I am a senior principal researcher in the Office of the CTO, Azure for Operators at Microsoft. My research focuses on building trusted and secure systems, but I am interested in all aspects of systems research.

I am very proud when my research has impact in practice. Over the years, together with my colleagues, I have been fortunate to:

  • influence the DRAM industry to start addressing the threat of Rowhammer attacks.
  • ship a cloud service used by 20+ million users.
  • build the reference implementation of the firmware TPM.
  • build one of the first face recognition-based payment systems, six years before Amazon Go was launched.

Prior to coming to Microsoft, I was a faculty member of the Computer Science Department at the University of Toronto. I received my Ph.D. from the Computer Science & Engineering department at the University of Washington. I am an ACM Distinguished Member.

The good folks at Microsoft Research recorded a podcast with me on Rowhammer and wrote a blog post on my work and background.


Nov '21
A class of Rowhammer defenses use counters to track the number of activations a DRAM row receives. When a counter reaches a threshold value, a remedy is performed.
Some are surprised to learn that these thresholds must be set conservatively, to very low values.
To explain, I wrote a short note on how to set thresholds for counter-based Rowhammer defenses and a Rowhammer terminology cheat sheet.
Oct '21
Lucian Cojocar finished his PostDoc at MSR and released a tech report describing
mFIT, an inexpensive tool that can help researchers reverse engineer DRAM and memory controllers.
Check out his results and the mFIT design.
June '21
Amazon's Alexa can (and should!) put users in control of their security and privacy.
With MegaMind, users can encrypt their voice and commands sent to Amazon.
Watch MJ's presentation and check out his code.
June '21
I hope Panopticon will influence the DRAM industry to fix their Rowhammer problem. No more excuses!
Watch our presentation or read our paper on Panopticon. We also open-sourced a simple simulator targeting DDR5 DRAM (GitHub link).
May '21
After coming up with an awesome title for our HotOS paper, Kevin outdid himself and turned his presentation into poetry!
(YouTube link)
Mar '21
JEDEC published two whitepapers on Rowhammer [1,2]. This is a first for JEDEC. Good for them!

Recent Publications

mFIT: A Bump-in-the-Wire Tool for Plug-and-Play Analysis of Rowhammer Susceptibility Factors
Lucian Cojocar, Kevin Loughlin, Stefan Saroiu, Baris Kasikci, Alec Wolman
MSR Technical Report 2021
MegaMind: A Platform for Security & Privacy Extensions for Voice Assistants
Seyed Mohammadjavad Seyed Talebi, Ardalan Amiri Sani, Stefan Saroiu, Alec Wolman
MobiSys 2021
Panopticon: A Complete In-DRAM Rowhammer Mitigation
Tanj Bennett, Stefan Saroiu, Alec Wolman, Lucian Cojocar
DRAMSec 2021
Stop! Hammer Time: Rethinking Our Approach to Rowhammer Mitigations
Kevin Loughlin, Stefan Saroiu, Alec Wolman, Baris Kasikci
HotOS 2021

Recent Service