I am a senior principal researcher in the Office of the CTO, Azure for Operators at Microsoft. My research focuses on building trusted and secure systems, but I am interested in all aspects of systems research.

I am very proud when my research has impact in practice. Over the years, together with my colleagues, I have been fortunate to:

  • influence the DRAM industry to start addressing the threat of Rowhammer attacks.
  • ship a cloud service used by 20+ million users.
  • build the reference implementation of the firmware TPM.
  • build one of the first face recognition-based payment systems, six years before Amazon Go was launched.

Prior to coming to Microsoft, I was a faculty member of the Computer Science Department at the University of Toronto. I received my Ph.D. from the Computer Science & Engineering department at the University of Washington. I am an ACM Distinguished Member.

The good folks at Microsoft Research recorded a podcast with me on Rowhammer and wrote a blog post on my work and background.


Mar '22
DRAM vendors today choose to keep the internal topologies of DRAM devices secret. This decision introduces significant practical challenges for designers of memory controllers who wish to provide their own forms of Rowhammer defenses. We wrote up about three such challenges in an invited paper to IRPS 2022.
Watch the 20-minute presentation.
Mar '22
DRAMSec is coming back for a second year!
As before, DRAMSec will be co-located with ISCA. This year, the TPC of DRAMSec will include experts from all three major DRAM vendors.
Nov '21
A class of Rowhammer defenses use counters to track the number of activations a DRAM row receives. When a counter reaches a threshold value, a remedy is performed.
Some are surprised to learn that these thresholds must be set conservatively, to very low values.
To explain, I wrote a short note on how to set thresholds for counter-based Rowhammer defenses and a Rowhammer terminology cheat sheet.
Oct '21
Lucian Cojocar finished his PostDoc at MSR and released a tech report describing
mFIT, an inexpensive tool that can help researchers reverse engineer DRAM and memory controllers.
Check out his results and the mFIT design.

Recent Publications

The Price of Secrecy: How Hiding Internal DRAM Topologies Hurts Rowhammer Defenses
Stefan Saroiu, Alec Wolman, and Lucian Cojocar
IRPS 2022
mFIT: A Bump-in-the-Wire Tool for Plug-and-Play Analysis of Rowhammer Susceptibility Factors
Lucian Cojocar, Kevin Loughlin, Stefan Saroiu, Baris Kasikci, Alec Wolman
MSR Technical Report 2021
MegaMind: A Platform for Security & Privacy Extensions for Voice Assistants
Seyed Mohammadjavad Seyed Talebi, Ardalan Amiri Sani, Stefan Saroiu, Alec Wolman
MobiSys 2021
Panopticon: A Complete In-DRAM Rowhammer Mitigation
Tanj Bennett, Stefan Saroiu, Alec Wolman, Lucian Cojocar
DRAMSec 2021
Stop! Hammer Time: Rethinking Our Approach to Rowhammer Mitigations
Kevin Loughlin, Stefan Saroiu, Alec Wolman, Baris Kasikci
HotOS 2021

Recent Service