Introduction

I’m a researcher in the Software-Hardware Co-design group at Microsoft Research, where I work on the hard problems behind efficient, secure, and reliable cloud infrastructure, from traditional compute to AI systems. My experience spans systems and networking research, security, production infrastructure, trusted hardware, and cloud-scale design. My training as a systems researcher shapes how I approach this work: seek simplicity, insist on clarity, and build system designs and implementations that are not only publishable, but deployable.

Throughout the years, my colleagues and I:

  • designed, implemented, verified, and tested Sigries, a Rowhammer defense in the Azure Cobalt 200 SoC (Microsoft 1P silicon);
  • designed Panopticon, a Rowhammer defense adopted by the DRAM industry under the name of PRAC;
  • designed, deployed, and operated Microsoft Embedded Social, a cloud service aimed at user engagement in mobile apps, which had 20 million users;
  • created the reference implementation of a firmware-based Trusted Platform Module (fTPM) used in hundreds of millions of smartphones and tablets;
  • designed and operated Zero-Effort Payments (ZEP), one of the first face recognition-based payment systems in the world.

Prior to joining Microsoft, I served as a faculty member in the Computer Science Department at the University of Toronto. I earned my Ph.D. from the Computer Science & Engineering department at the University of Washington, and I am an ACM Fellow.

Microsoft Research has featured me in a podcast on Rowhammer and published a blog post detailing my background and research. I also maintain a page with brief articles on various topics related to Rowhammer.

News

June '26
AI agents will disrupt hardware security in ways the hardware industry may not yet anticipate. We wrote a workshop paper on Rowhammer defenses showing how agents can reverse-engineer defenses that rely on security by obscurity and generate attacks that bypass them. I hope the paper serves as a wakeup call for the DRAM industry and encourages more work at the intersection of hardware security and AI. The paper appears at DRAMSec 2026.
Aug '25
The good folks at MSR helped me record my talk on "Six Years of Rowhammer". This talk is very close to my heart. Over the past six years, my colleagues and I have had front-row seats to the efforts, both in industry and academia, to address Rowhammer. This talk offers a unique perspective on that journey.
July '25
I am now part of a new group formed at Microsoft Research called "Software-HARdware Co-design (SHARC)".

Recent Publications

AI Agents Can Defeat Security by Obscurity for Rowhammer Defenses
Stefan Saroiu, Alec Wolman, Jay Bosamiya, Adam Grenzebach, Paramvir Bahl
DRAMSec 2026
Towards Multi-Stakeholder Clouds
Bohdan Borysei, Stefan Saroiu, Eyal de Lara
HotMobile 2024
Siloz: Leveraging DRAM Isolation Domains to Prevent Inter-VM Rowhammer
Kevin Loughlin, Jonah Rosenblum, Stefan Saroiu, Alec Wolman, Dimitrios Skarlatos, Baris Kasikci
SOSP 2023
show all

Recent Service