procedures while maintaining strong security, (3) enabling automated migration of database applications to the cloud.

Other projects

  • Speculate – Language extensions for speculative parallelism
  • WYPIWYG – Inferring concurrency control from sequential proofs
  • Isolator – Dynamically enforcing isolation in concurrent programs
  • Darwin – Software fault localization using program versions
  • Preferential Path Profiling – An approach for improving the efficiency of collecting path coverage data
  • Seal – Side Effects Analysis for .NET

Program committees

PLDI 2018 (ERC), ICDCN 2016, POPL 2015 (ERC). PLDI 2014 (ERC), ICSE 2014, ISEC 2013, TOOLS Europe 2012, ISEC 2012, ICTAC 2012, CGO 2012, APLAS 2011, ISEC 2011, SCORE 2011, FASE 2011