illustration of lock, four asterisks and a shield with a fingerprint on it on a green gradient background

Security, privacy, and cryptography

Leveraging Large Language Models for Automated Proof Synthesis in Rust

photos of PhD students Anunay Kulshrestha and Karan Newatia with a photo of Senior Cryptographer Josh Benaloh in the middle with a microphone icon on a blue and purple gradient background

Intern Insights: Dr. Josh Benaloh with Anunay Kulshrestha and Karan Newatia

Bayes Security (β*, higher better) of DP-SGD against membership and attribute inference on the Adult and Purchase datasets as a function of the number of training steps. The green dashed line shows the corresponding DP budget (ε). Membership and attribute inference curves decrease monotonically as the model is trained for longer and the accuracy and DP budget grow.

Closed-Form Bounds for DP-SGD against Record-level Inference

ProvCam: A Camera Module with Self-Contained TCB for Producing Verifiable Videos

Current selections

Sort by: Most recent

Clear selections

Search within these results

Content Types

Published Date

Video

‘Hey mum, I dropped my phone down the toilet’: Investigating Hi Mum and Dad SMS Scams in the UK

September 24, 2025 | Sharad Agarwal

SMS fraud has surged in recent years. Detection techniques have improved along with the fraud, necessitating harder-to-detect fraud techniques. We study one of these where scammers send an SMS to the victim addressing mum or…

28:32

Video

zk-promises: Anonymous Moderation, Reputation, & Blocking from Anonymous Credentials with Callbacks

September 22, 2025 | Maurice Shih

Anonymity is essential for free speech and expressing dissent, but platform moderators need ways to police bad actors. For anonymous clients, this may involve banning their accounts, docking their reputation, or updating their state in…

23:37

Video

More is Less: Extra Features in Contactless Payments Break Security

September 22, 2025 | Tom Chothia, George Pavlides

The EMV contactless payment system has many independent parties: payment providers, terminal companies, smartphone companies, banks and regulators. EMVCo publishes a 15 book specification that these companies use to operate together. However, many of these…

32:50

Publication

Ordered Consensus with Equal Opportunity

Yunhao Zhang, Haobin Ni, Soumya Basu, Shir Cohen, Maofan Yin, Lorenzo Alvisi, R. V. Renesse, Qi Chen, Lidong Zhou

September 2025

Video

Six Years of Rowhammer: Breakthroughs and Future Directions

August 28, 2025 | Stefan Saroiu

This talk presents the work done over the past six years as part of Project STEMA at Microsoft. STEMA stands for Secure, Trusted, and Enhanced Memory for Azure. We discuss our journey in understanding Rowhammer…

01:11:27

Microsoft Research Blog

Crescent library brings privacy to digital identity systems

August 26, 2025 | Christian Paquin, Greg Zaverucha

Crescent helps make digital IDs private by preventing tracking across uses while letting users only disclose what’s necessary from their credentials.

Publication

Scoop: Mitigation of Recapture Attacks on Provenance-Based Media Authentication

Yuxin (Myles) Liu, Habiba Farrukh, Ardalan Amiri Sani, Sharad Agarwal, Gene Tsudik

USENIX Security Symposium | August 2025

Event

Pre-USENIX Security Mini-Conference

August 11, 2025 – August 12, 2025 | Redmond, WA

This is an invite-only event, unless you are a Microsoft employee. You must have received an invitation email from the organizers to register and attend. This is not an official USENIX Security-affiliated event. The event…

Research area: Security, privacy, and cryptography

Project

Project Roma

Deterministic security for AI agents AI agents perform consequential actions while processing data from various sources, including trusted collaborators and the public Web. It is crucial that AI agents handle this data with care: confidential…

Microsoft Research Blog

Project Ire autonomously identifies malware at scale

August 5, 2025 | Brian Caswell, Dustin Fraze, Sarah Smith, Rodrigo Racanicci, Tim Middleton-Sally, Shelby Hayes, Stanley He, Katy Smith, Bhakta Pradhan, Mike Walker

Designed to classify software without context, Project Ire replicates the gold standard in malware analysis through reverse engineering. It streamlines a complex, expert-driven process, making large-scale malware detection faster & more consistent.

Security, privacy, and cryptography

Highlights