{"id":559983,"date":"2019-03-22T10:34:44","date_gmt":"2019-03-22T17:34:44","guid":{"rendered":"https:\/\/www.microsoft.com\/en-us\/research\/?post_type=msr-group&p=559983"},"modified":"2024-11-14T02:18:29","modified_gmt":"2024-11-14T10:18:29","slug":"azure-security-privacy","status":"publish","type":"msr-group","link":"https:\/\/www.microsoft.com\/en-us\/research\/group\/azure-security-privacy\/","title":{"rendered":"Azure Research – Security and Privacy"},"content":{"rendered":"
\n\t
\n\t\t
\n\t\t\t\"Microsoft\t\t<\/div>\n\t\t\n\t\t
\n\t\t\t\n\t\t\t
\n\t\t\t\t\n\t\t\t\t
\n\t\t\t\t\t\n\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\tAzure Research\t\t\t\t\t\t\t\t<\/a>\n\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\n\n

Azure Research – Security and Privacy<\/h1>\n\n\n\n

<\/p>\n\n\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t<\/div>\n\t\t<\/div>\n\t<\/div>\n<\/section>\n\n\n\n\n\n

Security and privacy are among the most significant concerns for enterprises and consumers using public cloud platforms. Azure Research – Security and Privacy is conducting pioneering research in the design of systems that guarantee strong security and privacy properties to cloud users, and in novel applications that are enabled by emerging security and privacy technology.   <\/p>\n\n\n\n

We work in close collaboration with external and internal research organizations, as well as with Microsoft product teams. Our current focus areas include secure distributed computing, privacy-preserving machine learning, secure hardware design, software security, and verified security and cryptography. <\/p>\n\n\n\n

The team, which is in the Azure Office of the CTO, was formerly the Confidential Computing<\/a> group in Microsoft Research\u2019s Cambridge Lab. The team\u2019s research and development has contributed directly to multiple Microsoft products, including Confidential Containers on Azure Container Instances<\/a>, Azure Confidential Ledger<\/a> and Azure Managed Confidential Consortium<\/a> Framework (which are based on CCF<\/a>), Confidential Computing with GPUs<\/a>, Azure SQL-Always Encrypted<\/a>, and Control Flow Guard<\/a> (which protects most of Microsoft\u2019s systems and applications). The team also pioneered techniques for Memory Tagging<\/a>, Malware Containment<\/a>, and Confidential Data Cleanrooms<\/a>, that have been adopted by several hardware and software products across the industry. <\/p>\n\n\n\n

<\/div>\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n

Here is some of the open source code available from the Confidential Computing team:<\/p>\n\n\n\n

\n
\n

The Confidential Consortium Framework (CCF) (opens in new tab)<\/span><\/a> is an open-source framework for building a new category of secure, highly available, and performant applications that focus on multi-party compute and data.<\/p>\n\n\n\n

\n
CCF<\/a><\/div>\n<\/div>\n<\/div>\n\n\n\n
\n

snmalloc is a high-performance allocator. snmalloc can be used directly in a project as a header-only C++ library, it can be LD_PRELOAD<\/code>ed on Elf platforms (e.g. Linux, BSD), and there is a crate (opens in new tab)<\/span><\/a> to use it from Rust.<\/p>\n\n\n\n

\n
snmalloc<\/a><\/div>\n<\/div>\n<\/div>\n\n\n\n
\n

Revizor is a security-oriented fuzzer for detecting information leaks in CPUs, such as Spectre and Meltdown (opens in new tab)<\/span><\/a>. It tests CPUs against Leakage Contracts (opens in new tab)<\/span><\/a> and searches for unexpected leaks.<\/p>\n\n\n\n

\n
Revizor<\/a><\/div>\n<\/div>\n<\/div>\n\n\n\n
\n

Project Verona is a research programming language to explore the concept of concurrent ownership. We are providing a new concurrency model that seamlessly integrates ownership.<\/p>\n\n\n\n

\n
Verona<\/a><\/div>\n<\/div>\n<\/div>\n<\/div>\n\n\n\n
\n
\n

A library for statistically estimating the privacy of Machine Learning training pipelines from membership inference attacks.<\/p>\n\n\n\n

\n
Privacy Estimates<\/a><\/div>\n<\/div>\n<\/div>\n\n\n\n
\n

Microsoft Membership Inference Competition (MICO). A public competition to benchmark differentially private model training as a mitigation against white-box membership inference attacks.<\/p>\n\n\n\n

\n
MICO<\/a><\/div>\n<\/div>\n<\/div>\n\n\n\n
\n

High-Assurance Cryptographic Library. Modern cryptographic algorithms (Curve25519, Ed25519, AES-GCM, Chacha20, Poly1305, SHA-2, SHA-3, HMAC, HKDF) formally verified in F* (opens in new tab)<\/span><\/a>, compilable to C and WebAssembly. <\/p>\n\n\n\n

\n
HACL*<\/a><\/div>\n<\/div>\n<\/div>\n\n\n\n
\n

CHERIoT (“Capability Hardware Extension to RISC-V for the Internet of Things”) is a co-designed embedded processor and RTOS for embedded-scale systems, offering object-granular memory safety and light-weight compartmentalization to C\/C++. <\/p>\n\n\n\n

\n
CHERIoT<\/a><\/div>\n<\/div>\n<\/div>\n<\/div>\n\n\n\n
\n
\n

Rego is a language developed by Open Policy Agent (OPA) for use in defining policies in cloud systems. The rego-cpp project is a multi-pass compiler and unification engine in C++ which give programmers the flexibility to integrate Rego natively into a wider range of languages, including C, C++, Rust, and Python.<\/p>\n\n\n\n

\n
Rego-cpp<\/a><\/div>\n<\/div>\n<\/div>\n\n\n\n
\n
\n
<\/div>\n\n\n\n
<\/div>\n<\/div>\n<\/div>\n\n\n\n
<\/div>\n<\/div>\n\n\n","protected":false},"excerpt":{"rendered":"

Security and privacy are arguably the most significant concerns for enterprises and consumers using public cloud platforms. The confidential computing theme at Microsoft Research Cambridge has been conducting pioneering research in the design of systems that guarantee strong security and privacy properties to cloud users. <\/p>\n","protected":false},"featured_media":939186,"template":"","meta":{"msr-url-field":"","msr-podcast-episode":"","msrModifiedDate":"","msrModifiedDateEnabled":false,"ep_exclude_from_search":false,"_classifai_error":"","msr_group_start":"","footnotes":""},"research-area":[13556,13552,13558],"msr-group-type":[243694],"msr-locale":[268875],"msr-impact-theme":[],"class_list":["post-559983","msr-group","type-msr-group","status-publish","has-post-thumbnail","hentry","msr-research-area-artificial-intelligence","msr-research-area-hardware-devices","msr-research-area-security-privacy-cryptography","msr-group-type-group","msr-locale-en_us"],"msr_group_start":"","msr_detailed_description":"","msr_further_details":"","msr_hero_images":[],"msr_research_lab":[],"related-researchers":[{"type":"user_nicename","display_name":"Eddy Ashton","user_id":39102,"people_section":"Section name 1","alias":"edashton"},{"type":"user_nicename","display_name":"Amaury Chamayou","user_id":38362,"people_section":"Section name 1","alias":"amchamay"},{"type":"user_nicename","display_name":"Giovanni Cherubin","user_id":41410,"people_section":"Section name 1","alias":"gcherubin"},{"type":"user_nicename","display_name":"Sylvan Clebsch","user_id":36368,"people_section":"Section name 1","alias":"syclebsc"},{"type":"user_nicename","display_name":"Manuel Costa","user_id":32794,"people_section":"Section name 1","alias":"manuelc"},{"type":"user_nicename","display_name":"Antoine Delignat-Lavaud","user_id":31056,"people_section":"Section name 1","alias":"antdl"},{"type":"user_nicename","display_name":"C\u00e9dric Fournet","user_id":31819,"people_section":"Section name 1","alias":"fournet"},{"type":"user_nicename","display_name":"Adrien Ghosn","user_id":41263,"people_section":"Section name 1","alias":"t-aghosn"},{"type":"user_nicename","display_name":"Heidi Howard","user_id":41512,"people_section":"Section name 1","alias":"heidihoward"},{"type":"user_nicename","display_name":"Matthew Johnson","user_id":32830,"people_section":"Section name 1","alias":"matjoh"},{"type":"user_nicename","display_name":"Boris Köpf","user_id":37857,"people_section":"Section name 1","alias":"bokoepf"},{"type":"user_nicename","display_name":"Robert Norton-Wright","user_id":39045,"people_section":"Section name 1","alias":"ronorton"},{"type":"user_nicename","display_name":"Oleksii Oleksenko","user_id":43146,"people_section":"Section name 1","alias":"ololeksenko"},{"type":"user_nicename","display_name":"Matthew Parkinson","user_id":32838,"people_section":"Section name 1","alias":"mattpark"},{"type":"user_nicename","display_name":"Andrew Paverd","user_id":37902,"people_section":"Section name 1","alias":"anpaverd"},{"type":"user_nicename","display_name":"Shruti Tople","user_id":39003,"people_section":"Section name 1","alias":"shtople"},{"type":"user_nicename","display_name":"Kapil Vaswani","user_id":32487,"people_section":"Section name 1","alias":"kapilv"},{"type":"user_nicename","display_name":"Stavros Volos","user_id":35437,"people_section":"Section name 1","alias":"svolos"},{"type":"user_nicename","display_name":"Santiago Zanella-B\u00e9guelin","user_id":33518,"people_section":"Section name 1","alias":"santiago"}],"related-publications":[558288,591904,592006,499550,465654,418826,558297,558303,254093,215264,168683,168697,168684,168426,659370,978486,756028,1039857,939924,660741,1010307,796963,1042731,215136,939993,672480,1010430,828229,1045377,592648,945099,691908,1017384,855945,1047069,592657,955035,695655,1025283,879525,1058205,593287,955044,695898,1025313,882387,1058211,593302,969189,696811,1026261,900717,1087050,593377,977088,701437,1026267,915369,1087071,597883,977097,733996,1029096,916611,1087692,650721,978444,754795,1029939,937314,1090641,652491,978480,754813,1039842,938655],"related-downloads":[632115,736231,924138,925353,925362,925371],"related-videos":[],"related-projects":[],"related-events":[],"related-opportunities":[],"related-posts":[],"tab-content":[{"id":0,"name":"Collaborations","content":"Our research in Confidential Computing involves collaborations with partners in- and outside Microsoft. As regards external collaboration, we have deep roots in the academic research ecosystem and engage in collaborations with top research groups around the world.\r\n

Microsoft Security Response Center<\/a><\/h3>\r\nWe collaborate closely with the Microsoft Security Response Center (MSRC) on multiple topics, including exploit mitigations, safe systems programming languages, CPU security, secure hardware design, and AI security.\r\n
<\/div>\r\n\"INRIA<\/a>\r\n

Inria Joint Centre<\/a><\/h3>\r\nThe Inria Joint Centre was founded in 2004 by Inria (the French National Research Institute for Computer Science and Applied Mathematics), Microsoft Corporation, and Microsoft Research Cambridge. The Centre\u2019s objective is to pursue fundamental, long-term research in Computer Science with a particular emphasis on formal methods and machine learning and some of their key applications.\r\n\r\n \r\n

Swiss Joint Research Centre<\/a><\/h3>\r\nEstablished in 2008, the Swiss Joint Research Center (Swiss JRC) is a collaborative research engagement between Microsoft Research and the two universities that make up the Swiss Federal Institutes of Technology: ETH Zurich<\/a> and\u00a0EPFL<\/a>. The Centre\u2019s objective is to pursue fundamental, long-term research in Computer Science with a particular emphasis on systems, security, and AI.\r\n
\r\n
<\/div>\r\n\"Center<\/a>\r\n

C4DT<\/a><\/h3>\r\nHoused at EPFL in Lausanne (Switzerland), the Center for Digital Trust brings together\u202ffounding partners including Microsoft Research,\u202flaboratories, civil society, and policy actors to collaborate, share insight, and to gain early access to trust-building technologies, building on state-of-the-art research at EPFL and beyond.\r\n
\r\n
<\/div>\r\n\"University<\/a>\r\n

University College London (UCL)<\/a><\/h3>\r\nWe are partner of the EPSRC Centre for Doctoral Training in Cybersecurity at UCL<\/a> which trains cohorts of highly skilled experts drawn from across the spectrum of engineering and social sciences, able to become the next generation of UK leaders in industry and government, public policy, and scientific research.\r\n

PhD collaborations in EMEA<\/h3>\r\n[accordion]\r\n[panel header=\" Aalto University \"]\r\n\r\n\"SMVRF: Secure Messaging Verifiably Realized in F*\"<\/strong>\r\n\r\nPrimary Supervisor: Chris Brzuska<\/a>\r\n\r\nMSR Supervisor: Antoine Delignat-Lavaud<\/a>\r\n\r\n[\/panel]\r\n\r\n[panel header=\"Imperial College London\"]\r\n\r\n\"Regions and Types for the Secure Foundations of Cloud-First, Confidential Computing\"<\/strong>\r\n\r\nPrimary Supervisor: Sophia Drossopoulou<\/a>\r\n\r\nMSR Supervisor: Antoine Delignat-Lavaud<\/a>\r\n\r\n[\/panel]\r\n\r\n[panel header=\"Technical University of Vienna (TU Wien) \"]\r\n\r\n\"Bit-level Accurate Reasoning and Interpolation\"<\/strong>\r\n\r\nPrimary Supervisor: Georg Weissenbacher<\/a>\r\n\r\nMSR Supervisor: Christoph Wintersteiger<\/a>\r\n\r\n[\/panel]\r\n\r\n[panel header=\"University of Edinburgh \"]\r\n\r\n\"Improving the usability of TLS APIs\"<\/strong>\r\n\r\nPrimary Supervisor: Kami Vaniea<\/a>\r\n\r\nMSR Supervisor: Antoine Delignat-Lavaud<\/a>\r\n\r\n \r\n\r\n\"Speicher: A Secure Storage System using Shielded Execution\"<\/strong>\r\n\r\nPrimary Supervisor: Pramod Bhatotia<\/a>\r\n\r\nMSR Supervisor: Kapil Vaswani<\/a>\r\n\r\n[\/panel]\r\n\r\n[panel header=\" University of York \"]\r\n\r\n\"Lightweight Concurrency Modelling\"<\/strong>\r\n\r\nPrimary Supervisor: Mike Dodds<\/a>\r\n\r\nMSR Supervisor: Matthew Parkinson<\/a>\r\n\r\n[\/panel]\r\n\r\n[panel header=\"Uppsala University \"]\r\n\r\n\"Quantifiably Secure Architectures \"<\/strong>\r\n\r\nPrimary Supervisor: Stefanos Kaxiras<\/a>\r\n\r\nMSR Supervisor: Boris K\u00f6pf<\/a>\r\n\r\n[\/panel]\r\n\r\n[\/accordion]\r\n\r\nFind out more about the PhD Scholarship Programme in EMEA<\/a>."},{"id":1,"name":"Workshops","content":"

Microsoft Research Summit \u2013 October 21, 2021<\/h2>\r\n

Workshop: Practical and Theoretical Privacy of Machine Learning Training Pipelines<\/h3>\r\nWorkshop organisers: Boris K\u00f6pf, Santiago Zanella-Beguelin\r\n\r\nDifferentially private training algorithms guarantee an upper bound on the record-level, user-level, or subpopulation-level information leakage of ML training pipelines. However, we only know how to prove these guarantees under a worst-case adversary model that rarely matches threat models of real-world deployments. Because of this mismatch, it is almost impossible to simultaneously get good utility and provably strong privacy in practice. Conscientious practitioners who err on the side of privacy end up using models that are less useful than could be. Pragmatic practitioners purposefully weaken privacy guarantees to get an acceptable level of utility. They do so under the assumption that provable guarantees are overly pessimistic for their assumed threat model, but without a good understanding of the effective privacy achieved.\r\n\r\nThis workshop provides a forum to better understand the effective privacy of machine learning training pipelines with the goal of striking a well-founded trade-off between privacy and utility.\r\n

Workshop: Software Transparency<\/h3>\r\nWorkshop organisers: Manuel Costa<\/a>, Antoine Delignat-Lavaud<\/a>, C\u00e9dric Fournet<\/a>, Esha Ghosh<\/a>, Kay Williams\r\n\r\nThis workshop addresses the integrity of software supply chains, in light of recent attacks. It explores new applications of transparency systems (initially applied to certificates and identity credentials) to keep track of code release, updates, and audits at every layer of the stack\u2014including firmware, operating systems, python and node packages, and applications code. Hence, software can be associated with signed standardized \"bills of materials\" that publicly document their provenance and that can be verified before installing or executing their binaries. In particular, this provenance information can be used to support the remote attestation of the software TCB loaded within trusted execution environments for confidential computing. The workshop includes presentations highlighting recent government and industry initiatives, as well as ongoing research on transparency, e.g. on verifiable data structures and the need to balance integrity and privacy."}],"msr_impact_theme":[],"_links":{"self":[{"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-group\/559983"}],"collection":[{"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-group"}],"about":[{"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/types\/msr-group"}],"version-history":[{"count":83,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-group\/559983\/revisions"}],"predecessor-version":[{"id":1103721,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-group\/559983\/revisions\/1103721"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/media\/939186"}],"wp:attachment":[{"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/media?parent=559983"}],"wp:term":[{"taxonomy":"msr-research-area","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/research-area?post=559983"},{"taxonomy":"msr-group-type","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-group-type?post=559983"},{"taxonomy":"msr-locale","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-locale?post=559983"},{"taxonomy":"msr-impact-theme","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-impact-theme?post=559983"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}