About
I lead the Security and Privacy Research and Engineering team in MSR.
My main interest is developing new platform security features. I was one of the architects of the original Trusted Platform Module (TPM), and led the team that developed TPM2. I was also involved in the development of the DRTM/TXT secure-boot technology, and ARM TrustZone. These technologies (and newer alternatives like Intel SGX) underpin the field of Trusted Computing: an active research area that is exploring the consequences of computer programs as authenticated security principals in local and distributed computing.
My current projects include leading the DICE/RIoT (Robust IoT) initiative, which brings Trusted Computing to the tiniest of devices, at essentially zero cost. I’m also leading a broad hardware/software/services effort to improve the resiliency and recoverability of computing devices.
In addition to my work developing and promoting hardware features, I work to turn these building-blocks into practical and useful features for users. While working in the Windows organization, I was one of the lead architects of Microsoft Bitlocker drive encryption technology, and the lead architect of the (ill-fated) Next Generation Secure Computing Base (NGSCB) project (now reborn as part of Windows under the name Virtual Secure Mode). I also led the team that brought new TPM2-based software features to our platforms, and wrote some of the widely-used open-source TPM programming libraries. Current work includes enabling RIoT and resiliency features for our IoT, client and cloud products.
A recent interest and focus is studying and mitigating the risks of synthetically generated misinformation – for example, deep fakes. My main contribution has been helping develop architectures and standards to support cryptographic provenance for media flowing though the modern web.
I strive to enable broad adoption and benefit of my work through driving industry and international standards for security features and protocols. I also advise governments on security trends and strategies.
My work on fundamental platform security features was recognized by my election to the National Academy of Engineering in 2019.