Google Research

Security, privacy and abuse prevention

The Internet and the World Wide Web have brought many changes that provide huge benefits, in particular by giving people easy access to information that was previously unavailable, or simply hard to find. Unfortunately, these changes have raised many new challenges in the security of computer systems and the protection of information against unauthorized access and abusive usage. At Google, our primary focus is the user, and his/her safety. We have people working on nearly every aspect of security, privacy, and anti-abuse including access control and information security, networking, operating systems, language design, cryptography, fraud detection and prevention, spam and abuse detection, denial of service, anonymity, privacy-preserving systems, disclosure controls, as well as user interfaces and other human-centered aspects of security and privacy. Our security and privacy efforts cover a broad range of systems including mobile, cloud, distributed, sensors and embedded systems, and large-scale machine learning.

Recent publications

All publications in this area
Towards Fine-Grained Localization of Privacy Behaviors
Preview Abstract

Privacy labels help developers communicate their application's privacy behaviors (i.e., how and why an application uses personal information) to users. But, studies show that developers face several challenges in creating them and the resultant labels are often inconsistent with their application's privacy behaviors. In this paper, we create a novel methodology called fine-grained localization...

View details
Towards Fine-Grained Localization of Privacy Behaviors

Vijayanta Jain, Sepideh Ghanavati, Sai Teja Peddinti, Collin McMillan

2023 IEEE 8th European Symposium on Security and Privacy (EuroS&P), pp. 258-277

Downfall: Exploiting Speculative Data Gathering
Preview Abstract

We introduce Downfall attacks, new transient execution attacks that undermine the security of computers running everywhere across the internet. We exploit the gather instruction on high-performance x86 CPUs to leak data across boundaries of user-kernel, processes, virtual machines, and trusted execution environments. We also develop practical and end-to-end attacks to steal cryptographic keys,...

View details
Downfall: Exploiting Speculative Data Gathering

Daniel Moghimi

USENIX Security Symposium, USENIX (2023)

Evaluating Container Debloaters
Preview Abstract

Docker containers have been widely used by organizations because they are lightweight and single hardware can run multiple instances of a container. However, this ease of virtualization comes with weaker isolation as compared to virtual machines. A compromised container can allow the attacker to escape to the host and gain privileged access. Several approaches have been developed to reduce the...

View details
Evaluating Container Debloaters

Muhammad Hassan, Talha Tahir, Muhammad Farrukh, Abdullah Naveed, Anas Naeem, Fareed Zaffar, Fahad Shaon, Ashish Gehani, Sazzadur Rahaman

IEEE Secure Development Conference, SecDev 2023 (to appear)

Constant Matters: Fine-grained Complexity of Differentially Private Continual Observation
Constant Matters: Fine-grained Complexity of Differentially Private Continual Observation

Hendrik Fichtenberger, Monika Henzinger, Jalaj Upadhyay

Proceedings of the 40th International Conference on Machine Learning (ICML) (2023)

Evaluating User Behavior in Smartphone Security: A Psychometric Perspective
Preview Abstract

Smartphones have become an essential part of our modern society. Their popularity and ever-increasing relevance in our daily lives make these devices an integral part of our comput- ing ecosystem. Yet, we know little about smartphone users and their security behaviors. In this paper, we report our de- velopment and testing of a new 14-item Smartphone Security Behavioral Scale (SSBS) which...

View details
Evaluating User Behavior in Smartphone Security: A Psychometric Perspective

Hsiao-Ying Huang, Soteris Demetriou, Muhammad Hassan, Güliz Seray Tuncay, Carl A. Gunter, Masooda Bashir

USENIX SOUPS (2023)

Some of our teams

Athena

Graph mining

Mural

Perception

Security, privacy and abuse
Join Us

Our researchers work across the world

Together, our research teams tackle tough problems.

Explore opportunities