Stefan Saroiu

Introduction

I am a senior principal researcher in the Office of the CTO, Azure for Operators at Microsoft. My research focuses on building trusted and secure systems, but I am interested in all aspects of systems research.

I am very proud when my research has impact in practice. Over the years, together with my colleagues, I have been fortunate to:

influence the DRAM industry to start addressing the threat of Rowhammer attacks.
ship a cloud service used by 20+ million users.
build the reference implementation of the firmware TPM.
build one of the first face recognition-based payment systems, six years before Amazon Go was launched.

Prior to coming to Microsoft, I was a faculty member of the Computer Science Department at the University of Toronto. I received my Ph.D. from the Computer Science & Engineering department at the University of Washington. I am an ACM Distinguished Member.

The good folks at Microsoft Research recorded a podcast with me on Rowhammer and wrote a blog post on my work and background.

News

Nov '21

A class of Rowhammer defenses use counters to track the number of activations a DRAM row receives. When a counter reaches a threshold value, a remedy is performed.
Some are surprised to learn that these thresholds must be set conservatively, to very low values.
To explain, I wrote a short note on how to set thresholds for counter-based Rowhammer defenses and a Rowhammer terminology cheat sheet.

Oct '21

Lucian Cojocar finished his PostDoc at MSR and released a tech report describing
mFIT, an inexpensive tool that can help researchers reverse engineer DRAM and memory controllers.
Check out his results and the mFIT design.

June '21

Amazon's Alexa can (and should!) put users in control of their security and privacy.
With MegaMind, users can encrypt their voice and commands sent to Amazon.
Watch MJ's presentation and check out his code.

June '21

I hope Panopticon will influence the DRAM industry to fix their Rowhammer problem. No more excuses!
Watch our presentation or read our paper on Panopticon. We also open-sourced a simple simulator targeting DDR5 DRAM (GitHub link).

May '21

After coming up with an awesome title for our HotOS paper, Kevin outdid himself and turned his presentation into poetry!
(YouTube link)

Mar '21

JEDEC published two whitepapers on Rowhammer [1,2]. This is a first for JEDEC. Good for them!

Recent Publications

mFIT: A Bump-in-the-Wire Tool for Plug-and-Play Analysis of Rowhammer Susceptibility Factors

Lucian Cojocar, Kevin Loughlin, Stefan Saroiu, Baris Kasikci, Alec Wolman

MSR Technical Report 2021

MegaMind: A Platform for Security & Privacy Extensions for Voice Assistants

Seyed Mohammadjavad Seyed Talebi, Ardalan Amiri Sani, Stefan Saroiu, Alec Wolman

MobiSys 2021

Panopticon: A Complete In-DRAM Rowhammer Mitigation

Tanj Bennett, Stefan Saroiu, Alec Wolman, Lucian Cojocar

DRAMSec 2021

Stop! Hammer Time: Rethinking Our Approach to Rowhammer Mitigations

Kevin Loughlin, Stefan Saroiu, Alec Wolman, Baris Kasikci

HotOS 2021

show all

Recent Service

HotMobile 2022: Program Committee member.
DRAMSec 2021: Program Committee co-chair.
OSDI 2021: External Review Committee member.