The Multi-Stakeholder Nature of Today’s Systems and their Security Challenges

Thursday, April 6, 2023 | 11 AM – 12 PM
Bahen Centre for Information Technology
BA 1200

This lecture is open to the public.
No registration is required but space is limited.

Abstract:
Today's systems consist of many components owned by different stakeholders that need to operate together to provide service. This multistakeholder nature often raises significant challenges to making the entire system secure. For example, a system's security might require different stakeholders to share information they consider confidential. Another example is one in which the hand-off between different system components cannot be made secure without significant engineering costs. Our final example is one where stakeholders' ownership of components changes over time invalidating the original security assumptions. In this talk, we will present three examples of such security challenges in different domains: DRAM security, OS security, and confidential computing. In two cases, we describe solutions to these challenges and their trade-offs. The last case is more open-ended and is posed as a challenge to the security research community.

Bio:
Stefan Saroiu is a researcher at Microsoft, now in the Office of the CTO, Azure for Operators, and until 2020, at Microsoft Research. Stefan's research interests span many aspects of systems and networks although his most recent work focuses on systems security. Stefan's work has been published at top conferences in security, systems, networking, and mobile computing. Stefan takes his work beyond publishing results. With his colleagues at Microsoft, (1) he is helping DRAM industry to address the threat of Rowhammer attacks once and for all, (2) he designed a methodology for testing cloud servers for the susceptibility to Rowhammer attacks, (3) he designed, deployed, and operated Microsoft Embedded Social, a cloud service aimed at user engagement in mobile apps that had 20 million users, (4) he designed the reference implementation of a software-based Trusted Platform Module (TPM) used in millions of smartphones and tablets, and (5) he designed and operated Zero-Effort Payments (ZEP), one of the first face recognition-based payment systems in the world. Before joining Microsoft in 2008, Stefan spent three years as an Assistant Professor at the University of Toronto, and four months at Amazon.com as a visiting researcher where he worked on the early designs of their new shopping cart system (aka Dynamo). Stefan is an ACM Distinguished Member.