I lead the Security and Privacy Research and Engineering team in MSR.
My main interest is developing new platform security features. I was one of the architects of the original Trusted Platform Module (TPM), and led the team that developed TPM2. I was also involved in the development of the DRTM/TXT secure-boot technology, and ARM TrustZone. These technologies (and newer alternatives like Intel SGX) underpin the field of Trusted Computing: an active research area that is exploring the consequences of computer programs as authenticated security principals in local and distributed computing.
My current projects include leading the RIoT (Robust IoT) initiative, which brings Trusted Computing to the tiniest of devices, at essentially zero cost. I’m also leading a broad hardware/software/services effort to improve the resiliency and recoverability of computing devices.
In addition to my work developing and promoting hardware features, I work to turn these building-blocks into practical and useful features for users. While working in the Windows organization, I was one of the lead architects of Microsoft Bitlocker drive encryption technology, and the lead architect of the (ill-fated) Next Generation Secure Computing Base (NGSCB) project (now reborn as part of Windows under the name Virtual Secure Mode). I also led the team that brought new TPM2-based software features to our platforms, and wrote some of the widely-used open-source TPM programming libraries. Current work includes enabling RIoT and resiliency features for our IoT, client and cloud products.
I strive to enable broad adoption and benefit of my work through driving industry and international standards for security features and protocols. I also advise governments on security trends and strategies.
My work on fundamental platform security features was recognized by my election to the National Academy of Engineering in 2019.